6 replies to this topic

[ianmacdonald]

Computer performance has taken a drop of late. Ran full and updated Avast scan, Malwarebytes, Spybot, but no real effect so to speak. Required logs are attached. Any assistance is appreciated.

Ian

Attached Files

•  Attach.txt   9.01K   11 downloads
•  DDS.txt   26.58K   14 downloads

[Maurice Naggar]

Hello Ian and welcome to MalwareBytes forums.

What is the date or timeframe when "performance" seemed to drop? Is there any particular program or task that has quite noticeably had a sharp drop ?
Also, be aware "slowness" issue may not at all be due to malware !!

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.
Step 2
To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4
Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Use your browser to go here at Virustotal website
Click the Choose File button and then navigate to C:\Windows\SysWOW64\nvinit.dll, then click the Scan it button.
The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.
==
Use your browser to go here at VirSCAN.org website
Click the Browse button and then navigate to C:\Windows\SysWOW64\nvinit.dll, then click the Upload button.
Save the results, and post back here in a reply.

Step 6
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

Step 7
RE-Enable your antivirus program.
Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & result from Virustotal & Virscan & log from Bitdefender.
Use separate replies as needed if logs do not fit into one reply box.

[ianmacdonald]

Hi Maurice - thanks for the quick reply. I can't recall a specific time or incident that coincides with the performance drop, sorry. It's just no where need as fast as it was (things loading slow etc.). Logs posted in order of request below:

1) RSIT Log.txt

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ian at 2012-05-16 23:21:54
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 33 GB (27%) free of 119 GB
Total RAM: 3893 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:45 PM, on 5/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Ian\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\ERUNT\ERUNT.EXE
C:\Program Files\trend micro\Ian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-21-2945578582-593853648-2416519973-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2945578582-593853648-2416519973-1010\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} -
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/...SetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{043276B7-2929-4D15-BB3B-9220BACF42E6}: NameServer = 0.0.0.0
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11710 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
C:\Windows\system32\WLANExt.exe 27587728
\??\C:\Windows\system32\conhost.exe "-1686870915921326618138931946116520739916303875511028953632-5105742991033876806
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {A601F41B-3191-4720-BC99-A93DFF1CEF25}
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
ATKOSD.exe
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
KBFiltr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
WDC.exe
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\SysWOW64\rpcnet.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1392
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4276.14929030.1638673491 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 4276 "\\.\pipe\gecko-crash-server-pipe.4276" plugin
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4276.1bcb15b0.1782768581 "C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 4276 "\\.\pipe\gecko-crash-server-pipe.4276" plugin
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4276.c71d110.301456090 "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 4276 "\\.\pipe\gecko-crash-server-pipe.4276" plugin
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Users\Ian\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT
"C:\Program Files (x86)\ERUNT\ERUNT.EXE"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe33_ Global\UsGthrCtrlFltPipeMssGthrPipe33 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 540 544 552 65536 548
"C:\Users\Ian\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2945578582-593853648-2416519973-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2945578582-593853648-2416519973-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2945578582-593853648-2416519973-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2945578582-593853648-2416519973-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default

prefs.js - "browser.startup.homepage" - "http://www.sciencedaily.com/|http://www.thisviewoflife.com/index.php/religion/index.php|http://groupselections.blogspot.com/?zx=3f57039ba2650a"
prefs.js - "extensions.enabledItems" - "{4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.12, noia2_option@kk.noia:3.76, en-CA@dictionaries.addons.mozilla.org:2.0.0, en-GB@dictionaries.addons.mozilla.org:1.19.1, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, zotero@chnm.gmu.edu:2.1.6, zoteroWinWordIntegration@zotero.org:3.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17, {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198]
"Description"=RealPlayer™ LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198]
"Description"=RealNetworks™ RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198]
"Description"=RealPlayer™ HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198]
"Description"=15.0.0.198
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
nsjsrealplayerplugin.xpt
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
bing.xml
creativecommons.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\
en-CA@dictionaries.addons.mozilla.org
en-GB@dictionaries.addons.mozilla.org
zigboom@ymail.com
zotero@chnm.gmu.edu
zoteroWinWordIntegration@zotero.org

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-06 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-01 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-06 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-06 1003704]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03 339872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2012-01-03 815512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2012-01-03 36760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-04 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe [2012-03-13 3331872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun64]
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-22 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-08-22 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS WebStorage]
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-01-05 170624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-02-04 7350912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Ian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 137536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-10-21 392472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-10-21 167704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-11-02 1933584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-10-09 421736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-11-29 935312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2011-11-29 3508624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-01-22 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [2011-07-22 718720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-10-21 416024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-03-26 10135584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Setwallpaper]
c:\programdata\SetWallpaper.cmd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-12-01 296056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-08-22 156952]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-06 4241512]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll,C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-10-21 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-05-23 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-05-16 23:21:54 ----D---- C:\rsit
2012-05-16 23:21:54 ----D---- C:\Program Files\trend micro
2012-05-16 23:12:52 ----D---- C:\Program Files (x86)\ERUNT
2012-05-16 01:49:30 ----D---- C:\Program Files (x86)\Oracle
2012-05-16 01:49:03 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-05-16 01:49:03 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-05-16 01:48:32 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-05-16 01:48:32 ----A---- C:\Windows\SYSWOW64\java.exe
2012-05-16 00:31:12 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2012-05-16 00:31:12 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2012-05-16 00:31:12 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2012-05-16 00:31:12 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-05-16 00:31:12 ----A---- C:\Windows\system32\OpenCL.dll
2012-05-16 00:31:12 ----A---- C:\Windows\system32\nvwgf2umx.dll
2012-05-16 00:31:12 ----A---- C:\Windows\system32\nvoglv64.dll
2012-05-16 00:31:12 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2012-05-16 00:31:11 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2012-05-16 00:31:11 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2012-05-16 00:31:11 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2012-05-16 00:31:11 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-05-16 00:31:11 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-05-16 00:31:11 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-05-16 00:31:11 ----A---- C:\Windows\system32\nvinitx.dll
2012-05-16 00:31:11 ----A---- C:\Windows\system32\nvgenco64.dll
2012-05-16 00:31:11 ----A---- C:\Windows\system32\nvdispco64.dll
2012-05-16 00:31:11 ----A---- C:\Windows\system32\nvdecodemft.dll
2012-05-16 00:31:11 ----A---- C:\Windows\system32\nvd3dumx.dll
2012-05-16 00:31:11 ----A---- C:\Windows\system32\nvcuvid.dll
2012-05-16 00:31:11 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-05-16 00:31:11 ----A---- C:\Windows\system32\nvcuda.dll
2012-05-16 00:31:11 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-05-16 00:31:10 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-05-16 00:31:10 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2012-05-16 00:31:10 ----A---- C:\Windows\system32\nvcompiler.dll
2012-05-16 00:30:47 ----D---- C:\Windows\pss
2012-05-15 19:38:26 ----D---- C:\ProgramData\Blizzard Entertainment
2012-05-15 19:33:00 ----D---- C:\ProgramData\Battle.net
2012-05-15 11:51:46 ----D---- C:\Program Files (x86)\Bulk Rename Utility
2012-05-13 16:38:34 ----SHD---- C:\$RECYCLE.BIN
2012-05-13 16:04:00 ----A---- C:\ComboFix.txt
2012-05-13 15:45:07 ----D---- C:\Windows\temp
2012-05-10 09:16:32 ----A---- C:\Windows\system32\DWrite.dll
2012-05-10 09:16:31 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-10 09:16:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-10 09:16:18 ----A---- C:\Windows\system32\win32k.sys
2012-05-10 09:16:16 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-10 09:16:14 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-10 09:15:42 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-10 09:15:20 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-07 20:21:15 ----D---- C:\Program Files (x86)\Sonix
2012-05-07 20:21:07 ----D---- C:\Users\Ian\AppData\Roaming\InstallShield
2012-04-26 10:12:36 ----D---- C:\ProgramData\Mozilla
2012-04-26 10:12:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

======List of files/folders modified in the last 1 month======

2012-05-16 23:22:31 ----D---- C:\Windows\Prefetch
2012-05-16 23:21:54 ----RD---- C:\Program Files
2012-05-16 23:13:28 ----D---- C:\Windows\ERDNT
2012-05-16 23:12:52 ----D---- C:\Program Files (x86)
2012-05-16 23:07:52 ----A---- C:\Windows\system32\rpcnetp.exe
2012-05-16 15:04:15 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-05-16 10:26:08 ----D---- C:\Windows\system32\config
2012-05-16 09:45:53 ----D---- C:\Windows\System32
2012-05-16 09:45:53 ----D---- C:\Windows\inf
2012-05-16 09:45:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-16 09:41:42 ----A---- C:\Windows\SYSWOW64\log.txt
2012-05-16 09:41:40 ----A---- C:\Windows\SYSWOW64\rpcnet.dll
2012-05-16 09:41:11 ----D---- C:\Windows\SYSWOW64\NV
2012-05-16 09:41:10 ----D---- C:\Windows\system32\NV
2012-05-16 01:50:05 ----SHD---- C:\Windows\Installer
2012-05-16 01:50:04 ----D---- C:\Program Files (x86)\Common Files
2012-05-16 01:49:22 ----SHD---- C:\System Volume Information
2012-05-16 01:49:03 ----D---- C:\Windows\SysWOW64
2012-05-16 01:48:19 ----D---- C:\Program Files (x86)\Java
2012-05-16 00:54:57 ----D---- C:\Windows
2012-05-16 00:53:41 ----D---- C:\ProgramData\NVIDIA
2012-05-16 00:35:38 ----RD---- C:\Users
2012-05-16 00:35:37 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-05-16 00:35:36 ----D---- C:\Program Files\NVIDIA Corporation
2012-05-16 00:34:47 ----D---- C:\NVIDIA
2012-05-16 00:32:46 ----D---- C:\Windows\system32\drivers
2012-05-16 00:32:36 ----D---- C:\Windows\system32\catroot
2012-05-16 00:32:34 ----D---- C:\Windows\system32\catroot2
2012-05-16 00:32:32 ----D---- C:\Windows\system32\DriverStore
2012-05-15 22:08:43 ----D---- C:\ProgramData
2012-05-15 22:08:37 ----D---- C:\Windows\system32\Tasks
2012-05-15 21:30:54 ----D---- C:\Users\Ian\AppData\Roaming\vlc
2012-05-14 20:04:54 ----D---- C:\Users\Ian\AppData\Roaming\uTorrent
2012-05-13 16:04:15 ----D---- C:\Qoobox
2012-05-13 15:48:22 ----A---- C:\Windows\system.ini
2012-05-13 15:47:56 ----D---- C:\Windows\system32\drivers\etc
2012-05-13 15:37:29 ----D---- C:\Windows\SYSWOW64\drivers
2012-05-13 15:37:29 ----D---- C:\Windows\AppPatch
2012-05-13 15:37:27 ----D---- C:\Program Files\Common Files
2012-05-13 14:49:28 ----D---- C:\Windows\Microsoft.NET
2012-05-13 14:49:27 ----RSD---- C:\Windows\assembly
2012-05-12 09:26:05 ----D---- C:\Windows\winsxs
2012-05-12 09:24:40 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 11:55:11 ----A---- C:\Windows\system32\MRT.exe
2012-05-11 11:55:02 ----D---- C:\ProgramData\Microsoft Help
2012-05-11 11:34:07 ----D---- C:\Program Files\Windows Journal
2012-05-07 21:02:12 ----D---- C:\Users\Ian\AppData\Roaming\Mozilla
2012-05-07 20:21:24 ----D---- C:\Windows\twain_32
2012-05-07 20:17:21 ----D---- C:\Program Files (x86)\Runic Games
2012-05-07 20:16:07 ----D---- C:\Program Files (x86)\ASUS
2012-05-07 19:57:37 ----SD---- C:\ProgramData\Microsoft
2012-05-05 18:55:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-05-05 18:55:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-04-26 10:12:27 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-04-23 11:08:40 ----D---- C:\Program Files (x86)\VideoLAN

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-02-29 28992]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-06 53080]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-06 819032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-06 337240]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-06 59224]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-06 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-10-21 12310112]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-26 2307616]
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2010-11-22 34032]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-08-05 42392]
S0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-10-26 36328]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-19 1394688]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\Windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\Windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\Windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-10-26 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-10-26 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-10-26 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-10-26 146920]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-04-06 38632]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-06 44768]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-11-02 1515792]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-11-02 836880]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\SysWOW64\rpcnet.exe [2011-06-21 58288]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-06-05 655624]
S4 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
S4 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 934760]
S4 Samsung UPD Service;Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [2010-03-16 167280]

-----------------EOF-----------------

[ianmacdonald]

2) RSIT info.txt

info.txt logfile of random's system information tool 1.09 2012-05-16 23:22:53

======Uninstall list======

-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{8509270B-F44B-435B-930B-2C4C9726EC6D}" "1033" "0"
-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter 1.63b-->"C:\Program Files (x86)\AC3Filter\unins000.exe"
Adobe Acrobat X Pro - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000005}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe -maintain plugin
Adobe Reader 9.5.0 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}\setup.exe -runfromtemp
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Mobile Device Support-->MsiExec.exe /I{9C98CA38-4C1A-4AC8-B55C-169497C8826B}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
ASUS AI Recovery-->MsiExec.exe /I{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}
ASUS Live Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9
ASUS MultiFrame-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.exe" -l0x9
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Behavior Tracker-->"C:\ProgramData\{31DA7649-ED60-4CCE-86EF-C02EDB6B9FA3}\Behavior Tracker.exe" REMOVE=TRUE MODIFY=FALSE
Behavior Tracker-->C:\ProgramData\{31DA7649-ED60-4CCE-86EF-C02EDB6B9FA3}\Behavior Tracker.exe
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Bulk Rename Utility 2.7.1.2-->"C:\Program Files (x86)\Bulk Rename Utility\unins000.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins001.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{33D32206-AC43-4808-B6A2-5B5EEFFE1EF6}" "1033" "0"
Diablo III-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\Diablo III\Uninstall.exe
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
ETDWare PS/2-x64 7.0.5.11_WHQL-->%ProgramFiles%\Elantech\ETDUn_inst.exe
Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E}
FileMaker Pro 11-->D:\Program Files\Setup\Uninstall.exe {EACCC991-8E8C-4397-8854-349506741FC9} "FileMaker Pro 11"
FileMaker Pro 11-->MsiExec.exe /I{EACCC991-8E8C-4397-8854-349506741FC9}
FLAC 1.2.1b (remove only)-->C:\Program Files (x86)\FLAC\uninstall.exe
G*Power 3.1.3-->MsiExec.exe /I{26A39957-0BE3-449B-BA6F-922C8713AB2B}
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
Google Talk Plugin-->MsiExec.exe /I{FD207C2C-A7FF-332A-AC85-5A5ACED6F31B}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
IBM SPSS Statistics 20-->MsiExec.exe /I{2AF8017B-E503-408F-AACE-8A335452CAD2}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec /I{AF162E20-417F-4946-A06D-65734984957F}
Intel® WiDi-->MsiExec.exe /X{7257132D-7F65-41E6-A90F-43BF6099461A}
iTunes-->MsiExec.exe /I{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}
Java™ 7 Update 4-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217004FF}
JavaFX 2.1.0-->MsiExec.exe /X{1111706F-666A-4037-7777-210328764D10}
Juniper Networks Setup Client Activex Control-->C:\Windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
Malwarebytes Anti-Malware version 1.61.0.1400-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mendeley Desktop 1.3.2-->D:\Program Files (x86)\Mendeley Desktop\Uninstaller.exe
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Mozilla Thunderbird (5.0)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
NEC Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}\setup.exe" -runfromtemp -l0x0409 -removeonly
NEC Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /I{D7BF9739-8A68-4335-BBEE-37752AD9E86B}
Netflix in Windows Media Center-->MsiExec.exe /X{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}
NVIDIA Graphics Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX System Software 9.12.0213-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
NVIDIA Update 1.7.11-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL",UninstallPackage Display.Update
NVIDIA Updatus-->"C:\Program Files (x86)\InstallShield Installation Information\{7357286A-CBE7-4F4A-BABC-EC4B3DD63862}\setup.exe" -runfromtemp -l0x0009
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
R for Windows 2.12.0-->"C:\Program Files\R\R-2.12.0\unins000.exe"
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Rosetta Stone Version 3-->MsiExec.exe /X{99011A6E-5200-11DE-BDB8-7ACD56D89593}
Samsung Kies-->"C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
Samsung Universal Print Driver-->C:\Program Files (x86)\Samsung\Samsung Universal Print Driver\Install\Setup.exe /R
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B76D8C6D-1F13-42A7-9931-D7504CB89D6D}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{01F2485C-FAEE-47E7-986E-B4F2FFC22D57}" "1033" "0"
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{61461470-8168-4F4B-97B7-617AF354F028}" "1033" "0"
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{337A3FB9-281D-4EC8-9CC1-7F6DDAC2359F}" "1033" "0"
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{337A3FB9-281D-4EC8-9CC1-7F6DDAC2359F}" "1033" "0"
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B75541D4-3970-4CC7-934B-D48F8C26DCA5}" "1033" "0"
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
Spybot - Search & Destroy-->"D:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
SRS Premium Sound Control Panel-->MsiExec.exe /I{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}" "1033" "0"
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{18B3CF2A-73F7-4716-B1AE-86D68726D408}" "1033" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}" "1033" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{15058154-469F-4794-ACD5-94F8420F9B80}" "1033" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{995A7832-B512-46D5-87C9-2D71FB541435}" "1033" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{C8694FF0-8203-483B-A07A-2BC40433167D}" "1033" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{28FAC187-7C0E-413A-B90A-76F19D0FBF30}" "1033" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0"
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4D98EEEA-A31B-42FA-991A-F989594F4DA5}" "1033" "0"
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{4D98EEEA-A31B-42FA-991A-F989594F4DA5}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{9865DC3A-2898-48D9-B96A-46397571C934}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{38990592-F6A1-4A26-96C7-0600E36AE794}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}" "1033" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}" "1033" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}" "1033" "0"
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
VLC media player 2.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Microsoft Corporation ActivityMonitor (06/21/2006 6.0.6001.18000)-->C:\PROGRA~1\DIFX\0169CE3A95F06636\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\wimfltr.inf_amd64_neutral_2c27ed564f5f9545\wimfltr.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
WinRAR 4.00 beta 6 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
Wireless Console 3-->MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}
Write-N-Cite-->C:\PROGRA~2\Refworks\UNWISE.EXE C:\PROGRA~2\Refworks\INSTALL.LOG
Xiph.Org Open Codecs 0.84.17359-->C:\Program Files (x86)\Xiph.Org\Open Codecs\uninst.exe
XMind-->D:\Program Files (x86)\XMind\uninstall.exe

======System event log======

Computer Name: Ian-ASUS
Event Code: 37
Message: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 89929
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20110908042714.830777-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Ian-ASUS
Event Code: 37
Message: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 89928
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20110908042714.830777-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Ian-ASUS
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon
Record Number: 89902
Source Name: Service Control Manager
Time Written: 20110908042632.706491-000
Event Type: Error
User:

Computer Name: Ian-ASUS
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 89809
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110908042535.096640-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Ian-ASUS
Event Code: 10002
Message: WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\IWMSSvc.dll

Record Number: 89808
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110908042535.096640-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: iMAC
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledSPRetry 1061
Record Number: 17630
Source Name: Bonjour Service
Time Written: 20110209065525.000000-000
Event Type: Error
User:

Computer Name: iMAC
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledEvent 1061
Record Number: 17629
Source Name: Bonjour Service
Time Written: 20110209065525.000000-000
Event Type: Error
User:

Computer Name: iMAC
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second
Record Number: 17628
Source Name: Bonjour Service
Time Written: 20110209065525.000000-000
Event Type: Error
User:

Computer Name: iMAC
Event Code: 1002
Message: The program DivXWebPlayerInstaller(2).exe version 2.3.0.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 177c
Start Time: 01cbc81fe0e059ab
Termination Time: 0
Application Path: C:\Users\Ian\Downloads\DivXWebPlayerInstaller(2).exe
Report Id:

Record Number: 17621
Source Name: Application Hang
Time Written: 20110209061157.000000-000
Event Type: Error
User:

Computer Name: iMAC
Event Code: 1002
Message: The program DivXWebPlayerInstaller.exe version 2.3.0.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1724
Start Time: 01cbc81dfd789cd6
Termination Time: 6
Application Path: C:\Users\Ian\Downloads\DivXWebPlayerInstaller.exe
Report Id:

Record Number: 17613
Source Name: Application Hang
Time Written: 20110209060744.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Ian-ASUS
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-2945578582-593853648-2416519973-1001
Account Name: Ian
Account Domain: IAN-ASUS
Logon ID: 0x1a8ba
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: BRIDGET-HP
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Bridget-HP
Additional Information: Bridget-HP

Process Information:
Process ID: 0xbe8
Process Name: C:\Windows\System32\spoolsv.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 73491
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111211002516.565976-000
Event Type: Audit Success
User:

Computer Name: Ian-ASUS
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-2945578582-593853648-2416519973-1001
Account Name: Ian
Account Domain: IAN-ASUS
Logon ID: 0x1a8ba
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: BRIDGET-HP
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Bridget-HP
Additional Information: Bridget-HP

Process Information:
Process ID: 0xbe8
Process Name: C:\Windows\System32\spoolsv.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 73490
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111211002516.562975-000
Event Type: Audit Success
User:

Computer Name: Ian-ASUS
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-2945578582-593853648-2416519973-1001
Account Name: Ian
Account Domain: IAN-ASUS
Logon ID: 0x1a8ba
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: BRIDGET-HP
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Bridget-HP
Additional Information: Bridget-HP

Process Information:
Process ID: 0xbe8
Process Name: C:\Windows\System32\spoolsv.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 73489
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111211002516.562975-000
Event Type: Audit Success
User:

Computer Name: Ian-ASUS
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-2945578582-593853648-2416519973-1001
Account Name: Ian
Account Domain: IAN-ASUS
Logon ID: 0x1a8ba
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: BRIDGET-HP
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Bridget-HP
Additional Information: Bridget-HP

Process Information:
Process ID: 0xbe8
Process Name: C:\Windows\System32\spoolsv.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 73488
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111211002516.542974-000
Event Type: Audit Success
User:

Computer Name: Ian-ASUS
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-2945578582-593853648-2416519973-1001
Account Name: Ian
Account Domain: IAN-ASUS
Logon ID: 0x1a8ba
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: BRIDGET-HP
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Bridget-HP
Additional Information: Bridget-HP

Process Information:
Process ID: 0xbe8
Process Name: C:\Windows\System32\spoolsv.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 73487
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111211002516.497972-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=2505
"configsetroot"=%SystemRoot%\ConfigSetRoot
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

3) Checkup.txt

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
JavaFX 2.1.0
Java™ 7 Update 4
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
Mozilla Thunderbird 5.0. Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Ian Desktop Malware SecurityCheck.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

4) Virustotal results

File name: nvinit.dll
Detection ratio: 0 / 41
Analysis date: 2012-05-17 03:30:01 UTC ( 0 minutes ago )

5) VirSCAN results

File Name : nvinit.dll
File Size : 215360 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 287bd3881745bd2c43efffcd95be7c07
SHA1 : 0f0ecc2c0d66a37c42f073e627cad68458b84139
Scanner results : Scanners did not find malware!

6) Bitdefender log


QuickScan 64-bit v0.9.9.114
---------------------------
Scan date: Wed May 16 23:37:01 2012
Machine ID: C8602CD



No infection found.
-------------------



Processes
---------
(verified) avast! Antivirus 2880 C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) Google Talk Plugin 4720 C:\Users\Ian\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(verified) Java™ Platform SE Auto Updater 2 0 2936 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft® Windows® Operating System 1800 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 1708 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 4092 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 1680 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 4808 C:\Windows\SysWOW64\ctfmon.exe
(verified) NVIDIA Settings 2208 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(verified) Windows® Internet Explorer 1016 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 1496 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 5092 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Search 944 C:\Windows\System32\SearchProtocolHost.exe


Network activity
----------------
Process iexplore.exe (1496) connected on port 80 (HTTP) --> 23.64.255.139
Process iexplore.exe (1496) connected on port 80 (HTTP) --> 74.125.228.32
Process iexplore.exe (1496) connected on port 80 (HTTP) --> 74.125.228.32



Autoruns and critical files
---------------------------
(unsigned) AUTOBACK.EXE C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

(verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) Facebook Update C:\Users\Ian\AppData\Local\Facebook\Update\FacebookUpdate.exe
(verified) Google Update C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Intel® Common User Interface C:\Windows\system32\igfxdev.dll
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\grooveex.dll
(verified) Microsoft Office 2010 c:\program files\microsoft office\office14\grooveex.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) NVIDIA D3D shim drivers c:\windows\system32\nvinitx.dll
(verified) NVIDIA D3D shim drivers c:\windows\syswow64\nvinit.dll
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
(unsigned) pdfinfo-Win32.exe C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\zotero\pdfinfo-Win32.exe
(unsigned) pdftotext-Win32.exe C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\zotero\pdftotext-Win32.exe
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-10.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-11.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-12.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-13.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-14.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-5.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-6.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-7.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-8.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-9.0\zoteroWinWordIntegration.dll
(unsigned) TODO: <Product name> C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
(verified) avast! WebRep c:\program files\avast software\avast\aswwebrepie64.dll
(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll
(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
(verified) Facebook Video Calling Plugin C:\Users\Ian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
(verified) Google Talk Plugin C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
(verified) Google Talk Plugin Video Accelerator C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
(verified) Google Update C:\Users\Ian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
(verified) JuniperExt.exe C:\Windows\Downloaded Program Files\JuniperExt.exe
(verified) JuniperSetupClientATL ActiveX Control M C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx
(verified) JuniperSetupClientCtrlUninstaller.exe C:\Windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
(verified) Microsoft Office 2010 c:\program files\microsoft office\office14\grooveex.dll
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll
(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) NPSWF64_11_2_202_235.dll C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Missing files
-------------
File not found: C:\Users\Ian\DOWNLO~1\dds(1).scr
--> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE"


Scan
----
MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: 11cda9e52ff9a62ec23eb424fe9f7384 C:\Program Files\WinRAR\RarExt.dll
MD5: 1eef6acbbe1d5dcd2ee545895da87454 C:\Users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
MD5: edd462c8fc71a47520f93d5e389d02d3 C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-10.0\zoteroWinWordIntegration.dll
MD5: 9962107e0ec66efef03d232a137c74a0 C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-11.0\zoteroWinWordIntegration.dll
MD5: 9dbd986caab2c23e1c978c02b86038f4 C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-12.0\zoteroWinWordIntegration.dll
MD5: 50b452547e08117c75c4e73bfb8a687f C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-13.0\zoteroWinWordIntegration.dll
MD5: f0aea79eedfcabc391cb1e0b37fb8d8b C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-14.0\zoteroWinWordIntegration.dll
MD5: bf1549e16f05700e7899f4670e61c487 C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-5.0\zoteroWinWordIntegration.dll
MD5: 4ded19378d40e8c81299262d9d900e58 C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-6.0\zoteroWinWordIntegration.dll
MD5: ab4ba1ab024b154e7c2d218172cde43b C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-7.0\zoteroWinWordIntegration.dll
MD5: 76f44da2cb824f8f35b95ef3f58eedcc C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-8.0\zoteroWinWordIntegration.dll
MD5: c6752104e8b87eecdec3dd42537ffa6f C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components-9.0\zoteroWinWordIntegration.dll
MD5: c0e853a89448e0cd7af367f6dc0fb0af C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll
MD5: 471f496601c43c2c62f05ba84bc76c72 C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\zotero\pdfinfo-Win32.exe
MD5: 049e524b7e688423e9e6ebe550d50f9a C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\bzhxhjzs.default\zotero\pdftotext-Win32.exe
MD5: 18555f48844c2861d9dce8f2b7223ae5 C:\Windows\system32\DRIVERS\NETw5s64.sys


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.06 MB sent, 3.03 KB recvd
Scanned 1348 files and modules - 219 seconds

==============================================================================

[Maurice Naggar]

Ian,

You must de-install µTorrent & any other 'torrent of filesharing app.
such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.
Risks of File-Sharing Technology.

P2P file sharing: Know the risks

You must keep Spybot's Tea Timer disabled while we hunt or try to cure any malware infection (if any).
Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode
then select Advanced Mode

On the left hand side, slect Tools
Then click on the Resident icon in the list
Uncheck Resident TeaTimer and OK any prompts.
Now Logoff & Restart your computer fresh.

Tell how and why Combofix was run on or about May 13 ?
Did you self-medicate ? if so, why? Running it on your own could result in a non-bootable pc.
The tool is intended to be used only under guidance by a trained expert.

Are you / were you getting help on some other forum ?

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
  
• Enable (check) the Remove found threats option, and run the scan.
  
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
  Look at contents of this file using Notepad.
  
  The Frequently Asked Questions for ESET Online Scanner can be viewed here
  http://go.eset.com/u...ine-scanner/faq
  
  
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of the Eset scan log AND copy of contents of C:\Combofix.txt

[Maurice Naggar]

Advise on current status. Are you still here with me? This will be closed in a couple of days unless I hear from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!