Solved: "Securiy Protection" Malware

Ronnel dela Luz

How about TrojanRemover? Use the
Trial version. This is very light and effective.

jskfan

ASKER

do you have a link please?

Ronnel dela Luz

For manual removal

http://www.expertsupportnow.com/1710/how-to-uninstall-security-protectio-virun-malware-virus-spyware/

Ronnel dela Luz

@phototropic, the first link, yes.
The second link, not a software, just an instruction for manual removal.
Whether author is well known or not is highly subjective.
By the way the link you posted is the first link of my google search.
Yet I chose the second one because the preview is more appealling to me.
But with your comment I will strive more to be prudent of the solutions I will be suggesting.

@jskfan
The software I suggests you is simple and light and effective.

jskfan

ASKER

i Have used the Trojan Scanner, it found a suspicious file c:\windows\svchost

I went to the same folder c:\windows, then I saw svchost.vir I deleted it, but could not delete the svchost.exe
I had to kil the process svchost *32 , the I deleted the svchost.exe, but it came back real fast.

SO I have been using the Trojan scanner the Trojan remover, and restart the PC,the rescan with Trojan scanner, and it still finds the same file as suspicious, so it's not removing it
malware.jpg

jskfan

ASKER

phototropic

I followed the steps described in the link you posted.
when I run the Malwarebytes, before it finishes it shuts down the computer , it is not a restart , it s a shut down without any warning, it's a crash.

jskfan

ASKER

i noticed AVG2012 blocks the same file too c:\windows\svchost.exe, but doesn't remove it. I tried manually to remove it, and could not too.

phototropic

Did you run TDSSKiller? If so, please post the scanlog for review.

jskfan

ASKER

this is the report from TDSSKiller:

2011/09/04 07:07:41.0189 5392      TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/04 07:07:41.0569 5392      ================================================================================
2011/09/04 07:07:41.0570 5392      SystemInfo:
2011/09/04 07:07:41.0570 5392
2011/09/04 07:07:41.0570 5392      OS Version: 6.1.7601 ServicePack: 1.0
2011/09/04 07:07:41.0570 5392      Product type: Workstation
2011/09/04 07:07:41.0570 5392      ComputerName: H-BEACH
2011/09/04 07:07:41.0570 5392      UserName: Jskfan
2011/09/04 07:07:41.0570 5392      Windows directory: C:\Windows
2011/09/04 07:07:41.0570 5392      System windows directory: C:\Windows
2011/09/04 07:07:41.0570 5392      Running under WOW64
2011/09/04 07:07:41.0570 5392      Processor architecture: Intel x64
2011/09/04 07:07:41.0570 5392      Number of processors: 2
2011/09/04 07:07:41.0570 5392      Page size: 0x1000
2011/09/04 07:07:41.0570 5392      Boot type: Normal boot
2011/09/04 07:07:41.0570 5392      ================================================================================
2011/09/04 07:07:43.0233 5392      Initialize success
2011/09/04 07:07:47.0811 5608      ================================================================================
2011/09/04 07:07:47.0812 5608      Scan started
2011/09/04 07:07:47.0812 5608      Mode: Manual;
2011/09/04 07:07:47.0812 5608      ================================================================================
2011/09/04 07:07:49.0182 5608      1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/09/04 07:07:49.0291 5608      ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/09/04 07:07:49.0354 5608      AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/09/04 07:07:49.0433 5608      adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/04 07:07:49.0497 5608      adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/04 07:07:49.0532 5608      adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/04 07:07:49.0621 5608      AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/09/04 07:07:49.0726 5608      agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/09/04 07:07:49.0807 5608      aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/09/04 07:07:49.0874 5608      amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/09/04 07:07:49.0963 5608      AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/04 07:07:50.0015 5608      AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/04 07:07:50.0054 5608      amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/04 07:07:50.0095 5608      amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/04 07:07:50.0151 5608      amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/04 07:07:50.0221 5608      AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/09/04 07:07:50.0299 5608      arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/04 07:07:50.0327 5608      arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/04 07:07:50.0386 5608      AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/04 07:07:50.0468 5608      atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/09/04 07:07:50.0590 5608      athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
2011/09/04 07:07:50.0743 5608      AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
2011/09/04 07:07:50.0939 5608      atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/04 07:07:51.0160 5608      AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/09/04 07:07:51.0267 5608      AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/09/04 07:07:51.0372 5608      Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/09/04 07:07:51.0464 5608      Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/09/04 07:07:51.0542 5608      Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/09/04 07:07:51.0656 5608      b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/04 07:07:51.0737 5608      b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/04 07:07:51.0832 5608      BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/09/04 07:07:51.0915 5608      Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/04 07:07:51.0992 5608      blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/04 07:07:52.0057 5608      bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/04 07:07:52.0094 5608      BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/04 07:07:52.0125 5608      BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/04 07:07:52.0184 5608      Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/04 07:07:52.0220 5608      BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/04 07:07:52.0252 5608      BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/04 07:07:52.0283 5608      BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/04 07:07:52.0316 5608      BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/04 07:07:52.0407 5608      BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2011/09/04 07:07:52.0467 5608      CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/09/04 07:07:52.0617 5608      cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/04 07:07:52.0709 5608      cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/09/04 07:07:52.0771 5608      circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/04 07:07:52.0834 5608      CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/04 07:07:52.0919 5608      CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/04 07:07:52.0980 5608      cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/09/04 07:07:53.0065 5608      CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/09/04 07:07:53.0156 5608      CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
2011/09/04 07:07:53.0294 5608      Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/04 07:07:53.0370 5608      CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/04 07:07:53.0422 5608      crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/04 07:07:53.0534 5608      ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
2011/09/04 07:07:53.0646 5608      DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/09/04 07:07:53.0808 5608      discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/04 07:07:53.0880 5608      Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/04 07:07:53.0964 5608      drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/04 07:07:54.0049 5608      DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/04 07:07:54.0193 5608      ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/04 07:07:54.0360 5608      elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/04 07:07:54.0495 5608      ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/09/04 07:07:54.0610 5608      exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/04 07:07:54.0646 5608      fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/04 07:07:54.0694 5608      fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/04 07:07:54.0742 5608      FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/04 07:07:54.0779 5608      Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/04 07:07:54.0816 5608      flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/04 07:07:54.0900 5608      FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/09/04 07:07:54.0950 5608      FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/04 07:07:54.0985 5608      Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/04 07:07:55.0071 5608      fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/04 07:07:55.0115 5608      gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/04 07:07:55.0254 5608      hcmon (fa675389630dcf26cac45ed036a1e146) C:\Windows\system32\drivers\hcmon.sys
2011/09/04 07:07:55.0302 5608      hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/04 07:07:55.0372 5608      HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/09/04 07:07:55.0442 5608      HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/04 07:07:55.0536 5608      HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/04 07:07:55.0562 5608      HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/04 07:07:55.0591 5608      HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/04 07:07:55.0677 5608      HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/09/04 07:07:55.0916 5608      hitmanpro35 (c6ff685e2ea55c3ac5c90b9e7d6930c0) C:\Windows\system32\drivers\hitmanpro35.sys
2011/09/04 07:07:56.0099 5608      HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/04 07:07:56.0540 5608      HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/09/04 07:07:57.0032 5608      HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/09/04 07:07:57.0253 5608      hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/04 07:07:57.0484 5608      i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/09/04 07:07:57.0682 5608      iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/09/04 07:07:58.0467 5608      igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/09/04 07:07:58.0747 5608      iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/04 07:07:59.0025 5608      intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/09/04 07:07:59.0102 5608      intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/04 07:07:59.0174 5608      IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/04 07:07:59.0288 5608      IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/04 07:07:59.0362 5608      IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/04 07:07:59.0570 5608      IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/04 07:07:59.0721 5608      isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/09/04 07:07:59.0843 5608      iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/09/04 07:08:00.0094 5608      k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/09/04 07:08:00.0351 5608      kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/09/04 07:08:00.0565 5608      kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/09/04 07:08:00.0741 5608      KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/04 07:08:00.0813 5608      KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/04 07:08:00.0897 5608      ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/04 07:08:01.0159 5608      L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/09/04 07:08:01.0437 5608      lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/04 07:08:01.0530 5608      LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/04 07:08:01.0610 5608      LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/04 07:08:01.0648 5608      LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/04 07:08:01.0694 5608      LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/04 07:08:01.0751 5608      luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/04 07:08:01.0911 5608      MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/09/04 07:08:02.0018 5608      mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/09/04 07:08:02.0095 5608      mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/04 07:08:02.0152 5608      megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/04 07:08:02.0234 5608      MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/04 07:08:02.0538 5608      Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/04 07:08:02.0658 5608      monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/04 07:08:02.0774 5608      mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/04 07:08:02.0910 5608      mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/04 07:08:03.0001 5608      mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/09/04 07:08:03.0066 5608      mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/09/04 07:08:03.0110 5608      mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/04 07:08:03.0213 5608      MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/09/04 07:08:03.0288 5608      mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/04 07:08:03.0415 5608      mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/04 07:08:03.0492 5608      mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/04 07:08:03.0571 5608      msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/09/04 07:08:03.0685 5608      msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/09/04 07:08:03.0783 5608      Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/04 07:08:03.0867 5608      mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/04 07:08:03.0979 5608      msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/09/04 07:08:04.0094 5608      MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/04 07:08:04.0210 5608      msloop (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys
2011/09/04 07:08:04.0260 5608      MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/04 07:08:04.0323 5608      MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/04 07:08:04.0408 5608      MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/09/04 07:08:04.0482 5608      mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/09/04 07:08:04.0627 5608      MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/04 07:08:04.0838 5608      MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/04 07:08:04.0906 5608      Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/04 07:08:05.0101 5608      NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/04 07:08:05.0273 5608      NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/09/04 07:08:05.0519 5608      NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/04 07:08:05.0637 5608      NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/04 07:08:05.0781 5608      Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/04 07:08:05.0941 5608      NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/04 07:08:05.0999 5608      NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/09/04 07:08:06.0093 5608      NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/04 07:08:06.0233 5608      NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/04 07:08:06.0365 5608      netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
2011/09/04 07:08:06.0468 5608      nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/04 07:08:06.0833 5608      NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
2011/09/04 07:08:06.0910 5608      Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/04 07:08:06.0984 5608      nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/04 07:08:07.0183 5608      Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/09/04 07:08:07.0456 5608      NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/09/04 07:08:07.0552 5608      Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/04 07:08:07.0617 5608      nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/09/04 07:08:07.0782 5608      nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/09/04 07:08:07.0871 5608      nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/09/04 07:08:07.0948 5608      ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/09/04 07:08:08.0156 5608      Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/04 07:08:08.0256 5608      partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/09/04 07:08:08.0368 5608      pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/09/04 07:08:08.0433 5608      pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/09/04 07:08:08.0506 5608      pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/04 07:08:08.0548 5608      pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/04 07:08:08.0608 5608      PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/04 07:08:08.0901 5608      PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/04 07:08:09.0010 5608      Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/04 07:08:09.0161 5608      Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/04 07:08:09.0335 5608      PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/04 07:08:09.0471 5608      ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/04 07:08:09.0737 5608      ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/04 07:08:09.0868 5608      QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/04 07:08:09.0952 5608      RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/04 07:08:10.0026 5608      RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/04 07:08:10.0153 5608      Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/04 07:08:10.0212 5608      RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/04 07:08:10.0266 5608      RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/04 07:08:10.0398 5608      rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/04 07:08:10.0493 5608      rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/04 07:08:10.0536 5608      RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/04 07:08:10.0702 5608      RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/04 07:08:10.0784 5608      RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/04 07:08:10.0957 5608      RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/09/04 07:08:11.0110 5608      rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/09/04 07:08:11.0462 5608      rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/04 07:08:11.0591 5608      RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
2011/09/04 07:08:11.0706 5608      sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/04 07:08:11.0977 5608      SCDEmu (46942b6980b35ffda6afa40a8328938c) C:\Windows\system32\drivers\SCDEmu.sys
2011/09/04 07:08:12.0092 5608      scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/04 07:08:12.0220 5608      secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/04 07:08:12.0342 5608      Ser2pl (172600c07c64b6c989aee451994ac18d) C:\Windows\system32\DRIVERS\ser2pl64.sys
2011/09/04 07:08:12.0401 5608      Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/04 07:08:12.0452 5608      Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/04 07:08:12.0531 5608      sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/04 07:08:12.0643 5608      sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/09/04 07:08:12.0706 5608      sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/04 07:08:12.0779 5608      sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/04 07:08:12.0818 5608      sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/04 07:08:12.0865 5608      SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/04 07:08:12.0927 5608      SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/04 07:08:13.0034 5608      Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/04 07:08:13.0257 5608      spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/04 07:08:13.0519 5608      srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/09/04 07:08:13.0579 5608      srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/04 07:08:13.0739 5608      SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/09/04 07:08:13.0848 5608      SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/09/04 07:08:13.0979 5608      SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/09/04 07:08:14.0087 5608      srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/04 07:08:14.0219 5608      StarPort (926195fbfc9e67286ca4002bb0dbd748) C:\Windows\system32\DRIVERS\StarPort.sys
2011/09/04 07:08:14.0292 5608      stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/04 07:08:14.0411 5608      swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/09/04 07:08:14.0541 5608      SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/04 07:08:14.0689 5608      Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/09/04 07:08:14.0911 5608      TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/04 07:08:15.0039 5608      tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/04 07:08:15.0124 5608      TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/04 07:08:15.0149 5608      TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/04 07:08:15.0220 5608      tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/04 07:08:15.0289 5608      TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/09/04 07:08:15.0640 5608      tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/04 07:08:15.0808 5608      TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/04 07:08:16.0003 5608      tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/04 07:08:16.0067 5608      uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/04 07:08:16.0245 5608      UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/09/04 07:08:16.0345 5608      udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/04 07:08:16.0559 5608      uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/04 07:08:16.0648 5608      umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/09/04 07:08:16.0689 5608      UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/04 07:08:16.0855 5608      usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/09/04 07:08:17.0027 5608      usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/09/04 07:08:17.0138 5608      usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/09/04 07:08:17.0210 5608      usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
2011/09/04 07:08:17.0284 5608      usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/09/04 07:08:17.0444 5608      usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/09/04 07:08:17.0507 5608      usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/09/04 07:08:17.0570 5608      usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/04 07:08:17.0661 5608      USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/09/04 07:08:17.0729 5608      usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/09/04 07:08:17.0803 5608      usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/09/04 07:08:17.0915 5608      vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/04 07:08:18.0003 5608      vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/04 07:08:18.0049 5608      VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/04 07:08:18.0199 5608      vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/09/04 07:08:18.0292 5608      viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/09/04 07:08:18.0456 5608      vmci (853ac223b8175a2644718f3c56031c5e) C:\Windows\system32\drivers\vmci.sys
2011/09/04 07:08:18.0607 5608      vmkbd (6a8811edcdea8415f9d6aba8823780df) C:\Windows\system32\drivers\VMkbd.sys
2011/09/04 07:08:18.0688 5608      VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/09/04 07:08:18.0825 5608      VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/09/04 07:08:19.0047 5608      VMnetuserif (134fa83e9366bb9f1217fa1de64f1583) C:\Windows\system32\drivers\vmnetuserif.sys
2011/09/04 07:08:19.0305 5608      vmx86 (83b326da5c1865d2db7bb1cf7b82c636) C:\Windows\system32\drivers\vmx86.sys
2011/09/04 07:08:19.0376 5608      volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/09/04 07:08:19.0506 5608      volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/09/04 07:08:19.0595 5608      volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/09/04 07:08:19.0797 5608      vpnva (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
2011/09/04 07:08:19.0858 5608      vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/04 07:08:20.0061 5608      vstor2-ws60 (b57cc2c482b5b1fe66dabaf12266960e) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
2011/09/04 07:08:20.0187 5608      vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/04 07:08:20.0222 5608      vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/04 07:08:20.0282 5608      vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/09/04 07:08:20.0338 5608      WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/04 07:08:20.0425 5608      WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/04 07:08:20.0442 5608      Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/04 07:08:20.0685 5608      Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/04 07:08:20.0764 5608      Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/04 07:08:20.0987 5608      WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/04 07:08:21.0062 5608      WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/04 07:08:21.0183 5608      winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/09/04 07:08:21.0438 5608      winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS
2011/09/04 07:08:21.0770 5608      WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/04 07:08:21.0909 5608      ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/04 07:08:22.0022 5608      WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/09/04 07:08:22.0104 5608      WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/04 07:08:22.0210 5608      XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/09/04 07:08:22.0354 5608      MBR (0x1B8) (48e4fb73037ed2932d5e6bde31e6ee60) \Device\Harddisk0\DR0
2011/09/04 07:08:22.0361 5608      \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/04 07:08:22.0393 5608      Boot (0x1200) (42d7e7c904acd48a7286a242d922fc1f) \Device\Harddisk0\DR0\Partition0
2011/09/04 07:08:22.0428 5608      Boot (0x1200) (9f8704e26782db16bded96891c2f36f6) \Device\Harddisk0\DR0\Partition1
2011/09/04 07:08:22.0458 5608      ================================================================================
2011/09/04 07:08:22.0458 5608      Scan finished
2011/09/04 07:08:22.0458 5608      ================================================================================
2011/09/04 07:08:22.0474 4040      Detected object count: 1
2011/09/04 07:08:22.0474 4040      Actual detected object count: 1
2011/09/04 07:08:29.0349 4040      \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/04 07:08:29.0350 4040      \Device\Harddisk0\DR0 - ok
2011/09/04 07:08:29.0351 4040      Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure

phototropic

OK. TDSSKiller found a rootkit. - ".. \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot..."

So, if you now reboot, and then follow the instructions in the link I posted above, does Mbam still shut down the pc? If not, please post the Mbam log.

.

younghv

@truinx -
If you search here on EE, you will also find dozens/hundreds of links to instructions by "Grinler" (AKA Lawrence Abrams - MS MVP). He is one of the premier malware fighters on the planet and most of us rely on his expertise to help other Members. His instructions do tend to rank highly in Google searches because they are used so often.

FWIW, I am just finishing up an OS re-installation for this same infection - but it was accompanied by the "rootkit.zeroaccess!" malware. Nothing I tried worked and I had to <blush> admit defeat.

@jskfan - did you notice that this is one of the few malware variants that requires a "Safe Mode with Networking" boot? I only mention it because that is so unusual. I may have messed up my own repair attempts by starting the repairs in "Normal Mode".

jskfan

ASKER

phototropic"

This time the sytem didn't shut down, so the Malwarebytes went through complete scan and removed the infection.
I noticed that the svchost.exe that was under c:\windows is no longer there. I hope the "Security protection" malware will not come back.

I believe the first time I skipped the TDSSKiller step, this is why may be the system shuts down when I ram the Malwarbytes

jskfan

ASKER

Excellent!

it helped a lot so far.

phototropic

Glad to hear that your problem is resolved.

Thanks for the points and grade.

&quot;Securiy Protection&quot; Malware

"Securiy Protection" Malware