Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sfc /scannow cannot fix member files


  • Please log in to reply
15 replies to this topic

#1 iam_kmm

iam_kmm

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 16 April 2012 - 02:32 PM

I have run sfc /scannow both in safe and normal modes as admin. Rundll32.exe and tcpmon.ini both cannot be repaired. Do I have a spyware, virus or malware?

I have Norton Endpoint, malwarebytes and spybot - none report any problems.

Thanks in advance!

cab.log snippet:

POQ 127 starts:

POQ 127 ends.
2012-04-16 14:55:19, Info CSI 0000030c [SR] Verify complete
2012-04-16 14:55:19, Info CSI 0000030d [SR] Repairing 2 components
2012-04-16 14:55:19, Info CSI 0000030e [SR] Beginning Verify and Repair transaction
2012-04-16 14:55:19, Info CSI 0000030f Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2012-04-16 14:55:19, Info CSI 00000310 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-16 14:55:19, Info CSI 00000311 [SR] Cannot repair member file [l:24{12}]"rundll32.exe" of Microsoft-Windows-rundll32, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2012-04-16 14:55:19, Info CSI 00000312 [SR] Cannot repair member file [l:24{12}]"rundll32.exe" of Microsoft-Windows-rundll32, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2012-04-16 14:55:19, Info CSI 00000313 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-04-16 14:55:19, Info CSI 00000314 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2012-04-16 14:55:19, Info CSI 00000315 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-16 14:55:19, Info CSI 00000316 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-04-16 14:55:19, Info CSI 00000317 Hashes for file member \??\C:\Windows\System32\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2012-04-16 14:55:19, Info CSI 00000318 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2012-04-16 14:55:19, Info CSI 00000319 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted
2012-04-16 14:55:19, Info CSI 0000031a Repair results created:

Edited by hamluis, 19 April 2012 - 05:40 AM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:17 PM

Posted 16 April 2012 - 03:03 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can. If you have performed any of the scans below post the logs for those scans, and then perform the ones you have not done.

Please download and run Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 iam_kmm

iam_kmm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 18 April 2012 - 07:41 PM

Cryptodan -

Thanks for helping me! Here are the logs:

Malwarebytes:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
kmm :: KMM-PC [administrator]

Protection: Enabled

4/17/2012 1:29:38 PM
mbam-log-2012-04-17 (13-29-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 506102
Time elapsed: 1 hour(s), 22 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/17/2012 at 04:20 PM

Application Version : 5.0.1146

Core Rules Database Version : 8469
Trace Rules Database Version: 6281

Scan type : Complete Scan
Total Scan Time : 01:08:37

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 761
Memory threats detected : 0
Registry items scanned : 67397
Registry threats detected : 0
File items scanned : 105229
File threats detected : 3

Trojan.Agent/Gen-Injector[Fmt]
C:\USERS\KMM\DESKTOP\C#PROJECTS\ITP136\ROBOTCLIENTSERVER\HOLD\SERVER.EXE
C:\USERS\KMM\DESKTOP\C#PROJECTS\ITP136\ROBOTCLIENTSERVER\SERVER.EXE
C:\USERS\KMM\DESKTOP\C#PROJECTS\ITP136\ROBOTOBJECTS\HOLD\SERVER.EXE

* i created all 3 of these c# programs and i am certain they are not infected


GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-18 11:02:09
Windows 6.1.7601 Service Pack 1
Running: 8kqt9lko.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c417feffbd6c
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c417feffbd6c (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Edited by iam_kmm, 18 April 2012 - 09:07 PM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:17 PM

Posted 19 April 2012 - 08:11 AM

Lets go ahead and download and run TDSS Killer. If it asks you to fix anything, then PLEASE DO NOT PERFORM ANY FIX ACTIONS. Just post the resulting logs.

#5 iam_kmm

iam_kmm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 19 April 2012 - 11:24 AM

Thanks Dan!

No reults found:

12:23:17.0087 6116 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
12:23:17.0430 6116 ============================================================
12:23:17.0430 6116 Current date / time: 2012/04/19 12:23:17.0430
12:23:17.0430 6116 SystemInfo:
12:23:17.0430 6116
12:23:17.0430 6116 OS Version: 6.1.7601 ServicePack: 1.0
12:23:17.0430 6116 Product type: Workstation
12:23:17.0430 6116 ComputerName: KMM-PC
12:23:17.0430 6116 UserName: kmm
12:23:17.0430 6116 Windows directory: C:\Windows
12:23:17.0430 6116 System windows directory: C:\Windows
12:23:17.0430 6116 Running under WOW64
12:23:17.0430 6116 Processor architecture: Intel x64
12:23:17.0430 6116 Number of processors: 2
12:23:17.0430 6116 Page size: 0x1000
12:23:17.0430 6116 Boot type: Normal boot
12:23:17.0430 6116 ============================================================
12:23:17.0961 6116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:23:17.0976 6116 \Device\Harddisk0\DR0:
12:23:17.0976 6116 MBR partitions:
12:23:17.0976 6116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
12:23:17.0976 6116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
12:23:18.0008 6116 C: <-> \Device\Harddisk0\DR0\Partition1
12:23:18.0008 6116 Initialize success
12:23:18.0008 6116 ============================================================
12:23:36.0041 5844 ============================================================
12:23:36.0041 5844 Scan started
12:23:36.0041 5844 Mode: Manual;
12:23:36.0041 5844 ============================================================
12:23:36.0353 5844 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:23:36.0369 5844 !SASCORE - ok
12:23:36.0821 5844 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:23:36.0821 5844 1394ohci - ok
12:23:36.0884 5844 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:23:36.0884 5844 ACPI - ok
12:23:36.0930 5844 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:23:36.0930 5844 AcpiPmi - ok
12:23:37.0055 5844 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:23:37.0055 5844 AdobeARMservice - ok
12:23:37.0164 5844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:23:37.0164 5844 adp94xx - ok
12:23:37.0227 5844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:23:37.0227 5844 adpahci - ok
12:23:37.0258 5844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:23:37.0274 5844 adpu320 - ok
12:23:37.0305 5844 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:23:37.0320 5844 AeLookupSvc - ok
12:23:37.0430 5844 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:23:37.0430 5844 AFD - ok
12:23:37.0492 5844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:23:37.0492 5844 agp440 - ok
12:23:37.0554 5844 AirPrint - ok
12:23:37.0586 5844 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:23:37.0586 5844 ALG - ok
12:23:37.0695 5844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:23:37.0695 5844 aliide - ok
12:23:37.0757 5844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:23:37.0757 5844 amdide - ok
12:23:37.0788 5844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:23:37.0788 5844 AmdK8 - ok
12:23:37.0804 5844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:23:37.0804 5844 AmdPPM - ok
12:23:37.0866 5844 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:23:37.0866 5844 amdsata - ok
12:23:37.0882 5844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:23:37.0898 5844 amdsbs - ok
12:23:37.0960 5844 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:23:37.0960 5844 amdxata - ok
12:23:38.0038 5844 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
12:23:38.0038 5844 ApfiltrService - ok
12:23:38.0163 5844 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
12:23:38.0163 5844 AppHostSvc - ok
12:23:38.0256 5844 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:23:38.0256 5844 AppID - ok
12:23:38.0288 5844 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:23:38.0288 5844 AppIDSvc - ok
12:23:38.0350 5844 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:23:38.0350 5844 Appinfo - ok
12:23:38.0412 5844 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:23:38.0412 5844 AppMgmt - ok
12:23:38.0475 5844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:23:38.0475 5844 arc - ok
12:23:38.0522 5844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:23:38.0537 5844 arcsas - ok
12:23:38.0662 5844 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:23:38.0662 5844 aspnet_state - ok
12:23:38.0678 5844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:23:38.0693 5844 AsyncMac - ok
12:23:38.0787 5844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:23:38.0787 5844 atapi - ok
12:23:38.0865 5844 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:23:38.0865 5844 AudioEndpointBuilder - ok
12:23:38.0880 5844 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:23:38.0896 5844 AudioSrv - ok
12:23:38.0943 5844 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:23:38.0943 5844 AxInstSV - ok
12:23:39.0036 5844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:23:39.0036 5844 b06bdrv - ok
12:23:39.0083 5844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:23:39.0099 5844 b57nd60a - ok
12:23:39.0130 5844 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
12:23:39.0130 5844 BCM42RLY - ok
12:23:39.0239 5844 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:23:39.0255 5844 BCM43XX - ok
12:23:39.0380 5844 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:23:39.0380 5844 BDESVC - ok
12:23:39.0442 5844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:23:39.0442 5844 Beep - ok
12:23:39.0520 5844 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:23:39.0520 5844 BFE - ok
12:23:39.0770 5844 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120402.011\BHDrvx64.sys
12:23:39.0785 5844 BHDrvx64 - ok
12:23:39.0894 5844 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:23:39.0894 5844 BITS - ok
12:23:39.0941 5844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:23:39.0941 5844 blbdrive - ok
12:23:40.0004 5844 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:23:40.0004 5844 bowser - ok
12:23:40.0035 5844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:23:40.0035 5844 BrFiltLo - ok
12:23:40.0050 5844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:23:40.0050 5844 BrFiltUp - ok
12:23:40.0144 5844 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:23:40.0144 5844 Browser - ok
12:23:40.0175 5844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:23:40.0175 5844 Brserid - ok
12:23:40.0206 5844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:23:40.0206 5844 BrSerWdm - ok
12:23:40.0222 5844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:23:40.0222 5844 BrUsbMdm - ok
12:23:40.0253 5844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:23:40.0253 5844 BrUsbSer - ok
12:23:40.0300 5844 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:23:40.0300 5844 BthEnum - ok
12:23:40.0331 5844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:23:40.0347 5844 BTHMODEM - ok
12:23:40.0378 5844 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:23:40.0378 5844 BthPan - ok
12:23:40.0472 5844 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:23:40.0472 5844 BTHPORT - ok
12:23:40.0503 5844 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:23:40.0503 5844 bthserv - ok
12:23:40.0550 5844 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:23:40.0550 5844 BTHUSB - ok
12:23:40.0596 5844 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
12:23:40.0596 5844 btusbflt - ok
12:23:40.0643 5844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:23:40.0643 5844 cdfs - ok
12:23:40.0737 5844 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:23:40.0737 5844 cdrom - ok
12:23:40.0799 5844 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:23:40.0799 5844 CertPropSvc - ok
12:23:40.0815 5844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:23:40.0830 5844 circlass - ok
12:23:40.0862 5844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:23:40.0862 5844 CLFS - ok
12:23:40.0924 5844 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:23:40.0924 5844 clr_optimization_v2.0.50727_32 - ok
12:23:40.0986 5844 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:23:40.0986 5844 clr_optimization_v2.0.50727_64 - ok
12:23:41.0064 5844 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:23:41.0080 5844 clr_optimization_v4.0.30319_32 - ok
12:23:41.0096 5844 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:23:41.0096 5844 clr_optimization_v4.0.30319_64 - ok
12:23:41.0158 5844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:23:41.0158 5844 CmBatt - ok
12:23:41.0236 5844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:23:41.0236 5844 cmdide - ok
12:23:41.0298 5844 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:23:41.0298 5844 CNG - ok
12:23:41.0345 5844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:23:41.0345 5844 Compbatt - ok
12:23:41.0408 5844 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:23:41.0408 5844 CompositeBus - ok
12:23:41.0439 5844 COMSysApp - ok
12:23:41.0501 5844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:23:41.0501 5844 crcdisk - ok
12:23:41.0564 5844 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:23:41.0564 5844 CryptSvc - ok
12:23:41.0626 5844 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:23:41.0626 5844 CSC - ok
12:23:41.0688 5844 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:23:41.0688 5844 CscService - ok
12:23:41.0751 5844 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:23:41.0751 5844 DcomLaunch - ok
12:23:41.0829 5844 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:23:41.0829 5844 defragsvc - ok
12:23:41.0891 5844 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:23:41.0891 5844 DfsC - ok
12:23:41.0954 5844 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:23:41.0969 5844 Dhcp - ok
12:23:42.0016 5844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:23:42.0016 5844 discache - ok
12:23:42.0078 5844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:23:42.0078 5844 Disk - ok
12:23:42.0125 5844 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:23:42.0125 5844 Dnscache - ok
12:23:42.0172 5844 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:23:42.0172 5844 dot3svc - ok
12:23:42.0234 5844 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:23:42.0234 5844 DPS - ok
12:23:42.0281 5844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:23:42.0281 5844 drmkaud - ok
12:23:42.0344 5844 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:23:42.0359 5844 DXGKrnl - ok
12:23:42.0437 5844 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:23:42.0437 5844 EapHost - ok
12:23:42.0562 5844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:23:42.0578 5844 ebdrv - ok
12:23:42.0687 5844 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:23:42.0687 5844 eeCtrl - ok
12:23:42.0765 5844 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:23:42.0765 5844 EFS - ok
12:23:42.0827 5844 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:23:42.0843 5844 ehRecvr - ok
12:23:42.0874 5844 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:23:42.0874 5844 ehSched - ok
12:23:42.0936 5844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:23:42.0936 5844 elxstor - ok
12:23:43.0077 5844 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:23:43.0077 5844 EraserUtilRebootDrv - ok
12:23:43.0155 5844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:23:43.0155 5844 ErrDev - ok
12:23:43.0233 5844 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:23:43.0233 5844 EventSystem - ok
12:23:43.0264 5844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:23:43.0280 5844 exfat - ok
12:23:43.0311 5844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:23:43.0311 5844 fastfat - ok
12:23:43.0373 5844 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:23:43.0389 5844 Fax - ok
12:23:43.0467 5844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:23:43.0467 5844 fdc - ok
12:23:43.0498 5844 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:23:43.0498 5844 fdPHost - ok
12:23:43.0529 5844 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:23:43.0529 5844 FDResPub - ok
12:23:43.0545 5844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:23:43.0545 5844 FileInfo - ok
12:23:43.0560 5844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:23:43.0560 5844 Filetrace - ok
12:23:43.0576 5844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:23:43.0592 5844 flpydisk - ok
12:23:43.0638 5844 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:23:43.0638 5844 FltMgr - ok
12:23:43.0701 5844 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:23:43.0716 5844 FontCache - ok
12:23:43.0810 5844 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:23:43.0810 5844 FontCache3.0.0.0 - ok
12:23:43.0872 5844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:23:43.0872 5844 FsDepends - ok
12:23:43.0904 5844 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:23:43.0904 5844 Fs_Rec - ok
12:23:43.0966 5844 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:23:43.0966 5844 fvevol - ok
12:23:43.0997 5844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:23:43.0997 5844 gagp30kx - ok
12:23:44.0060 5844 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:23:44.0075 5844 gpsvc - ok
12:23:44.0153 5844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:23:44.0153 5844 hcw85cir - ok
12:23:44.0200 5844 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:23:44.0200 5844 HDAudBus - ok
12:23:44.0231 5844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:23:44.0231 5844 HidBatt - ok
12:23:44.0247 5844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:23:44.0247 5844 HidBth - ok
12:23:44.0278 5844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:23:44.0278 5844 HidIr - ok
12:23:44.0309 5844 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:23:44.0309 5844 hidserv - ok
12:23:44.0387 5844 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:23:44.0387 5844 HidUsb - ok
12:23:44.0450 5844 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:23:44.0450 5844 hkmsvc - ok
12:23:44.0496 5844 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:23:44.0496 5844 HomeGroupListener - ok
12:23:44.0559 5844 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:23:44.0559 5844 HomeGroupProvider - ok
12:23:44.0606 5844 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:23:44.0606 5844 HpSAMD - ok
12:23:44.0668 5844 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:23:44.0684 5844 HTTP - ok
12:23:44.0762 5844 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:23:44.0762 5844 hwpolicy - ok
12:23:44.0824 5844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:23:44.0824 5844 i8042prt - ok
12:23:44.0871 5844 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
12:23:44.0871 5844 iaStor - ok
12:23:44.0949 5844 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:23:44.0949 5844 iaStorV - ok
12:23:45.0042 5844 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:23:45.0058 5844 idsvc - ok
12:23:45.0308 5844 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120416.006\IDSvia64.sys
12:23:45.0308 5844 IDSVia64 - ok
12:23:45.0604 5844 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:23:45.0682 5844 igfx - ok
12:23:45.0776 5844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:23:45.0776 5844 iirsp - ok
12:23:45.0838 5844 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:23:45.0838 5844 IKEEXT - ok
12:23:45.0947 5844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:23:45.0947 5844 intelide - ok
12:23:45.0994 5844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:23:45.0994 5844 intelppm - ok
12:23:46.0025 5844 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:23:46.0025 5844 IPBusEnum - ok
12:23:46.0056 5844 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:23:46.0056 5844 IpFilterDriver - ok
12:23:46.0119 5844 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:23:46.0119 5844 iphlpsvc - ok
12:23:46.0212 5844 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:23:46.0212 5844 IPMIDRV - ok
12:23:46.0244 5844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:23:46.0244 5844 IPNAT - ok
12:23:46.0275 5844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:23:46.0275 5844 IRENUM - ok
12:23:46.0306 5844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:23:46.0322 5844 isapnp - ok
12:23:46.0368 5844 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:23:46.0368 5844 iScsiPrt - ok
12:23:46.0400 5844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:23:46.0400 5844 kbdclass - ok
12:23:46.0493 5844 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:23:46.0493 5844 kbdhid - ok
12:23:46.0540 5844 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:23:46.0540 5844 KeyIso - ok
12:23:46.0556 5844 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:23:46.0556 5844 KSecDD - ok
12:23:46.0587 5844 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:23:46.0587 5844 KSecPkg - ok
12:23:46.0618 5844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:23:46.0618 5844 ksthunk - ok
12:23:46.0649 5844 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:23:46.0649 5844 KtmRm - ok
12:23:46.0727 5844 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:23:46.0743 5844 LanmanServer - ok
12:23:46.0821 5844 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:23:46.0821 5844 LanmanWorkstation - ok
12:23:46.0883 5844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:23:46.0883 5844 lltdio - ok
12:23:46.0930 5844 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:23:46.0930 5844 lltdsvc - ok
12:23:46.0961 5844 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:23:46.0961 5844 lmhosts - ok
12:23:47.0008 5844 LPDSVC (5dcd36fc4a6ecbf6e7f9b3bf7e0d0f55) C:\Windows\system32\lpdsvc.dll
12:23:47.0008 5844 LPDSVC - ok
12:23:47.0102 5844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:23:47.0102 5844 LSI_FC - ok
12:23:47.0117 5844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:23:47.0117 5844 LSI_SAS - ok
12:23:47.0148 5844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:23:47.0148 5844 LSI_SAS2 - ok
12:23:47.0180 5844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:23:47.0180 5844 LSI_SCSI - ok
12:23:47.0211 5844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:23:47.0211 5844 luafv - ok
12:23:47.0273 5844 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:23:47.0273 5844 MBAMProtector - ok
12:23:47.0320 5844 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:23:47.0336 5844 MBAMService - ok
12:23:47.0429 5844 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:23:47.0429 5844 Mcx2Svc - ok
12:23:47.0476 5844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:23:47.0476 5844 megasas - ok
12:23:47.0507 5844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:23:47.0507 5844 MegaSR - ok
12:23:47.0554 5844 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:23:47.0554 5844 MMCSS - ok
12:23:47.0570 5844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:23:47.0570 5844 Modem - ok
12:23:47.0601 5844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:23:47.0601 5844 monitor - ok
12:23:47.0710 5844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:23:47.0710 5844 mouclass - ok
12:23:47.0741 5844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:23:47.0741 5844 mouhid - ok
12:23:47.0788 5844 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:23:47.0788 5844 mountmgr - ok
12:23:47.0835 5844 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:23:47.0835 5844 mpio - ok
12:23:47.0866 5844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:23:47.0866 5844 mpsdrv - ok
12:23:47.0928 5844 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:23:47.0944 5844 MpsSvc - ok
12:23:48.0038 5844 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:23:48.0038 5844 MRxDAV - ok
12:23:48.0084 5844 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:23:48.0084 5844 mrxsmb - ok
12:23:48.0131 5844 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:23:48.0131 5844 mrxsmb10 - ok
12:23:48.0162 5844 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:23:48.0162 5844 mrxsmb20 - ok
12:23:48.0209 5844 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:23:48.0209 5844 msahci - ok
12:23:48.0256 5844 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:23:48.0256 5844 msdsm - ok
12:23:48.0287 5844 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:23:48.0287 5844 MSDTC - ok
12:23:48.0381 5844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:23:48.0381 5844 Msfs - ok
12:23:48.0396 5844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:23:48.0396 5844 mshidkmdf - ok
12:23:48.0443 5844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:23:48.0443 5844 msisadrv - ok
12:23:48.0490 5844 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:23:48.0490 5844 MSiSCSI - ok
12:23:48.0490 5844 msiserver - ok
12:23:48.0599 5844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:23:48.0599 5844 MSKSSRV - ok
12:23:48.0615 5844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:23:48.0615 5844 MSPCLOCK - ok
12:23:48.0646 5844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:23:48.0646 5844 MSPQM - ok
12:23:48.0693 5844 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:23:48.0693 5844 MsRPC - ok
12:23:48.0740 5844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:23:48.0740 5844 mssmbios - ok
12:23:48.0880 5844 MSSQL$SQLEXP - ok
12:23:48.0958 5844 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:23:48.0958 5844 MSSQLServerADHelper100 - ok
12:23:49.0052 5844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:23:49.0052 5844 MSTEE - ok
12:23:49.0067 5844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:23:49.0067 5844 MTConfig - ok
12:23:49.0098 5844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:23:49.0098 5844 Mup - ok
12:23:49.0145 5844 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:23:49.0145 5844 napagent - ok
12:23:49.0254 5844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:23:49.0254 5844 NativeWifiP - ok
12:23:49.0488 5844 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120417.032\ENG64.SYS
12:23:49.0488 5844 NAVENG - ok
12:23:49.0582 5844 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120417.032\EX64.SYS
12:23:49.0598 5844 NAVEX15 - ok
12:23:49.0707 5844 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:23:49.0722 5844 NDIS - ok
12:23:49.0754 5844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:23:49.0754 5844 NdisCap - ok
12:23:49.0785 5844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:23:49.0785 5844 NdisTapi - ok
12:23:49.0832 5844 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:23:49.0847 5844 Ndisuio - ok
12:23:49.0925 5844 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:23:49.0941 5844 NdisWan - ok
12:23:49.0972 5844 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:23:49.0988 5844 NDProxy - ok
12:23:50.0003 5844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:23:50.0003 5844 NetBIOS - ok
12:23:50.0050 5844 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:23:50.0050 5844 NetBT - ok
12:23:50.0097 5844 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:23:50.0097 5844 Netlogon - ok
12:23:50.0128 5844 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:23:50.0144 5844 Netman - ok
12:23:50.0237 5844 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:50.0253 5844 NetMsmqActivator - ok
12:23:50.0268 5844 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:50.0268 5844 NetPipeActivator - ok
12:23:50.0315 5844 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:23:50.0315 5844 netprofm - ok
12:23:50.0331 5844 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:50.0331 5844 NetTcpActivator - ok
12:23:50.0346 5844 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:50.0346 5844 NetTcpPortSharing - ok
12:23:50.0393 5844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:23:50.0393 5844 nfrd960 - ok
12:23:50.0471 5844 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:23:50.0471 5844 NlaSvc - ok
12:23:50.0518 5844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:23:50.0534 5844 Npfs - ok
12:23:50.0549 5844 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:23:50.0549 5844 nsi - ok
12:23:50.0565 5844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:23:50.0580 5844 nsiproxy - ok
12:23:50.0674 5844 NSL (436e7b2e6f42c2717c1d670220d03336) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
12:23:50.0674 5844 NSL - ok
12:23:50.0783 5844 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:23:50.0799 5844 Ntfs - ok
12:23:50.0877 5844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:23:50.0877 5844 Null - ok
12:23:50.0924 5844 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:23:50.0924 5844 nvraid - ok
12:23:50.0970 5844 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:23:50.0970 5844 nvstor - ok
12:23:51.0017 5844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:23:51.0017 5844 nv_agp - ok
12:23:51.0064 5844 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
12:23:51.0064 5844 O2FLASH - ok
12:23:51.0126 5844 O2MDGRDR (1b2e099223f16aab166e9602f7a5ecd4) C:\Windows\system32\DRIVERS\o2mdgx64.sys
12:23:51.0126 5844 O2MDGRDR - ok
12:23:51.0158 5844 O2SDGRDR (4c9c52d9f4ea5579ff70123004b9fd06) C:\Windows\system32\DRIVERS\o2sdgx64.sys
12:23:51.0158 5844 O2SDGRDR - ok
12:23:51.0189 5844 OEM13Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
12:23:51.0189 5844 OEM13Vfx - ok
12:23:51.0220 5844 OEM13Vid (10da4a1271f9790bcad5150f5d861655) C:\Windows\system32\DRIVERS\OEM13Vid.sys
12:23:51.0220 5844 OEM13Vid - ok
12:23:51.0267 5844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:23:51.0267 5844 ohci1394 - ok
12:23:51.0298 5844 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:23:51.0314 5844 p2pimsvc - ok
12:23:51.0392 5844 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:23:51.0407 5844 p2psvc - ok
12:23:51.0454 5844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:23:51.0454 5844 Parport - ok
12:23:51.0501 5844 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:23:51.0501 5844 partmgr - ok
12:23:51.0516 5844 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:23:51.0532 5844 PcaSvc - ok
12:23:51.0579 5844 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:23:51.0579 5844 pci - ok
12:23:51.0610 5844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:23:51.0610 5844 pciide - ok
12:23:51.0672 5844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:23:51.0672 5844 pcmcia - ok
12:23:51.0688 5844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:23:51.0704 5844 pcw - ok
12:23:51.0735 5844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:23:51.0735 5844 PEAUTH - ok
12:23:51.0813 5844 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:23:51.0828 5844 PeerDistSvc - ok
12:23:51.0906 5844 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:23:51.0906 5844 PerfHost - ok
12:23:52.0016 5844 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:23:52.0031 5844 pla - ok
12:23:52.0140 5844 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:23:52.0156 5844 PlugPlay - ok
12:23:52.0172 5844 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:23:52.0187 5844 PNRPAutoReg - ok
12:23:52.0203 5844 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:23:52.0218 5844 PNRPsvc - ok
12:23:52.0265 5844 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:23:52.0265 5844 PolicyAgent - ok
12:23:52.0359 5844 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:23:52.0359 5844 Power - ok
12:23:52.0421 5844 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:23:52.0421 5844 PptpMiniport - ok
12:23:52.0468 5844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:23:52.0468 5844 Processor - ok
12:23:52.0515 5844 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:23:52.0515 5844 ProfSvc - ok
12:23:52.0593 5844 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:23:52.0593 5844 ProtectedStorage - ok
12:23:52.0671 5844 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:23:52.0671 5844 Psched - ok
12:23:52.0702 5844 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:23:52.0702 5844 PxHlpa64 - ok
12:23:52.0764 5844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:23:52.0780 5844 ql2300 - ok
12:23:52.0858 5844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:23:52.0858 5844 ql40xx - ok
12:23:52.0889 5844 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:23:52.0889 5844 QWAVE - ok
12:23:52.0920 5844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:23:52.0920 5844 QWAVEdrv - ok
12:23:52.0936 5844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:23:52.0936 5844 RasAcd - ok
12:23:52.0967 5844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:23:52.0967 5844 RasAgileVpn - ok
12:23:52.0983 5844 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:23:52.0983 5844 RasAuto - ok
12:23:53.0030 5844 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:23:53.0030 5844 Rasl2tp - ok
12:23:53.0061 5844 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:23:53.0061 5844 RasMan - ok
12:23:53.0139 5844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:23:53.0139 5844 RasPppoe - ok
12:23:53.0154 5844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:23:53.0154 5844 RasSstp - ok
12:23:53.0201 5844 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:23:53.0217 5844 rdbss - ok
12:23:53.0232 5844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:23:53.0232 5844 rdpbus - ok
12:23:53.0264 5844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:23:53.0264 5844 RDPCDD - ok
12:23:53.0357 5844 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:23:53.0357 5844 RDPDR - ok
12:23:53.0435 5844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:23:53.0435 5844 RDPENCDD - ok
12:23:53.0482 5844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:23:53.0482 5844 RDPREFMP - ok
12:23:53.0560 5844 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:23:53.0576 5844 RDPWD - ok
12:23:53.0622 5844 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:23:53.0622 5844 rdyboost - ok
12:23:53.0654 5844 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:23:53.0654 5844 RemoteAccess - ok
12:23:53.0700 5844 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:23:53.0700 5844 RemoteRegistry - ok
12:23:53.0934 5844 ReportServer$SQLEXP (b08d6b6785b947fc97f18027a7a88f86) c:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXP\Reporting Services\ReportServer\bin\ReportingServicesService.exe
12:23:53.0950 5844 ReportServer$SQLEXP - ok
12:23:54.0044 5844 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:23:54.0044 5844 RFCOMM - ok
12:23:54.0090 5844 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:23:54.0090 5844 RimUsb - ok
12:23:54.0137 5844 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
12:23:54.0137 5844 RimVSerPort - ok
12:23:54.0168 5844 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
12:23:54.0168 5844 ROOTMODEM - ok
12:23:54.0200 5844 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:23:54.0200 5844 RpcEptMapper - ok
12:23:54.0278 5844 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:23:54.0278 5844 RpcLocator - ok
12:23:54.0340 5844 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:23:54.0340 5844 RpcSs - ok
12:23:54.0434 5844 RsFx0151 (c606c5f712a3761896ceffa4af6b1268) C:\Windows\system32\DRIVERS\RsFx0151.sys
12:23:54.0434 5844 RsFx0151 - ok
12:23:54.0527 5844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:23:54.0527 5844 rspndr - ok
12:23:54.0574 5844 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:23:54.0590 5844 RTL8167 - ok
12:23:54.0636 5844 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:23:54.0636 5844 s3cap - ok
12:23:54.0683 5844 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:23:54.0683 5844 SamSs - ok
12:23:54.0792 5844 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:23:54.0792 5844 SASDIFSV - ok
12:23:54.0839 5844 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:23:54.0839 5844 SASKUTIL - ok
12:23:54.0933 5844 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:23:54.0948 5844 sbp2port - ok
12:23:55.0042 5844 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:23:55.0058 5844 SBSDWSCService - ok
12:23:55.0073 5844 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:23:55.0089 5844 SCardSvr - ok
12:23:55.0167 5844 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:23:55.0182 5844 scfilter - ok
12:23:55.0245 5844 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:23:55.0260 5844 Schedule - ok
12:23:55.0307 5844 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:23:55.0307 5844 SCPolicySvc - ok
12:23:55.0370 5844 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:23:55.0385 5844 SDRSVC - ok
12:23:55.0448 5844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:23:55.0448 5844 secdrv - ok
12:23:55.0494 5844 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:23:55.0494 5844 seclogon - ok
12:23:55.0541 5844 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:23:55.0541 5844 SENS - ok
12:23:55.0557 5844 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:23:55.0557 5844 SensrSvc - ok
12:23:55.0713 5844 SepMasterService (7e2c360b6cc0d87b8ef38439b53dfc71) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
12:23:55.0713 5844 SepMasterService - ok
12:23:55.0791 5844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:23:55.0791 5844 Serenum - ok
12:23:55.0822 5844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:23:55.0838 5844 Serial - ok
12:23:55.0884 5844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:23:55.0884 5844 sermouse - ok
12:23:55.0931 5844 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:23:55.0931 5844 SessionEnv - ok
12:23:55.0978 5844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:23:55.0978 5844 sffdisk - ok
12:23:55.0994 5844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:23:55.0994 5844 sffp_mmc - ok
12:23:56.0009 5844 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:23:56.0009 5844 sffp_sd - ok
12:23:56.0025 5844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:23:56.0040 5844 sfloppy - ok
12:23:56.0118 5844 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:23:56.0118 5844 SharedAccess - ok
12:23:56.0150 5844 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:23:56.0150 5844 ShellHWDetection - ok
12:23:56.0196 5844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:23:56.0212 5844 SiSRaid2 - ok
12:23:56.0228 5844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:23:56.0228 5844 SiSRaid4 - ok
12:23:56.0290 5844 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:23:56.0290 5844 SkypeUpdate - ok
12:23:56.0384 5844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:23:56.0384 5844 Smb - ok
12:23:56.0571 5844 SmcService (c9ee967406d9d5429c53718918164e8a) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
12:23:56.0586 5844 SmcService - ok
12:23:56.0649 5844 SNAC (7d93da29d4eba331187bf5843c9b6497) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
12:23:56.0649 5844 SNAC - ok
12:23:56.0742 5844 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:23:56.0758 5844 SNMPTRAP - ok
12:23:56.0789 5844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:23:56.0789 5844 spldr - ok
12:23:56.0852 5844 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:23:56.0867 5844 Spooler - ok
12:23:56.0976 5844 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:23:57.0008 5844 sppsvc - ok
12:23:57.0070 5844 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:23:57.0086 5844 sppuinotify - ok
12:23:57.0226 5844 SQLAgent$SQLEXP (3420e0482ad95120b471b7328a8d7d08) c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXP\MSSQL\Binn\SQLAGENT.EXE
12:23:57.0242 5844 SQLAgent$SQLEXP - ok
12:23:57.0366 5844 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:23:57.0366 5844 SQLBrowser - ok
12:23:57.0444 5844 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:23:57.0444 5844 SQLWriter - ok
12:23:57.0585 5844 SRTSP (02b1685a670e4d48c2d1ee3913c122a4) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS
12:23:57.0600 5844 SRTSP - ok
12:23:57.0616 5844 SRTSPX (c27436186a99b647c38b9ea6ef36e2db) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS
12:23:57.0616 5844 SRTSPX - ok
12:23:57.0694 5844 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:23:57.0694 5844 srv - ok
12:23:57.0788 5844 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:23:57.0788 5844 srv2 - ok
12:23:57.0819 5844 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:23:57.0834 5844 srvnet - ok
12:23:57.0866 5844 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:23:57.0866 5844 SSDPSRV - ok
12:23:57.0881 5844 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:23:57.0881 5844 SstpSvc - ok
12:23:57.0959 5844 STacSV (c24310d67140e18526396fb3bbaa91c6) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\STacSV64.exe
12:23:57.0959 5844 STacSV - ok
12:23:58.0053 5844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:23:58.0053 5844 stexstor - ok
12:23:58.0084 5844 STHDA (c79f5cbc47b19a068d8936df8332e3e6) C:\Windows\system32\DRIVERS\stwrt64.sys
12:23:58.0100 5844 STHDA - ok
12:23:58.0146 5844 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:23:58.0162 5844 stisvc - ok
12:23:58.0240 5844 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:23:58.0240 5844 stllssvr - ok
12:23:58.0334 5844 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:23:58.0334 5844 storflt - ok
12:23:58.0365 5844 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:23:58.0365 5844 StorSvc - ok
12:23:58.0412 5844 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:23:58.0412 5844 storvsc - ok
12:23:58.0458 5844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:23:58.0458 5844 swenum - ok
12:23:58.0490 5844 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:23:58.0505 5844 swprv - ok
12:23:58.0646 5844 SyDvCtrl (e2864e707bc59b2eab09c6b2db26a1aa) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys
12:23:58.0646 5844 SyDvCtrl - ok
12:23:58.0802 5844 SymDS (f017987b177f7bbc989318d59309d091) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS
12:23:58.0802 5844 SymDS - ok
12:23:58.0880 5844 SymEFA (ba589e090506aae847f128aa6bbb376a) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS
12:23:58.0895 5844 SymEFA - ok
12:23:58.0989 5844 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:23:58.0989 5844 SymEvent - ok
12:23:59.0082 5844 SymIRON (66b80d43191ba671a9bb8254e8236eb7) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS
12:23:59.0098 5844 SymIRON - ok
12:23:59.0160 5844 SYMNETS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS
12:23:59.0176 5844 SYMNETS - ok
12:23:59.0254 5844 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:23:59.0270 5844 SysMain - ok
12:23:59.0379 5844 SysPlant (29c2a08f4b6566dd8735cdb737bbaf03) C:\Windows\system32\Drivers\SysPlant.sys
12:23:59.0379 5844 SysPlant - ok
12:23:59.0426 5844 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:23:59.0426 5844 TabletInputService - ok
12:23:59.0457 5844 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:23:59.0457 5844 TapiSrv - ok
12:23:59.0488 5844 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:23:59.0488 5844 TBS - ok
12:23:59.0566 5844 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:23:59.0582 5844 Tcpip - ok
12:23:59.0691 5844 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:23:59.0706 5844 TCPIP6 - ok
12:23:59.0753 5844 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:23:59.0753 5844 tcpipreg - ok
12:23:59.0784 5844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:23:59.0784 5844 TDPIPE - ok
12:23:59.0831 5844 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:23:59.0831 5844 TDTCP - ok
12:23:59.0878 5844 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:23:59.0878 5844 tdx - ok
12:23:59.0909 5844 Teefer2 (cb21ea9de4b89a3b281325dfe11a98aa) C:\Windows\system32\DRIVERS\Teefer.sys
12:23:59.0909 5844 Teefer2 - ok
12:23:59.0956 5844 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:23:59.0956 5844 TermDD - ok
12:24:00.0034 5844 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:24:00.0050 5844 TermService - ok
12:24:00.0081 5844 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:24:00.0081 5844 Themes - ok
12:24:00.0112 5844 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:24:00.0112 5844 THREADORDER - ok
12:24:00.0143 5844 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:24:00.0143 5844 TrkWks - ok
12:24:00.0190 5844 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:24:00.0190 5844 TrustedInstaller - ok
12:24:00.0252 5844 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:24:00.0252 5844 tssecsrv - ok
12:24:00.0346 5844 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:24:00.0346 5844 TsUsbFlt - ok
12:24:00.0408 5844 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:24:00.0408 5844 tunnel - ok
12:24:00.0440 5844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:24:00.0440 5844 uagp35 - ok
12:24:00.0486 5844 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:24:00.0502 5844 udfs - ok
12:24:00.0533 5844 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:24:00.0533 5844 UI0Detect - ok
12:24:00.0596 5844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:24:00.0596 5844 uliagpkx - ok
12:24:00.0689 5844 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:24:00.0689 5844 umbus - ok
12:24:00.0720 5844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:24:00.0720 5844 UmPass - ok
12:24:00.0767 5844 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:24:00.0767 5844 UmRdpService - ok
12:24:00.0830 5844 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:24:00.0830 5844 upnphost - ok
12:24:00.0892 5844 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:24:00.0892 5844 usbccgp - ok
12:24:00.0970 5844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:24:00.0970 5844 usbcir - ok
12:24:01.0001 5844 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:24:01.0001 5844 usbehci - ok
12:24:01.0032 5844 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:24:01.0048 5844 usbhub - ok
12:24:01.0064 5844 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:24:01.0064 5844 usbohci - ok
12:24:01.0110 5844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:24:01.0110 5844 usbprint - ok
12:24:01.0157 5844 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:24:01.0157 5844 usbscan - ok
12:24:01.0204 5844 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
12:24:01.0204 5844 USBSTOR - ok
12:24:01.0251 5844 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:24:01.0251 5844 usbuhci - ok
12:24:01.0298 5844 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:24:01.0298 5844 usbvideo - ok
12:24:01.0360 5844 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:24:01.0376 5844 UxSms - ok
12:24:01.0423 5844 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:01.0423 5844 VaultSvc - ok
12:24:01.0485 5844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:24:01.0485 5844 vdrvroot - ok
12:24:01.0547 5844 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:24:01.0547 5844 vds - ok
12:24:01.0610 5844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:24:01.0610 5844 vga - ok
12:24:01.0657 5844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:24:01.0657 5844 VgaSave - ok
12:24:01.0703 5844 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:24:01.0703 5844 vhdmp - ok
12:24:01.0750 5844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:24:01.0750 5844 viaide - ok
12:24:01.0813 5844 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:24:01.0813 5844 vmbus - ok
12:24:01.0859 5844 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:24:01.0859 5844 VMBusHID - ok
12:24:01.0906 5844 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:24:01.0906 5844 volmgr - ok
12:24:01.0984 5844 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:24:01.0984 5844 volmgrx - ok
12:24:02.0062 5844 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:24:02.0062 5844 volsnap - ok
12:24:02.0109 5844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:24:02.0109 5844 vsmraid - ok
12:24:02.0187 5844 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:24:02.0203 5844 VSS - ok
12:24:02.0249 5844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:24:02.0249 5844 vwifibus - ok
12:24:02.0296 5844 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:24:02.0296 5844 vwififlt - ok
12:24:02.0343 5844 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:24:02.0343 5844 vwifimp - ok
12:24:02.0374 5844 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:24:02.0390 5844 W32Time - ok
12:24:02.0483 5844 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
12:24:02.0483 5844 W3SVC - ok
12:24:02.0577 5844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:24:02.0577 5844 WacomPen - ok
12:24:02.0624 5844 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:24:02.0639 5844 WANARP - ok
12:24:02.0639 5844 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:24:02.0639 5844 Wanarpv6 - ok
12:24:02.0749 5844 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
12:24:02.0749 5844 WAS - ok
12:24:02.0873 5844 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:24:02.0889 5844 WatAdminSvc - ok
12:24:02.0967 5844 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:24:02.0998 5844 wbengine - ok
12:24:03.0061 5844 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:24:03.0076 5844 WbioSrvc - ok
12:24:03.0123 5844 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:24:03.0123 5844 wcncsvc - ok
12:24:03.0139 5844 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:24:03.0154 5844 WcsPlugInService - ok
12:24:03.0185 5844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:24:03.0185 5844 Wd - ok
12:24:03.0232 5844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:24:03.0232 5844 Wdf01000 - ok
12:24:03.0248 5844 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:24:03.0263 5844 WdiServiceHost - ok
12:24:03.0263 5844 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:24:03.0263 5844 WdiSystemHost - ok
12:24:03.0326 5844 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:24:03.0326 5844 WebClient - ok
12:24:03.0404 5844 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:24:03.0404 5844 Wecsvc - ok
12:24:03.0419 5844 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:24:03.0419 5844 wercplsupport - ok
12:24:03.0451 5844 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:24:03.0451 5844 WerSvc - ok
12:24:03.0497 5844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:24:03.0497 5844 WfpLwf - ok
12:24:03.0529 5844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:24:03.0529 5844 WIMMount - ok
12:24:03.0560 5844 WinDefend - ok
12:24:03.0575 5844 WinHttpAutoProxySvc - ok
12:24:03.0653 5844 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:24:03.0653 5844 Winmgmt - ok
12:24:03.0778 5844 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:24:03.0794 5844 WinRM - ok
12:24:03.0934 5844 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:24:03.0934 5844 WinUsb - ok
12:24:03.0997 5844 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:24:04.0012 5844 Wlansvc - ok
12:24:04.0121 5844 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:24:04.0153 5844 wlidsvc - ok
12:24:04.0184 5844 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
12:24:04.0184 5844 wltrysvc - ok
12:24:04.0277 5844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:24:04.0277 5844 WmiAcpi - ok
12:24:04.0340 5844 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:24:04.0340 5844 wmiApSrv - ok
12:24:04.0387 5844 WMPNetworkSvc - ok
12:24:04.0418 5844 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:24:04.0418 5844 WPCSvc - ok
12:24:04.0496 5844 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:24:04.0511 5844 WPDBusEnum - ok
12:24:04.0558 5844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:24:04.0558 5844 ws2ifsl - ok
12:24:04.0574 5844 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:24:04.0574 5844 wscsvc - ok
12:24:04.0589 5844 WSearch - ok
12:24:04.0683 5844 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:24:04.0699 5844 wuauserv - ok
12:24:04.0792 5844 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:24:04.0792 5844 WudfPf - ok
12:24:04.0839 5844 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:24:04.0839 5844 WUDFRd - ok
12:24:04.0886 5844 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:24:04.0886 5844 wudfsvc - ok
12:24:04.0917 5844 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:24:04.0933 5844 WwanSvc - ok
12:24:04.0979 5844 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:24:05.0042 5844 \Device\Harddisk0\DR0 - ok
12:24:05.0042 5844 Boot (0x1200) (8d2d00fdabcf337af2fd621cb50456ad) \Device\Harddisk0\DR0\Partition0
12:24:05.0057 5844 \Device\Harddisk0\DR0\Partition0 - ok
12:24:05.0073 5844 Boot (0x1200) (43d5cc1bbe7f00da3f1715e6ee462fff) \Device\Harddisk0\DR0\Partition1
12:24:05.0073 5844 \Device\Harddisk0\DR0\Partition1 - ok
12:24:05.0073 5844 ============================================================
12:24:05.0073 5844 Scan finished
12:24:05.0073 5844 ============================================================
12:24:05.0089 5468 Detected object count: 0
12:24:05.0089 5468 Actual detected object count: 0

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:17 PM

Posted 19 April 2012 - 02:03 PM

Here is my tcpmon.ini systemlook:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:00 on 19/04/2012 by cryptodan
Administrator - Elevation successful

========== filefind ==========

Searching for "tcpmon.ini"
C:\Windows\System32\tcpmon.ini --a---- 60124 bytes [21:01 10/06/2009] [21:01 10/06/2009] 47F22CAD4A16BB40153555D631546B94
C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini --a---- 60124 bytes [21:01 10/06/2009] [21:01 10/06/2009] 47F22CAD4A16BB40153555D631546B94

-= EOF =-

Please do the following:
Lets look for some files:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    tcpmon.ini
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#7 iam_kmm

iam_kmm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 19 April 2012 - 02:16 PM

thanks again!

SystemLook 30.07.11 by jpshortstuff
Log created at 15:13 on 19/04/2012 by kmm
Administrator - Elevation successful

========== filefind ==========

Searching for "tcpmon.ini"
C:\Windows\System32\tcpmon.ini --a---- 60224 bytes [21:01 10/06/2009] [10:00 23/01/2010] D79575BE490A45AD09BDEDBCACB5B155
C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini --a---- 60224 bytes [21:01 10/06/2009] [10:00 23/01/2010] D79575BE490A45AD09BDEDBCACB5B155

-= EOF =-

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:17 PM

Posted 19 April 2012 - 02:38 PM

What exactly prompted you to run sfc /scannow?

#9 iam_kmm

iam_kmm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 19 April 2012 - 03:31 PM

Good question and I probably should have included that in my initial post. Symantec Endpoint detected rundll32.exe trying to update my DNS. I came across several suggestions on how to verify the file and replace from my install DVD, which included sfc /scannow steps. I followed this one: fix rundll32... Once I completed those steps I did not expect sfc /scannow to still not be able to repair the file. In the process I saw that tcpmon.ini issue.

Thanks for taking the time to help me!

Edited by iam_kmm, 19 April 2012 - 03:33 PM.


#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:17 PM

Posted 19 April 2012 - 06:01 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#11 iam_kmm

iam_kmm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 20 April 2012 - 09:31 AM

Thanks again for your time Dan!

Here is the output of MiniToolbar:

** I had previously edited my host file to prevent ads following mvps.
These entries are for projects I "host" in IIS:
127.0.0.1 WineCellar
127.0.0.1 EmployeeTraining
127.0.0.1 Cellar

The rest of the entries are from MVPS and are not listed in the output of Results.txt.

_______________________________________________________________________________________________________________________________


MiniToolBox by Farbar Version: 18-01-2012
Ran by kmm (administrator) on 20-04-2012 at 10:19:17
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


::1 localhost

127.0.0.1 localhost
127.0.0.1 WineCellar
127.0.0.1 EmployeeTraining
127.0.0.1 Cellar
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com

There are 12787 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Dell Wireless 1510 Wireless-N WLAN Mini-Card = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : kmm-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : C4-17-FE-43-BD-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : C4-17-FE-FF-BD-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : C4-17-FE-43-BD-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2401:afdd:1ea7:ec56%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 19, 2012 5:29:50 PM
Lease Expires . . . . . . . . . . : Saturday, April 21, 2012 5:29:49 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 230955006
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-EC-83-CA-00-26-B9-A3-D8-32
DNS Servers . . . . . . . . . . . : 192.168.1.1
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-B9-A3-D8-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{62DCC37F-18FE-42D1-981F-105B06D65DC8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {FB24DB52-6865-4A30-AAD7-FCBB5C08A5B7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ADE10A55-B698-4212-974E-10A0166D834C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1526C5E3-4C9E-42BF-805F-BAE08DD77D91}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.228.103
74.125.228.101
74.125.228.97
74.125.228.98
74.125.228.100
74.125.228.104
74.125.228.96
74.125.228.110
74.125.228.99
74.125.228.102
74.125.228.105


Pinging google.com [72.14.204.138] with 32 bytes of data:
Reply from 72.14.204.138: bytes=32 time=13ms TTL=252
Reply from 72.14.204.138: bytes=32 time=10ms TTL=252

Ping statistics for 72.14.204.138:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 13ms, Average = 11ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=635ms TTL=50
Reply from 98.139.183.24: bytes=32 time=619ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 619ms, Maximum = 635ms, Average = 627ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
20...c4 17 fe 43 bd c2 ......Microsoft Virtual WiFi Miniport Adapter
13...c4 17 fe ff bd 6c ......Bluetooth Device (Personal Area Network)
11...c4 17 fe 43 bd c2 ......Dell Wireless 1510 Wireless-N WLAN Mini-Card
10...00 26 b9 a3 d8 32 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 281
192.168.1.3 255.255.255.255 On-link 192.168.1.3 281
192.168.1.255 255.255.255.255 On-link 192.168.1.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::2401:afdd:1ea7:ec56/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/20/2012 10:00:44 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/20/2012 09:04:06 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/20/2012 08:04:30 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/20/2012 07:01:16 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/20/2012 06:04:00 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/20/2012 05:06:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/20/2012 04:00:21 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/20/2012 03:03:02 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/20/2012 02:14:38 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/20/2012 01:12:09 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (04/19/2012 05:29:49 PM) (Source: Service Control Manager) (User: )
Description: The AirPrint service depends the following service: Bonjour Service. This service might not be installed.

Error: (04/19/2012 00:08:55 PM) (Source: Service Control Manager) (User: )
Description: The AirPrint service depends the following service: Bonjour Service. This service might not be installed.

Error: (04/19/2012 00:08:37 PM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa80091d0a60, 0xfffff80000b9c4d8, 0xfffffa800bb9cb80)C:\Windows\MEMORY.DMP041912-58640-01

Error: (04/19/2012 00:08:37 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:40:21 AM on ?4/?19/?2012 was unexpected.

Error: (04/17/2012 11:37:13 AM) (Source: Service Control Manager) (User: )
Description: The AirPrint service depends the following service: Bonjour Service. This service might not be installed.

Error: (04/17/2012 11:26:33 AM) (Source: Service Control Manager) (User: )
Description: The AirPrint service depends the following service: Bonjour Service. This service might not be installed.

Error: (04/17/2012 11:03:48 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (04/16/2012 11:02:47 AM) (Source: Service Control Manager) (User: )
Description: The AirPrint service depends the following service: Bonjour Service. This service might not be installed.

Error: (04/16/2012 03:21:21 AM) (Source: Service Control Manager) (User: )
Description: The AirPrint service depends the following service: Bonjour Service. This service might not be installed.

Error: (04/12/2012 10:13:58 AM) (Source: Service Control Manager) (User: )
Description: The AirPrint service depends the following service: Bonjour Service. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (04/20/2012 10:00:44 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/20/2012 09:04:06 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/20/2012 08:04:30 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/20/2012 07:01:16 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/20/2012 06:04:00 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/20/2012 05:06:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/20/2012 04:00:21 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/20/2012 03:03:02 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/20/2012 02:14:38 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/20/2012 01:12:09 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.63)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Application Verifier (x64) (Version: 4.1.1078)
BatteryBar (remove only)
BlackBerry Desktop Software 6.0.1 (Version: 6.0.1.18)
CCleaner (Version: 3.17)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
CutePDF Writer 2.8
D3DX10 (Version: 15.4.2368.0902)
Debugging Tools for Windows (x64) (Version: 6.12.2.633)
Dell Backup and Recovery Manager (Version: 1.1.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 7.104.102.104)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Dotfuscator Software Services - Community Edition (Version: 5.0.2500.0)
Excentrics World Controls v2
HiJackThis (Version: 1.0.0)
ieSpell (Version: 2.6.4 (build 573))
ImageQuix - PhotoSession
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 15.4.3502.0922)
Laptop Integrated Webcam Driver (1.01.01.0529)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Enterprise Library 5.0 (Version: 5.0.414.0)
Microsoft FxCop 10.0 (Version: 10.0.30319)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50826.0)
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Policies (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Report Builder 3.0 (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Upgrade Advisor (Version: 10.50.1600.1)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.2.4000.0)
Microsoft SQL Server Browser (Version: 10.51.2500.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64 (Version: 9.0.30729)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (Version: 9.0.30729)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.40219)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (Version: 9.0.30729)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Professional - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Professional - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31007)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31124)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
Microsoft Visual Web Developer 2010 Express - ENU (Version: 10.0.40219)
Microsoft Web Platform Installer 3.0 (Version: 3.0.5)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK .NET Framework Tools (40715) (Version: 7.0.40715)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.0) (Version: 7.0.40715)
Microsoft Windows SDK for Windows 7 (7.0) (Version: 7.0.7600.16385.40715)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Microsoft Windows SDK for Windows 7 .NET Documentation (40715) (Version: 7.0.40715)
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Common Utilities (40715) (Version: 7.0.40715)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (40715) (Version: 7.0.40715)
Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Samples (40715) (Version: 7.0.40715)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715) (Version: 7.0.40715)
Microsoft Windows SDK Intellisense and Reference Assemblies (40715) (Version: 7.0.40715)
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715) (Version: 7.0.40715)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
No-IP DUC (Version: 3.0.4)
Norton Safe Web Lite (Version: 1.0.1.8)
Notepad++ (Version: 5.9.6.2)
NUnit 2.5.2 (Version: 2.5.2.9222)
PowerDVD DX (Version: 8.3.5424)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.158)
Spybot - Search & Destroy (Version: 1.6.2)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Reporting Services (Version: 10.51.2500.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SUPERAntiSpyware (Version: 5.0.1146)
Symantec Endpoint Protection (Version: 12.1.671.4971)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
WCF RIA Services V1.0 SP1 (Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows SDK Intellidocs (Version: 9.0.30729)

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 4056.96 MB
Available physical RAM: 2252.71 MB
Total Pagefile: 8112.11 MB
Available Pagefile: 5745.86 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.92 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:214 GB) NTFS
2 Drive d: (WIN_7_PROFESSIONAL) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\KMM-PC

Administrator Guest HG-Share
kmm

========================= Minidump Files ==================================


**** End of log ****

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:17 PM

Posted 20 April 2012 - 09:46 AM

I see that you are running No-Up DUC, that could have been the run32dll.exe application trying to change your DNS.

Edited by cryptodan, 21 April 2012 - 05:16 AM.


#13 iam_kmm

iam_kmm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 20 April 2012 - 10:42 AM

Okay, but why would scannow not work? Should I be worried about tcpmon.ini?

My understanding of No-Up DUC is that it will keep my no-ip hosted site dynamic ip current to the mask I use and that is it. I have been running that file for sometime and have never encountered that "threat" alert before [or since]. I typically do not run it. I just launched it and Endpoint did not alert me...

From running MiniToolBar, I noticed windows update has not been working since the 17th. I had to disable Endpoint to get windows update to complete. I think when I stopped/started it to run GMER the settings changed?? I was missing two .net framework updates...

Thanks again for your time!

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:17 PM

Posted 20 April 2012 - 02:19 PM

Each time something changes, a firewall like Symantec must relearn the applications behavior.

Stopping and starting a service doesn't change any settings or configurations.

run32dll.exe is the application allows various computer components and applications to run.

Edited by cryptodan, 21 April 2012 - 05:16 AM.


#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:17 AM

Posted 20 April 2012 - 11:06 PM

The youtube video is in no way related to your issue

Download

http://download.sysinternals.com/files/ProcessExplorer.zip

Extract and save it to desktop

Whenever you get a warning from symantec regarding rundll32.exe,launch process explorer

Move your mouse near to rundll32.exe process,you should find the entire details about the file(with location) that initiates it

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users