Possible Virus

J

Joel_Zimmerman

New Member
Hi there,
While diagnosing my computer's weird behaviour of redirecting me to ominous websites whenever I click on a link from Google's search results, I realised I had malware/spyware or a possible virus. It only seems to redirect me to websites from my search query when I click on them, but when I type in the full website on the address bar, it seems okay. However, when browsing the internet about similar problems people have had, I have taken almost all of the directions given to try and find and delete this malware.

I'm pretty sure it all has something to do with my McAfee firewall. I am still subscribed with them, though when I try to turn on my firewall, it simply turns off again within a split second of turning it on. I ran a full scan with McAfee and Malwarebytes' Anti-Malware and nothing was found. I took precautions not to head over to dodgy websites, but it seems my ignorance has caught up with me.

I have tried uninstalling McAfee and reinstalling it, but the same thing keep happening. the firewall is being forced off by something and no answers on the internet seemed to help. I have left Malwarebytes' Anti-Malware running though, and it seems to be blocking some outgoing signals as quoted:

Malwarebytes' Anti-Malware
Successfully blocked access to a potentially malicious website: 193.105.135.219

Type: outgoing
Port:52016
Process: csrss.exe

I have heard that csrss.exe could be compromised, but people have said not to delete it as it's needed for Windows to function properly.

I'm out of ideas and I'm not ready to fork out £100+ for a repair shop to do it; no monies.

Any help would be greatly appreciated.

Thanks!
 
Please do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces
 
Thanks for the swift reply. I have conducted the scan, though it hasn't found anything. I shall continue with running ComboFix. Here's the log:


2011/06/27 23:43:14.0297 5820 TDSS rootkit removing tool 2.5.6.0 Jun 27 2011 15:22:52
2011/06/27 23:43:15.0254 5820 ================================================================================
2011/06/27 23:43:15.0254 5820 SystemInfo:
2011/06/27 23:43:15.0254 5820
2011/06/27 23:43:15.0255 5820 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/27 23:43:15.0255 5820 Product type: Workstation
2011/06/27 23:43:15.0255 5820 ComputerName: LINUSTORVALDS
2011/06/27 23:43:15.0255 5820 UserName: Linus Torvalds
2011/06/27 23:43:15.0255 5820 Windows directory: C:\Windows
2011/06/27 23:43:15.0255 5820 System windows directory: C:\Windows
2011/06/27 23:43:15.0255 5820 Running under WOW64
2011/06/27 23:43:15.0255 5820 Processor architecture: Intel x64
2011/06/27 23:43:15.0255 5820 Number of processors: 8
2011/06/27 23:43:15.0255 5820 Page size: 0x1000
2011/06/27 23:43:15.0255 5820 Boot type: Normal boot
2011/06/27 23:43:15.0255 5820 ================================================================================
2011/06/27 23:43:20.0185 5820 Initialize success
2011/06/27 23:43:23.0925 6076 ================================================================================
2011/06/27 23:43:23.0925 6076 Scan started
2011/06/27 23:43:23.0925 6076 Mode: Manual;
2011/06/27 23:43:23.0925 6076 ================================================================================
2011/06/27 23:43:28.0242 6076 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/27 23:43:28.0668 6076 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/27 23:43:29.0181 6076 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/27 23:43:29.0948 6076 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/27 23:43:30.0590 6076 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/27 23:43:31.0128 6076 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/27 23:43:31.0520 6076 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/27 23:43:31.0873 6076 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/27 23:43:32.0215 6076 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/27 23:43:32.0582 6076 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/27 23:43:32.0820 6076 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/27 23:43:35.0234 6076 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/27 23:43:36.0150 6076 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/27 23:43:36.0483 6076 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/27 23:43:36.0635 6076 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/27 23:43:36.0804 6076 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/27 23:43:37.0350 6076 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/27 23:43:38.0019 6076 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/27 23:43:38.0560 6076 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/27 23:43:39.0085 6076 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/27 23:43:39.0685 6076 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/27 23:43:40.0317 6076 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/27 23:43:41.0589 6076 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
2011/06/27 23:43:45.0039 6076 atikmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/27 23:43:45.0770 6076 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/27 23:43:46.0331 6076 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/27 23:43:47.0296 6076 BCM43XX (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/27 23:43:47.0529 6076 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/27 23:43:48.0040 6076 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/27 23:43:48.0368 6076 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/27 23:43:48.0673 6076 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/27 23:43:48.0905 6076 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/27 23:43:49.0226 6076 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/27 23:43:49.0773 6076 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/27 23:43:50.0016 6076 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/27 23:43:50.0453 6076 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/27 23:43:51.0013 6076 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/27 23:43:51.0258 6076 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/27 23:43:51.0527 6076 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/27 23:43:51.0842 6076 cfwids (e8ddaaf635a4ea6f24927544e97c6de8) C:\Windows\system32\drivers\cfwids.sys
2011/06/27 23:43:52.0163 6076 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/27 23:43:52.0452 6076 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/27 23:43:53.0250 6076 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/27 23:43:53.0506 6076 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/27 23:43:54.0049 6076 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/27 23:43:54.0537 6076 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/27 23:43:54.0923 6076 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/27 23:43:55.0329 6076 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/27 23:43:55.0969 6076 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/27 23:43:56.0636 6076 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/27 23:43:57.0259 6076 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/27 23:43:57.0673 6076 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
2011/06/27 23:43:57.0962 6076 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/27 23:43:58.0240 6076 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/27 23:43:59.0879 6076 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/27 23:44:00.0993 6076 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/27 23:44:01.0255 6076 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
2011/06/27 23:44:01.0404 6076 enecirhid (e17eb95358f396e27d573a1b20f891f8) C:\Windows\system32\DRIVERS\enecirhid.sys
2011/06/27 23:44:01.0645 6076 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\Windows\system32\DRIVERS\enecirhidma.sys
2011/06/27 23:44:01.0949 6076 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/27 23:44:02.0180 6076 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/27 23:44:02.0457 6076 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/27 23:44:02.0685 6076 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/27 23:44:02.0962 6076 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/27 23:44:03.0463 6076 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/27 23:44:03.0808 6076 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/27 23:44:04.0057 6076 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/27 23:44:04.0312 6076 FPSensor (305380d5d33bfdeaaf14d73e969239fc) C:\Windows\system32\Drivers\FPSensor.sys
2011/06/27 23:44:04.0501 6076 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/27 23:44:04.0666 6076 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/27 23:44:04.0982 6076 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/27 23:44:05.0170 6076 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/27 23:44:05.0596 6076 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
2011/06/27 23:44:05.0929 6076 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/06/27 23:44:06.0563 6076 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/27 23:44:07.0057 6076 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/27 23:44:07.0172 6076 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/27 23:44:07.0330 6076 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/06/27 23:44:07.0475 6076 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/27 23:44:07.0603 6076 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/27 23:44:07.0750 6076 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/27 23:44:07.0973 6076 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/27 23:44:08.0239 6076 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/27 23:44:08.0496 6076 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/27 23:44:08.0989 6076 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/27 23:44:09.0262 6076 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/27 23:44:09.0431 6076 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/27 23:44:09.0783 6076 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/27 23:44:10.0012 6076 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/27 23:44:10.0407 6076 IntcAzAudAddService (feadc18677a85a123e95a9b976101120) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/27 23:44:10.0608 6076 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/27 23:44:11.0173 6076 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/27 23:44:11.0462 6076 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/27 23:44:11.0752 6076 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/27 23:44:11.0985 6076 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/27 23:44:12.0143 6076 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/27 23:44:12.0564 6076 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/27 23:44:12.0925 6076 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/27 23:44:13.0221 6076 JMCR (5bd76f820656aeaa2dce66eed8da84b9) C:\Windows\system32\DRIVERS\jmcr.sys
2011/06/27 23:44:13.0630 6076 johci (e662cb468a1cff3a57e120a212fadd57) C:\Windows\system32\DRIVERS\johci.sys
2011/06/27 23:44:13.0908 6076 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/06/27 23:44:14.0029 6076 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/27 23:44:14.0458 6076 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/27 23:44:14.0642 6076 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/27 23:44:14.0878 6076 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/27 23:44:15.0043 6076 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/27 23:44:15.0277 6076 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/27 23:44:15.0829 6076 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/27 23:44:16.0065 6076 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/27 23:44:16.0279 6076 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/27 23:44:16.0485 6076 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/27 23:44:16.0690 6076 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/27 23:44:16.0943 6076 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/06/27 23:44:17.0220 6076 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/27 23:44:17.0790 6076 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/27 23:44:18.0022 6076 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/27 23:44:18.0250 6076 mfeavfk (3257cf681999a47d8c552dfbbeb7844e) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/27 23:44:18.0671 6076 mfefirek (00016d7ed29a95d6f7e7b6a3f591fd2d) C:\Windows\system32\drivers\mfefirek.sys
2011/06/27 23:44:19.0448 6076 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
2011/06/27 23:44:19.0658 6076 mfenlfk (217fa02439de74844b6a39aebeed24e1) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/27 23:44:20.0038 6076 mferkdet (8474e6ee0b5eab108cf005c6c4956e75) C:\Windows\system32\drivers\mferkdet.sys
2011/06/27 23:44:20.0294 6076 mfewfpk (d4cf36f1eba374fcc35903ae4f4e46bc) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/27 23:44:20.0480 6076 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/27 23:44:20.0712 6076 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/27 23:44:21.0136 6076 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/27 23:44:21.0462 6076 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/27 23:44:21.0783 6076 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/27 23:44:22.0164 6076 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/27 23:44:22.0650 6076 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/27 23:44:22.0944 6076 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/27 23:44:23.0486 6076 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/27 23:44:23.0810 6076 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/27 23:44:24.0209 6076 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/27 23:44:24.0535 6076 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/27 23:44:25.0018 6076 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/27 23:44:25.0536 6076 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/27 23:44:26.0164 6076 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/27 23:44:26.0820 6076 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/27 23:44:26.0946 6076 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/27 23:44:27.0396 6076 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/27 23:44:27.0691 6076 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/27 23:44:28.0080 6076 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/27 23:44:28.0319 6076 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/27 23:44:28.0670 6076 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/27 23:44:29.0138 6076 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/27 23:44:29.0532 6076 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/27 23:44:30.0104 6076 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/27 23:44:30.0610 6076 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/27 23:44:31.0001 6076 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/27 23:44:31.0056 6076 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/27 23:44:31.0357 6076 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/27 23:44:31.0716 6076 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/27 23:44:32.0215 6076 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/27 23:44:32.0599 6076 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/27 23:44:32.0910 6076 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/27 23:44:33.0166 6076 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/27 23:44:33.0334 6076 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/27 23:44:33.0379 6076 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/27 23:44:33.0536 6076 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/27 23:44:33.0949 6076 NTIDrvr (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys
2011/06/27 23:44:34.0176 6076 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/27 23:44:34.0330 6076 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/27 23:44:34.0869 6076 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/27 23:44:35.0380 6076 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/27 23:44:35.0714 6076 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/27 23:44:35.0855 6076 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/27 23:44:36.0238 6076 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/27 23:44:36.0541 6076 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/27 23:44:36.0928 6076 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/27 23:44:37.0152 6076 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/27 23:44:37.0662 6076 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/27 23:44:38.0042 6076 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/27 23:44:38.0588 6076 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/27 23:44:38.0913 6076 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/27 23:44:39.0312 6076 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/27 23:44:39.0660 6076 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/27 23:44:40.0072 6076 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/27 23:44:40.0284 6076 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/27 23:44:40.0763 6076 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/27 23:44:41.0128 6076 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/27 23:44:41.0542 6076 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/27 23:44:42.0176 6076 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/27 23:44:42.0489 6076 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/27 23:44:42.0907 6076 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/27 23:44:43.0100 6076 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/27 23:44:43.0266 6076 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/27 23:44:43.0593 6076 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/27 23:44:43.0797 6076 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/27 23:44:44.0173 6076 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/27 23:44:44.0363 6076 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/06/27 23:44:44.0683 6076 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/06/27 23:44:44.0976 6076 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/06/27 23:44:45.0221 6076 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/27 23:44:45.0496 6076 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/27 23:44:45.0938 6076 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/06/27 23:44:46.0076 6076 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/06/27 23:44:46.0171 6076 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/06/27 23:44:46.0480 6076 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/27 23:44:46.0829 6076 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/27 23:44:47.0215 6076 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/27 23:44:47.0587 6076 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/27 23:44:47.0962 6076 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/27 23:44:48.0246 6076 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/27 23:44:48.0601 6076 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/27 23:44:48.0872 6076 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/27 23:44:49.0025 6076 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/27 23:44:49.0164 6076 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/27 23:44:49.0434 6076 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/27 23:44:49.0680 6076 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/27 23:44:50.0469 6076 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/27 23:44:50.0735 6076 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/27 23:44:50.0890 6076 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/27 23:44:51.0006 6076 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/06/27 23:44:51.0258 6076 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/27 23:44:51.0441 6076 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/27 23:44:51.0572 6076 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/27 23:44:51.0787 6076 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/27 23:44:52.0097 6076 SynTP (5aeec2bb8065b563adbc88ca22588953) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/27 23:44:52.0380 6076 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/27 23:44:52.0780 6076 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/27 23:44:53.0266 6076 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/27 23:44:53.0401 6076 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/27 23:44:53.0572 6076 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/27 23:44:53.0889 6076 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/27 23:44:54.0001 6076 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/27 23:44:54.0412 6076 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/27 23:44:54.0526 6076 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/27 23:44:54.0647 6076 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
2011/06/27 23:44:55.0244 6076 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/27 23:44:55.0615 6076 UBHelper (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys
2011/06/27 23:44:55.0808 6076 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/27 23:44:56.0112 6076 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/27 23:44:56.0319 6076 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/27 23:44:56.0462 6076 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/27 23:44:56.0854 6076 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/27 23:44:57.0061 6076 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/27 23:44:57.0409 6076 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/27 23:44:57.0593 6076 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/27 23:44:57.0867 6076 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/27 23:44:58.0080 6076 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/27 23:44:58.0234 6076 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/27 23:44:58.0596 6076 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/27 23:44:58.0836 6076 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/27 23:44:59.0175 6076 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/27 23:44:59.0360 6076 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/27 23:44:59.0554 6076 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/27 23:44:59.0860 6076 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/27 23:45:00.0045 6076 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/27 23:45:00.0436 6076 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/27 23:45:00.0603 6076 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/27 23:45:01.0006 6076 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/27 23:45:01.0200 6076 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/27 23:45:01.0497 6076 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/27 23:45:01.0694 6076 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/27 23:45:01.0878 6076 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/27 23:45:02.0262 6076 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/27 23:45:02.0314 6076 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/27 23:45:02.0484 6076 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/27 23:45:02.0830 6076 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/27 23:45:03.0085 6076 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/27 23:45:03.0450 6076 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/27 23:45:03.0825 6076 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/27 23:45:04.0085 6076 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/27 23:45:04.0274 6076 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/27 23:45:04.0586 6076 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/27 23:45:04.0802 6076 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/27 23:45:04.0910 6076 MBR (0x1B8) (9c51d3fd2697bd2ae931be1d6f1e6ffa) \Device\Harddisk0\DR0
2011/06/27 23:45:05.0157 6076 Boot (0x1200) (4591f7c699cc918dadcd9b799120eb3b) \Device\Harddisk0\DR0\Partition0
2011/06/27 23:45:05.0185 6076 Boot (0x1200) (e381e7e887234a719308557acaa22100) \Device\Harddisk0\DR0\Partition1
2011/06/27 23:45:05.0189 6076 ================================================================================
2011/06/27 23:45:05.0189 6076 Scan finished
2011/06/27 23:45:05.0189 6076 ================================================================================
2011/06/27 23:45:05.0200 6068 Detected object count: 0
2011/06/27 23:45:05.0200 6068 Actual detected object count: 0

One other thing I found while researching was that there are two csrss.exe files running. I can't distinguish them from each other, so I'll leave them be for now.

Cheers.
 
Please continue on with my instructions by running combofix and posting its log along with a hijackhthis log.
 
I ran ComboFix and I made sure McAfee's scanners were disabled first. I remember it completing tasks up to ~50, then it proceeded to delete certain files and folders in my C:\. One of these I distinctively remember was,

Deleting folders:
C:\windows\system64.

Afterward, it said it would shut down automatically and that I should not shut it down manually. I have waited for it over night to shut down, yet the only things that seemed to have disappeared are my desktop icons.
I have read that this has happened to someone else on another site, and they said they shut their machine down manually and rebooted it fine.

Any suggestions? Thanks.
 
Last edited:
Manually press and hold the power button so that it shuts down and then boot the system back up and see if combofix continues to run and produces a log for you, then post the log. You may have to rerun combofix.
 
I'm able to reboot Windows, but what comes up first after the BIOS is
"Windows is loading files…"
After that, a Vista-like scrolling box appears, then the screen resolution seems to be at 800x600. Startup Repair is unable to repair the OS.
The log is:
Problem signature:
Problem Event Name: StartupRepairOffline
Problem signature 01: 6.1.7600.16385
Problem signature 02: 6.1.7600.16385
Problem signature 03: unknown
Problem signature 04: 45
Problem signature 05: AutoFailover
Problem signature 06: 1
Problem signature 07: MissingOsLoader
OS Version: 6.1.7600.2.0.0.256.1
Locale I'd: 1033

Read our provate statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
X:\windows\system32\en-US\erofflps.txt



There are options to send and not send information about the problem. Either of them shuts the notebook down.
 
Since I had my notebook insured, I decided to take it back to the store in which I purchased it at. However, I am still liable to be charged £30 for the back up of my files and £30 for the restoration of Windows 7 Home Premium 64-bit. I know these people are making a business, but I find it hard to believe that these people have the cheek to even charge a price for a fresh reinstall of an OS. It doesn't cost £30 to install an OS. It takes maybe an hour or two at the most, but there's no need to extort people on it. I have decided to take this matter into my own hands, take back my notebook tomorrow and do it myself.

When I get it back, I will disassemble it to get to the HDD. I will then connect the HDD to a SATA to USB cable and back my files up that way, FOR FREE. After everything I need is backed up, I will then do a fresh reinstall of Win7 HP 64-bit, FOR FREE.

My two questions at hand are:
Are the SATA HDDs in notebooks the same as regular desktop SATAs? and I have no Windows 7 Home Premium 64-bit disc and don't know anyone with one. Are there any websites that have a good reputation for hosting legitimate .iso files for burning to discs? I have my product key so I don't see a need to buy another.

Thanks!
 
Last edited:
Notebook sata hard drives has the same connections that a desktop sata hard drive does. Power and data.

Contact the maker of the laptop for recovery cd's so you can reinstall the operating system and correct drivers. They may charge you like $20 for the cd's.
 
I borrowed a recovery CD from a friend, though I will try to back my files up using Ubuntu 11.04. I am not so sure about this HDD's partition, though I'm fairly certain it's not partitioned correctly for another install of an OS. Would it be possible to install Ubuntu 11.04 onto my HDD without erasing any of my existing files?

Cheers.
 
You can't use any recovery cd. You have to use the one that was designed for your specific model of laptop. You can always slave your drive to another system and pull the data off of it that way. I'm also sure you can boot to a linux or ubuntu live cd to pull your data off of it to a flash drive.
 
I've been able to obtain a copy of another disc, this one I've checked to be the same notebook model as mine, the Acer Aspire 5942G, i7 variant with Windows 7 Home Premium 64-bit.

I guess I have been quite ignorant once more. I used Ubuntu booted from the CD drive to transfer my files from the C:\ to an external 1TB SATA I had spare. I just dragged and dropped all the folders I needed into it, waited, then installed Ubuntu onto the C:\, formatting the hard drive in the process as I chose for it to do this. When I looked back onto the external hard drive, I wanted to access my Documents And Settings, but saw it was a broken link. I just remembered that the Documents And Settings folder was in fact a shortcut to the actual folder in the C:\.

I know this may sound stupid, but is there any way possible to retrieve even a few files of what used to be on the C:\? The files I am looking for are only four photograph folders, as I had backed up everything else again onto another separate hard drive, except for these four folders which were only on the C:\.

Thanks for any suggestions.
 
My current OS is Ubuntu 11.04, which doesn't support .exe. Even running with Wine, Recuva is unable to scan the hard disk, so I have downloaded a Linux alternative called PhotoRec. I am able to view my 640GB SATA, but there are 6 partitions:

[Intel ] Intel/PC partition
[EFI GPT] EFI GPT partitino map (Mac i386, some x86_64...)
[Mac ] Apple partition map
[None ] Non partitioned media
[Sun ] Sun Solaris partition
[Xbox ] Xbox partition

I am not sure which of these partitions my files would have been in. I have a hunch it would be in the Intel/PC partition though.
 
You must log in or register to reply here.
Back
Top