[SOLVED] Dell inspiron 570 keeps restarting

J

jackel

Well-known member
Joined
Mar 24, 2013
Posts
47
I have a problem with a dell it is running windows 7. It worked fine until someone got on it and possible downloaded a app or installed some hardware that was not compatible. but I did the windows fix scan and it stated it could not fix the issue. It suggested I unplug any recent hardware or uninstall any recent apps. The problem is the machine keeps restarting like every 2 min. it logs off then reboots. Another thing the machine never had a user name password set up at the log-on screen. Now it has one and I don't know what it is. It may be a virus but not sure. These problems continue even in safe mode.

Does anyone have a fix for this?
 
Hi jackel,

Is this machine your own? If not, are you providing a paid service to repair this machine?

You'll need to be more specific about this issue. You say the machine keeps restarting, how far into the boot process are you able to get? Are you experiencing any Blue Screen crash when the computer restarts?

We're also unable to provide password recovery advice, ultimately we have no way of knowing whether a user is making a legitimate request for help. Any instructions posted could also be used by others for illegitimate purposes. Does someone else know the password for this machine? Are you able to log on normally using Safe Mode? If you believe the password has been added by malware, please provide some more info. Is the machine displaying a standard Windows 7 log on screen? If it looks noticeably different, or looks like it's a fake log on screen, please take a picture of the screen and upload it in your next reply.
 
Last edited:
Hello Will Watts
This is a family members pc. My Niece got on the pc and after that it does not function right. The password recovery is a problem I tried to fix it myself and did not do any good. I have a disk I made for password recovery I got from a website. It works on pc's without OS problems but the Dell has a problem and the disk made it clear there was a problem. I read it may be a issue with components that may cause it to over heat then shut off not sure though. The computer used to log in automatically...now there is a password issue. In safe mood it logs in automatically like it once did in normal mode. The log-in screen looks like windows with exception there is no image that you would normally see such as the chess piece or some other image windows has. It is just the square frame the image would normally sit in. It could be a virus but getting it off is a problem because it keeps restarting. It shuts down like windows normally shuts down then restarts. I just want it to stay on long enough were I can run a virus scan or try some other fix.

Thanks


Will Watts said:
Hi jackel,

Is this machine your own? If not, are you providing a paid service to repair this machine?

You'll need to be more specific about this issue. You say the machine keeps restarting, how far into the boot process are you able to get? Are you experiencing any Blue Screen crash when the computer restarts?

We're also unable to provide password recovery advice, ultimately we have no way of knowing whether a user is making a legitimate request for help. Any instructions posted could also be used by others for illegitimate purposes. Does someone else know the password for this machine? Are you able to log on normally using Safe Mode? If you believe the password has been added by malware, please provide some more info. Is the machine displaying a standard Windows 7 log on screen? If it looks noticeably different, or looks like it's a fake log on screen, please take a picture of the screen and upload it in your next reply.
Click to expand...
 
Hi jackel,

In that case, please enter the Advanced Boot Options. You can do this by pressing F8 as the system starts up, you should then see a screen with multiple options.

Select Disable automatic restart on system failure and restart your computer. Instead of restarting, your computer will now display a BSOD error message. Please write down the error message that appears. You should see an error message on the second line of the screen (For example PAGE_FAULT_IN_NONPAGED_AREA) as well as technical information below the error message.

------------------

You mentioned earlier that you believe the problem has been caused by malware. Has anything changed that makes you believe the problem has now been caused by malware?

------------------

I would like to get some more information about the system, for this we can use a tool called FRST. You'll need a flash drive to transfer files to the computer.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
It just keeps restarting even though I have disabled the restart option.
 
Hi jackel,

As Ztruker posted at G2G, posting at multiple forums is a waste of time for helpers, as well as yourself, and can complicate the situation. Most of us post across multiple sites, and all have predominantly the same waiting time. We appreciate that you just want to get your PC fixed quickly, but for future reference please stick to one help forum. This will ultimately save both us and you time.

There are several questions below, please answer all of them. We can't provide much help without more information. We're ultimately very limited in what we can do unless we can get more information from the system, especially in the state its in.

If you wish to continue, please follow the rest of my instructions outlined in Post 4.

-----------------

Will Watts said:
You mentioned earlier that you believe the problem has been caused by malware. Has anything changed that makes you believe the problem has now been caused by malware?
Click to expand...

We still need this info.

Is any error message appearing when the computer restarts? Are you experiencing a BlueScreen crash?
 
I know I posted at G2G, I did that after the delayed response from sysnative. you stated my post looked suspicious, insinuating I was up to some illegal activity.

I think it is malware because I took option last known good configuration and at the start up screen I selected the admin log-in and it stated it had been disabled. I may be wrong it may be some hardware issue or app.
 
Hi jackel,

It could well be malware, or a hardware issue. It's very hard to tell at the moment until we can get a more detailed look at the system. I've posted a set of instructions above for running a tool called FRST. Are you able to run this? I've repeated the instructions below.

------------------

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
sorry, I let the repair option run and it hasn't stopped yet. I think it may be stuck
 
That's no problem. Let it run for a bit more and see what happens, it can take quite a while on some machines so may just appear stuck.
 
it stopped finally. Now it does not ask for the log-in. It goes straight to home screen like normally but this time it gave an error BSOD that it was 0X000000A I may be wrong about the number of "0's" but it had an A at the end. It restarted again.
 
In that case please run FRST as previously instructed.
 
Here is the Frst file
note I tried it in safe mode but the log said it would not work in safe mode, so I disconnected the Ethernet cable and somehow got it to stay on long enough to run in normal mode. I also put malwarebytes on flash drive and ran it in safe mode it found 2 Trojans. They have been deleted

Code: 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2013
Ran by Home Office at 16-04-2013 14:22:45
Running from E:\
  Service Pack 1 (X64) OS Language: English(US) 
Attention: Could not load system hive.
The operation completed successfully.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========
2013-04-16 14:21 - 2013-04-16 14:21 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Roxio
2013-04-16 14:16 - 2013-04-16 14:17 - 00274448 ____A C:\Windows\Minidump\041613-97578-01.dmp
2013-04-16 13:13 - 2009-07-13 20:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2013-04-16 12:37 - 2013-04-16 12:37 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-16 12:37 - 2013-04-16 12:37 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Malwarebytes
2013-04-16 12:37 - 2013-04-16 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-04-16 12:37 - 2013-04-16 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-16 12:30 - 2013-04-16 12:31 - 00274392 ____A C:\Windows\Minidump\041613-83320-01.dmp
2013-04-16 12:07 - 2013-04-16 12:07 - 00075240 ____A C:\Users\Home Office\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-16 12:07 - 2013-04-16 12:07 - 00000017 ____A C:\Users\Home Office\AppData\Local\resmon.resmoncfg
2013-04-16 12:03 - 2013-04-16 12:04 - 00274448 ____A C:\Windows\Minidump\041613-87126-01.dmp
2013-04-16 11:58 - 2013-04-16 11:58 - 00274448 ____A C:\Windows\Minidump\041613-99809-01.dmp
2013-04-16 11:52 - 2013-04-16 11:52 - 00274448 ____A C:\Windows\Minidump\041613-96611-01.dmp
2013-04-16 11:46 - 2013-04-16 11:46 - 00274392 ____A C:\Windows\Minidump\041613-94380-01.dmp
2013-04-16 11:40 - 2013-04-16 14:23 - 00000000 ____D C:\FRST
2013-04-16 11:37 - 2013-04-16 11:38 - 00274448 ____A C:\Windows\Minidump\041613-88904-01.dmp
2013-04-16 11:31 - 2013-04-16 11:32 - 00274448 ____A C:\Windows\Minidump\041613-91338-01.dmp
2013-04-16 11:26 - 2013-04-16 11:27 - 00274448 ____A C:\Windows\Minidump\041613-90090-01.dmp
2013-04-15 22:16 - 2013-04-15 22:16 - 00000000 ____D C:\Users\Home Office\AppData\Local\SoftThinks
2013-04-15 22:14 - 2013-04-15 22:14 - 00274448 ____A C:\Windows\Minidump\041513-99544-01.dmp
2013-04-15 22:09 - 2013-04-15 22:09 - 00274448 ____A C:\Windows\Minidump\041513-97110-01.dmp
2013-04-15 22:07 - 2013-04-15 22:07 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\ATI
2013-04-15 22:07 - 2013-04-15 22:07 - 00000000 ____D C:\Users\Home Office\AppData\Local\ATI
2013-04-15 22:06 - 2013-04-15 22:06 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Dell Touch Zone
2013-04-15 22:06 - 2013-04-15 22:06 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Dell
2013-04-15 22:06 - 2013-04-15 22:06 - 00000000 ____D C:\Users\Home Office\AppData\Local\blekkotb
2013-04-15 21:54 - 2013-04-15 21:54 - 00010240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-04-15 21:54 - 2013-04-15 21:54 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-04-14 22:13 - 2013-04-14 22:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-04-11 19:41 - 2013-04-15 21:26 - 00000000 ____D C:\Emergency
2013-03-22 03:21 - 2013-03-22 03:22 - 00274504 ____A C:\Windows\Minidump\032213-27970-01.dmp
2013-03-22 03:17 - 2013-03-22 03:18 - 00274504 ____A C:\Windows\Minidump\032213-44007-01.dmp
2013-03-22 03:10 - 2013-03-22 03:11 - 00274504 ____A C:\Windows\Minidump\032213-47673-01.dmp
2013-03-22 03:07 - 2013-03-22 03:07 - 00274504 ____A C:\Windows\Minidump\032213-45021-01.dmp
==================== One Month Modified Files and Folders ========
2013-04-16 14:23 - 2013-04-16 11:40 - 00000000 ____D C:\FRST
2013-04-16 14:23 - 2011-08-30 22:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-04-16 14:23 - 2011-08-30 22:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-04-16 14:23 - 2011-08-30 22:48 - 00000000 ____D C:\ProgramData\McAfee
2013-04-16 14:21 - 2013-04-16 14:21 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Roxio
2013-04-16 14:21 - 2011-08-30 22:43 - 00000000 ____D C:\ProgramData\Sonic
2013-04-16 14:18 - 2011-08-30 22:24 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-04-16 14:17 - 2013-04-16 14:16 - 00274448 ____A C:\Windows\Minidump\041613-97578-01.dmp
2013-04-16 14:17 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-16 14:17 - 2009-07-13 23:51 - 00051799 ____A C:\Windows\setupact.log
2013-04-16 14:16 - 2012-04-10 22:01 - 334498099 ____A C:\Windows\MEMORY.DMP
2013-04-16 14:16 - 2012-04-10 22:01 - 00000000 ____D C:\Windows\Minidump
2013-04-16 12:37 - 2013-04-16 12:37 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-16 12:37 - 2013-04-16 12:37 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Malwarebytes
2013-04-16 12:37 - 2013-04-16 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-04-16 12:37 - 2013-04-16 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-16 12:37 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files (x86)
2013-04-16 12:31 - 2013-04-16 12:30 - 00274392 ____A C:\Windows\Minidump\041613-83320-01.dmp
2013-04-16 12:07 - 2013-04-16 12:07 - 00075240 ____A C:\Users\Home Office\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-16 12:07 - 2013-04-16 12:07 - 00000017 ____A C:\Users\Home Office\AppData\Local\resmon.resmoncfg
2013-04-16 12:06 - 2011-08-30 22:05 - 01463515 ____A C:\Windows\WindowsUpdate.log
2013-04-16 12:04 - 2013-04-16 12:03 - 00274448 ____A C:\Windows\Minidump\041613-87126-01.dmp
2013-04-16 11:58 - 2013-04-16 11:58 - 00274448 ____A C:\Windows\Minidump\041613-99809-01.dmp
2013-04-16 11:52 - 2013-04-16 11:52 - 00274448 ____A C:\Windows\Minidump\041613-96611-01.dmp
2013-04-16 11:46 - 2013-04-16 11:46 - 00274392 ____A C:\Windows\Minidump\041613-94380-01.dmp
2013-04-16 11:38 - 2013-04-16 11:37 - 00274448 ____A C:\Windows\Minidump\041613-88904-01.dmp
2013-04-16 11:32 - 2013-04-16 11:31 - 00274448 ____A C:\Windows\Minidump\041613-91338-01.dmp
2013-04-16 11:27 - 2013-04-16 11:26 - 00274448 ____A C:\Windows\Minidump\041613-90090-01.dmp
2013-04-15 22:16 - 2013-04-15 22:16 - 00000000 ____D C:\Users\Home Office\AppData\Local\SoftThinks
2013-04-15 22:15 - 2011-09-06 19:43 - 00000000 ____D C:\users\Home Office
2013-04-15 22:14 - 2013-04-15 22:14 - 00274448 ____A C:\Windows\Minidump\041513-99544-01.dmp
2013-04-15 22:09 - 2013-04-15 22:09 - 00274448 ____A C:\Windows\Minidump\041513-97110-01.dmp
2013-04-15 22:07 - 2013-04-15 22:07 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\ATI
2013-04-15 22:07 - 2013-04-15 22:07 - 00000000 ____D C:\Users\Home Office\AppData\Local\ATI
2013-04-15 22:06 - 2013-04-15 22:06 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Dell Touch Zone
2013-04-15 22:06 - 2013-04-15 22:06 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Dell
2013-04-15 22:06 - 2013-04-15 22:06 - 00000000 ____D C:\Users\Home Office\AppData\Local\blekkotb
2013-04-15 22:06 - 2012-05-15 19:39 - 00000000 ____D C:\ProgramData\Anti-phishing Domain Advisor
2013-04-15 21:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64
2013-04-15 21:54 - 2013-04-15 21:54 - 00010240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-04-15 21:54 - 2013-04-15 21:54 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-04-15 21:49 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-04-15 21:43 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\twain_32
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Recovery
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ras
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\InstallShield
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\icsxml
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2013-04-15 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-04-15 21:42 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-04-15 21:42 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-04-15 21:42 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-04-15 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-TW
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-CN
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sv-SE
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ru-RU
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\pt-PT
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\pt-BR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\pl-PL
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\nl-NL
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\nb-NO
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ko-KR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ja-JP
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\it-IT
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hu-HU
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\fr-FR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\fi-FI
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\el-GR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\de-DE
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-TW
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-CN
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\uk-UA
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\th-TH
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sv-SE
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sl-SI
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ru-RU
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ro-RO
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\pt-PT
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\pt-BR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\pl-PL
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\nl-NL
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\nb-NO
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lv-LV
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lt-LT
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ko-KR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ja-JP
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\it-IT
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hu-HU
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hr-HR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\he-IL
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\fr-FR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\fi-FI
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\et-EE
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\el-GR
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\de-DE
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\users\Public
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-04-15 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-04-15 21:37 - 2011-09-06 20:01 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-04-15 21:37 - 2011-09-06 20:01 - 00000000 ____D C:\Windows\System32\spool
2013-04-15 21:37 - 2011-08-31 00:02 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-04-15 21:37 - 2011-08-31 00:02 - 00000000 ____D C:\Windows\System32\RTCOM
2013-04-15 21:37 - 2011-08-30 22:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-04-15 21:37 - 2011-08-30 22:07 - 00000000 ____D C:\Windows\System32\Macromed
2013-04-15 21:37 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-04-15 21:37 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-04-15 21:37 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\slmgr
2013-04-15 21:37 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\DriverStore
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Speech
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NetworkList
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\MUI
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\IME
2013-04-15 21:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\DriverStore
2013-04-15 21:30 - 2011-12-26 23:10 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-04-15 21:30 - 2011-09-06 19:59 - 00000000 ____D C:\Windows\hpoj4500g510n-z
2013-04-15 21:30 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2013-04-15 21:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
2013-04-15 21:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2013-04-15 21:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2013-04-15 21:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-04-15 21:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2013-04-15 21:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-04-15 21:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-04-15 21:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2013-04-15 21:29 - 2012-03-18 21:28 - 00000000 ____D C:\Users\Home Office\AppData\Local\Sonic_Solutions
2013-04-15 21:29 - 2011-12-01 10:10 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\McAfee
2013-04-15 21:29 - 2011-10-01 20:01 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Skype
2013-04-15 21:29 - 2011-09-23 22:44 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\SoftGrid Client
2013-04-15 21:29 - 2011-09-16 16:01 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Juniper Networks
2013-04-15 21:29 - 2011-09-06 20:27 - 00000000 ____D C:\Users\Home Office\Documents\Fax
2013-04-15 21:29 - 2011-09-06 19:57 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Macrovision
2013-04-15 21:29 - 2011-09-06 19:48 - 00000000 ____D C:\Users\Home Office\AppData\Roaming\Adobe
2013-04-15 21:29 - 2011-09-06 19:46 - 00000000 ____D C:\Users\Home Office\AppData\Local\VirtualStore
2013-04-15 21:29 - 2011-09-06 19:43 - 00000000 ___RD C:\Users\Home Office\Desktop\Play Games
2013-04-15 21:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2013-04-15 21:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-04-15 21:27 - 2012-06-17 14:56 - 00000000 ____D C:\ProgramData\Virtualized Applications
2013-04-15 21:27 - 2012-05-15 19:39 - 00000000 ____D C:\Program Files (x86)\querius_001
2013-04-15 21:27 - 2012-05-13 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-04-15 21:27 - 2011-09-23 22:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-04-15 21:27 - 2011-09-23 22:44 - 00000000 ____D C:\Program Files\Microsoft Office
2013-04-15 21:27 - 2011-09-11 15:00 - 00000000 ____D C:\ProgramData\PCDr
2013-04-15 21:27 - 2011-09-06 20:03 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-04-15 21:27 - 2011-09-06 20:03 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-04-15 21:27 - 2011-09-06 20:02 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-04-15 21:27 - 2011-09-06 19:57 - 00000000 ____D C:\ProgramData\HP
2013-04-15 21:27 - 2011-09-06 19:47 - 00000000 ____D C:\Users\Home Office\AppData\Local\Dell
2013-04-15 21:27 - 2011-09-06 19:43 - 00000000 ____D C:\Users\Home Office\AppData\Local\Dell Edoc Viewer
2013-04-15 21:27 - 2011-08-31 00:02 - 00000000 ____D C:\Program Files\Realtek
2013-04-15 21:27 - 2011-08-30 23:47 - 00000000 ___RD C:\Users\Default\Desktop\Play Games
2013-04-15 21:27 - 2011-08-30 23:47 - 00000000 ___RD C:\Users\Default User\Desktop\Play Games
2013-04-15 21:27 - 2011-08-30 23:47 - 00000000 ____D C:\Program Files\Dell Games Folder
2013-04-15 21:27 - 2011-08-30 22:48 - 00000000 ____D C:\Program Files\mcafee
2013-04-15 21:27 - 2011-08-30 22:48 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-04-15 21:27 - 2011-08-30 22:44 - 00000000 ____D C:\Program Files\Roxio
2013-04-15 21:27 - 2011-08-30 22:39 - 00000000 ____D C:\ProgramData\Adobe
2013-04-15 21:27 - 2011-08-30 22:37 - 00000000 ____D C:\Program Files\Dell Support Center
2013-04-15 21:27 - 2011-08-30 22:34 - 00000000 ____D C:\Program Files\Windows Live
2013-04-15 21:27 - 2011-08-30 22:34 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-04-15 21:27 - 2011-08-30 22:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-15 21:27 - 2011-08-30 22:26 - 00000000 ____D C:\ProgramData\Skype
2013-04-15 21:27 - 2011-08-30 22:19 - 00000000 ____D C:\ProgramData\WildTangent
2013-04-15 21:27 - 2011-08-30 22:07 - 00000000 ____D C:\Program Files\Dell Inc
2013-04-15 21:27 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-04-15 21:27 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2013-04-15 21:27 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-04-15 21:27 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-04-15 21:26 - 2013-04-11 19:41 - 00000000 ____D C:\Emergency
2013-04-15 21:26 - 2012-10-21 18:59 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-04-15 21:26 - 2011-09-23 22:49 - 00000000 __RHD C:\MSOCache
2013-04-15 21:26 - 2011-09-23 22:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-04-15 21:26 - 2011-09-16 16:03 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2013-04-15 21:26 - 2011-09-06 19:58 - 00000000 ____D C:\Program Files (x86)\HP
2013-04-15 21:26 - 2011-09-06 19:49 - 00000000 ____D C:\Program Files (x86)\Dell Touch Software Suite
2013-04-15 21:26 - 2011-09-06 19:49 - 00000000 ____D C:\FIND_EULA_PATH
2013-04-15 21:26 - 2011-08-30 22:48 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-04-15 21:26 - 2011-08-30 22:48 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-04-15 21:26 - 2011-08-30 22:37 - 00000000 ____D C:\Program Files (x86)\Jagex
2013-04-15 21:26 - 2011-08-30 22:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-04-15 21:26 - 2011-08-30 22:30 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2013-04-15 21:26 - 2011-08-30 22:29 - 00000000 ____D C:\Program Files (x86)\Cyberlink
2013-04-15 21:26 - 2011-08-30 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-04-15 21:26 - 2011-08-30 22:27 - 00000000 ____D C:\Program Files (x86)\eBay
2013-04-15 21:26 - 2011-08-30 22:18 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-04-15 21:26 - 2011-08-30 22:16 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-04-15 21:26 - 2011-02-10 09:02 - 00000000 ____D C:\Hotfix
2013-04-15 21:26 - 2011-02-10 09:01 - 00000000 ____D C:\dell
2013-04-15 21:25 - 2010-11-20 21:50 - 00000000 ____D C:\users\Administrator
2013-04-15 21:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-04-15 21:06 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-04-15 21:06 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-04-15 21:06 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\winrm
2013-04-15 21:06 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\WCN
2013-04-15 21:06 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2013-04-15 21:06 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2013-04-15 21:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2013-04-15 21:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Vss
2013-04-15 20:36 - 2009-07-13 22:20 - 00000000 ____D C:\users\Default
2013-04-15 20:35 - 2011-08-30 23:55 - 00000000 ____D C:\ProgramData\dell
2013-04-15 20:35 - 2011-08-30 22:46 - 00000000 ____D C:\ProgramData\Uninstall
2013-04-15 20:35 - 2011-08-30 22:41 - 00000000 ____D C:\ProgramData\Macrovision
2013-04-15 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2013-04-15 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-04-15 20:34 - 2011-08-30 22:48 - 00000000 ____D C:\Program Files\mcafee.com
2013-04-15 20:34 - 2011-08-30 22:16 - 00000000 ____D C:\Program Files\Java
2013-04-15 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2013-04-15 20:33 - 2011-08-30 22:41 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-04-15 20:33 - 2011-08-30 22:37 - 00000000 ____D C:\Program Files (x86)\TrustedID
2013-04-15 20:33 - 2011-08-30 22:20 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-04-15 20:33 - 2011-08-30 22:19 - 00000000 ____D C:\Program Files (x86)\WildTangent
2013-04-15 20:33 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-04-15 20:33 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-04-15 20:32 - 2011-08-30 22:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-04-15 20:32 - 2011-08-30 22:29 - 00000000 ____D C:\Program Files (x86)\Dell Stage
2013-04-15 20:32 - 2011-08-30 22:29 - 00000000 ____D C:\Program Files (x86)\Dell
2013-04-15 20:32 - 2011-08-30 22:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-15 20:32 - 2011-08-30 22:16 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-15 20:31 - 2011-08-30 22:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-14 22:13 - 2013-04-14 22:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-04-11 20:16 - 2011-02-10 09:02 - 00000000 ____D C:\Windows\panther
2013-03-22 03:22 - 2013-03-22 03:21 - 00274504 ____A C:\Windows\Minidump\032213-27970-01.dmp
2013-03-22 03:18 - 2013-03-22 03:17 - 00274504 ____A C:\Windows\Minidump\032213-44007-01.dmp
2013-03-22 03:11 - 2013-03-22 03:10 - 00274504 ____A C:\Windows\Minidump\032213-47673-01.dmp
2013-03-22 03:07 - 2013-03-22 03:07 - 00274504 ____A C:\Windows\Minidump\032213-45021-01.dmp
ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2011-08-30 23:57] - [2011-08-30 23:57] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
==================== Memory info =========================== 
Percentage of memory in use: 22%
Total physical RAM: 5886.98 MB
Available physical RAM: 4573.77 MB
Total Pagefile: 11772.14 MB
Available Pagefile: 10193.47 MB
Total Virtual: 4095.88 MB
Available Virtual: 3999.42 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:865.22 GB) NTFS
3 Drive e: () (Removable) (Total:1.82 GB) (Free:1.81 GB) FAT
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B         
  Disk 1    Online         1868 MB      0 B         
  Disk 2    No Media           0 B      0 B         
  Disk 3    No Media           0 B      0 B         
  Disk 4    No Media           0 B      0 B         
  Disk 5    No Media           0 B      0 B         
Partitions of Disk 0:
===============
Disk ID: DCE7B2C0
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                 39 MB    31 KB
  Partition 2    Primary             14 GB    40 MB
  Partition 3    Primary            916 GB    14 GB
=========================================================
Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         RECOVERY     NTFS   Partition     14 GB  Healthy    System (partition with boot components)  
=========================================================
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    916 GB  Healthy    Boot    
=========================================================
Partitions of Disk 1:
===============
Disk ID: 00000000
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1866 MB    31 KB
=========================================================
Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E                FAT    Removable   1866 MB  Healthy            
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: DCE7B2C0
Partition 1:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB
Partition 2:
=========
Hex: 8019150507FEFFFF0040010000F0D901
Active: YES
Type: 07 (NTFS)
Size: 15 GB
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF0030DB0100309572
Active: NO
Type: 07 (NTFS)
Size: 917 GB
==============================
Partitions of Disk 1:
===============
Disk ID: 00000000
Partition 1:
=========
Hex: 80010100063CFEF23E000000B4573A00
Active: YES
Type: 06
Size: 2 GB
==================== End Of Log ============================
 
Hi jackel,

FRST is not designed to be run in Safe Mode or Normal Mode, the instructions provided above required you to run the program in a very specific way. Please also do not run any tools or programs unless instructed, this only complicates the issue and makes it much harder for us to help you. Currently the system is in a very delicate state, and we want to avoid making the problem worse.

Are you able to log on normally using Safe Mode? Does the computer restart or crash whilst in Safe Mode?
 
It stays on with out the Ethernet plugged in for some reason. Ok I could not run it the way you instructed; some odd reason the language option have appeared along with the recovery tools. I'll go through the steps
 
Hi jackel,

Most likely a network driver has been infected by a rootkit, this is causing the system instability.

Download and transfer the following tool to the infected computer. Please follow the instructions exactly, and DO NOT fix anything yet.

  • Download TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, ensure Skip is selected.
    NOTE: Please do not attempt any fix yet.
  • Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.8.8.0_date_time_log.txt
  • Transfer the log back over to a working computer and attach that log, please.
--------------------------------------
 
Hello Will

Here is the file

Code: 
16:10:40.0568 1248  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:10:40.0583 1248  ============================================================
16:10:40.0583 1248  Current date / time: 2013/04/16 16:10:40.0583
16:10:40.0583 1248  SystemInfo:
16:10:40.0583 1248  
16:10:40.0583 1248  OS Version: 6.1.7601 ServicePack: 1.0
16:10:40.0583 1248  Product type: Workstation
16:10:40.0583 1248  ComputerName: HOMEOFFICE-PC
16:10:40.0583 1248  UserName: Home Office
16:10:40.0583 1248  Windows directory: C:\Windows
16:10:40.0583 1248  System windows directory: C:\Windows
16:10:40.0583 1248  Running under WOW64
16:10:40.0583 1248  Processor architecture: Intel x64
16:10:40.0583 1248  Number of processors: 4
16:10:40.0583 1248  Page size: 0x1000
16:10:40.0583 1248  Boot type: Safe boot with network
16:10:40.0583 1248  ============================================================
16:10:41.0441 1248  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:41.0457 1248  Drive \Device\Harddisk1\DR1 - Size: 0x74C00000 (1.82 Gb), SectorSize: 0x200, Cylinders: 0xEE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:10:41.0472 1248  ============================================================
16:10:41.0472 1248  \Device\Harddisk0\DR0:
16:10:41.0472 1248  MBR partitions:
16:10:41.0472 1248  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
16:10:41.0472 1248  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
16:10:41.0472 1248  \Device\Harddisk1\DR1:
16:10:41.0472 1248  MBR partitions:
16:10:41.0472 1248  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3E, BlocksNum 0x3A57B4
16:10:41.0472 1248  ============================================================
16:10:41.0504 1248  C: <-> \Device\Harddisk0\DR0\Partition2
16:10:41.0504 1248  ============================================================
16:10:41.0504 1248  Initialize success
16:10:41.0504 1248  ============================================================
16:10:43.0859 1108  ============================================================
16:10:43.0859 1108  Scan started
16:10:43.0859 1108  Mode: Manual; 
16:10:43.0859 1108  ============================================================
16:10:44.0514 1108  ================ Scan system memory ========================
16:10:44.0514 1108  System memory - ok
16:10:44.0514 1108  ================ Scan services =============================
16:10:44.0655 1108  0121311364716903mcinstcleanup - ok
16:10:45.0045 1108  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:10:45.0045 1108  1394ohci - ok
16:10:45.0060 1108  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:10:45.0060 1108  ACPI - ok
16:10:45.0076 1108  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:10:45.0076 1108  AcpiPmi - ok
16:10:45.0201 1108  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:10:45.0201 1108  AdobeARMservice - ok
16:10:45.0232 1108  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:10:45.0248 1108  adp94xx - ok
16:10:45.0279 1108  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:10:45.0279 1108  adpahci - ok
16:10:45.0279 1108  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:10:45.0279 1108  adpu320 - ok
16:10:45.0310 1108  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:10:45.0326 1108  AeLookupSvc - ok
16:10:45.0357 1108  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:10:45.0357 1108  AFD - ok
16:10:45.0388 1108  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:10:45.0388 1108  agp440 - ok
16:10:45.0435 1108  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:10:45.0435 1108  ALG - ok
16:10:45.0450 1108  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:10:45.0450 1108  aliide - ok
16:10:45.0482 1108  [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:10:45.0482 1108  AMD External Events Utility - ok
16:10:45.0482 1108  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:10:45.0482 1108  amdide - ok
16:10:45.0497 1108  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:10:45.0497 1108  AmdK8 - ok
16:10:45.0544 1108  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:10:45.0544 1108  AmdPPM - ok
16:10:45.0575 1108  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:10:45.0575 1108  amdsata - ok
16:10:45.0575 1108  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:10:45.0575 1108  amdsbs - ok
16:10:45.0591 1108  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:10:45.0591 1108  amdxata - ok
16:10:45.0591 1108  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:10:45.0591 1108  AppID - ok
16:10:45.0606 1108  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:10:45.0606 1108  AppIDSvc - ok
16:10:45.0622 1108  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:10:45.0622 1108  Appinfo - ok
16:10:45.0653 1108  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:10:45.0653 1108  arc - ok
16:10:45.0669 1108  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:10:45.0669 1108  arcsas - ok
16:10:45.0934 1108  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:10:45.0950 1108  aspnet_state - ok
16:10:45.0981 1108  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:45.0981 1108  AsyncMac - ok
16:10:45.0981 1108  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:10:45.0981 1108  atapi - ok
16:10:45.0981 1108  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
16:10:45.0996 1108  AtiHdmiService - ok
16:10:46.0074 1108  [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:46.0121 1108  atikmdag - ok
16:10:46.0152 1108  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\drivers\AtiPcie.sys
16:10:46.0152 1108  AtiPcie - ok
16:10:46.0199 1108  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:10:46.0199 1108  AudioEndpointBuilder - ok
16:10:46.0215 1108  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:10:46.0215 1108  AudioSrv - ok
16:10:46.0246 1108  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:10:46.0246 1108  AxInstSV - ok
16:10:46.0277 1108  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:10:46.0277 1108  b06bdrv - ok
16:10:46.0293 1108  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:10:46.0293 1108  b57nd60a - ok
16:10:46.0402 1108  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:10:46.0402 1108  BBSvc - ok
16:10:46.0418 1108  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:10:46.0418 1108  BBUpdate - ok
16:10:46.0449 1108  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:10:46.0449 1108  BDESVC - ok
16:10:46.0480 1108  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:10:46.0480 1108  Beep - ok
16:10:46.0527 1108  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:10:46.0527 1108  BFE - ok
16:10:46.0574 1108  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:10:46.0823 1108  BITS - ok
16:10:46.0855 1108  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:10:46.0855 1108  blbdrive - ok
16:10:46.0855 1108  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:10:46.0855 1108  bowser - ok
16:10:46.0855 1108  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:10:46.0855 1108  BrFiltLo - ok
16:10:46.0886 1108  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:10:46.0886 1108  BrFiltUp - ok
16:10:46.0901 1108  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:10:46.0901 1108  Browser - ok
16:10:46.0901 1108  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:10:46.0901 1108  Brserid - ok
16:10:46.0917 1108  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:10:46.0917 1108  BrSerWdm - ok
16:10:46.0917 1108  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:10:46.0917 1108  BrUsbMdm - ok
16:10:46.0917 1108  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:10:46.0917 1108  BrUsbSer - ok
16:10:46.0948 1108  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:10:46.0948 1108  BTHMODEM - ok
16:10:46.0979 1108  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:10:46.0979 1108  bthserv - ok
16:10:46.0979 1108  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:10:46.0979 1108  cdfs - ok
16:10:47.0011 1108  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:10:47.0011 1108  cdrom - ok
16:10:47.0042 1108  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:10:47.0042 1108  CertPropSvc - ok
16:10:47.0073 1108  [ D2B3252AD4EB499C935A56467997AA3C ] cfwids          C:\Windows\system32\drivers\cfwids.sys
16:10:47.0073 1108  cfwids - ok
16:10:47.0104 1108  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
16:10:47.0104 1108  circlass - ok
16:10:47.0120 1108  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:10:47.0120 1108  CLFS - ok
16:10:47.0213 1108  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:47.0213 1108  clr_optimization_v2.0.50727_32 - ok
16:10:47.0338 1108  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:10:47.0338 1108  clr_optimization_v2.0.50727_64 - ok
16:10:47.0557 1108  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:47.0572 1108  clr_optimization_v4.0.30319_32 - ok
16:10:47.0603 1108  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:10:47.0635 1108  clr_optimization_v4.0.30319_64 - ok
16:10:47.0666 1108  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:10:47.0666 1108  CmBatt - ok
16:10:47.0697 1108  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:10:47.0697 1108  cmdide - ok
16:10:47.0713 1108  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:10:47.0713 1108  CNG - ok
16:10:47.0713 1108  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:10:47.0713 1108  Compbatt - ok
16:10:47.0759 1108  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:10:47.0759 1108  CompositeBus - ok
16:10:47.0759 1108  COMSysApp - ok
16:10:47.0775 1108  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:10:47.0775 1108  crcdisk - ok
16:10:47.0806 1108  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:10:47.0822 1108  CryptSvc - ok
16:10:47.0915 1108  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:10:47.0915 1108  cvhsvc - ok
16:10:47.0962 1108  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:10:47.0993 1108  DcomLaunch - ok
16:10:48.0009 1108  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:10:48.0009 1108  defragsvc - ok
16:10:48.0040 1108  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:10:48.0040 1108  DfsC - ok
16:10:48.0056 1108  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:10:48.0056 1108  Dhcp - ok
16:10:48.0071 1108  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:10:48.0071 1108  discache - ok
16:10:48.0071 1108  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:10:48.0071 1108  Disk - ok
16:10:48.0087 1108  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:10:48.0087 1108  Dnscache - ok
16:10:48.0103 1108  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:10:48.0103 1108  dot3svc - ok
16:10:48.0134 1108  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
16:10:48.0134 1108  Dot4 - ok
16:10:48.0134 1108  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:10:48.0134 1108  Dot4Print - ok
16:10:48.0149 1108  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
16:10:48.0149 1108  dot4usb - ok
16:10:48.0165 1108  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:10:48.0165 1108  DPS - ok
16:10:48.0165 1108  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:10:48.0165 1108  drmkaud - ok
16:10:48.0196 1108  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:10:48.0212 1108  DXGKrnl - ok
16:10:48.0243 1108  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:10:48.0243 1108  EapHost - ok
16:10:48.0305 1108  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:10:48.0352 1108  ebdrv - ok
16:10:48.0383 1108  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:10:48.0383 1108  EFS - ok
16:10:48.0493 1108  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:10:48.0508 1108  ehRecvr - ok
16:10:48.0539 1108  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:10:48.0539 1108  ehSched - ok
16:10:48.0555 1108  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:10:48.0555 1108  elxstor - ok
16:10:48.0602 1108  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:10:48.0602 1108  ErrDev - ok
16:10:48.0633 1108  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:10:48.0633 1108  EventSystem - ok
16:10:48.0633 1108  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:10:48.0633 1108  exfat - ok
16:10:48.0649 1108  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:10:48.0649 1108  fastfat - ok
16:10:48.0695 1108  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:10:48.0695 1108  Fax - ok
16:10:48.0711 1108  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:10:48.0711 1108  fdc - ok
16:10:48.0758 1108  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:10:48.0758 1108  fdPHost - ok
16:10:48.0758 1108  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:10:48.0758 1108  FDResPub - ok
16:10:48.0758 1108  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:10:48.0773 1108  FileInfo - ok
16:10:48.0773 1108  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:10:48.0773 1108  Filetrace - ok
16:10:48.0773 1108  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:10:48.0773 1108  flpydisk - ok
16:10:48.0789 1108  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:10:48.0789 1108  FltMgr - ok
16:10:48.0836 1108  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:10:48.0851 1108  FontCache - ok
16:10:48.0883 1108  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:10:48.0883 1108  FontCache3.0.0.0 - ok
16:10:48.0898 1108  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:10:48.0898 1108  FsDepends - ok
16:10:48.0898 1108  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:10:48.0898 1108  Fs_Rec - ok
16:10:48.0929 1108  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:10:48.0929 1108  fvevol - ok
16:10:48.0945 1108  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:10:48.0945 1108  gagp30kx - ok
16:10:49.0023 1108  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:10:49.0023 1108  GamesAppService - ok
16:10:49.0101 1108  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:10:49.0101 1108  GoToAssist - ok
16:10:49.0117 1108  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:10:49.0132 1108  gpsvc - ok
16:10:49.0148 1108  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:10:49.0148 1108  hcw85cir - ok
16:10:49.0163 1108  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:10:49.0163 1108  HDAudBus - ok
16:10:49.0179 1108  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:10:49.0179 1108  HidBatt - ok
16:10:49.0195 1108  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:10:49.0195 1108  HidBth - ok
16:10:49.0210 1108  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:10:49.0210 1108  HidIr - ok
16:10:49.0226 1108  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:10:49.0226 1108  hidserv - ok
16:10:49.0257 1108  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:10:49.0257 1108  HidUsb - ok
16:10:49.0257 1108  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
16:10:49.0273 1108  HipShieldK - ok
16:10:49.0288 1108  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:10:49.0288 1108  hkmsvc - ok
16:10:49.0304 1108  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:10:49.0304 1108  HomeGroupListener - ok
16:10:49.0351 1108  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:10:49.0351 1108  HomeGroupProvider - ok
16:10:49.0522 1108  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:10:49.0522 1108  hpqcxs08 - ok
16:10:49.0538 1108  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:10:49.0538 1108  hpqddsvc - ok
16:10:49.0538 1108  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:10:49.0538 1108  HpSAMD - ok
16:10:49.0585 1108  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:10:49.0585 1108  HPSLPSVC - ok
16:10:49.0647 1108  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:10:49.0647 1108  HTTP - ok
16:10:49.0663 1108  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:10:49.0678 1108  hwpolicy - ok
16:10:49.0709 1108  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:10:49.0709 1108  i8042prt - ok
16:10:49.0741 1108  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:10:49.0741 1108  iaStorV - ok
16:10:49.0819 1108  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:10:49.0819 1108  idsvc - ok
16:10:49.0819 1108  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:10:49.0819 1108  iirsp - ok
16:10:49.0865 1108  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:10:49.0865 1108  IKEEXT - ok
16:10:49.0928 1108  [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:10:49.0943 1108  IntcAzAudAddService - ok
16:10:49.0959 1108  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:10:49.0959 1108  intelide - ok
16:10:49.0959 1108  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
16:10:49.0959 1108  intelppm - ok
16:10:49.0975 1108  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:10:49.0975 1108  IPBusEnum - ok
16:10:49.0975 1108  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:49.0990 1108  IpFilterDriver - ok
16:10:50.0021 1108  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:10:50.0021 1108  iphlpsvc - ok
16:10:50.0037 1108  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:10:50.0037 1108  IPMIDRV - ok
16:10:50.0053 1108  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:10:50.0053 1108  IPNAT - ok
16:10:50.0068 1108  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:10:50.0068 1108  IRENUM - ok
16:10:50.0084 1108  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:10:50.0084 1108  isapnp - ok
16:10:50.0099 1108  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:10:50.0099 1108  iScsiPrt - ok
16:10:50.0115 1108  [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
16:10:50.0115 1108  k57nd60a - ok
16:10:50.0146 1108  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:10:50.0146 1108  kbdclass - ok
16:10:50.0162 1108  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:10:50.0162 1108  kbdhid - ok
16:10:50.0162 1108  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:10:50.0177 1108  KeyIso - ok
16:10:50.0193 1108  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:10:50.0193 1108  KSecDD - ok
16:10:50.0193 1108  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:10:50.0193 1108  KSecPkg - ok
16:10:50.0209 1108  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:10:50.0209 1108  ksthunk - ok
16:10:50.0240 1108  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:10:50.0240 1108  KtmRm - ok
16:10:50.0302 1108  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:10:50.0333 1108  LanmanServer - ok
16:10:50.0349 1108  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:10:50.0349 1108  LanmanWorkstation - ok
16:10:50.0380 1108  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:10:50.0380 1108  lltdio - ok
16:10:50.0411 1108  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:10:50.0411 1108  lltdsvc - ok
16:10:50.0411 1108  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:10:50.0411 1108  lmhosts - ok
16:10:50.0443 1108  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:10:50.0443 1108  LSI_FC - ok
16:10:50.0474 1108  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:10:50.0474 1108  LSI_SAS - ok
16:10:50.0474 1108  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:10:50.0474 1108  LSI_SAS2 - ok
16:10:50.0474 1108  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:10:50.0489 1108  LSI_SCSI - ok
16:10:50.0505 1108  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:10:50.0505 1108  luafv - ok
16:10:50.0630 1108  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:50.0630 1108  McAfee SiteAdvisor Service - ok
16:10:50.0723 1108  [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk         c:\PROGRA~1\mcafee\msc\mcawfwk.exe
16:10:50.0723 1108  McAWFwk - ok
16:10:50.0723 1108  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:50.0723 1108  McMPFSvc - ok
16:10:50.0755 1108  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:50.0755 1108  mcmscsvc - ok
16:10:50.0755 1108  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:50.0755 1108  McNaiAnn - ok
16:10:50.0755 1108  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:50.0755 1108  McNASvc - ok
16:10:50.0833 1108  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
16:10:50.0848 1108  McODS - ok
16:10:50.0848 1108  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:10:50.0848 1108  McOobeSv - ok
16:10:50.0848 1108  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:50.0864 1108  McProxy - ok
16:10:50.0911 1108  [ 21F81090A00932C5E96700EDF2977582 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:10:50.0911 1108  McShield - ok
16:10:50.0942 1108  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:10:50.0957 1108  Mcx2Svc - ok
16:10:50.0973 1108  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:10:50.0973 1108  megasas - ok
16:10:51.0004 1108  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:10:51.0020 1108  MegaSR - ok
16:10:51.0020 1108  [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
16:10:51.0020 1108  mfeapfk - ok
16:10:51.0035 1108  [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
16:10:51.0051 1108  mfeavfk - ok
16:10:51.0082 1108  [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:10:51.0082 1108  mfefire - ok
16:10:51.0098 1108  [ CECC9841D036EE008091825272D91331 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
16:10:51.0113 1108  mfefirek - ok
16:10:51.0145 1108  [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
16:10:51.0145 1108  mfehidk - ok
16:10:51.0160 1108  [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
16:10:51.0160 1108  mferkdet - ok
16:10:51.0176 1108  [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp          C:\Windows\system32\mfevtps.exe
16:10:51.0176 1108  mfevtp - ok
16:10:51.0191 1108  [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
16:10:51.0191 1108  mfewfpk - ok
16:10:51.0223 1108  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:10:51.0223 1108  MMCSS - ok
16:10:51.0254 1108  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:10:51.0254 1108  Modem - ok
16:10:51.0269 1108  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:10:51.0269 1108  monitor - ok
16:10:51.0269 1108  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:10:51.0269 1108  mouclass - ok
16:10:51.0285 1108  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:10:51.0285 1108  mouhid - ok
16:10:51.0285 1108  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:10:51.0285 1108  mountmgr - ok
16:10:51.0301 1108  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:10:51.0301 1108  mpio - ok
16:10:51.0316 1108  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:10:51.0316 1108  mpsdrv - ok
16:10:51.0332 1108  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:10:51.0347 1108  MpsSvc - ok
16:10:51.0379 1108  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:10:51.0379 1108  MRxDAV - ok
16:10:51.0379 1108  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:10:51.0379 1108  mrxsmb - ok
16:10:51.0379 1108  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:10:51.0394 1108  mrxsmb10 - ok
16:10:51.0410 1108  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:10:51.0410 1108  mrxsmb20 - ok
16:10:51.0410 1108  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:10:51.0410 1108  msahci - ok
16:10:51.0410 1108  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:10:51.0425 1108  msdsm - ok
16:10:51.0441 1108  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:10:51.0441 1108  MSDTC - ok
16:10:51.0457 1108  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:10:51.0457 1108  Msfs - ok
16:10:51.0457 1108  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:10:51.0457 1108  mshidkmdf - ok
16:10:51.0457 1108  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:10:51.0472 1108  msisadrv - ok
16:10:51.0503 1108  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:10:51.0503 1108  MSiSCSI - ok
16:10:51.0503 1108  msiserver - ok
16:10:51.0535 1108  [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:51.0535 1108  MSK80Service - ok
16:10:51.0535 1108  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:10:51.0535 1108  MSKSSRV - ok
16:10:51.0566 1108  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:10:51.0566 1108  MSPCLOCK - ok
16:10:51.0566 1108  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:10:51.0566 1108  MSPQM - ok
16:10:51.0566 1108  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:10:51.0581 1108  MsRPC - ok
16:10:51.0581 1108  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:10:51.0581 1108  mssmbios - ok
16:10:51.0581 1108  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:10:51.0581 1108  MSTEE - ok
16:10:51.0597 1108  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:10:51.0597 1108  MTConfig - ok
16:10:51.0597 1108  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:10:51.0597 1108  Mup - ok
16:10:51.0628 1108  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:10:51.0628 1108  napagent - ok
16:10:51.0659 1108  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:10:51.0675 1108  NativeWifiP - ok
16:10:51.0706 1108  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:10:51.0722 1108  NDIS - ok
16:10:51.0722 1108  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:10:51.0722 1108  NdisCap - ok
16:10:51.0722 1108  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:10:51.0722 1108  NdisTapi - ok
16:10:51.0753 1108  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:10:51.0753 1108  Ndisuio - ok
16:10:51.0753 1108  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:10:51.0753 1108  NdisWan - ok
16:10:51.0753 1108  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:10:51.0769 1108  NDProxy - ok
16:10:51.0769 1108  [ 85E3DF39B5C7F5249EFD120907C0E2D2 ] NEOFLTR_650_15991 C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS
16:10:51.0769 1108  NEOFLTR_650_15991 - ok
16:10:51.0800 1108  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:10:51.0815 1108  Net Driver HPZ12 - ok
16:10:51.0815 1108  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:10:51.0815 1108  NetBIOS - ok
16:10:51.0815 1108  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:10:51.0815 1108  NetBT - ok
16:10:51.0862 1108  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:10:51.0862 1108  Netlogon - ok
16:10:51.0909 1108  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:10:51.0909 1108  Netman - ok
16:10:52.0112 1108  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:52.0112 1108  NetMsmqActivator - ok
16:10:52.0127 1108  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:52.0127 1108  NetPipeActivator - ok
16:10:52.0143 1108  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:10:52.0143 1108  netprofm - ok
16:10:52.0159 1108  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:52.0159 1108  NetTcpActivator - ok
16:10:52.0159 1108  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:52.0159 1108  NetTcpPortSharing - ok
16:10:52.0159 1108  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:10:52.0159 1108  nfrd960 - ok
16:10:52.0190 1108  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:10:52.0190 1108  NlaSvc - ok
16:10:52.0205 1108  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:10:52.0205 1108  Npfs - ok
16:10:52.0221 1108  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:10:52.0221 1108  nsi - ok
16:10:52.0237 1108  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:10:52.0237 1108  nsiproxy - ok
16:10:52.0315 1108  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:10:52.0330 1108  Ntfs - ok
16:10:52.0330 1108  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:10:52.0330 1108  Null - ok
16:10:52.0346 1108  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:10:52.0346 1108  nvraid - ok
16:10:52.0346 1108  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:10:52.0346 1108  nvstor - ok
16:10:52.0361 1108  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:10:52.0361 1108  nv_agp - ok
16:10:52.0377 1108  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:10:52.0377 1108  ohci1394 - ok
16:10:52.0424 1108  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:10:52.0424 1108  ose - ok
16:10:52.0564 1108  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:10:52.0642 1108  osppsvc - ok
16:10:52.0673 1108  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:10:52.0689 1108  p2pimsvc - ok
16:10:52.0705 1108  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:10:52.0720 1108  p2psvc - ok
16:10:52.0720 1108  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
16:10:52.0720 1108  Parport - ok
16:10:52.0736 1108  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:10:52.0736 1108  partmgr - ok
16:10:52.0751 1108  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:10:52.0751 1108  PcaSvc - ok
16:10:53.0032 1108  PcdrNdisuio - ok
16:10:53.0188 1108  [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
16:10:53.0266 1108  PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
16:10:53.0641 1108  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:10:53.0641 1108  pci - ok
16:10:53.0641 1108  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:10:53.0641 1108  pciide - ok
16:10:53.0656 1108  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:10:53.0656 1108  pcmcia - ok
16:10:53.0656 1108  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:10:53.0656 1108  pcw - ok
16:10:53.0672 1108  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:10:53.0672 1108  PEAUTH - ok
16:10:53.0953 1108  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:10:53.0999 1108  PerfHost - ok
16:10:54.0327 1108  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:10:54.0343 1108  pla - ok
16:10:54.0405 1108  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:10:54.0405 1108  PlugPlay - ok
16:10:54.0467 1108  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:10:54.0483 1108  Pml Driver HPZ12 - ok
16:10:54.0499 1108  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:10:54.0499 1108  PNRPAutoReg - ok
16:10:54.0514 1108  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:10:54.0514 1108  PNRPsvc - ok
16:10:54.0577 1108  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:10:54.0577 1108  PolicyAgent - ok
16:10:54.0592 1108  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:10:54.0592 1108  Power - ok
16:10:54.0717 1108  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:10:54.0717 1108  PptpMiniport - ok
16:10:54.0733 1108  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:10:54.0733 1108  Processor - ok
16:10:54.0779 1108  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:10:54.0779 1108  ProfSvc - ok
16:10:54.0795 1108  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:10:54.0811 1108  ProtectedStorage - ok
16:10:54.0842 1108  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:10:54.0842 1108  Psched - ok
16:10:54.0842 1108  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:10:54.0857 1108  PxHlpa64 - ok
16:10:54.0889 1108  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:10:54.0904 1108  ql2300 - ok
16:10:54.0904 1108  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:10:54.0904 1108  ql40xx - ok
16:10:54.0920 1108  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:10:54.0920 1108  QWAVE - ok
16:10:54.0967 1108  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:10:54.0967 1108  QWAVEdrv - ok
16:10:54.0967 1108  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:10:54.0967 1108  RasAcd - ok
16:10:55.0013 1108  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:10:55.0013 1108  RasAgileVpn - ok
16:10:55.0029 1108  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:10:55.0029 1108  RasAuto - ok
16:10:55.0029 1108  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:10:55.0029 1108  Rasl2tp - ok
16:10:55.0045 1108  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:10:55.0045 1108  RasMan - ok
16:10:55.0076 1108  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:10:55.0076 1108  RasPppoe - ok
16:10:55.0091 1108  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:10:55.0091 1108  RasSstp - ok
16:10:55.0091 1108  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:10:55.0091 1108  rdbss - ok
16:10:55.0091 1108  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:10:55.0107 1108  rdpbus - ok
16:10:55.0123 1108  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:10:55.0123 1108  RDPCDD - ok
16:10:55.0123 1108  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:10:55.0123 1108  RDPENCDD - ok
16:10:55.0138 1108  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:10:55.0138 1108  RDPREFMP - ok
16:10:55.0138 1108  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:10:55.0138 1108  RDPWD - ok
16:10:55.0169 1108  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:10:55.0169 1108  rdyboost - ok
16:10:55.0201 1108  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:10:55.0201 1108  RemoteAccess - ok
16:10:55.0216 1108  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:10:55.0216 1108  RemoteRegistry - ok
16:10:55.0450 1108  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
16:10:55.0450 1108  RoxMediaDB12OEM - ok
16:10:55.0481 1108  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
16:10:55.0481 1108  RoxWatch12 - ok
16:10:55.0528 1108  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:10:55.0528 1108  RpcEptMapper - ok
16:10:55.0559 1108  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:10:55.0559 1108  RpcLocator - ok
16:10:55.0575 1108  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:10:55.0575 1108  RpcSs - ok
16:10:55.0606 1108  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:10:55.0606 1108  rspndr - ok
16:10:55.0637 1108  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:10:55.0637 1108  SamSs - ok
16:10:55.0669 1108  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:10:55.0669 1108  sbp2port - ok
16:10:55.0684 1108  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:10:55.0684 1108  SCardSvr - ok
16:10:55.0700 1108  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:10:55.0700 1108  scfilter - ok
16:10:55.0715 1108  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:10:55.0731 1108  Schedule - ok
16:10:55.0762 1108  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:10:55.0762 1108  SCPolicySvc - ok
16:10:55.0793 1108  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:10:55.0793 1108  SDRSVC - ok
16:10:55.0825 1108  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:10:55.0825 1108  secdrv - ok
16:10:55.0840 1108  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:10:55.0840 1108  seclogon - ok
16:10:55.0856 1108  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:10:55.0871 1108  SENS - ok
16:10:55.0918 1108  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:10:55.0918 1108  SensrSvc - ok
16:10:55.0934 1108  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:10:55.0934 1108  Serenum - ok
16:10:55.0934 1108  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
16:10:55.0949 1108  Serial - ok
16:10:55.0949 1108  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:10:55.0949 1108  sermouse - ok
16:10:55.0965 1108  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:10:55.0965 1108  SessionEnv - ok
16:10:56.0012 1108  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:10:56.0012 1108  sffdisk - ok
16:10:56.0012 1108  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:10:56.0012 1108  sffp_mmc - ok
16:10:56.0012 1108  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:10:56.0012 1108  sffp_sd - ok
16:10:56.0027 1108  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:10:56.0027 1108  sfloppy - ok
16:10:56.0043 1108  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
16:10:56.0043 1108  Sftfs - ok
16:10:56.0105 1108  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:10:56.0121 1108  sftlist - ok
16:10:56.0121 1108  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:10:56.0121 1108  Sftplay - ok
16:10:56.0121 1108  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:10:56.0137 1108  Sftredir - ok
16:10:56.0261 1108  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:10:56.0277 1108  SftService - ok
16:10:56.0308 1108  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
16:10:56.0308 1108  Sftvol - ok
16:10:56.0324 1108  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:10:56.0324 1108  sftvsa - ok
16:10:56.0355 1108  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:10:56.0355 1108  SharedAccess - ok
16:10:56.0371 1108  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:10:56.0386 1108  ShellHWDetection - ok
16:10:56.0386 1108  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:10:56.0386 1108  SiSRaid2 - ok
16:10:56.0386 1108  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:10:56.0386 1108  SiSRaid4 - ok
16:10:56.0480 1108  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:10:56.0480 1108  SkypeUpdate - ok
16:10:56.0511 1108  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:10:56.0511 1108  Smb - ok
16:10:56.0542 1108  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:10:56.0542 1108  SNMPTRAP - ok
16:10:56.0558 1108  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:10:56.0558 1108  spldr - ok
16:10:56.0589 1108  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:10:56.0605 1108  Spooler - ok
16:10:56.0714 1108  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:10:56.0761 1108  sppsvc - ok
16:10:56.0761 1108  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:10:56.0776 1108  sppuinotify - ok
16:10:56.0792 1108  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:10:56.0792 1108  srv - ok
16:10:56.0807 1108  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:10:56.0807 1108  srv2 - ok
16:10:56.0823 1108  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:10:56.0823 1108  srvnet - ok
16:10:56.0854 1108  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:10:56.0854 1108  SSDPSRV - ok
16:10:56.0870 1108  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:10:56.0870 1108  SstpSvc - ok
16:10:56.0870 1108  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:10:56.0870 1108  stexstor - ok
16:10:56.0917 1108  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:10:56.0917 1108  stisvc - ok
16:10:56.0995 1108  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:10:56.0995 1108  stllssvr - ok
16:10:56.0995 1108  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:10:56.0995 1108  swenum - ok
16:10:57.0026 1108  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:10:57.0041 1108  swprv - ok
16:10:57.0088 1108  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:10:57.0119 1108  SysMain - ok
16:10:57.0119 1108  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:10:57.0135 1108  TabletInputService - ok
16:10:57.0166 1108  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:10:57.0166 1108  TapiSrv - ok
16:10:57.0182 1108  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:10:57.0182 1108  TBS - ok
16:10:57.0229 1108  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:10:57.0244 1108  Tcpip - ok
16:10:57.0275 1108  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:10:57.0291 1108  TCPIP6 - ok
16:10:57.0307 1108  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:10:57.0307 1108  tcpipreg - ok
16:10:57.0322 1108  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:10:57.0322 1108  TDPIPE - ok
16:10:57.0322 1108  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:10:57.0322 1108  TDTCP - ok
16:10:57.0338 1108  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:10:57.0338 1108  tdx - ok
16:10:57.0338 1108  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:10:57.0338 1108  TermDD - ok
16:10:57.0369 1108  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:10:57.0385 1108  TermService - ok
16:10:57.0385 1108  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:10:57.0385 1108  Themes - ok
16:10:57.0416 1108  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:10:57.0416 1108  THREADORDER - ok
16:10:57.0463 1108  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:10:57.0463 1108  TrkWks - ok
16:10:57.0509 1108  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:10:57.0525 1108  TrustedInstaller - ok
16:10:57.0525 1108  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:10:57.0525 1108  tssecsrv - ok
16:10:57.0556 1108  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:10:57.0556 1108  TsUsbFlt - ok
16:10:57.0556 1108  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:10:57.0556 1108  TsUsbGD - ok
16:10:57.0587 1108  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:10:57.0587 1108  tunnel - ok
16:10:57.0603 1108  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:10:57.0603 1108  uagp35 - ok
16:10:57.0603 1108  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:10:57.0603 1108  udfs - ok
16:10:57.0650 1108  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:10:57.0665 1108  UI0Detect - ok
16:10:57.0681 1108  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:10:57.0681 1108  uliagpkx - ok
16:10:57.0697 1108  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:10:57.0697 1108  umbus - ok
16:10:57.0712 1108  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:10:57.0712 1108  UmPass - ok
16:10:57.0759 1108  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:10:57.0759 1108  upnphost - ok
16:10:57.0790 1108  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:10:57.0790 1108  usbccgp - ok
16:10:57.0806 1108  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:10:57.0821 1108  usbcir - ok
16:10:57.0821 1108  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:10:57.0821 1108  usbehci - ok
16:10:57.0821 1108  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:10:57.0821 1108  usbhub - ok
16:10:57.0837 1108  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:10:57.0837 1108  usbohci - ok
16:10:57.0853 1108  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:10:57.0853 1108  usbprint - ok
16:10:57.0884 1108  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:10:57.0899 1108  usbscan - ok
16:10:57.0899 1108  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:10:57.0899 1108  USBSTOR - ok
16:10:57.0899 1108  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:10:57.0899 1108  usbuhci - ok
16:10:57.0931 1108  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:10:57.0931 1108  UxSms - ok
16:10:57.0946 1108  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:10:57.0946 1108  VaultSvc - ok
16:10:57.0962 1108  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:10:57.0962 1108  vdrvroot - ok
16:10:57.0993 1108  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:10:58.0009 1108  vds - ok
16:10:58.0009 1108  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:10:58.0009 1108  vga - ok
16:10:58.0009 1108  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:10:58.0009 1108  VgaSave - ok
16:10:58.0024 1108  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:10:58.0024 1108  vhdmp - ok
16:10:58.0024 1108  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:10:58.0024 1108  viaide - ok
16:10:58.0040 1108  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:10:58.0040 1108  volmgr - ok
16:10:58.0087 1108  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:10:58.0087 1108  volmgrx - ok
16:10:58.0102 1108  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:10:58.0102 1108  volsnap - ok
16:10:58.0118 1108  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:10:58.0118 1108  vsmraid - ok
16:10:58.0211 1108  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:10:58.0227 1108  VSS - ok
16:10:58.0274 1108  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:10:58.0274 1108  vwifibus - ok
16:10:58.0274 1108  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:10:58.0289 1108  W32Time - ok
16:10:58.0305 1108  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:10:58.0305 1108  WacomPen - ok
16:10:58.0321 1108  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:10:58.0321 1108  WANARP - ok
16:10:58.0321 1108  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:10:58.0321 1108  Wanarpv6 - ok
16:10:58.0383 1108  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:10:58.0399 1108  WatAdminSvc - ok
16:10:58.0445 1108  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:10:58.0461 1108  wbengine - ok
16:10:58.0461 1108  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:10:58.0461 1108  WbioSrvc - ok
16:10:58.0492 1108  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:10:58.0492 1108  wcncsvc - ok
16:10:58.0508 1108  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:10:58.0508 1108  WcsPlugInService - ok
16:10:58.0508 1108  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:10:58.0508 1108  Wd - ok
16:10:58.0523 1108  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:10:58.0523 1108  Wdf01000 - ok
16:10:58.0555 1108  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:10:58.0555 1108  WdiServiceHost - ok
16:10:58.0555 1108  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:10:58.0555 1108  WdiSystemHost - ok
16:10:58.0570 1108  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:10:58.0570 1108  WebClient - ok
16:10:58.0601 1108  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:10:58.0601 1108  Wecsvc - ok
16:10:58.0617 1108  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:10:58.0617 1108  wercplsupport - ok
16:10:58.0648 1108  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:10:58.0648 1108  WerSvc - ok
16:10:58.0664 1108  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:10:58.0664 1108  WfpLwf - ok
16:10:58.0695 1108  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
16:10:58.0695 1108  WimFltr - ok
16:10:58.0695 1108  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:10:58.0695 1108  WIMMount - ok
16:10:58.0726 1108  WinDefend - ok
16:10:58.0757 1108  WinHttpAutoProxySvc - ok
16:10:58.0898 1108  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:10:58.0898 1108  Winmgmt - ok
16:10:58.0945 1108  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:10:58.0991 1108  WinRM - ok
16:10:59.0007 1108  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:10:59.0007 1108  WinUsb - ok
16:10:59.0054 1108  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:10:59.0069 1108  Wlansvc - ok
16:10:59.0147 1108  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:10:59.0147 1108  wlcrasvc - ok
16:10:59.0225 1108  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:10:59.0257 1108  wlidsvc - ok
16:10:59.0288 1108  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:10:59.0288 1108  WmiAcpi - ok
16:10:59.0319 1108  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:10:59.0335 1108  wmiApSrv - ok
16:10:59.0366 1108  WMPNetworkSvc - ok
16:10:59.0381 1108  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:10:59.0381 1108  WPCSvc - ok
16:10:59.0381 1108  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:10:59.0381 1108  WPDBusEnum - ok
16:10:59.0397 1108  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:10:59.0397 1108  ws2ifsl - ok
16:10:59.0413 1108  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:10:59.0413 1108  wscsvc - ok
16:10:59.0428 1108  WSearch - ok
16:10:59.0491 1108  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:10:59.0522 1108  wuauserv - ok
16:10:59.0553 1108  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:10:59.0553 1108  WudfPf - ok
16:10:59.0584 1108  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:10:59.0584 1108  WUDFRd - ok
16:10:59.0600 1108  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:10:59.0600 1108  wudfsvc - ok
16:10:59.0615 1108  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:10:59.0615 1108  WwanSvc - ok
16:10:59.0631 1108  ================ Scan global ===============================
16:10:59.0662 1108  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:10:59.0693 1108  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:10:59.0693 1108  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:10:59.0740 1108  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:10:59.0771 1108  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:10:59.0771 1108  [Global] - ok
16:10:59.0771 1108  ================ Scan MBR ==================================
16:10:59.0787 1108  [ E9F67288208D53EF770F82E186904857 ] \Device\Harddisk0\DR0
16:10:59.0787 1108  Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:10:59.0849 1108  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:10:59.0849 1108  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:10:59.0849 1108  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:10:59.0881 1108  \Device\Harddisk1\DR1 - ok
16:10:59.0881 1108  ================ Scan VBR ==================================
16:10:59.0881 1108  [ 48B6117C7F26157025F0FF64655D8BA2 ] \Device\Harddisk0\DR0\Partition1
16:10:59.0881 1108  \Device\Harddisk0\DR0\Partition1 - ok
16:10:59.0912 1108  [ 50EB1C30B265B8C26CB6601CDC1952CA ] \Device\Harddisk0\DR0\Partition2
16:10:59.0912 1108  \Device\Harddisk0\DR0\Partition2 - ok
16:10:59.0927 1108  [ E40940D137F0BF189E96ECC5FF9067E0 ] \Device\Harddisk1\DR1\Partition1
16:10:59.0927 1108  \Device\Harddisk1\DR1\Partition1 - ok
16:10:59.0927 1108  ============================================================
16:10:59.0927 1108  Scan finished
16:10:59.0927 1108  ============================================================
16:10:59.0927 1264  Detected object count: 1
16:10:59.0927 1264  Actual detected object count: 1
16:11:57.0538 1264  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
16:11:57.0538 1264  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
 
Hi jackel,

That's great. Please re-run TDSSKiller, this time select Cure. Attach the log in your next reply.

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, ensure Cure is selected (it should be by default) NOTE: If Cure is not an option, please select Skip.
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.7.7.0_date_time_log.txt
  • Attach that log, please.
--------------------------------------
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top