15:29:56.0279 1264	TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:29:56.0529 1264	============================================================
15:29:56.0529 1264	Current date / time: 2012/04/26 15:29:56.0529
15:29:56.0529 1264	SystemInfo:
15:29:56.0529 1264	
15:29:56.0529 1264	OS Version: 5.1.2600 ServicePack: 2.0
15:29:56.0529 1264	Product type: Workstation
15:29:56.0529 1264	ComputerName: DOM-399BD11551D
15:29:56.0529 1264	UserName: Dom
15:29:56.0529 1264	Windows directory: C:\WINDOWS
15:29:56.0529 1264	System windows directory: C:\WINDOWS
15:29:56.0529 1264	Processor architecture: Intel x86
15:29:56.0529 1264	Number of processors: 1
15:29:56.0529 1264	Page size: 0x1000
15:29:56.0529 1264	Boot type: Normal boot
15:29:56.0529 1264	============================================================
15:29:58.0279 1264	Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:29:58.0279 1264	============================================================
15:29:58.0279 1264	\Device\Harddisk0\DR0:
15:29:58.0279 1264	MBR partitions:
15:29:58.0279 1264	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7801F1A
15:29:58.0295 1264	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7801F98, BlocksNum 0x678D968
15:29:58.0295 1264	============================================================
15:29:58.0326 1264	C: <-> \Device\Harddisk0\DR0\Partition0
15:29:58.0388 1264	D: <-> \Device\Harddisk0\DR0\Partition1
15:29:58.0420 1264	============================================================
15:29:58.0420 1264	Initialize success
15:29:58.0420 1264	============================================================
15:30:48.0873 2524	============================================================
15:30:48.0873 2524	Scan started
15:30:48.0873 2524	Mode: Manual; 
15:30:48.0873 2524	============================================================
15:30:49.0638 2524	Abiosdsk - ok
15:30:49.0654 2524	abp480n5 - ok
15:30:49.0701 2524	ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:30:49.0717 2524	ACPI - ok
15:30:49.0748 2524	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:30:49.0748 2524	ACPIEC - ok
15:30:49.0763 2524	adpu160m - ok
15:30:49.0810 2524	aec             (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
15:30:49.0826 2524	aec - ok
15:30:49.0873 2524	AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
15:30:49.0888 2524	AFD - ok
15:30:49.0888 2524	Aha154x - ok
15:30:49.0920 2524	aic78u2 - ok
15:30:49.0935 2524	aic78xx - ok
15:30:49.0967 2524	Alerter         (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
15:30:49.0967 2524	Alerter - ok
15:30:49.0998 2524	ALG             (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
15:30:49.0998 2524	ALG - ok
15:30:50.0029 2524	AliIde - ok
15:30:50.0045 2524	amsint - ok
15:30:50.0138 2524	Application Updater (bc79f60984a8a7d1af4af6e281bd12fb) C:\Program Files\Application Updater\ApplicationUpdater.exe
15:30:50.0154 2524	Application Updater - ok
15:30:50.0201 2524	AppMgmt         (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
15:30:50.0217 2524	AppMgmt - ok
15:30:50.0232 2524	asc - ok
15:30:50.0232 2524	asc3350p - ok
15:30:50.0248 2524	asc3550 - ok
15:30:50.0357 2524	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:30:50.0373 2524	aspnet_state - ok
15:30:50.0388 2524	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:30:50.0388 2524	AsyncMac - ok
15:30:50.0420 2524	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:30:50.0420 2524	atapi - ok
15:30:50.0435 2524	Atdisk - ok
15:30:50.0498 2524	Ati HotKey Poller (956dc0b34bc040e191d4016e6a9a7364) C:\WINDOWS\system32\Ati2evxx.exe
15:30:50.0513 2524	Ati HotKey Poller - ok
15:30:50.0623 2524	ati2mtag        (400299684f30d5c29b79eaaf3b5ff6c6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:30:50.0623 2524	ati2mtag - ok
15:30:50.0717 2524	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:30:50.0717 2524	Atmarpc - ok
15:30:50.0748 2524	AudioSrv        (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
15:30:50.0748 2524	AudioSrv - ok
15:30:50.0779 2524	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:30:50.0779 2524	audstub - ok
15:30:50.0826 2524	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:30:50.0826 2524	Beep - ok
15:30:50.0888 2524	BITS            (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
15:30:50.0904 2524	BITS - ok
15:30:50.0951 2524	Browser         (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
15:30:50.0967 2524	Browser - ok
15:30:50.0982 2524	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:30:50.0982 2524	cbidf2k - ok
15:30:50.0998 2524	cd20xrnt - ok
15:30:51.0029 2524	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:30:51.0029 2524	Cdaudio - ok
15:30:51.0060 2524	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:30:51.0060 2524	Cdfs - ok
15:30:51.0107 2524	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:30:51.0107 2524	Cdrom - ok
15:30:51.0123 2524	Changer - ok
15:30:51.0154 2524	CiSvc           (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
15:30:51.0154 2524	CiSvc - ok
15:30:51.0185 2524	ClipSrv         (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
15:30:51.0185 2524	ClipSrv - ok
15:30:51.0279 2524	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:30:51.0388 2524	clr_optimization_v2.0.50727_32 - ok
15:30:51.0467 2524	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:30:51.0513 2524	clr_optimization_v4.0.30319_32 - ok
15:30:51.0529 2524	CmdIde - ok
15:30:51.0545 2524	COMSysApp - ok
15:30:51.0576 2524	Cpqarray - ok
15:30:51.0623 2524	CryptSvc        (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
15:30:51.0623 2524	CryptSvc - ok
15:30:51.0638 2524	dac2w2k - ok
15:30:51.0654 2524	dac960nt - ok
15:30:51.0717 2524	DcomLaunch      (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
15:30:51.0732 2524	DcomLaunch - ok
15:30:51.0779 2524	Dhcp            (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
15:30:51.0779 2524	Dhcp - ok
15:30:51.0826 2524	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:30:51.0826 2524	Disk - ok
15:30:51.0842 2524	dmadmin - ok
15:30:52.0092 2524	dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
15:30:52.0123 2524	dmboot - ok
15:30:52.0170 2524	dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
15:30:52.0170 2524	dmio - ok
15:30:52.0201 2524	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:30:52.0201 2524	dmload - ok
15:30:52.0232 2524	dmserver        (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
15:30:52.0232 2524	dmserver - ok
15:30:52.0279 2524	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:30:52.0279 2524	DMusic - ok
15:30:52.0295 2524	Dnscache        (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
15:30:52.0295 2524	Dnscache - ok
15:30:52.0310 2524	dpti2o - ok
15:30:52.0326 2524	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:30:52.0326 2524	drmkaud - ok
15:30:52.0373 2524	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
15:30:52.0373 2524	dtsoftbus01 - ok
15:30:52.0404 2524	dump_wmimmc - ok
15:30:52.0404 2524	EagleNT - ok
15:30:52.0482 2524	ehRecvr         (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
15:30:52.0482 2524	ehRecvr - ok
15:30:52.0513 2524	ehSched         (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
15:30:52.0513 2524	ehSched - ok
15:30:52.0529 2524	ERSvc           (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
15:30:52.0529 2524	ERSvc - ok
15:30:52.0576 2524	Eventlog        (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
15:30:52.0576 2524	Eventlog - ok
15:30:52.0623 2524	EventSystem     (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
15:30:52.0638 2524	EventSystem - ok
15:30:52.0685 2524	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
15:30:52.0701 2524	Fastfat - ok
15:30:52.0717 2524	FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
15:30:52.0732 2524	FastUserSwitchingCompatibility - ok
15:30:52.0763 2524	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:30:52.0763 2524	Fdc - ok
15:30:52.0795 2524	Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
15:30:52.0795 2524	Fips - ok
15:30:52.0810 2524	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:30:52.0810 2524	Flpydisk - ok
15:30:52.0842 2524	FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:30:52.0842 2524	FltMgr - ok
15:30:52.0935 2524	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:30:52.0951 2524	FontCache3.0.0.0 - ok
15:30:52.0967 2524	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:30:52.0967 2524	Fs_Rec - ok
15:30:52.0982 2524	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:30:52.0982 2524	Ftdisk - ok
15:30:53.0013 2524	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:30:53.0013 2524	Gpc - ok
15:30:53.0092 2524	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:30:53.0107 2524	gupdate - ok
15:30:53.0123 2524	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:30:53.0123 2524	gupdatem - ok
15:30:53.0138 2524	hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:30:53.0138 2524	hamachi - ok
15:30:53.0263 2524	Hamachi2Svc     (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
15:30:53.0295 2524	Hamachi2Svc - ok
15:30:53.0342 2524	HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:30:53.0342 2524	HDAudBus - ok
15:30:53.0388 2524	helpsvc         (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:30:53.0388 2524	helpsvc - ok
15:30:53.0420 2524	HidIr           (1f695c5e013ba11a1901d8b845111b7e) C:\WINDOWS\system32\DRIVERS\hidir.sys
15:30:53.0420 2524	HidIr - ok
15:30:53.0467 2524	HidServ         (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
15:30:53.0467 2524	HidServ - ok
15:30:53.0498 2524	HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:30:53.0498 2524	HidUsb - ok
15:30:53.0498 2524	hpn - ok
15:30:53.0545 2524	HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
15:30:53.0560 2524	HTTP - ok
15:30:53.0592 2524	HTTPFilter      (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
15:30:53.0592 2524	HTTPFilter - ok
15:30:53.0592 2524	i2omgmt - ok
15:30:53.0607 2524	i2omp - ok
15:30:53.0638 2524	i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:30:53.0654 2524	i8042prt - ok
15:30:53.0732 2524	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:30:53.0732 2524	IDriverT - ok
15:30:53.0888 2524	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:30:53.0935 2524	idsvc - ok
15:30:53.0982 2524	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:30:53.0982 2524	Imapi - ok
15:30:54.0013 2524	ImapiService    (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
15:30:54.0013 2524	ImapiService - ok
15:30:54.0029 2524	ini910u - ok
15:30:54.0279 2524	IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:30:54.0310 2524	IntcAzAudAddService - ok
15:30:54.0373 2524	IntelIde - ok
15:30:54.0388 2524	intelppm        (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:30:54.0388 2524	intelppm - ok
15:30:54.0420 2524	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:30:54.0420 2524	Ip6Fw - ok
15:30:54.0451 2524	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:30:54.0451 2524	IpFilterDriver - ok
15:30:54.0467 2524	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:30:54.0467 2524	IpInIp - ok
15:30:54.0498 2524	IpNat           (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:30:54.0498 2524	IpNat - ok
15:30:54.0545 2524	IPSec           (bd965e4fae5ec6d671162f51c785a3c7) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:30:54.0545 2524	Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: bd965e4fae5ec6d671162f51c785a3c7, Fake md5: 64537aa5c003a6afeee1df819062d0d1
15:30:54.0545 2524	IPSec ( Virus.Win32.ZAccess.g ) - infected
15:30:54.0545 2524	IPSec - detected Virus.Win32.ZAccess.g (0)
15:30:54.0576 2524	IrBus           (3dcdb9480fc39b5f3bd6298296213c26) C:\WINDOWS\system32\DRIVERS\IrBus.sys
15:30:54.0576 2524	IrBus - ok
15:30:54.0607 2524	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:30:54.0607 2524	IRENUM - ok
15:30:54.0623 2524	isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:30:54.0623 2524	isapnp - ok
15:30:54.0701 2524	JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
15:30:54.0717 2524	JavaQuickStarterService - ok
15:30:54.0748 2524	Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:30:54.0748 2524	Kbdclass - ok
15:30:54.0779 2524	kbdhid          (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:30:54.0779 2524	kbdhid - ok
15:30:54.0826 2524	kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
15:30:54.0842 2524	kmixer - ok
15:30:54.0873 2524	KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
15:30:54.0873 2524	KSecDD - ok
15:30:54.0904 2524	lanmanserver    (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
15:30:54.0920 2524	lanmanserver - ok
15:30:54.0951 2524	lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
15:30:54.0967 2524	lanmanworkstation - ok
15:30:54.0982 2524	lbrtfdc - ok
15:30:55.0060 2524	LightScribeService (258caca1daade43978e2ecc9bdc94e1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:30:55.0060 2524	LightScribeService - ok
15:30:55.0076 2524	LmHosts         (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
15:30:55.0092 2524	LmHosts - ok
15:30:55.0107 2524	lvsrvlauncher   (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\nm.dll
15:30:55.0123 2524	lvsrvlauncher ( Backdoor.Multi.ZAccess.gen ) - infected
15:30:55.0123 2524	lvsrvlauncher - detected Backdoor.Multi.ZAccess.gen (0)
15:30:55.0154 2524	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
15:30:55.0154 2524	MBAMProtector - ok
15:30:55.0201 2524	MBAMService     (94e920be59b9ab65d95e582dbaa136ac) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:30:55.0217 2524	MBAMService - ok
15:30:55.0232 2524	MBAMSwissArmy - ok
15:30:55.0295 2524	McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe
15:30:55.0295 2524	McComponentHostService - ok
15:30:55.0342 2524	McrdSvc         (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
15:30:55.0342 2524	McrdSvc - ok
15:30:55.0451 2524	MDM             (0efee4f2d23ba2d8b27fba942106e0e1) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
15:30:55.0451 2524	MDM - ok
15:30:55.0482 2524	Messenger       (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
15:30:55.0482 2524	Messenger - ok
15:30:55.0529 2524	MHN             (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
15:30:55.0529 2524	MHN - ok
15:30:55.0545 2524	MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:30:55.0545 2524	MHNDRV - ok
15:30:55.0576 2524	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:30:55.0576 2524	mnmdd - ok
15:30:55.0607 2524	mnmsrvc         (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
15:30:55.0607 2524	mnmsrvc - ok
15:30:55.0638 2524	Modem           (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
15:30:55.0638 2524	Modem - ok
15:30:55.0670 2524	Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:30:55.0670 2524	Mouclass - ok
15:30:55.0701 2524	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:30:55.0701 2524	mouhid - ok
15:30:55.0732 2524	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:30:55.0732 2524	MountMgr - ok
15:30:55.0748 2524	mraid35x - ok
15:30:55.0763 2524	MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:30:55.0763 2524	MRxDAV - ok
15:30:55.0826 2524	MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:30:55.0842 2524	MRxSmb - ok
15:30:55.0873 2524	MSDTC           (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
15:30:55.0873 2524	MSDTC - ok
15:30:55.0904 2524	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:30:55.0904 2524	Msfs - ok
15:30:55.0920 2524	MSIServer - ok
15:30:55.0967 2524	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:30:55.0967 2524	MSKSSRV - ok
15:30:55.0998 2524	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:30:55.0998 2524	MSPCLOCK - ok
15:30:56.0013 2524	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:30:56.0013 2524	MSPQM - ok
15:30:56.0045 2524	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:30:56.0045 2524	mssmbios - ok
15:30:56.0076 2524	Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
15:30:56.0076 2524	Mup - ok
15:30:56.0107 2524	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:30:56.0123 2524	NDIS - ok
15:30:56.0154 2524	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:30:56.0154 2524	NdisTapi - ok
15:30:56.0185 2524	Ndisuio         (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:30:56.0185 2524	Ndisuio - ok
15:30:56.0201 2524	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:30:56.0217 2524	NdisWan - ok
15:30:56.0232 2524	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:30:56.0232 2524	NDProxy - ok
15:30:56.0279 2524	Nero BackItUp Scheduler 4.0 - ok
15:30:56.0310 2524	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:30:56.0310 2524	NetBIOS - ok
15:30:56.0342 2524	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:30:56.0342 2524	NetBT - ok
15:30:56.0388 2524	NetDDE          (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
15:30:56.0388 2524	NetDDE - ok
15:30:56.0404 2524	NetDDEdsdm      (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
15:30:56.0404 2524	NetDDEdsdm - ok
15:30:56.0420 2524	Netlogon        (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:30:56.0420 2524	Netlogon - ok
15:30:56.0451 2524	Netman          (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
15:30:56.0467 2524	Netman - ok
15:30:56.0545 2524	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:30:56.0545 2524	NetTcpPortSharing - ok
15:30:56.0592 2524	Nla             (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
15:30:56.0607 2524	Nla - ok
15:30:56.0623 2524	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:30:56.0623 2524	Npfs - ok
15:30:56.0623 2524	npggsvc - ok
15:30:56.0654 2524	NPPTNT2         (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
15:30:56.0654 2524	NPPTNT2 - ok
15:30:56.0717 2524	Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
15:30:56.0732 2524	Ntfs - ok
15:30:56.0732 2524	NtLmSsp         (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:30:56.0732 2524	NtLmSsp - ok
15:30:56.0779 2524	NtmsSvc         (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
15:30:56.0795 2524	NtmsSvc - ok
15:30:56.0826 2524	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:30:56.0826 2524	Null - ok
15:30:56.0857 2524	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:30:56.0857 2524	NwlnkFlt - ok
15:30:56.0873 2524	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:30:56.0873 2524	NwlnkFwd - ok
15:30:56.0935 2524	OverwolfUpdaterService (bf090c227f677dd67a5c96eb633b120a) C:\Program Files\Overwolf\\OverwolfUpdater.exe
15:30:56.0935 2524	OverwolfUpdaterService - ok
15:30:56.0982 2524	Parport         (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
15:30:56.0982 2524	Parport - ok
15:30:57.0013 2524	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:30:57.0013 2524	PartMgr - ok
15:30:57.0029 2524	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:30:57.0045 2524	ParVdm - ok
15:30:57.0060 2524	PCI             (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
15:30:57.0060 2524	PCI - ok
15:30:57.0076 2524	PCIDump - ok
15:30:57.0076 2524	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:30:57.0092 2524	PCIIde - ok
15:30:57.0107 2524	Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:30:57.0123 2524	Pcmcia - ok
15:30:57.0123 2524	PDCOMP - ok
15:30:57.0138 2524	PDFRAME - ok
15:30:57.0138 2524	PDRELI - ok
15:30:57.0154 2524	PDRFRAME - ok
15:30:57.0170 2524	perc2 - ok
15:30:57.0170 2524	perc2hib - ok
15:30:57.0217 2524	PlugPlay        (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
15:30:57.0232 2524	PlugPlay - ok
15:30:57.0232 2524	PolicyAgent     (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:30:57.0232 2524	PolicyAgent - ok
15:30:57.0248 2524	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:30:57.0248 2524	PptpMiniport - ok
15:30:57.0279 2524	prodrv06        (139af08bd63738ef25b1f61528282f98) C:\WINDOWS\System32\drivers\prodrv06.sys
15:30:57.0295 2524	prodrv06 - ok
15:30:57.0310 2524	prohlp02        (5f74753cb5cbb4766542960390c371ee) C:\WINDOWS\system32\drivers\prohlp02.sys
15:30:57.0310 2524	prohlp02 - ok
15:30:57.0310 2524	prosync1        (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
15:30:57.0310 2524	prosync1 - ok
15:30:57.0326 2524	ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:30:57.0326 2524	ProtectedStorage - ok
15:30:57.0342 2524	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:30:57.0357 2524	PSched - ok
15:30:57.0357 2524	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:30:57.0357 2524	Ptilink - ok
15:30:57.0388 2524	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:30:57.0388 2524	PxHelp20 - ok
15:30:57.0388 2524	ql1080 - ok
15:30:57.0404 2524	Ql10wnt - ok
15:30:57.0420 2524	ql12160 - ok
15:30:57.0420 2524	ql1240 - ok
15:30:57.0435 2524	ql1280 - ok
15:30:57.0467 2524	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:30:57.0467 2524	RasAcd - ok
15:30:57.0498 2524	RasAuto         (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
15:30:57.0498 2524	RasAuto - ok
15:30:57.0529 2524	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:30:57.0529 2524	Rasl2tp - ok
15:30:57.0560 2524	RasMan          (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
15:30:57.0576 2524	RasMan - ok
15:30:57.0592 2524	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:30:57.0592 2524	RasPppoe - ok
15:30:57.0607 2524	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:30:57.0607 2524	Raspti - ok
15:30:57.0638 2524	Rdbss           (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:30:57.0638 2524	Rdbss - ok
15:30:57.0654 2524	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:30:57.0654 2524	RDPCDD - ok
15:30:57.0701 2524	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:30:57.0701 2524	rdpdr - ok
15:30:57.0732 2524	RDPWD           (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
15:30:57.0748 2524	RDPWD - ok
15:30:57.0779 2524	RDSessMgr       (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
15:30:57.0795 2524	RDSessMgr - ok
15:30:57.0826 2524	redbook         (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:30:57.0826 2524	redbook - ok
15:30:57.0857 2524	RemoteAccess    (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
15:30:57.0857 2524	RemoteAccess - ok
15:30:57.0888 2524	RemoteRegistry  (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
15:30:57.0888 2524	RemoteRegistry - ok
15:30:57.0920 2524	RpcLocator      (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
15:30:57.0920 2524	RpcLocator - ok
15:30:57.0982 2524	RpcSs           (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
15:30:57.0998 2524	RpcSs - ok
15:30:58.0029 2524	RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:30:58.0045 2524	RSVP - ok
15:30:58.0076 2524	RTL8023xp       (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
15:30:58.0076 2524	RTL8023xp - ok
15:30:58.0107 2524	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:30:58.0107 2524	rtl8139 - ok
15:30:58.0138 2524	SamSs           (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:30:58.0138 2524	SamSs - ok
15:30:58.0185 2524	SCardSvr        (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
15:30:58.0185 2524	SCardSvr - ok
15:30:58.0232 2524	Schedule        (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
15:30:58.0248 2524	Schedule - ok
15:30:58.0263 2524	Secdrv          (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:30:58.0279 2524	Secdrv - ok
15:30:58.0295 2524	seclogon        (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
15:30:58.0295 2524	seclogon - ok
15:30:58.0326 2524	SENS            (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
15:30:58.0326 2524	SENS - ok
15:30:58.0342 2524	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:30:58.0342 2524	serenum - ok
15:30:58.0357 2524	Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
15:30:58.0357 2524	Serial - ok
15:30:58.0420 2524	sfhlp01         (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
15:30:58.0420 2524	sfhlp01 - ok
15:30:58.0420 2524	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:30:58.0420 2524	Sfloppy - ok
15:30:58.0467 2524	SharedAccess    (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
15:30:58.0482 2524	SharedAccess - ok
15:30:58.0513 2524	ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
15:30:58.0513 2524	ShellHWDetection - ok
15:30:58.0529 2524	Simbad - ok
15:30:58.0560 2524	Sparrow - ok
15:30:58.0576 2524	splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
15:30:58.0576 2524	splitter - ok
15:30:58.0592 2524	Spooler         (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
15:30:58.0592 2524	Spooler - ok
15:30:58.0623 2524	sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
15:30:58.0623 2524	sr - ok
15:30:58.0654 2524	srservice       (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
15:30:58.0654 2524	srservice - ok
15:30:58.0701 2524	Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
15:30:58.0717 2524	Srv - ok
15:30:58.0748 2524	SSDPSRV         (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
15:30:58.0748 2524	SSDPSRV - ok
15:30:58.0779 2524	stisvc          (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
15:30:58.0795 2524	stisvc - ok
15:30:58.0826 2524	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:30:58.0842 2524	swenum - ok
15:30:58.0873 2524	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:30:58.0873 2524	swmidi - ok
15:30:58.0888 2524	SwPrv - ok
15:30:58.0888 2524	symc810 - ok
15:30:58.0904 2524	symc8xx - ok
15:30:58.0904 2524	sym_hi - ok
15:30:58.0920 2524	sym_u3 - ok
15:30:58.0951 2524	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:30:58.0951 2524	sysaudio - ok
15:30:58.0967 2524	SysmonLog       (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
15:30:58.0982 2524	SysmonLog - ok
15:30:59.0013 2524	TapiSrv         (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
15:30:59.0029 2524	TapiSrv - ok
15:30:59.0092 2524	Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:30:59.0107 2524	Tcpip - ok
15:30:59.0138 2524	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:30:59.0138 2524	TDPIPE - ok
15:30:59.0154 2524	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:30:59.0154 2524	TDTCP - ok
15:30:59.0170 2524	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:30:59.0185 2524	TermDD - ok
15:30:59.0217 2524	TermService     (c29a5286e64d97385178452d5f307b98) C:\WINDOWS\System32\termsrv.dll
15:30:59.0232 2524	TermService - ok
15:30:59.0263 2524	Themes          (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
15:30:59.0263 2524	Themes - ok
15:30:59.0295 2524	TlntSvr         (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
15:30:59.0295 2524	TlntSvr - ok
15:30:59.0310 2524	TosIde - ok
15:30:59.0342 2524	TrkWks          (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
15:30:59.0342 2524	TrkWks - ok
15:30:59.0373 2524	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
15:30:59.0373 2524	Udfs - ok
15:30:59.0388 2524	ultra - ok
15:30:59.0420 2524	UMWdf           (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
15:30:59.0420 2524	UMWdf - ok
15:30:59.0451 2524	Update          (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
15:30:59.0467 2524	Update - ok
15:30:59.0498 2524	upnphost        (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
15:30:59.0513 2524	upnphost - ok
15:30:59.0529 2524	UPS             (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
15:30:59.0529 2524	UPS - ok
15:30:59.0560 2524	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:30:59.0560 2524	usbccgp - ok
15:30:59.0592 2524	usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:30:59.0592 2524	usbehci - ok
15:30:59.0607 2524	usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:30:59.0607 2524	usbhub - ok
15:30:59.0638 2524	usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:30:59.0638 2524	usbohci - ok
15:30:59.0670 2524	usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:30:59.0670 2524	usbprint - ok
15:30:59.0701 2524	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:30:59.0701 2524	usbscan - ok
15:30:59.0748 2524	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:30:59.0748 2524	USBSTOR - ok
15:30:59.0779 2524	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:30:59.0779 2524	VgaSave - ok
15:30:59.0779 2524	ViaIde - ok
15:30:59.0795 2524	vlfux - ok
15:30:59.0826 2524	VolSnap         (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
15:30:59.0826 2524	VolSnap - ok
15:30:59.0873 2524	VSS             (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
15:30:59.0888 2524	VSS - ok
15:30:59.0920 2524	W32Time         (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
15:30:59.0935 2524	W32Time - ok
15:30:59.0951 2524	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:30:59.0951 2524	Wanarp - ok
15:30:59.0967 2524	WDICA - ok
15:31:00.0013 2524	wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
15:31:00.0029 2524	wdmaud - ok
15:31:00.0045 2524	WebClient       (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
15:31:00.0045 2524	WebClient - ok
15:31:00.0107 2524	winmgmt         (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:31:00.0123 2524	winmgmt - ok
15:31:00.0154 2524	WmdmPmSN        (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
15:31:00.0170 2524	WmdmPmSN - ok
15:31:00.0217 2524	Wmi             (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
15:31:00.0248 2524	Wmi - ok
15:31:00.0279 2524	WmiApSrv        (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:31:00.0279 2524	WmiApSrv - ok
15:31:00.0310 2524	WpdUsb          (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:31:00.0310 2524	WpdUsb - ok
15:31:00.0467 2524	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:31:00.0498 2524	WPFFontCache_v0400 - ok
15:31:00.0545 2524	wuauserv        (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
15:31:00.0545 2524	wuauserv - ok
15:31:00.0607 2524	WZCSVC          (247520eded53a08ae89ea4fae04f54d8) C:\WINDOWS\System32\wzcsvc.dll
15:31:00.0623 2524	WZCSVC - ok
15:31:00.0638 2524	XDva392 - ok
15:31:00.0685 2524	xmlprov         (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
15:31:00.0701 2524	xmlprov - ok
15:31:00.0732 2524	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:31:00.0888 2524	\Device\Harddisk0\DR0 - ok
15:31:00.0888 2524	Boot (0x1200)   (b2c892b10b332df5ffb980b5456540cc) \Device\Harddisk0\DR0\Partition0
15:31:00.0888 2524	\Device\Harddisk0\DR0\Partition0 - ok
15:31:00.0920 2524	Boot (0x1200)   (41ee546f1f80d98d085f431e5074dfd0) \Device\Harddisk0\DR0\Partition1
15:31:00.0920 2524	\Device\Harddisk0\DR0\Partition1 - ok
15:31:00.0920 2524	============================================================
15:31:00.0920 2524	Scan finished
15:31:00.0920 2524	============================================================
15:31:00.0935 1712	Detected object count: 2
15:31:00.0935 1712	Actual detected object count: 2
15:32:27.0638 1712	C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
15:32:27.0654 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\@ - copied to quarantine
15:32:27.0717 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\L\oivmdeum - copied to quarantine
15:32:27.0717 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\loader.tlb - copied to quarantine
15:32:27.0732 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@00000001 - copied to quarantine
15:32:27.0748 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@000000c0 - copied to quarantine
15:32:27.0763 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@000000cb - copied to quarantine
15:32:27.0763 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@000000cf - copied to quarantine
15:32:27.0779 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@80000000 - copied to quarantine
15:32:27.0795 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@800000c0 - copied to quarantine
15:32:27.0810 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@800000cb - copied to quarantine
15:32:27.0873 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@800000cf - copied to quarantine
15:32:27.0904 1712	C:\WINDOWS\assembly\GAC_MSIL\desktop.ini - copied to quarantine
15:32:27.0920 1712	C:\WINDOWS\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - copied to quarantine
15:32:27.0920 1712	C:\Documents and Settings\Dom\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - copied to quarantine
15:32:28.0201 1712	Backup copy found, using it..
15:32:28.0201 1712	C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
15:32:29.0873 1712	C:\WINDOWS\$NtUninstallKB49553$\1993864045 - will be deleted on reboot
15:32:29.0873 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\@ - will be deleted on reboot
15:32:29.0967 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\loader.tlb - will be deleted on reboot
15:32:29.0967 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@00000001 - will be deleted on reboot
15:32:29.0967 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@000000c0 - will be deleted on reboot
15:32:29.0982 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@000000cb - will be deleted on reboot
15:32:29.0982 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@000000cf - will be deleted on reboot
15:32:29.0982 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@80000000 - will be deleted on reboot
15:32:29.0982 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@800000c0 - will be deleted on reboot
15:32:29.0982 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@800000cb - will be deleted on reboot
15:32:29.0982 1712	C:\WINDOWS\$NtUninstallKB49553$\2517674110\U\@800000cf - will be deleted on reboot
15:32:29.0982 1712	C:\WINDOWS\assembly\GAC_MSIL\desktop.ini - will be deleted on reboot
15:32:29.0982 1712	C:\WINDOWS\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - will be deleted on reboot
15:32:29.0982 1712	C:\Documents and Settings\Dom\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - will be deleted on reboot
15:32:29.0982 1712	IPSec ( Virus.Win32.ZAccess.g ) - User select action: Cure 
15:32:30.0107 1712	C:\WINDOWS\system32\nm.dll - copied to quarantine
15:32:30.0107 1712	HKLM\SYSTEM\ControlSet002\services\lvsrvlauncher - will be deleted on reboot
15:32:30.0123 1712	HKLM\SYSTEM\ControlSet003\services\lvsrvlauncher - will be deleted on reboot
15:32:30.0138 1712	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
15:32:30.0138 1712	C:\WINDOWS\system32\nm.dll - will be deleted on reboot
15:32:30.0138 1712	lvsrvlauncher ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete 
15:32:46.0951 0956	Deinitialize success