Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Security Essentials detected the Win32/sirefef.AC and .AH  (Read 21091 times)

0 Members and 1 Guest are viewing this topic.

brazza

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    Security Essentials detected the Win32/sirefef.AC and .AH
    « on: April 05, 2012, 05:44:01 PM »
    Hello
    My name is Brad and Microsoft security Essentials has found a threat called sirefef.AC and .AH and removes it but only temporarily and I get the message again over and over, also when I use google and click on a link it takes me to a spam website. Any help would be appreciated.

    Regards
    Brad

    Allan

    • Moderator

    • Mastermind
    • Thanked: 1260
    • Experience: Guru
    • OS: Windows 10
    Re: Security Essentials detected the Win32/sirefef.AC and .AH
    « Reply #1 on: April 06, 2012, 03:14:37 AM »
    Please follow the instructions in the following link and post your logs:
    http://www.computerhope.com/forum/index.php/topic,46313.0.html

    brazza

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Unknown
      Re: Security Essentials detected the Win32/sirefef.AC and .AH
      « Reply #2 on: April 06, 2012, 04:44:02 PM »
      Hello
      These are the logs you asked for.

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 04/07/2012 at 00:32 AM

      Application Version : 5.0.1146

      Core Rules Database Version : 8424
      Trace Rules Database Version: 6236

      Scan type       : Complete Scan
      Total Scan Time : 02:59:05

      Operating System Information
      Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
      UAC On - Limited User (Administrator User)

      Memory items scanned      : 959
      Memory threats detected   : 0
      Registry items scanned    : 36487
      Registry threats detected : 0
      File items scanned        : 235150
      File threats detected     : 40

      Adware.Tracking Cookie
         C:\USERS\JAIMEE\APPDATA\LOCAL\TEMP\LOW\COOKIES\JAIMEE@ATDMT[2].TXT [ /ATDMT ]
         C:\USERS\JAIMEE\APPDATA\LOCAL\TEMP\LOW\COOKIES\JAIMEE@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
         C:\USERS\JAIMEE\APPDATA\LOCAL\TEMP\LOW\COOKIES\JAIMEE@STATCOUNTER[1].TXT [ /STATCOUNTER ]
         cdn.insights.gravity.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
         cdn5.tribalfusion.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
         cloud.video.unrulymedia.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
         ia.media-imdb.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
         media.mtvnservices.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
         mpegmedia.abc.net.au [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
         secure-us.imrworldwide.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /192COM.112.2O7 ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.AD4GAME ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.ADK2 ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.ADMAXASIA ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.CENTRALPARK ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.ITP ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.PUBMATIC ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.RTBIDDER ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.SIMONANDSCHUSTER ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.WEATHERZONE.COM ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@ADTECH[1].TXT [ /ADTECH ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@BRAVENET[1].TXT [ /BRAVENET ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /E-2DJ6WMK4AMC5CCQ.STATS.ESOMNITURE ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /E-2DJ6WML4UMC5ADO.STATS.ESOMNITURE ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /E-2DJ6WMMIUJAZEGO.STATS.ESOMNITURE ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@MYROITRACKING[1].TXT [ /MYROITRACKING ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@OVERTURE[1].TXT [ /OVERTURE ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@PRO-MARKET[1].TXT [ /PRO-MARKET ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@RU4[2].TXT [ /RU4 ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /SALES.LIVEPERSON ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SENSISMEDIASMART.COM ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@TEENSREADANDWRITE[1].TXT [ /TEENSREADANDWRITE ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.INTELETRACK ]
         C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
         objects.tremormedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PU427XAN ]
         sftrack.searchforce.net [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PU427XAN ]
         C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@2O7[1].TXT [ /2O7 ]



      Malwarebytes Anti-Malware 1.60.1.1000
      www.malwarebytes.org

      Database version: v2012.04.06.07

      Windows Vista Service Pack 2 x86 NTFS
      Internet Explorer 9.0.8112.16421
      Bradley Adam :: BRADLEYADAM-PC [administrator]

      7/04/2012 7:20:41 AM
      mbam-log-2012-04-07 (07-20-41).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
      Scan options disabled: P2P
      Objects scanned: 263448
      Time elapsed: 9 minute(s), 43 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 0
      (No malicious items detected)

      (end)




      DDS (Ver_2011-08-26.01) - NTFSx86
      Internet Explorer: 9.0.8112.16421
      Run by Bradley Adam at 8:32:27 on 2012-04-07
      Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.61.1033.18.3036.1422 [GMT 10:00]
      .
      AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
      SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
      C:\Windows\system32\svchost.exe -k rpcss
      c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Program Files\WTouch\WTouchService.exe
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\SYSTEM32\WISPTIS.EXE
      C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Windows\System32\spoolsv.exe
      C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
      C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
      C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\system32\taskeng.exe
      C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
      C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
      c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
      C:\Program Files\Iomega Storage Manager\pCloudd.exe
      C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
      c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Windows\system32\Pen_Tablet.exe
      C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
      C:\Windows\system32\TODDSrv.exe
      C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
      C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
      C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Windows\System32\svchost.exe -k WerSvcGroup
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Windows\system32\DRIVERS\xaudio.exe
      C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
      c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\SYSTEM32\WISPTIS.EXE
      C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\WTablet\Pen_TabletUser.exe
      C:\Program Files\WTouch\WTouchUser.exe
      C:\Windows\system32\Pen_Tablet.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
      C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
      C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
      C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
      C:\Program Files\Microsoft IntelliType Pro\itype.exe
      C:\Program Files\Microsoft IntelliPoint\ipoint.exe
      C:\Program Files\Epson Software\Event Manager\EEventManager.exe
      C:\Program Files\Microsoft Security Client\msseces.exe
      C:\Program Files\Iomega\QuikProtect\startQuikProtect.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Real\RealPlayer\Update\realsched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Common Files\Java\Java Update\jusched.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
      C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
      c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\system32\DllHost.exe
      C:\Windows\system32\DllHost.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uSearch Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      uStart Page = hxxp://www.google.com.au/
      mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
      mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
      uInternet Settings,ProxyOverride = *.local
      uURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
      mURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
      BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
      BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
      BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
      BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
      BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
      BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
      BHO: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
      BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
      BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
      TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
      TB: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
      TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
      TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
      uRun: [TOSCDSPD] TOSCDSPD.EXE
      uRun: [EPSON Stylus Photo R350 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiajp.exe /fu "c:\windows\temp\E_S1FC0.tmp" /EF "HKCU"
      uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
      uRun: [Epson Stylus Photo TX710W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifsp.exe /fu "c:\windows\temp\E_SD098.tmp" /EF "HKCU"
      uRun: [EPSON4FCB07] c:\windows\system32\spool\drivers\w32x86\3\e_fatifsp.exe /fu "c:\windows\temp\E_SDB6.tmp" /EF "HKCU"
      uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
      mRun: [NDSTray.exe] NDSTray.exe
      mRun: [cfFncEnabler.exe] cfFncEnabler.exe
      mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
      mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
      mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
      mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
      mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
      mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
      mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
      mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
      mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
      mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
      mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
      mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
      mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
      mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
      mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
      mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
      mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
      mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
      mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
      mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
      dRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      dRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
      StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autode~1.lnk - c:\program files\photolightning\autodetect.exe
      mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
      IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
      LSP: c:\windows\system32\wpclsp.dll
      LSP: mswsock.dll
      DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
      DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
      DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
      DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
      DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
      DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
      DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.dsenz.com/dscape/timmersion/Plugin/DFusionHomeWebPlugIn.Installer.exe
      TCP: DhcpNameServer = 61.9.211.33 61.9.211.1
      TCP: Interfaces\{6C8BDEA8-6BB5-4FEE-BCA7-5E3118A988F3} : DhcpNameServer = 61.9.211.33 61.9.211.1
      TCP: Interfaces\{F65309BC-E2EE-47A9-BF17-46C6F2E8DBC2} : DhcpNameServer = 61.9.211.33 61.9.211.1
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
      Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
      SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
      .
      ============= SERVICES / DRIVERS ===============
      .
      R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
      R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
      R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
      R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
      R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
      R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
      R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
      R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
      R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]
      R2 PCloudd;PCloudd;c:\program files\iomega storage manager\pCloudd.exe [2011-2-18 206336]
      R2 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088]
      R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-8-31 4497704]
      R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
      R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
      R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-8-31 113448]
      R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-18 4247552]
      R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
      R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
      R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
      R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-10 8192]
      R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-26 77824]
      R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-8-31 13480]
      S2 antivirservice;DELTA;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
      S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-5 136176]
      S2 pavatscheduler;Cqcpu;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
      S2 pavreport;Bwcsrv;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
      S2 RAPIProtocol;Nvrd64;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
      S2 veteboot;W550mdm;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
      S2 webrootspysweeperservice;Atmarpc;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
      S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
      S3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\drivers\AF9035BDA.sys [2009-5-22 459776]
      S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-14 39272]
      S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
      S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-5 136176]
      S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
      S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
      S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2010-6-24 19384]
      S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
      S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\drivers\vNICdrv.sys [2011-1-21 17464]
      S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-31 16168]
      S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
      S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
      S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
      S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-8-6 19968]
      .
      =============== Created Last 30 ================
      .
      2012-04-06 21:14:48   56200   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{190da0dd-98af-4d17-a2d4-7b788c8b7520}\offreg.dll
      2012-04-06 21:10:34   6582328   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{190da0dd-98af-4d17-a2d4-7b788c8b7520}\mpengine.dll
      2012-04-04 09:27:44   --------   d-----w-   c:\users\bradley adam\appdata\roaming\SUPERAntiSpyware.com
      2012-04-04 09:27:20   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
      2012-04-04 09:27:20   --------   d-----w-   c:\program files\SUPERAntiSpyware
      2012-04-02 23:20:27   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Vuun
      2012-04-02 23:20:27   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Tyyco
      2012-04-02 23:20:11   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Pakelu
      2012-04-02 23:20:11   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Dypii
      2012-04-02 23:20:11   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Doex
      2012-04-02 23:10:01   0   --sha-w-   c:\windows\system32\dds_trash_log.cmd
      2012-04-02 23:07:59   --------   d-----w-   c:\program files\iPod
      2012-04-02 23:07:56   --------   d-----w-   c:\program files\iTunes
      2012-04-02 21:28:34   418464   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
      2012-03-22 07:02:53   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Wireshark
      2012-03-22 07:01:02   --------   d-----w-   c:\program files\WinPcap
      2012-03-22 06:59:31   --------   d-----w-   c:\program files\Wireshark
      2012-03-21 01:31:35   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Ibiq
      2012-03-21 01:31:35   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Esimix
      2012-03-21 01:31:35   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Asehe
      2012-03-14 01:48:52   --------   d-----w-   c:\users\bradley adam\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
      2012-03-14 01:48:52   --------   d-----w-   c:\users\bradley adam\appdata\roaming\Adobe Mini Bridge CS5.1
      2012-03-13 22:27:59   --------   d-----w-   c:\programdata\regid.1986-12.com.adobe
      2012-03-13 21:10:21   --------   d-----w-   c:\users\bradley adam\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
      2012-03-13 21:10:15   --------   d-----w-   c:\program files\Adobe Download Assistant
      2012-03-13 21:03:24   2044416   ----a-w-   c:\windows\system32\win32k.sys
      2012-03-13 21:03:23   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
      2012-03-13 21:03:23   1068544   ----a-w-   c:\windows\system32\DWrite.dll
      2012-03-13 21:03:22   683008   ----a-w-   c:\windows\system32\d2d1.dll
      2012-03-13 21:03:22   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
      2012-03-13 21:03:22   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
      2012-03-13 21:03:22   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
      2012-03-13 21:03:17   613376   ----a-w-   c:\windows\system32\rdpencom.dll
      2012-03-13 21:03:17   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
      2012-03-09 03:57:24   155648   ----a-w-   c:\windows\system32\AC3ACM.acm
      2012-03-09 03:46:38   --------   d-----w-   C:\Virtual Dub
      2012-03-09 03:20:01   --------   d-----w-   c:\users\bradley adam\appdata\local\{C0DAC552-FB6D-4AB9-A8DF-A64AE5F491F2}
      2012-03-09 03:20:01   --------   d-----w-   c:\users\bradley adam\appdata\local\{957EB0E2-B2E7-4334-A694-305428578DA9}
      .
      ==================== Find3M  ====================
      .
      2012-04-06 09:30:18   87608   ----a-w-   c:\users\bradley adam\appdata\roaming\inst.exe
      2012-04-06 09:30:18   47360   ----a-w-   c:\users\bradley adam\appdata\roaming\pcouffin.sys
      2012-04-02 23:10:45   472808   ----a-w-   c:\windows\system32\deployJava1.dll
      2012-04-02 21:30:29   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-02-15 01:01:50   4547944   ----a-w-   c:\windows\system32\usbaaplrc.dll
      2012-02-15 01:01:50   43520   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
      2012-01-31 12:44:05   237072   ------w-   c:\windows\system32\MpSigStub.exe
      .
      ============= FINISH:  8:33:11.02 ===============



      UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT
      .
      DDS (Ver_2011-08-26.01)
      .
      Microsoft® Windows Vista™ Home Premium
      Boot Device: \Device\HarddiskVolume2
      Install Date: 21/05/2009 7:42:45 PM
      System Uptime: 7/04/2012 6:56:53 AM (2 hours ago)
      .
      Motherboard: TOSHIBA |  | Satellite P300
      Processor: Intel(R) Core(TM)2 Duo CPU     P7450  @ 2.13GHz | U2E1 | 2133/200mhz
      .
      ==== Disk Partitions =========================
      .
      C: is FIXED (NTFS) - 362 GiB total, 11.951 GiB free.
      D: is CDROM (UDF)
      .
      ==== Disabled Device Manager Items =============
      .
      Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
      Description: Iomega Virtual Ethernet Adapter
      Device ID: ROOT\ROOT&VNICDRV\0000
      Manufacturer: Iomega
      Name: Iomega Virtual Ethernet Adapter
      PNP Device ID: ROOT\ROOT&VNICDRV\0000
      Service: vNICdrv
      .
      ==== System Restore Points ===================
      .
      No restore point in system.
      .
      ==== Installed Programs ======================
      .
       Update for Microsoft Office 2007 (KB2508958)
      ABBYY FineReader 6.0 Sprint
      AC-3 ACM Codec 2.1
      Acrobat.com
      Adobe AIR
      Adobe Community Help
      Adobe Download Assistant
      Adobe Flash Player 11 ActiveX
      Adobe Photoshop CS5.1
      Adobe Photoshop Elements 7.0
      Adobe Premiere Elements 7.0
      Adobe Premiere Elements 7.0 Templates
      Adobe Reader X (10.1.2)
      Adobe Shockwave Player 11.6
      Apple Application Support
      Apple Mobile Device Support
      Apple Software Update
      ATI Catalyst Install Manager
      Bamboo
      BigPond Broadband Cable
      Blaze HDTV Player Deluxe 4.0
      Bonjour
      Bookworm Adventures Deluxe 1.0.1.100
      Bookworm Adventures Vol. 2
      Bulk Rename Utility 2.7.1.1
      Camera Assistant Software for Toshiba
      Canon RAW Image Task for ZoomBrowser EX
      Canon Utilities Digital Photo Professional 3.5
      Canon Utilities EOS Utility
      Canon Utilities Original Data Security Tools
      Canon Utilities PhotoStitch
      Canon Utilities Picture Style Editor
      Canon Utilities WFT-E1/E2/E3 Utility
      Canon Utilities ZoomBrowser EX
      Captcha.trader Mipony Plugin 1.0
      Catalyst Control Center - Branding
      Catalyst Control Center Core Implementation
      Catalyst Control Center Graphics Full Existing
      Catalyst Control Center Graphics Full New
      Catalyst Control Center Graphics Light
      Catalyst Control Center Graphics Previews Vista
      Catalyst Control Center Localization Chinese Standard
      Catalyst Control Center Localization Chinese Traditional
      Catalyst Control Center Localization Czech
      Catalyst Control Center Localization Danish
      Catalyst Control Center Localization Dutch
      Catalyst Control Center Localization Finnish
      Catalyst Control Center Localization French
      Catalyst Control Center Localization German
      Catalyst Control Center Localization Greek
      Catalyst Control Center Localization Hungarian
      Catalyst Control Center Localization Italian
      Catalyst Control Center Localization Japanese
      Catalyst Control Center Localization Korean
      Catalyst Control Center Localization Norwegian
      Catalyst Control Center Localization Polish
      Catalyst Control Center Localization Portuguese
      Catalyst Control Center Localization Russian
      Catalyst Control Center Localization Spanish
      Catalyst Control Center Localization Swedish
      Catalyst Control Center Localization Thai
      Catalyst Control Center Localization Turkish
      ccc-core-static
      ccc-utility
      CCC Help Chinese Standard
      CCC Help Chinese Traditional
      CCC Help Czech
      CCC Help Danish
      CCC Help Dutch
      CCC Help English
      CCC Help Finnish
      CCC Help French
      CCC Help German
      CCC Help Greek
      CCC Help Hungarian
      CCC Help Italian
      CCC Help Japanese
      CCC Help Korean
      CCC Help Norwegian
      CCC Help Polish
      CCC Help Portuguese
      CCC Help Russian
      CCC Help Spanish
      CCC Help Swedish
      CCC Help Thai
      CCC Help Turkish
      CCleaner
      CD/DVD Drive Acoustic Silencer
      Clickonprint PhotoBooks 2.1
      Conduit Engine
      Conexant HD Audio
      D3DX10
      DivX Setup
      DVD Catalyst 4.0.2
      DVD MovieFactory for TOSHIBA
      e-tax 2011
      EOSInfo
      Epson Easy Photo Print 2
      Epson Event Manager
      EPSON PhotoQuicker3.4
      Epson Print CD
      EPSON Printer Software
      Epson Printer Software Downloader
      EPSON Scan
      Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
      EPSON TX710W Series Printer Uninstall
      EpsonNet Print
      EpsonNet Setup
      FastStone Photo Resizer 2.8
      Free WMA to MP3 Converter 1.16
      FXhome PhotoKey 4 Pro (remove only)
      Google Earth
      Google Earth Plug-in
      Google Toolbar for Internet Explorer
      Google Update Helper
      HDAUDIO Soft Data Fax Modem with SmartCP
      HDMI Control Manager
      HiJackThis
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
      iCloud
      ImageMixer 3 SE Ver.5 Transfer Utility
      ImageMixer 3 SE Ver.5 Video Tools
      ImgBurn
      Ink-Squared Deluxe 1.0
      Intel® Matrix Storage Manager
      Iomega Product Registration
      Iomega QuikProtect
      Iomega Storage Manager
      iTunes
      Java Auto Updater
      Java(TM) 6 Update 31
      Logitech Harmony Remote Software
      Malwarebytes Anti-Malware version 1.60.1.1000
      Marvell Miniport Driver
      Microsoft .NET Framework 3.5 SP1
      Microsoft .NET Framework 4 Client Profile
      Microsoft .NET Framework 4 Extended
      Microsoft Antimalware
      Microsoft Application Error Reporting
      Microsoft Fix it Center
      Microsoft Image Composite Editor
      Microsoft IntelliPoint 6.3
      Microsoft IntelliType Pro 6.3
      Microsoft Office 2003 Web Components
      Microsoft Office 2007 Primary Interop Assemblies
      Microsoft Office 2007 Service Pack 3 (SP3)
      Microsoft Office Access MUI (English) 2007
      Microsoft Office Access Setup Metadata MUI (English) 2007
      Microsoft Office Excel MUI (English) 2007
      Microsoft Office File Validation Add-In
      Microsoft Office InfoPath MUI (English) 2007
      Microsoft Office Live Add-in 1.5
      Microsoft Office Outlook Connector
      Microsoft Office Outlook MUI (English) 2007
      Microsoft Office PowerPoint MUI (English) 2007
      Microsoft Office Professional Plus 2007
      Microsoft Office Proof (English) 2007
      Microsoft Office Proof (French) 2007
      Microsoft Office Proof (Spanish) 2007
      Microsoft Office Proofing (English) 2007
      Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
      Microsoft Office Publisher MUI (English) 2007
      Microsoft Office Shared MUI (English) 2007
      Microsoft Office Shared Setup Metadata MUI (English) 2007
      Microsoft Office Small Business Connectivity Components
      Microsoft Office Word MUI (English) 2007
      Microsoft Security Client
      Microsoft Security Essentials
      Microsoft Silverlight
      Microsoft SQL Server 2005
      Microsoft SQL Server 2005 Compact Edition [ENU]
      Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
      Microsoft SQL Server 2005 Tools Express Edition
      Microsoft SQL Server Native Client
      Microsoft SQL Server Setup Support Files (English)
      Microsoft SQL Server VSS Writer
      Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
      Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      Microsoft XML Parser
      Microsoft XNA Framework Redistributable 3.1
      Microsoft_VC80_ATL_x86
      Microsoft_VC80_CRT_x86
      Microsoft_VC80_MFC_x86
      Microsoft_VC80_MFCLOC_x86
      Microsoft_VC90_ATL_x86
      Microsoft_VC90_CRT_x86
      Microsoft_VC90_MFC_x86
      Microsoft_VC90_MFCLOC_x86
      mipony-plugin Toolbar
      MiPony 1.6.1
      MSVCRT
      MSXML 4.0 SP2 (KB941833)
      MSXML 4.0 SP2 (KB954430)
      MSXML 4.0 SP2 (KB973688)
      Music Transfer Utility Ver.2
      Noiseware Standard Edition
      O2Micro Flash Memory Card Reader Driver (x86)
      OGA Notifier 2.0.0048.0
      PDF Settings CS5
      Peggle Nights
      Photo Story 3 for Windows
      Photolightning
      PhotoScape
      PhotoSync
      Picasa 3
      Pool Rebel for Windows
      PopCap Browser Plugin
      QuickTime
      RealNetworks - Microsoft Visual C++ 2008 Runtime
      RealPlayer
      RealUpgrade 1.1
      Router Screenshot Grabber 1.0.117
      Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
      Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
      Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
      Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
      Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
      Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
      Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
      Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
      Security Update for Windows Media Encoder (KB2447961)
      Security Update for Windows Media Encoder (KB954156)
      Security Update for Windows Media Encoder (KB979332)
      Segoe UI
      Skins
      SmartSound Quicktracks for Premiere Elements
      Spelling Dictionaries Support For Adobe Reader 9
      SUPERAntiSpyware
      swMSM
      System Requirements Lab
      TomTom HOME 2.8.3.2499
      TomTom HOME Visual Studio Merge Modules
      TOSHIBA Assist
      TOSHIBA ConfigFree
      TOSHIBA Disc Creator
      TOSHIBA DVD PLAYER
      TOSHIBA Extended Tiles for Windows Mobility Center
      TOSHIBA Face Recognition
      TOSHIBA Hardware Setup
      TOSHIBA Recovery Disc Creator
      TOSHIBA SD Memory Utilities
      TOSHIBA Speech System Applications
      TOSHIBA Speech System SR Engine(U.S.) Version1.0
      TOSHIBA Speech System TTS Engine(U.S.) Version1.0
      TOSHIBA Supervisor Password
      TOSHIBA Value Added Package
      Total Immersion D'Fusion Web Plugin
      Update for 2007 Microsoft Office System (KB967642)
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
      Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
      Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
      Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
      Update for Microsoft .NET Framework 4 Extended (KB2468871)
      Update for Microsoft .NET Framework 4 Extended (KB2533523)
      Update for Microsoft .NET Framework 4 Extended (KB2600217)
      Update for Microsoft Office 2007 Help for Common Features (KB963673)
      Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
      Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
      Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
      Update for Microsoft Office Access 2007 Help (KB963663)
      Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
      Update for Microsoft Office Excel 2007 Help (KB963678)
      Update for Microsoft Office Infopath 2007 Help (KB963662)
      Update for Microsoft Office Outlook 2007 Help (KB963677)
      Update for Microsoft Office Powerpoint 2007 Help (KB963669)
      Update for Microsoft Office Publisher 2007 Help (KB963667)
      Update for Microsoft Office Script Editor Help (KB963671)
      Update for Microsoft Office Word 2007 Help (KB963665)
      VC80CRTRedist - 8.0.50727.6195
      VSO Image Resizer 2.2.0.1
      WebTablet IE Plugin
      WebTablet Netscape Plugin
      Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net  (09/25/2008 3.1.0.101)
      Windows Driver Package - Motorola (ndiscm) Net  (02/09/2004 2.4.5.1)
      Windows Driver Package - Netgear Corporation (USB_RNDIS) Net  (04/10/2007 1.12.0.0)
      Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net  (03/27/2006 5.1213.06.0327)
      Windows Live Communications Platform
      Windows Live Essentials
      Windows Live Family Safety
      Windows Live ID Sign-in Assistant
      Windows Live Installer
      Windows Live Movie Maker
      Windows Live Photo Common
      Windows Live Photo Gallery
      Windows Live PIMT Platform
      Windows Live SOXE
      Windows Live SOXE Definitions
      Windows Live Sync
      Windows Live UX Platform
      Windows Live UX Platform Language Pack
      Windows Live Writer
      Windows Live Writer Resources
      Windows Media Encoder 9 Series
      WinPcap 4.1.2
      WinRAR 4.01 (32-bit)
      WinZip 14.5
      Wireshark 1.6.5
      .
      ==== Event Viewer Messages From Past Week ========
      .
      7/04/2012 8:29:31 AM, Error: Service Control Manager [7023]  - The Bthidenum service terminated with the following error:  Access is denied.
      7/04/2012 8:14:31 AM, Error: Service Control Manager [7023]  - The Spmd service terminated with the following error:  Access is denied.
      7/04/2012 7:59:31 AM, Error: Service Control Manager [7023]  - The Siside service terminated with the following error:  Access is denied.
      7/04/2012 7:44:31 AM, Error: Service Control Manager [7023]  - The Dac2w2k service terminated with the following error:  Access is denied.
      7/04/2012 7:29:31 AM, Error: Service Control Manager [7023]  - The FontCache3.0.0.0. service terminated with the following error:  Access is denied.
      7/04/2012 7:14:31 AM, Error: Service Control Manager [7023]  - The Rvsinst service terminated with the following error:  Access is denied.
      7/04/2012 7:10:55 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
      7/04/2012 6:59:33 AM, Error: Microsoft-Windows-PrintSpooler [19]  - The print spooler failed to share printer EPSON4FCB07 with shared resource name EPSON4FCB07. Error 1753. The printer cannot be used by others on the network.
      7/04/2012 6:59:33 AM, Error: Microsoft-Windows-PrintSpooler [19]  - The print spooler failed to share printer Epson Stylus Photo TX710W(Network) with shared resource name Epson Stylus Photo TX710W(Network). Error 1753. The printer cannot be used by others on the network.
      7/04/2012 6:59:33 AM, Error: Microsoft-Windows-PrintSpooler [19]  - The print spooler failed to share printer EPSON Stylus Photo R350 Series with shared resource name EPSON Stylus Photo R350 Series. Error 1753. The printer cannot be used by others on the network.
      7/04/2012 6:59:32 AM, Error: Service Control Manager [7023]  - The ARCSOFTVIRTUALCAPTURE service terminated with the following error:  Access is denied.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The ZTEusbnmea service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Zebrsce service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Z525mdfl service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The X4HSX32 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The X10UIF service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Wzcsvc service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Wlsetupsvc service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Wintrust service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Wdica service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Wacomkey service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The W550mdm service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The VMAUDIO service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Venturi2 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Ventrilo service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The UxTuneUp service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Utscsi service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The USR1806V service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The USBCamera service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The UCTblHid service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The TBPanel service terminated with the following error:  Access is denied.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Szserver service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Statusagent service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The SRS_SSCFilter service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Speedfan service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Speakerphone service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Sis315 service terminated with the following error:  Access is denied.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The SimpTcp service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Se45bus service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Se44bus service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The SE2Cmdm service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Scramby service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Scanwscs service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The S217mgmt service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The S116bus service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Rt2500usb service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Roxupnprenderer service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Roammgr service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The RDID1007 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The ProcObsrv service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Pnkbstrk service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Ovsecurityserver service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Oracleorahome92pagingserver service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Olapserver service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Obvious service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Nvsvc service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Nvrd64 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The NPDriver service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Nmwcdc service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Nimcrpcsu service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The NETw4v32 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The NETw3v32 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Ndismeetro service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The NdisFilt service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The N3900 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Msgsrvservice service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Mrpostman service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Mozybackup service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The MMRTKRNL service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Mirrorv3 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Mfeavfk service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Mbmiodrvr service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Lxcf_device service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Kservice service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Kpfwsvc service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The KMW_SYS service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Issm service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The IPassPeriodicUpdateService service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Idisw2km service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Icepack service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Ibmcicstransactiongateway service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Hsf_dp service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Hpqcxs08 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Hpconfig service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Houdiniserver service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Ha10kx2k service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The GENERICDRV service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Gbpoll service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Fix service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The FET5X86V service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The F700ius service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Epson_pm_rpcv2_02 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The EpmShd service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Elnkupdateservice service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The DVDVRRdr_xp service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Dlcg_device service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Dlaudfam service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Dlaboiom service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The DELTA service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Dcstor32 service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Cwbrxd service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Ctxhttp service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Ctxcpuusync service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The CTERFXFX.DLL service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The CTAudSvcService service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Cqcpu service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Cltnetcnservice service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The CdaC15BA service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Cachemgr service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Bwcsrv service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Btwmodem service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Btwdins service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Besclient service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The BASFND service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Bantext service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Avg7rsw service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Avg7alrt service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager [7023]  - The Atmarpc service terminated with the following error:  The specified module could not be found.
      7/04/2012 6:58:54 AM, Error: Service Control Manager

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Security Essentials detected the Win32/sirefef.AC and .AH
      « Reply #3 on: April 06, 2012, 05:24:02 PM »
      Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

      1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
      2. The fixes are specific to your problem and should only be used for this issue on this machine.
      3. If you don't know or understand something, please don't hesitate to ask.
      4. Please DO NOT run any other tools or scans while I am helping you.
      5. It is important that you reply to this thread. Do not start a new topic.
      6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
      7. Absence of symptoms does not mean that everything is clear.

      If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
      *************************************************************************
      The free space on your harddrive is down to 11Gb but Windows requires at least 15% (55 Gb) to function properly. You will need to find more space on that drive or you will soon start having operating problems.

      Download Combofix from any of the links below, and save it to your DESKTOP

      Link 1
      Link 2
      Link 3

      To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
      • Close any open windows and double click ComboFix.exe to run it.

        You will see the following image:


      Click I Agree to start the program.

      ComboFix will then extract the necessary files and you will see this:



      As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

      It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

      If you did not have it installed, you will see the prompt below. Choose YES.



      Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



      Click on Yes, to continue scanning for malware.

      When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

      Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

      Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
      Windows 8 and Windows 10 dual boot with two SSD's

      brazza

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Unknown
        Re: Security Essentials detected the Win32/sirefef.AC and .AH
        « Reply #4 on: April 06, 2012, 11:08:01 PM »
        I have followed the steps to stop Microsoft Security Essentials as per the instructions outlined in the link in the previous post & MSE has turned red with a white cross in it, but each time I run combofix it reports that MSE is still running and that I should close it down before continuing, I tried running Combofix anyway and it ran for 1 hour and nothing happened, no log in C:\

        What should I do

        Regards
        Brad

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Security Essentials detected the Win32/sirefef.AC and .AH
        « Reply #5 on: April 07, 2012, 12:31:53 PM »
        Open MSE and click on Settings, Real-time protection and unclick "turn on Real-time protection"
        Delete ComboFix from your desktop.


        Download Combofix from any of the links below, and save it to your DESKTOP

        Link 1
        Link 2
        Link 3

        When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

        To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
        • Close any open windows and double click PCHelpForum.exe to run it.

          You will see the following image:


        Click I Agree to start the program.

        ComboFix will then extract the necessary files and you will see this:



        As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

        It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

        If you did not have it installed, you will see the prompt below. Choose YES.



        Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

        **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

        Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



        Click on Yes, to continue scanning for malware.

        When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

        Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

        Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
        Windows 8 and Windows 10 dual boot with two SSD's

        brazza

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Unknown
          Re: Security Essentials detected the Win32/sirefef.AC and .AH
          « Reply #6 on: April 07, 2012, 06:57:18 PM »
          Hello

          Still having problems with Combofix/Pchelpforum.exe to work, I have deleted the file called Combofix.exe and re-downloaded it and re-named it Pchelpforum.exe, I made sure MSE was turned off in real time protection and then ran Pchelpforum.exe the first time I left it run for 2 hours and the second time it ran for 3 hours and nothing is happening, it only gets as far as these 3 lines of text.
          "Scanning for infected files"
          "This typically doesn't take more than 10 minutes"
          "However scan times for badly infected machines may easily double"



          Hopefully I have attatched a screen print below of what it looks like after 3 hours.
          Regards
          Brad

          [year+ old attachment deleted by admin]

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Security Essentials detected the Win32/sirefef.AC and .AH
          « Reply #7 on: April 07, 2012, 07:37:33 PM »
          Let's run a few more scans to see what turns up.

          Please download aswMBR.exe ( 511KB ) to your desktop.

          Double click the aswMBR.exe to run it



          Click the "Scan" button to start scan

          Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



          On completion of the scan click save log, save it to your desktop and post in your next reply
          Windows 8 and Windows 10 dual boot with two SSD's

          brazza

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Unknown
            Re: Security Essentials detected the Win32/sirefef.AC and .AH
            « Reply #8 on: April 08, 2012, 02:05:56 PM »
            Hello

            Here is the aswmbr scan results

            aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
            Run date: 2012-04-08 13:02:39
            -----------------------------
            13:02:39.082    OS Version: Windows 6.0.6002 Service Pack 2
            13:02:39.082    Number of processors: 2 586 0x1706
            13:02:39.098    ComputerName: BRADLEYADAM-PC  UserName: Bradley Adam
            13:02:54.012    Initialize success
            13:04:13.201    AVAST engine defs: 12040701
            13:04:31.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
            13:04:31.843    Disk 0 Vendor: TOSHIBA_ FF01 Size: 381554MB BusType: 3
            13:04:31.859    Disk 0 MBR read successfully
            13:04:31.859    Disk 0 MBR scan
            13:04:31.874    Disk 0 Windows VISTA default MBR code
            13:04:31.905    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
            13:04:31.921    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       370325 MB offset 3074048
            13:04:31.952    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         9728 MB offset 761499648
            13:04:31.999    Disk 0 scanning sectors +781422592
            13:04:32.108    Disk 0 scanning C:\Windows\system32\drivers
            13:04:37.397    File: C:\Windows\system32\drivers\cdrom.sys  **INFECTED** Win32:Rootkit-gen [Rtk]
            13:04:52.934    Disk 0 trace - called modules:
            13:04:52.934    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87c51fd0]<<
            13:04:52.950    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874baac8]
            13:04:52.950    3 CLASSPNP.SYS[8b11a8b3] -> nt!IofCallDriver -> [0x87b38b68]
            13:04:52.950    \Driver\00000525[0x87b38ca0] -> IRP_MJ_CREATE -> 0x87c51fd0
            13:04:54.011    AVAST engine scan C:\Windows
            13:05:01.343    AVAST engine scan C:\Windows\system32
            13:10:23.876    AVAST engine scan C:\Windows\system32\drivers
            13:10:29.039    File: C:\Windows\system32\drivers\cdrom.sys  **INFECTED** Win32:Rootkit-gen [Rtk]
            13:10:48.634    AVAST engine scan C:\Users\Bradley Adam
            14:10:20.764    Disk 0 MBR has been saved successfully to "C:\Users\Bradley Adam\Desktop\MBR.dat"
            14:10:20.936    The log file has been saved successfully to "C:\Users\Bradley Adam\Desktop\aswMBR.txt"


            aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
            Run date: 2012-04-08 21:55:57
            -----------------------------
            21:55:57.693    OS Version: Windows 6.0.6002 Service Pack 2
            21:55:57.693    Number of processors: 2 586 0x1706
            21:55:57.694    ComputerName: BRADLEYADAM-PC  UserName: Bradley Adam
            21:56:12.342    Initialize success
            21:56:24.196    AVAST engine defs: 12040701
            21:56:32.499    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
            21:56:32.502    Disk 0 Vendor: TOSHIBA_ FF01 Size: 381554MB BusType: 3
            21:56:32.511    Disk 0 MBR read successfully
            21:56:32.514    Disk 0 MBR scan
            21:56:32.519    Disk 0 Windows VISTA default MBR code
            21:56:32.527    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
            21:56:32.548    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       370325 MB offset 3074048
            21:56:32.587    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         9728 MB offset 761499648
            21:56:32.634    Disk 0 scanning sectors +781422592
            21:56:32.737    Disk 0 scanning C:\Windows\system32\drivers
            21:56:38.041    File: C:\Windows\system32\drivers\cdrom.sys  **INFECTED** Win32:Rootkit-gen [Rtk]
            21:56:53.842    Disk 0 trace - called modules:
            21:56:53.868    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87c3efd0]<<
            21:56:53.873    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874e1478]
            21:56:53.878    3 CLASSPNP.SYS[8b10d8b3] -> nt!IofCallDriver -> [0x87ad0810]
            21:56:53.883    \Driver\00000632[0x87ad0948] -> IRP_MJ_CREATE -> 0x87c3efd0
            21:56:54.789    AVAST engine scan C:\Windows
            21:57:02.311    AVAST engine scan C:\Windows\system32
            22:02:55.218    AVAST engine scan C:\Windows\system32\drivers
            22:02:57.406    File: C:\Windows\system32\drivers\cdrom.sys  **INFECTED** Win32:Rootkit-gen [Rtk]
            22:03:16.708    AVAST engine scan C:\Users\Bradley Adam
            23:18:07.762    AVAST engine scan C:\ProgramData
            23:33:17.394    Scan finished successfully
            06:01:09.670    Disk 0 MBR has been saved successfully to "C:\Users\Bradley Adam\Desktop\MBR.dat"
            06:01:10.328    The log file has been saved successfully to "C:\Users\Bradley Adam\Desktop\aswMBR.txt"

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Security Essentials detected the Win32/sirefef.AC and .AH
            « Reply #9 on: April 08, 2012, 04:14:30 PM »
            Save these instructions so you can have access to them while in Safe Mode.

            Please click here to download AVP Tool by Kaspersky.
            • Save it to your desktop.
            • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
            • Double click the setup file to run it.
            • Click Next to continue.
            • Accept the License agreement and click on next.
            • It will, by default, install it to your desktop folder. Click Next.
            • It will then open a box There will be a tab that says Automatic scan.
            • Under Automatic scan make sure these are checked.
            • Hidden Startup Objects
            • System Memory
            • Disk Boot Sectors.
            • My Computer.
            • Also any other drives (Removable that you may have)
            Leave the rest of the settings as they appear as default.
            •Then click on Scan at the to right hand Corner.
            •It will automatically Neutralize any objects found.
            •If some objects are left un-neutralized then click the button that says Neutralize all
            •If it says it cannot be neutralized then choose the delete option when prompted.
            •After that is done click on the reports button at the bottom and save it to file name it Kas.
            •Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

            Note: This tool will self uninstall when you close it so please save the log before closing it.
            Windows 8 and Windows 10 dual boot with two SSD's

            brazza

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Unknown
              Re: Security Essentials detected the Win32/sirefef.AC and .AH
              « Reply #10 on: April 08, 2012, 09:49:02 PM »
              Not much luck with the Kaspersky file, would it have been updated? the instructions in your post didn't match what was on screen and each time it found an infection it prompted for an action which I clicked on Quarentine, at the end of the scan it restarted the computer?? and didn't give a chance to save any reports? now it has started in normal mode, Kaspersky tried to start again but an error came up re: a temp file? to do with Kaspesky.

              What should I do?
              Regards
              Brad

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Security Essentials detected the Win32/sirefef.AC and .AH
              « Reply #11 on: April 09, 2012, 12:26:49 PM »
              Please try running ComboFix again.
              Windows 8 and Windows 10 dual boot with two SSD's

              brazza

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Unknown
                Re: Security Essentials detected the Win32/sirefef.AC and .AH
                « Reply #12 on: April 09, 2012, 06:12:34 PM »
                Combo fix ran for 3 hours and nothing happened apart from the same three lines of text i posted about earlier. MSE was turned off.
                Sorry to be a hassle

                Regards
                Brad

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Security Essentials detected the Win32/sirefef.AC and .AH
                « Reply #13 on: April 10, 2012, 11:35:49 AM »
                Quote
                Combo fix ran for 3 hours and nothing happened apart from the same three lines of text i posted about earlier
                Please try running it in Safe Mode.

                SysProt Antirootkit

                Download
                SysProt Antirootkit from the link below (you will find it at the bottom
                of the page under attachments, or you can get it from one of the
                mirrors).

                http://sites.google.com/site/sysprotantirootkit/

                Unzip it into a folder on your desktop.
                • Double click Sysprot.exe to start the program.
                • Click on the Log tab.
                • In the Write to log box select the following items.
                  • Process << Selected
                  • Kernel Modules << Selected
                  • SSDT << Selected
                  • Kernel Hooks << Selected
                  • IRP Hooks << NOT Selected
                  • Ports << NOT Selected
                  • Hidden Files << Selected
                • At the bottom of the page
                  • Hidden Objects Only << Selected
                • Click on the Create Log button on the bottom right.
                • After a few seconds a new window should appear.
                • Select Scan Root Drive. Click on the Start button.
                • When it is complete a new window will appear to indicate that the scan is finished.
                • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
                Windows 8 and Windows 10 dual boot with two SSD's

                brazza

                  Topic Starter


                  Rookie

                  • Experience: Beginner
                  • OS: Unknown
                  Re: Security Essentials detected the Win32/sirefef.AC and .AH
                  « Reply #14 on: April 12, 2012, 03:48:09 AM »
                  Tried to run combo fix again, this time in safe mode, and still did not run. As it was starting I noticed a message that only lasted just long enough to read it that said,
                  "Combo fix is preparing to run"
                  ACCESS DENIED
                  Administrator permission is needed to use the selected options.
                  Use an administrator command prompt to complete these tasks.

                  I started Combofix again and this time right clicked on it and ran as administrator and it still didn't make a difference.

                  Does this help you

                  Regards
                  Brad