Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Searchqu - Browser Hijack [Solved]


  • This topic is locked This topic is locked

#1
WMXX

WMXX

    Member

  • Member
  • PipPip
  • 25 posts
Just a few notes:

  • Has initially been uninstalled via 'Programs and Features'
  • System Restore was undertaken (I know this is ineffective method of removal)
  • The hijacker was originally downloaded through the ilivid program.


---

OTL logfile created on: 13/07/2012 9:04:10 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Julian\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.04% Memory free
15.96 Gb Paging File | 13.83 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.00 Gb Total Space | 593.01 Gb Free Space | 86.82% Space Free | Partition Type: NTFS
Drive N: | 189.42 Gb Total Space | 152.01 Gb Free Space | 80.25% Space Free | Partition Type: NTFS

Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 09:03:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/25 04:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/02/24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/23 12:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2011/10/28 08:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/06/04 09:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011/01/16 22:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/12 19:41:14 | 000,192,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
PRC - [2009/08/31 21:30:07 | 000,602,112 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/07/23 06:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/04/09 11:27:46 | 000,270,336 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 20:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 20:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012/06/28 20:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 20:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
MOD - [2012/06/28 20:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 20:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 20:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/28 18:27:26 | 009,252,040 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/31 21:30:07 | 000,602,112 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/25 14:59:00 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/02 13:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV:64bit: - [2010/09/23 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 14:21:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 13:15:34 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 13:15:18 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/10/28 08:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/07/27 11:47:10 | 000,214,528 | ---- | M] (LEAP Legal Software) [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Documents\Content Searching\LeapWDSService.exe -- (LEAP Windows Desktop Search)
SRV - [2011/06/04 09:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011/01/16 22:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/08/02 17:52:26 | 000,054,272 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Accounting\TimeSheet Synch Notifier\Leap.Timesheet.Synchronisation.Notifier.Accounting.exe -- (LEAPSyncAccountingReceiver)
SRV - [2010/08/02 17:51:52 | 000,120,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Accounting\TimeSheet Synch Notifier\Leap.Timesheet.LacNotifier.Monitor.exe -- (LEAPLacNotifierMonitor)
SRV - [2010/04/13 03:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/30 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/12 13:15:19 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/28 08:57:23 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/05 14:36:30 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/02/04 12:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/28 08:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/28 05:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/13 10:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/18 12:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/11 06:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/11 06:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/02 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/01 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/13 00:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/09 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/19 07:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/09/23 17:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/19 09:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/03/25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/24 13:58:36 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/12/31 20:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 11:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 11:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 11:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/15 08:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/16 06:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 15:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 15:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 15:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/04/18 04:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/04/16 14:52:47 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/04/16 14:50:50 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2006/06/18 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2012/03/19 11:47:30 | 000,056,526 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysWow64\NULL -- (Null)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {AC84537E-38F4-4E78-8A44-A32E1D7444AF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AC84537E-38F4-4E78-8A44-A32E1D7444AF}: "URL" = http://search.softon...rchSource=4&cc=
IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = JULIAN-PC;115.128.9.57;192.168.2.9;*.local;10.1.1.9;127.0.0.1;10.1.1.4;10.1.1.8;10.1.1.10;10.1.1.5;192.168.1.100


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2012/07/09 14:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\Mozilla\Extensions
[2012/03/19 23:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com.au/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com.au/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Clip To Onenote (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh\2.7_0\npClipToOnenote.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Clip to Onenote = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh\2.7_0\
CHR - Extension: YouTube = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Gmail = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NSCSysTrayUI] C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe (Samsung)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] -scheduler File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\pocketwifi\pocketwifi.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 File not found
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58E8CC63-FD3C-4B5D-825A-4FAB37D0C3F8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7004362-FB90-4F6B-AFC7-43427C765D37}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3264981c-af60-11e1-8a34-cabdffe6eb59}\Shell - "" = AutoRun
O33 - MountPoints2\{3264981c-af60-11e1-8a34-cabdffe6eb59}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{54f03e12-8819-11e1-974c-a63c7306775f}\Shell - "" = AutoRun
O33 - MountPoints2\{54f03e12-8819-11e1-974c-a63c7306775f}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{667a437d-a180-11e1-97df-e0ca94c5e07c}\Shell - "" = AutoRun
O33 - MountPoints2\{667a437d-a180-11e1-97df-e0ca94c5e07c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77530f99-72d8-11e1-bb70-e89a8f9e2cb6}\Shell - "" = AutoRun
O33 - MountPoints2\{77530f99-72d8-11e1-bb70-e89a8f9e2cb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77530fae-72d8-11e1-bb70-e89a8f9e2cb6}\Shell - "" = AutoRun
O33 - MountPoints2\{77530fae-72d8-11e1-bb70-e89a8f9e2cb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 18:56:11 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Lyrics
[2012/07/11 09:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/10 18:15:53 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Ilivid Player
[2012/07/10 14:36:32 | 000,000,000 | ---D | C] -- C:\Premier75
[2012/07/04 09:21:43 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Law Society
[2012/07/02 14:25:39 | 000,000,000 | ---D | C] -- C:\MYOBODBCAU10
[2012/07/02 14:19:50 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LogMeIn Rescue Applet
[2012/07/02 12:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/02 12:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/02 09:51:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LogMeIn
[2012/07/02 09:51:26 | 000,034,720 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2012/07/02 09:51:25 | 000,087,488 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2012/07/02 09:51:25 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll.000.bak
[2012/07/02 09:51:25 | 000,080,800 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2012/07/02 09:51:25 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\drivers\LMIRfsDriver.sys
[2012/07/02 09:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/07/02 09:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2012/06/28 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Chado
[2012/06/28 17:02:01 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Readiris
[2012/06/27 17:13:00 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\New folder
[2012/06/27 14:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/06/27 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012/06/25 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Deeds Register
[2012/06/19 09:18:32 | 000,000,000 | ---D | C] -- C:\PFiles
[2012/06/18 15:21:11 | 000,458,752 | ---- | C] (Samsung Software Center) -- C:\windows\prinst.exe
[2012/06/18 09:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/18 09:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/18 09:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/14 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Rotary
[2012/06/14 09:27:04 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Outlook Files

========== Files - Modified Within 30 Days ==========

[2012/07/13 08:54:29 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 08:54:29 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 08:47:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/13 08:47:01 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 19:22:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3905126394-3002613596-1916136037-1000UA.job
[2012/07/12 19:21:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/12 16:03:30 | 000,033,110 | ---- | M] () -- C:\Users\Julian\Documents\Bastick & Hay Contract Review - 6307.pdf
[2012/07/12 14:33:53 | 000,000,900 | -HS- | M] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2012/07/12 14:22:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3905126394-3002613596-1916136037-1000Core.job
[2012/07/12 13:15:19 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2012/07/12 13:15:18 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2012/07/12 13:15:18 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2012/07/12 11:56:09 | 000,000,676 | ---- | M] () -- C:\windows\MYOBP.INI
[2012/07/12 11:56:09 | 000,000,039 | ---- | M] () -- C:\windows\MYOB.INI
[2012/07/11 17:36:34 | 005,177,608 | ---- | M] () -- C:\Users\Julian\Documents\Contract Unit 11 at 24 Mount Street Coogee.pdf
[2012/07/11 16:51:37 | 000,002,379 | ---- | M] () -- C:\Users\Julian\Desktop\Google Chrome.lnk
[2012/07/11 13:25:53 | 000,367,016 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/06 14:39:35 | 000,002,639 | ---- | M] () -- C:\Users\Julian\Documents\VIDEO_TS.xspf
[2012/07/06 14:28:59 | 000,001,059 | ---- | M] () -- C:\Users\Julian\Desktop\VLC media player.lnk
[2012/07/06 13:45:11 | 000,049,879 | ---- | M] () -- C:\Users\Julian\Documents\Untitled (2).wma
[2012/07/06 11:02:43 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut (3).lnk
[2012/07/05 19:20:41 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\LEAP Office TimeSheet.lnk
[2012/07/05 19:20:41 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\LEAP Office Accounting Single User.lnk
[2012/07/05 10:34:27 | 000,001,995 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\SAS7_000.DAT
[2012/07/04 16:11:40 | 000,786,274 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/04 16:11:40 | 000,666,962 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/04 16:11:40 | 000,123,688 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/03 23:06:19 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut (2).lnk
[2012/07/03 23:06:05 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut.lnk
[2012/07/03 23:03:36 | 000,000,864 | ---- | M] () -- C:\Users\Julian\Desktop\Downloads.lnk
[2012/07/03 14:13:37 | 000,000,134 | ---- | M] () -- C:\Users\Julian\Documents\.123.rtf
[2012/07/02 17:53:01 | 000,001,998 | -H-- | M] () -- C:\Users\Julian\Documents\Default.rdp
[2012/07/02 15:59:08 | 000,000,888 | ---- | M] () -- C:\Users\Julian\Desktop\Transactions_02_07_2012.csv
[2012/07/02 14:25:47 | 000,000,663 | ---- | M] () -- C:\windows\openrda.ini
[2012/07/02 09:51:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/06/27 17:46:06 | 000,112,258 | ---- | M] () -- C:\Users\Julian\Documents\ID224 - Rule 42.1.6.2 - Update on Legal Costs.pdf
[2012/06/27 17:42:06 | 000,095,649 | ---- | M] () -- C:\Users\Julian\Documents\ID198 - Ethical Issues for NSW Wills and Estates Practitioners.pdf
[2012/06/27 14:41:46 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012/06/26 11:50:07 | 000,001,267 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/25 14:58:46 | 000,017,936 | ---- | M] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalui2.dll
[2012/06/25 14:58:44 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalmon2.dll
[2012/06/22 14:27:04 | 000,026,112 | ---- | M] () -- C:\Users\Julian\Documents\RE Your transfer to Henderson and Love.msg
[2012/06/21 16:00:53 | 000,513,536 | ---- | M] () -- C:\Users\Julian\Documents\RE CHUNG JA SKERMAN.msg
[2012/06/20 17:29:47 | 000,073,877 | ---- | M] () -- C:\Users\Julian\Documents\ID181 - Effective Witness Preparation.pdf
[2012/06/18 12:48:54 | 000,027,255 | ---- | M] () -- C:\Users\Julian\Documents\Letter to A J Anthony & Associates - 18 June 2012 (Draft).pdf
[2012/06/18 09:26:46 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/18 09:23:00 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/14 10:39:57 | 877,929,472 | ---- | M] () -- C:\Users\Julian\Documents\Outlook.ost
[2012/06/14 09:23:01 | 000,271,360 | ---- | M] () -- C:\Users\Julian\Documents\Inbox 28 May 2012.pst

========== Files Created - No Company Name ==========

[2012/07/12 16:04:56 | 000,033,110 | ---- | C] () -- C:\Users\Julian\Documents\Bastick & Hay Contract Review - 6307.pdf
[2012/07/11 17:20:59 | 005,177,608 | ---- | C] () -- C:\Users\Julian\Documents\Contract Unit 11 at 24 Mount Street Coogee.pdf
[2012/07/06 14:39:35 | 000,002,639 | ---- | C] () -- C:\Users\Julian\Documents\VIDEO_TS.xspf
[2012/07/06 14:28:59 | 000,001,059 | ---- | C] () -- C:\Users\Julian\Desktop\VLC media player.lnk
[2012/07/06 13:45:11 | 000,049,879 | ---- | C] () -- C:\Users\Julian\Documents\Untitled (2).wma
[2012/07/06 11:02:43 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut (3).lnk
[2012/07/03 23:06:19 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut (2).lnk
[2012/07/03 23:06:05 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut.lnk
[2012/07/03 23:03:36 | 000,000,864 | ---- | C] () -- C:\Users\Julian\Desktop\Downloads.lnk
[2012/07/03 14:13:37 | 000,000,134 | ---- | C] () -- C:\Users\Julian\Documents\.123.rtf
[2012/07/02 15:35:36 | 000,000,888 | ---- | C] () -- C:\Users\Julian\Desktop\Transactions_02_07_2012.csv
[2012/07/02 09:51:24 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/07/02 09:51:17 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/06/29 19:02:14 | 000,076,491 | ---- | C] () -- C:\Users\Julian\Desktop\Letter from Otis - 11 October 2005.pdf
[2012/06/29 19:00:55 | 000,167,394 | ---- | C] () -- C:\Users\Julian\Desktop\Otis Termination Letter 23 May 2007.pdf
[2012/06/29 18:58:53 | 000,676,019 | ---- | C] () -- C:\Users\Julian\Desktop\OTIS ELEVATOR COMPANY.pdf
[2012/06/27 17:46:06 | 000,112,258 | ---- | C] () -- C:\Users\Julian\Documents\ID224 - Rule 42.1.6.2 - Update on Legal Costs.pdf
[2012/06/27 17:41:41 | 000,095,649 | ---- | C] () -- C:\Users\Julian\Documents\ID198 - Ethical Issues for NSW Wills and Estates Practitioners.pdf
[2012/06/27 14:41:46 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/06/27 14:41:46 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012/06/22 14:27:03 | 000,026,112 | ---- | C] () -- C:\Users\Julian\Documents\RE Your transfer to Henderson and Love.msg
[2012/06/21 16:00:53 | 000,513,536 | ---- | C] () -- C:\Users\Julian\Documents\RE CHUNG JA SKERMAN.msg
[2012/06/20 17:29:47 | 000,073,877 | ---- | C] () -- C:\Users\Julian\Documents\ID181 - Effective Witness Preparation.pdf
[2012/06/18 15:21:06 | 000,225,280 | ---- | C] () -- C:\windows\SysNative\NetFaxPort64.dll
[2012/06/18 15:21:06 | 000,002,560 | ---- | C] () -- C:\windows\SysNative\NetFaxPortMsgs64.dll
[2012/06/18 15:21:06 | 000,001,272 | ---- | C] () -- C:\windows\SysNative\NetFaxPort.ko.xml
[2012/06/18 12:50:08 | 000,027,255 | ---- | C] () -- C:\Users\Julian\Documents\Letter to A J Anthony & Associates - 18 June 2012 (Draft).pdf
[2012/06/18 09:26:46 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/18 09:23:00 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/14 09:39:44 | 877,929,472 | ---- | C] () -- C:\Users\Julian\Documents\Outlook.ost
[2012/04/04 21:12:18 | 000,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2012/04/02 14:09:42 | 000,000,663 | ---- | C] () -- C:\windows\openrda.ini
[2012/04/02 14:09:25 | 000,000,000 | ---- | C] () -- C:\windows\drvxl32.INI
[2012/04/02 14:09:24 | 000,000,000 | ---- | C] () -- C:\windows\drvwd32.INI
[2012/03/30 08:47:34 | 000,000,168 | ---- | C] () -- C:\windows\Clipbook.INI
[2012/03/27 10:03:12 | 000,001,995 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\SAS7_000.DAT
[2012/03/22 08:36:23 | 000,000,900 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2012/03/19 13:00:08 | 000,000,676 | ---- | C] () -- C:\windows\MYOBP.INI
[2012/03/19 13:00:08 | 000,000,039 | ---- | C] () -- C:\windows\MYOB.INI
[2012/03/19 12:21:34 | 000,000,136 | ---- | C] () -- C:\windows\Readiris.ini
[2012/03/19 12:21:29 | 000,023,040 | ---- | C] () -- C:\windows\SysWow64\irisco32.dll
[2012/03/19 12:20:44 | 000,950,585 | ---- | C] () -- C:\windows\SysWow64\libiconv-2.dll
[2012/03/19 12:15:19 | 000,260,688 | ---- | C] () -- C:\windows\SUPDRun.exe
[2012/03/19 11:47:38 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2012/03/19 11:47:31 | 000,000,156 | ---- | C] () -- C:\windows\ODBC.INI
[2012/03/19 11:47:18 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\SvcMan.exe
[2012/03/19 11:47:10 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\SecSNMP.dll
[2012/03/19 11:44:48 | 000,113,768 | R--- | C] () -- C:\windows\Wiainst.exe
[2012/03/16 17:37:14 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2012/03/16 10:42:14 | 000,802,678 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/04 12:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/03/23 08:33:35 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\com.livescribe.LivescribeConnect
[2012/06/27 14:21:08 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Downloaded Installations
[2012/07/13 08:48:00 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Dropbox
[2012/04/04 10:08:12 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LEAP Legal Software
[2012/07/12 11:54:48 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LEAP_Timesheet
[2012/07/12 14:34:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nitro PDF
[2012/03/26 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nuance
[2012/03/19 11:47:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Samsung
[2012/03/16 21:27:19 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Tific
[2012/03/16 11:09:15 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Toshiba
[2012/05/09 08:58:26 | 000,032,654 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi on completion of this can you let me know which browers (if any) are still hijacked

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
    IE - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
    IE - HKCU\..\SearchScopes,DefaultScope = {AC84537E-38F4-4E78-8A44-A32E1D7444AF}
    IE - HKCU\..\SearchScopes\{AC84537E-38F4-4E78-8A44-A32E1D7444AF}: "URL" = http://search.softon...rchSource=4&cc=
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    [2012/07/10 18:15:53 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Ilivid Player

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
WMXX

WMXX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Searchqu doesn't seem to be coming up as one of the home tabs when starting up Chrome but it still seems the default search engine (i.e. typing a search straight into the address bar) is still redirecting to hxxp://www.search-results.com/.

---


OTL logfile created on: 14/07/2012 11:32:12 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Julian\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.61% Memory free
15.96 Gb Paging File | 13.88 Gb Available in Paging File | 86.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.00 Gb Total Space | 596.22 Gb Free Space | 87.29% Space Free | Partition Type: NTFS
Drive D: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 09:03:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe
PRC - [2012/07/10 21:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/10 21:46:16 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/10 21:41:11 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/25 04:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/02/24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/23 12:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2011/10/28 08:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/06/04 09:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011/01/16 22:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/12 19:41:14 | 000,192,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
PRC - [2009/08/31 21:30:07 | 000,602,112 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/07/23 06:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/04/09 11:27:46 | 000,270,336 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 14:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 14:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 14:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 14:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 14:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 14:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 14:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/31 21:30:07 | 000,602,112 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/25 14:59:00 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/02 13:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV:64bit: - [2010/09/23 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 14:21:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 13:15:34 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 13:15:18 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/10 21:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/10/28 08:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/07/27 11:47:10 | 000,214,528 | ---- | M] (LEAP Legal Software) [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Documents\Content Searching\LeapWDSService.exe -- (LEAP Windows Desktop Search)
SRV - [2011/06/04 09:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011/01/16 22:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/21 13:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/02 17:52:26 | 000,054,272 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Accounting\TimeSheet Synch Notifier\Leap.Timesheet.Synchronisation.Notifier.Accounting.exe -- (LEAPSyncAccountingReceiver)
SRV - [2010/08/02 17:51:52 | 000,120,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Accounting\TimeSheet Synch Notifier\Leap.Timesheet.LacNotifier.Monitor.exe -- (LEAPLacNotifierMonitor)
SRV - [2010/04/13 03:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/30 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/12 13:15:19 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/07/02 20:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/28 08:57:23 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/05 14:36:30 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/02/04 12:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/28 08:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/28 05:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/21 03:26:46 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd)
DRV:64bit: - [2011/01/13 10:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/18 12:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/11 06:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/11 06:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/02 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/01 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/13 00:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/09 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/19 07:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/09/23 17:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/31 03:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/19 09:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/03/25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/24 13:58:36 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/12/31 20:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 11:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 11:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 11:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/15 08:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/16 06:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 15:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 15:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 15:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/04/18 04:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/04/16 14:52:47 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/04/16 14:50:50 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2006/06/18 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2012/03/19 11:47:30 | 000,056,526 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysWow64\NULL -- (Null)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = JULIAN-PC;115.128.9.57;192.168.2.9;*.local;10.1.1.9;127.0.0.1;10.1.1.4;10.1.1.8;10.1.1.10;10.1.1.5;192.168.1.100


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2012/07/09 14:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\Mozilla\Extensions
[2012/03/19 23:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com.au/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com.au/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Clip To Onenote (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh\2.7_0\npClipToOnenote.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Clip to Onenote = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh\2.7_0\
CHR - Extension: YouTube = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Gmail = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/14 23:23:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (LEAP Research) - {d5a20021-2084-4564-9449-bf195c577fbc} - mscoree.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NSCSysTrayUI] C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe (Samsung)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] -scheduler File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\pocketwifi\pocketwifi.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 File not found
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58E8CC63-FD3C-4B5D-825A-4FAB37D0C3F8}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7004362-FB90-4F6B-AFC7-43427C765D37}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3264981c-af60-11e1-8a34-cabdffe6eb59}\Shell - "" = AutoRun
O33 - MountPoints2\{3264981c-af60-11e1-8a34-cabdffe6eb59}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{54f03e12-8819-11e1-974c-a63c7306775f}\Shell - "" = AutoRun
O33 - MountPoints2\{54f03e12-8819-11e1-974c-a63c7306775f}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{667a437d-a180-11e1-97df-e0ca94c5e07c}\Shell - "" = AutoRun
O33 - MountPoints2\{667a437d-a180-11e1-97df-e0ca94c5e07c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77530f99-72d8-11e1-bb70-e89a8f9e2cb6}\Shell - "" = AutoRun
O33 - MountPoints2\{77530f99-72d8-11e1-bb70-e89a8f9e2cb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77530fae-72d8-11e1-bb70-e89a8f9e2cb6}\Shell - "" = AutoRun
O33 - MountPoints2\{77530fae-72d8-11e1-bb70-e89a8f9e2cb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 23:23:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/13 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\TeamViewer
[2012/07/13 17:49:53 | 000,000,000 | ---D | C] -- C:\Users\Julian\temp
[2012/07/13 17:49:48 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\windows\SysNative\drivers\teamviewervpn.sys
[2012/07/13 17:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/07/13 13:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/12 18:56:11 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Lyrics
[2012/07/11 09:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/10 14:36:32 | 000,000,000 | ---D | C] -- C:\Premier75
[2012/07/04 09:21:43 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Law Society
[2012/07/02 14:25:39 | 000,000,000 | ---D | C] -- C:\MYOBODBCAU10
[2012/07/02 14:19:50 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LogMeIn Rescue Applet
[2012/07/02 12:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/02 12:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/02 09:51:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LogMeIn
[2012/07/02 09:51:26 | 000,034,720 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2012/07/02 09:51:25 | 000,087,488 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2012/07/02 09:51:25 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll.000.bak
[2012/07/02 09:51:25 | 000,080,800 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2012/07/02 09:51:25 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\drivers\LMIRfsDriver.sys
[2012/07/02 09:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/07/02 09:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2012/06/28 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Chado
[2012/06/28 17:02:01 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Readiris
[2012/06/27 17:13:00 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\New folder
[2012/06/27 14:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/06/27 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012/06/25 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Deeds Register
[2012/06/19 09:18:32 | 000,000,000 | ---D | C] -- C:\PFiles
[2012/06/18 15:21:11 | 000,458,752 | ---- | C] (Samsung Software Center) -- C:\windows\prinst.exe
[2012/06/18 09:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/18 09:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/18 09:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/07/14 23:35:33 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 23:35:33 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 23:27:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/14 23:27:46 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 23:23:54 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/07/14 23:22:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3905126394-3002613596-1916136037-1000UA.job
[2012/07/14 23:21:21 | 000,786,274 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/14 23:21:21 | 000,666,962 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/14 23:21:21 | 000,123,688 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/14 23:21:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 23:18:52 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3905126394-3002613596-1916136037-1000Core.job
[2012/07/13 17:49:52 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/07/13 13:50:28 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/13 09:43:40 | 000,000,676 | ---- | M] () -- C:\windows\MYOBP.INI
[2012/07/13 09:43:40 | 000,000,039 | ---- | M] () -- C:\windows\MYOB.INI
[2012/07/13 09:30:07 | 000,000,900 | -HS- | M] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2012/07/13 09:23:10 | 000,002,379 | ---- | M] () -- C:\Users\Julian\Desktop\Google Chrome.lnk
[2012/07/12 16:03:30 | 000,033,110 | ---- | M] () -- C:\Users\Julian\Documents\Bastick & Hay Contract Review - 6307.pdf
[2012/07/12 13:15:19 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2012/07/12 13:15:18 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2012/07/12 13:15:18 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2012/07/11 17:36:34 | 005,177,608 | ---- | M] () -- C:\Users\Julian\Documents\Contract Unit 11 at 24 Mount Street Coogee.pdf
[2012/07/11 13:25:53 | 000,367,016 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/06 14:39:35 | 000,002,639 | ---- | M] () -- C:\Users\Julian\Documents\VIDEO_TS.xspf
[2012/07/06 14:28:59 | 000,001,059 | ---- | M] () -- C:\Users\Julian\Desktop\VLC media player.lnk
[2012/07/06 13:45:11 | 000,049,879 | ---- | M] () -- C:\Users\Julian\Documents\Untitled (2).wma
[2012/07/06 11:02:43 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut (3).lnk
[2012/07/05 19:20:41 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\LEAP Office TimeSheet.lnk
[2012/07/05 19:20:41 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\LEAP Office Accounting Single User.lnk
[2012/07/05 10:34:27 | 000,001,995 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\SAS7_000.DAT
[2012/07/03 23:06:19 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut (2).lnk
[2012/07/03 23:06:05 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut.lnk
[2012/07/03 23:03:36 | 000,000,864 | ---- | M] () -- C:\Users\Julian\Desktop\Downloads.lnk
[2012/07/03 14:13:37 | 000,000,134 | ---- | M] () -- C:\Users\Julian\Documents\.123.rtf
[2012/07/02 20:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) -- C:\windows\SysNative\drivers\teamviewervpn.sys
[2012/07/02 17:53:01 | 000,001,998 | -H-- | M] () -- C:\Users\Julian\Documents\Default.rdp
[2012/07/02 15:59:08 | 000,000,888 | ---- | M] () -- C:\Users\Julian\Desktop\Transactions_02_07_2012.csv
[2012/07/02 14:25:47 | 000,000,663 | ---- | M] () -- C:\windows\openrda.ini
[2012/07/02 09:51:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/06/27 17:46:06 | 000,112,258 | ---- | M] () -- C:\Users\Julian\Documents\ID224 - Rule 42.1.6.2 - Update on Legal Costs.pdf
[2012/06/27 17:42:06 | 000,095,649 | ---- | M] () -- C:\Users\Julian\Documents\ID198 - Ethical Issues for NSW Wills and Estates Practitioners.pdf
[2012/06/27 14:41:46 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012/06/26 11:50:07 | 000,001,267 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/25 14:58:46 | 000,017,936 | ---- | M] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalui2.dll
[2012/06/25 14:58:44 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalmon2.dll
[2012/06/22 14:27:04 | 000,026,112 | ---- | M] () -- C:\Users\Julian\Documents\RE Your transfer to Henderson and Love.msg
[2012/06/21 16:00:53 | 000,513,536 | ---- | M] () -- C:\Users\Julian\Documents\RE CHUNG JA SKERMAN.msg
[2012/06/20 17:29:47 | 000,073,877 | ---- | M] () -- C:\Users\Julian\Documents\ID181 - Effective Witness Preparation.pdf
[2012/06/18 12:48:54 | 000,027,255 | ---- | M] () -- C:\Users\Julian\Documents\Letter to A J Anthony & Associates - 18 June 2012 (Draft).pdf
[2012/06/18 09:26:46 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/18 09:23:00 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012/07/13 17:49:52 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/07/13 17:49:52 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/07/13 13:50:28 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/12 16:04:56 | 000,033,110 | ---- | C] () -- C:\Users\Julian\Documents\Bastick & Hay Contract Review - 6307.pdf
[2012/07/11 17:20:59 | 005,177,608 | ---- | C] () -- C:\Users\Julian\Documents\Contract Unit 11 at 24 Mount Street Coogee.pdf
[2012/07/06 14:39:35 | 000,002,639 | ---- | C] () -- C:\Users\Julian\Documents\VIDEO_TS.xspf
[2012/07/06 14:28:59 | 000,001,059 | ---- | C] () -- C:\Users\Julian\Desktop\VLC media player.lnk
[2012/07/06 13:45:11 | 000,049,879 | ---- | C] () -- C:\Users\Julian\Documents\Untitled (2).wma
[2012/07/06 11:02:43 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut (3).lnk
[2012/07/03 23:06:19 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut (2).lnk
[2012/07/03 23:06:05 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut.lnk
[2012/07/03 23:03:36 | 000,000,864 | ---- | C] () -- C:\Users\Julian\Desktop\Downloads.lnk
[2012/07/03 14:13:37 | 000,000,134 | ---- | C] () -- C:\Users\Julian\Documents\.123.rtf
[2012/07/02 15:35:36 | 000,000,888 | ---- | C] () -- C:\Users\Julian\Desktop\Transactions_02_07_2012.csv
[2012/07/02 09:51:24 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/07/02 09:51:17 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/06/29 19:02:14 | 000,076,491 | ---- | C] () -- C:\Users\Julian\Desktop\Letter from Otis - 11 October 2005.pdf
[2012/06/29 19:00:55 | 000,167,394 | ---- | C] () -- C:\Users\Julian\Desktop\Otis Termination Letter 23 May 2007.pdf
[2012/06/29 18:58:53 | 000,676,019 | ---- | C] () -- C:\Users\Julian\Desktop\OTIS ELEVATOR COMPANY.pdf
[2012/06/27 17:46:06 | 000,112,258 | ---- | C] () -- C:\Users\Julian\Documents\ID224 - Rule 42.1.6.2 - Update on Legal Costs.pdf
[2012/06/27 17:41:41 | 000,095,649 | ---- | C] () -- C:\Users\Julian\Documents\ID198 - Ethical Issues for NSW Wills and Estates Practitioners.pdf
[2012/06/27 14:41:46 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/06/27 14:41:46 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012/06/22 14:27:03 | 000,026,112 | ---- | C] () -- C:\Users\Julian\Documents\RE Your transfer to Henderson and Love.msg
[2012/06/21 16:00:53 | 000,513,536 | ---- | C] () -- C:\Users\Julian\Documents\RE CHUNG JA SKERMAN.msg
[2012/06/20 17:29:47 | 000,073,877 | ---- | C] () -- C:\Users\Julian\Documents\ID181 - Effective Witness Preparation.pdf
[2012/06/18 15:21:06 | 000,225,280 | ---- | C] () -- C:\windows\SysNative\NetFaxPort64.dll
[2012/06/18 15:21:06 | 000,002,560 | ---- | C] () -- C:\windows\SysNative\NetFaxPortMsgs64.dll
[2012/06/18 15:21:06 | 000,001,272 | ---- | C] () -- C:\windows\SysNative\NetFaxPort.ko.xml
[2012/06/18 12:50:08 | 000,027,255 | ---- | C] () -- C:\Users\Julian\Documents\Letter to A J Anthony & Associates - 18 June 2012 (Draft).pdf
[2012/06/18 09:26:46 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/18 09:23:00 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/04 21:12:18 | 000,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2012/04/02 14:09:42 | 000,000,663 | ---- | C] () -- C:\windows\openrda.ini
[2012/04/02 14:09:25 | 000,000,000 | ---- | C] () -- C:\windows\drvxl32.INI
[2012/04/02 14:09:24 | 000,000,000 | ---- | C] () -- C:\windows\drvwd32.INI
[2012/03/30 08:47:34 | 000,000,168 | ---- | C] () -- C:\windows\Clipbook.INI
[2012/03/27 10:03:12 | 000,001,995 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\SAS7_000.DAT
[2012/03/22 08:36:23 | 000,000,900 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2012/03/19 13:00:08 | 000,000,676 | ---- | C] () -- C:\windows\MYOBP.INI
[2012/03/19 13:00:08 | 000,000,039 | ---- | C] () -- C:\windows\MYOB.INI
[2012/03/19 12:21:34 | 000,000,136 | ---- | C] () -- C:\windows\Readiris.ini
[2012/03/19 12:21:29 | 000,023,040 | ---- | C] () -- C:\windows\SysWow64\irisco32.dll
[2012/03/19 12:20:44 | 000,950,585 | ---- | C] () -- C:\windows\SysWow64\libiconv-2.dll
[2012/03/19 12:15:19 | 000,260,688 | ---- | C] () -- C:\windows\SUPDRun.exe
[2012/03/19 11:47:38 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2012/03/19 11:47:31 | 000,000,156 | ---- | C] () -- C:\windows\ODBC.INI
[2012/03/19 11:47:18 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\SvcMan.exe
[2012/03/19 11:47:10 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\SecSNMP.dll
[2012/03/19 11:44:48 | 000,113,768 | R--- | C] () -- C:\windows\Wiainst.exe
[2012/03/16 17:37:14 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2012/03/16 10:42:14 | 000,802,678 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/04 12:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/03/23 08:33:35 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\com.livescribe.LivescribeConnect
[2012/06/27 14:21:08 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Downloaded Installations
[2012/07/14 23:29:59 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Dropbox
[2012/04/04 10:08:12 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LEAP Legal Software
[2012/07/13 09:45:27 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LEAP_Timesheet
[2012/07/13 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nitro PDF
[2012/03/26 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nuance
[2012/03/19 11:47:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Samsung
[2012/07/13 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\TeamViewer
[2012/03/16 21:27:19 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Tific
[2012/03/16 11:09:15 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Toshiba
[2012/05/09 08:58:26 | 000,032,654 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately my tools do not allow me to change the Chrome search engine.. However, as the main files are now removed following the steps on this page should clear it. Let me know if it works
  • 0

#5
WMXX

WMXX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I was able to change the default search engine but it seems that searchqu has come back when a new window is opened. It was clearly fine the first time after the restart from the OTL fix but a subsequent restart has resulted in the hijack coming back.

Here's the new log from the scan I've just run.


---

OTL logfile created on: 15/07/2012 12:07:16 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Julian\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.19% Memory free
15.96 Gb Paging File | 13.87 Gb Available in Paging File | 86.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.00 Gb Total Space | 596.22 Gb Free Space | 87.29% Space Free | Partition Type: NTFS
Drive D: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 09:03:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe
PRC - [2012/07/10 21:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/10 21:46:16 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/10 21:41:11 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/25 04:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/02/24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/23 12:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2011/10/28 08:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/06/04 09:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011/01/16 22:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/12 19:41:14 | 000,192,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
PRC - [2009/08/31 21:30:07 | 000,602,112 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/07/23 06:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/04/09 11:27:46 | 000,270,336 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 14:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 14:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 14:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 14:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 14:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 14:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 14:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/31 21:30:07 | 000,602,112 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/25 14:59:00 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/02 13:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV:64bit: - [2010/09/23 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 14:21:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 13:15:34 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 13:15:18 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/10 21:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/10/28 08:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/07/27 11:47:10 | 000,214,528 | ---- | M] (LEAP Legal Software) [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Documents\Content Searching\LeapWDSService.exe -- (LEAP Windows Desktop Search)
SRV - [2011/06/04 09:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011/01/16 22:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/21 13:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/02 17:52:26 | 000,054,272 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Accounting\TimeSheet Synch Notifier\Leap.Timesheet.Synchronisation.Notifier.Accounting.exe -- (LEAPSyncAccountingReceiver)
SRV - [2010/08/02 17:51:52 | 000,120,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Accounting\TimeSheet Synch Notifier\Leap.Timesheet.LacNotifier.Monitor.exe -- (LEAPLacNotifierMonitor)
SRV - [2010/04/13 03:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/30 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/12 13:15:19 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/07/02 20:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/28 08:57:23 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/05 14:36:30 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/02/04 12:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/28 08:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/28 05:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/21 03:26:46 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd)
DRV:64bit: - [2011/01/13 10:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/18 12:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/11 06:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/11 06:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/02 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/01 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/13 00:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/09 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/19 07:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/09/23 17:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/31 03:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/19 09:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/03/25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/24 13:58:36 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/12/31 20:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 11:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 11:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 11:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/15 08:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/16 06:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 15:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 15:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 15:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/04/18 04:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/04/16 14:52:47 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/04/16 14:50:50 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2006/06/18 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2012/03/19 11:47:30 | 000,056,526 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysWow64\NULL -- (Null)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = JULIAN-PC;115.128.9.57;192.168.2.9;*.local;10.1.1.9;127.0.0.1;10.1.1.4;10.1.1.8;10.1.1.10;10.1.1.5;192.168.1.100


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2012/07/09 14:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\Mozilla\Extensions
[2012/03/19 23:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com.au/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com.au/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Clip To Onenote (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh\2.7_0\npClipToOnenote.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Clip to Onenote = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh\2.7_0\
CHR - Extension: YouTube = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Gmail = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/14 23:23:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (LEAP Research) - {d5a20021-2084-4564-9449-bf195c577fbc} - mscoree.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NSCSysTrayUI] C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe (Samsung)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] -scheduler File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\pocketwifi\pocketwifi.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 File not found
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58E8CC63-FD3C-4B5D-825A-4FAB37D0C3F8}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7004362-FB90-4F6B-AFC7-43427C765D37}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3264981c-af60-11e1-8a34-cabdffe6eb59}\Shell - "" = AutoRun
O33 - MountPoints2\{3264981c-af60-11e1-8a34-cabdffe6eb59}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{54f03e12-8819-11e1-974c-a63c7306775f}\Shell - "" = AutoRun
O33 - MountPoints2\{54f03e12-8819-11e1-974c-a63c7306775f}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{667a437d-a180-11e1-97df-e0ca94c5e07c}\Shell - "" = AutoRun
O33 - MountPoints2\{667a437d-a180-11e1-97df-e0ca94c5e07c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77530f99-72d8-11e1-bb70-e89a8f9e2cb6}\Shell - "" = AutoRun
O33 - MountPoints2\{77530f99-72d8-11e1-bb70-e89a8f9e2cb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77530fae-72d8-11e1-bb70-e89a8f9e2cb6}\Shell - "" = AutoRun
O33 - MountPoints2\{77530fae-72d8-11e1-bb70-e89a8f9e2cb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 23:23:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/13 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\TeamViewer
[2012/07/13 17:49:53 | 000,000,000 | ---D | C] -- C:\Users\Julian\temp
[2012/07/13 17:49:48 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\windows\SysNative\drivers\teamviewervpn.sys
[2012/07/13 17:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/07/13 13:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/12 18:56:11 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Lyrics
[2012/07/11 09:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/10 14:36:32 | 000,000,000 | ---D | C] -- C:\Premier75
[2012/07/04 09:21:43 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Law Society
[2012/07/02 14:25:39 | 000,000,000 | ---D | C] -- C:\MYOBODBCAU10
[2012/07/02 14:19:50 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LogMeIn Rescue Applet
[2012/07/02 12:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/02 12:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/02 09:51:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LogMeIn
[2012/07/02 09:51:26 | 000,034,720 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2012/07/02 09:51:25 | 000,087,488 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2012/07/02 09:51:25 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll.000.bak
[2012/07/02 09:51:25 | 000,080,800 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2012/07/02 09:51:25 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\drivers\LMIRfsDriver.sys
[2012/07/02 09:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/07/02 09:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2012/06/28 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Chado
[2012/06/28 17:02:01 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Readiris
[2012/06/27 17:13:00 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\New folder
[2012/06/27 14:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/06/27 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012/06/25 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Deeds Register
[2012/06/19 09:18:32 | 000,000,000 | ---D | C] -- C:\PFiles
[2012/06/18 15:21:11 | 000,458,752 | ---- | C] (Samsung Software Center) -- C:\windows\prinst.exe
[2012/06/18 09:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/18 09:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/18 09:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/07/15 00:05:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/15 00:05:02 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 23:35:33 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 23:35:33 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 23:23:54 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/07/14 23:22:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3905126394-3002613596-1916136037-1000UA.job
[2012/07/14 23:21:21 | 000,786,274 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/14 23:21:21 | 000,666,962 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/14 23:21:21 | 000,123,688 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/14 23:21:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 23:18:52 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3905126394-3002613596-1916136037-1000Core.job
[2012/07/13 17:49:52 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/07/13 13:50:28 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/13 09:43:40 | 000,000,676 | ---- | M] () -- C:\windows\MYOBP.INI
[2012/07/13 09:43:40 | 000,000,039 | ---- | M] () -- C:\windows\MYOB.INI
[2012/07/13 09:30:07 | 000,000,900 | -HS- | M] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2012/07/13 09:23:10 | 000,002,379 | ---- | M] () -- C:\Users\Julian\Desktop\Google Chrome.lnk
[2012/07/12 16:03:30 | 000,033,110 | ---- | M] () -- C:\Users\Julian\Documents\Bastick & Hay Contract Review - 6307.pdf
[2012/07/12 13:15:19 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2012/07/12 13:15:18 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2012/07/12 13:15:18 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2012/07/11 17:36:34 | 005,177,608 | ---- | M] () -- C:\Users\Julian\Documents\Contract Unit 11 at 24 Mount Street Coogee.pdf
[2012/07/11 13:25:53 | 000,367,016 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/06 14:39:35 | 000,002,639 | ---- | M] () -- C:\Users\Julian\Documents\VIDEO_TS.xspf
[2012/07/06 14:28:59 | 000,001,059 | ---- | M] () -- C:\Users\Julian\Desktop\VLC media player.lnk
[2012/07/06 13:45:11 | 000,049,879 | ---- | M] () -- C:\Users\Julian\Documents\Untitled (2).wma
[2012/07/06 11:02:43 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut (3).lnk
[2012/07/05 19:20:41 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\LEAP Office TimeSheet.lnk
[2012/07/05 19:20:41 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\LEAP Office Accounting Single User.lnk
[2012/07/05 10:34:27 | 000,001,995 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\SAS7_000.DAT
[2012/07/03 23:06:19 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut (2).lnk
[2012/07/03 23:06:05 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut.lnk
[2012/07/03 23:03:36 | 000,000,864 | ---- | M] () -- C:\Users\Julian\Desktop\Downloads.lnk
[2012/07/03 14:13:37 | 000,000,134 | ---- | M] () -- C:\Users\Julian\Documents\.123.rtf
[2012/07/02 20:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) -- C:\windows\SysNative\drivers\teamviewervpn.sys
[2012/07/02 17:53:01 | 000,001,998 | -H-- | M] () -- C:\Users\Julian\Documents\Default.rdp
[2012/07/02 15:59:08 | 000,000,888 | ---- | M] () -- C:\Users\Julian\Desktop\Transactions_02_07_2012.csv
[2012/07/02 14:25:47 | 000,000,663 | ---- | M] () -- C:\windows\openrda.ini
[2012/07/02 09:51:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/06/27 17:46:06 | 000,112,258 | ---- | M] () -- C:\Users\Julian\Documents\ID224 - Rule 42.1.6.2 - Update on Legal Costs.pdf
[2012/06/27 17:42:06 | 000,095,649 | ---- | M] () -- C:\Users\Julian\Documents\ID198 - Ethical Issues for NSW Wills and Estates Practitioners.pdf
[2012/06/27 14:41:46 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012/06/26 11:50:07 | 000,001,267 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/25 14:58:46 | 000,017,936 | ---- | M] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalui2.dll
[2012/06/25 14:58:44 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalmon2.dll
[2012/06/22 14:27:04 | 000,026,112 | ---- | M] () -- C:\Users\Julian\Documents\RE Your transfer to Henderson and Love.msg
[2012/06/21 16:00:53 | 000,513,536 | ---- | M] () -- C:\Users\Julian\Documents\RE CHUNG JA SKERMAN.msg
[2012/06/20 17:29:47 | 000,073,877 | ---- | M] () -- C:\Users\Julian\Documents\ID181 - Effective Witness Preparation.pdf
[2012/06/18 12:48:54 | 000,027,255 | ---- | M] () -- C:\Users\Julian\Documents\Letter to A J Anthony & Associates - 18 June 2012 (Draft).pdf
[2012/06/18 09:26:46 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/18 09:23:00 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012/07/13 17:49:52 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/07/13 17:49:52 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/07/13 13:50:28 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/12 16:04:56 | 000,033,110 | ---- | C] () -- C:\Users\Julian\Documents\Bastick & Hay Contract Review - 6307.pdf
[2012/07/11 17:20:59 | 005,177,608 | ---- | C] () -- C:\Users\Julian\Documents\Contract Unit 11 at 24 Mount Street Coogee.pdf
[2012/07/06 14:39:35 | 000,002,639 | ---- | C] () -- C:\Users\Julian\Documents\VIDEO_TS.xspf
[2012/07/06 14:28:59 | 000,001,059 | ---- | C] () -- C:\Users\Julian\Desktop\VLC media player.lnk
[2012/07/06 13:45:11 | 000,049,879 | ---- | C] () -- C:\Users\Julian\Documents\Untitled (2).wma
[2012/07/06 11:02:43 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut (3).lnk
[2012/07/03 23:06:19 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut (2).lnk
[2012/07/03 23:06:05 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut.lnk
[2012/07/03 23:03:36 | 000,000,864 | ---- | C] () -- C:\Users\Julian\Desktop\Downloads.lnk
[2012/07/03 14:13:37 | 000,000,134 | ---- | C] () -- C:\Users\Julian\Documents\.123.rtf
[2012/07/02 15:35:36 | 000,000,888 | ---- | C] () -- C:\Users\Julian\Desktop\Transactions_02_07_2012.csv
[2012/07/02 09:51:24 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/07/02 09:51:17 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/06/29 19:02:14 | 000,076,491 | ---- | C] () -- C:\Users\Julian\Desktop\Letter from Otis - 11 October 2005.pdf
[2012/06/29 19:00:55 | 000,167,394 | ---- | C] () -- C:\Users\Julian\Desktop\Otis Termination Letter 23 May 2007.pdf
[2012/06/29 18:58:53 | 000,676,019 | ---- | C] () -- C:\Users\Julian\Desktop\OTIS ELEVATOR COMPANY.pdf
[2012/06/27 17:46:06 | 000,112,258 | ---- | C] () -- C:\Users\Julian\Documents\ID224 - Rule 42.1.6.2 - Update on Legal Costs.pdf
[2012/06/27 17:41:41 | 000,095,649 | ---- | C] () -- C:\Users\Julian\Documents\ID198 - Ethical Issues for NSW Wills and Estates Practitioners.pdf
[2012/06/27 14:41:46 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/06/27 14:41:46 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012/06/22 14:27:03 | 000,026,112 | ---- | C] () -- C:\Users\Julian\Documents\RE Your transfer to Henderson and Love.msg
[2012/06/21 16:00:53 | 000,513,536 | ---- | C] () -- C:\Users\Julian\Documents\RE CHUNG JA SKERMAN.msg
[2012/06/20 17:29:47 | 000,073,877 | ---- | C] () -- C:\Users\Julian\Documents\ID181 - Effective Witness Preparation.pdf
[2012/06/18 15:21:06 | 000,225,280 | ---- | C] () -- C:\windows\SysNative\NetFaxPort64.dll
[2012/06/18 15:21:06 | 000,002,560 | ---- | C] () -- C:\windows\SysNative\NetFaxPortMsgs64.dll
[2012/06/18 15:21:06 | 000,001,272 | ---- | C] () -- C:\windows\SysNative\NetFaxPort.ko.xml
[2012/06/18 12:50:08 | 000,027,255 | ---- | C] () -- C:\Users\Julian\Documents\Letter to A J Anthony & Associates - 18 June 2012 (Draft).pdf
[2012/06/18 09:26:46 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/18 09:23:00 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/04 21:12:18 | 000,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2012/04/02 14:09:42 | 000,000,663 | ---- | C] () -- C:\windows\openrda.ini
[2012/04/02 14:09:25 | 000,000,000 | ---- | C] () -- C:\windows\drvxl32.INI
[2012/04/02 14:09:24 | 000,000,000 | ---- | C] () -- C:\windows\drvwd32.INI
[2012/03/30 08:47:34 | 000,000,168 | ---- | C] () -- C:\windows\Clipbook.INI
[2012/03/27 10:03:12 | 000,001,995 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\SAS7_000.DAT
[2012/03/22 08:36:23 | 000,000,900 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2012/03/19 13:00:08 | 000,000,676 | ---- | C] () -- C:\windows\MYOBP.INI
[2012/03/19 13:00:08 | 000,000,039 | ---- | C] () -- C:\windows\MYOB.INI
[2012/03/19 12:21:34 | 000,000,136 | ---- | C] () -- C:\windows\Readiris.ini
[2012/03/19 12:21:29 | 000,023,040 | ---- | C] () -- C:\windows\SysWow64\irisco32.dll
[2012/03/19 12:20:44 | 000,950,585 | ---- | C] () -- C:\windows\SysWow64\libiconv-2.dll
[2012/03/19 12:15:19 | 000,260,688 | ---- | C] () -- C:\windows\SUPDRun.exe
[2012/03/19 11:47:38 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2012/03/19 11:47:31 | 000,000,156 | ---- | C] () -- C:\windows\ODBC.INI
[2012/03/19 11:47:18 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\SvcMan.exe
[2012/03/19 11:47:10 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\SecSNMP.dll
[2012/03/19 11:44:48 | 000,113,768 | R--- | C] () -- C:\windows\Wiainst.exe
[2012/03/16 17:37:14 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2012/03/16 10:42:14 | 000,802,678 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/04 12:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/03/23 08:33:35 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\com.livescribe.LivescribeConnect
[2012/06/27 14:21:08 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Downloaded Installations
[2012/07/15 00:06:15 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Dropbox
[2012/04/04 10:08:12 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LEAP Legal Software
[2012/07/13 09:45:27 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LEAP_Timesheet
[2012/07/13 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nitro PDF
[2012/03/26 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nuance
[2012/03/19 11:47:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Samsung
[2012/07/13 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\TeamViewer
[2012/03/16 21:27:19 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Tific
[2012/03/16 11:09:15 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Toshiba
[2012/05/09 08:58:26 | 000,032,654 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see where it has reset itself .. There is one errant IE toolbar which I will now remove. Once done could you reset the Chrome search and let me know if it reappears.. Meanwhile I will get a copy of Chrome and have a play

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O3 - HKLM\..\Toolbar: (LEAP Research) - {d5a20021-2084-4564-9449-bf195c577fbc} - mscoree.dll (Microsoft Corporation)

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
WMXX

WMXX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
It seems that the hijack reloads the second time Chrome is started up after a restart. Like last time, it was absent when I first opened Chrome but I had a hunch that it would return the second time.

In regards to the IE toolbar, that is linked to a licensed copy of software from this company:

http://www.leap.com.au/

I removed it just in case though.


---

OTL logfile created on: 15/07/2012 12:52:34 AM - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Julian\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.21 Gb Available Physical Memory | 77.85% Memory free
15.96 Gb Paging File | 14.07 Gb Available in Paging File | 88.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.00 Gb Total Space | 595.97 Gb Free Space | 87.26% Space Free | Partition Type: NTFS
Drive D: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 09:03:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe
PRC - [2012/07/10 21:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/10 21:46:16 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/10 21:41:11 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/25 04:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/02/24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/23 12:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2011/10/28 08:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/06/04 09:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011/01/16 22:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/12 19:41:14 | 000,192,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
PRC - [2009/08/31 21:30:07 | 000,602,112 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/07/23 06:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/04/09 11:27:46 | 000,270,336 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/31 21:30:07 | 000,602,112 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/25 14:59:00 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/02 13:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV:64bit: - [2010/09/23 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 14:21:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 13:15:34 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 13:15:18 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/10 21:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/10/28 08:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/07/27 11:47:10 | 000,214,528 | ---- | M] (LEAP Legal Software) [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Documents\Content Searching\LeapWDSService.exe -- (LEAP Windows Desktop Search)
SRV - [2011/06/04 09:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011/01/16 22:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/21 13:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/02 17:52:26 | 000,054,272 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Accounting\TimeSheet Synch Notifier\Leap.Timesheet.Synchronisation.Notifier.Accounting.exe -- (LEAPSyncAccountingReceiver)
SRV - [2010/08/02 17:51:52 | 000,120,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LEAP Office\LEAP Accounting\TimeSheet Synch Notifier\Leap.Timesheet.LacNotifier.Monitor.exe -- (LEAPLacNotifierMonitor)
SRV - [2010/04/13 03:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/30 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/12 13:15:19 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/07/02 20:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/28 08:57:23 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011/03/26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/05 14:36:30 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/02/04 12:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/28 08:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/28 05:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/21 03:26:46 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd)
DRV:64bit: - [2011/01/13 10:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/18 12:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/11 06:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/11 06:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/02 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/01 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/13 00:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/09 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/19 07:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/09/23 17:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/31 03:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/19 09:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/03/25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/24 13:58:36 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/12/31 20:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 11:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 11:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 11:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/15 08:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/16 06:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 15:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 15:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 15:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/04/18 04:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/04/16 14:52:47 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/04/16 14:50:50 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2006/06/18 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2012/03/19 11:47:30 | 000,056,526 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysWow64\NULL -- (Null)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = JULIAN-PC;115.128.9.57;192.168.2.9;*.local;10.1.1.9;127.0.0.1;10.1.1.4;10.1.1.8;10.1.1.10;10.1.1.5;192.168.1.100


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2012/07/09 14:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\Mozilla\Extensions
[2012/03/19 23:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com.au/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com.au/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Clip To Onenote (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh\2.7_0\npClipToOnenote.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Clip to Onenote = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh\2.7_0\
CHR - Extension: YouTube = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Gmail = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/14 23:23:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NSCSysTrayUI] C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe (Samsung)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] -scheduler File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\pocketwifi\pocketwifi.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 File not found
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58E8CC63-FD3C-4B5D-825A-4FAB37D0C3F8}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7004362-FB90-4F6B-AFC7-43427C765D37}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3264981c-af60-11e1-8a34-cabdffe6eb59}\Shell - "" = AutoRun
O33 - MountPoints2\{3264981c-af60-11e1-8a34-cabdffe6eb59}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{54f03e12-8819-11e1-974c-a63c7306775f}\Shell - "" = AutoRun
O33 - MountPoints2\{54f03e12-8819-11e1-974c-a63c7306775f}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{667a437d-a180-11e1-97df-e0ca94c5e07c}\Shell - "" = AutoRun
O33 - MountPoints2\{667a437d-a180-11e1-97df-e0ca94c5e07c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77530f99-72d8-11e1-bb70-e89a8f9e2cb6}\Shell - "" = AutoRun
O33 - MountPoints2\{77530f99-72d8-11e1-bb70-e89a8f9e2cb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77530fae-72d8-11e1-bb70-e89a8f9e2cb6}\Shell - "" = AutoRun
O33 - MountPoints2\{77530fae-72d8-11e1-bb70-e89a8f9e2cb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 23:23:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/13 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\TeamViewer
[2012/07/13 17:49:53 | 000,000,000 | ---D | C] -- C:\Users\Julian\temp
[2012/07/13 17:49:48 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\windows\SysNative\drivers\teamviewervpn.sys
[2012/07/13 17:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/07/13 13:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/12 18:56:11 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Lyrics
[2012/07/11 09:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/10 14:36:32 | 000,000,000 | ---D | C] -- C:\Premier75
[2012/07/04 09:21:43 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Law Society
[2012/07/02 14:25:39 | 000,000,000 | ---D | C] -- C:\MYOBODBCAU10
[2012/07/02 14:19:50 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LogMeIn Rescue Applet
[2012/07/02 12:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/02 12:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/02 09:51:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LogMeIn
[2012/07/02 09:51:26 | 000,034,720 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2012/07/02 09:51:25 | 000,087,488 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2012/07/02 09:51:25 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll.000.bak
[2012/07/02 09:51:25 | 000,080,800 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2012/07/02 09:51:25 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\drivers\LMIRfsDriver.sys
[2012/07/02 09:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/07/02 09:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2012/06/28 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Chado
[2012/06/28 17:02:01 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Readiris
[2012/06/27 17:13:00 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\New folder
[2012/06/27 14:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/06/27 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012/06/25 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Deeds Register
[2012/06/19 09:18:32 | 000,000,000 | ---D | C] -- C:\PFiles
[2012/06/18 15:21:11 | 000,458,752 | ---- | C] (Samsung Software Center) -- C:\windows\prinst.exe
[2012/06/18 09:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/18 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/18 09:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/18 09:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/07/15 00:50:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/15 00:50:40 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/15 00:22:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3905126394-3002613596-1916136037-1000UA.job
[2012/07/15 00:21:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/15 00:12:42 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 00:12:42 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 23:23:54 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/07/14 23:21:21 | 000,786,274 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/14 23:21:21 | 000,666,962 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/14 23:21:21 | 000,123,688 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/14 23:18:52 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3905126394-3002613596-1916136037-1000Core.job
[2012/07/13 17:49:52 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/07/13 13:50:28 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/13 09:43:40 | 000,000,676 | ---- | M] () -- C:\windows\MYOBP.INI
[2012/07/13 09:43:40 | 000,000,039 | ---- | M] () -- C:\windows\MYOB.INI
[2012/07/13 09:30:07 | 000,000,900 | -HS- | M] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2012/07/13 09:23:10 | 000,002,379 | ---- | M] () -- C:\Users\Julian\Desktop\Google Chrome.lnk
[2012/07/12 16:03:30 | 000,033,110 | ---- | M] () -- C:\Users\Julian\Documents\Bastick & Hay Contract Review - 6307.pdf
[2012/07/12 13:15:19 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2012/07/12 13:15:18 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2012/07/12 13:15:18 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2012/07/11 17:36:34 | 005,177,608 | ---- | M] () -- C:\Users\Julian\Documents\Contract Unit 11 at 24 Mount Street Coogee.pdf
[2012/07/11 13:25:53 | 000,367,016 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/06 14:39:35 | 000,002,639 | ---- | M] () -- C:\Users\Julian\Documents\VIDEO_TS.xspf
[2012/07/06 14:28:59 | 000,001,059 | ---- | M] () -- C:\Users\Julian\Desktop\VLC media player.lnk
[2012/07/06 13:45:11 | 000,049,879 | ---- | M] () -- C:\Users\Julian\Documents\Untitled (2).wma
[2012/07/06 11:02:43 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut (3).lnk
[2012/07/05 19:20:41 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\LEAP Office TimeSheet.lnk
[2012/07/05 19:20:41 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\LEAP Office Accounting Single User.lnk
[2012/07/05 10:34:27 | 000,001,995 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\SAS7_000.DAT
[2012/07/03 23:06:19 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut (2).lnk
[2012/07/03 23:06:05 | 000,000,904 | ---- | M] () -- C:\Users\Julian\Documents\Downloads - Shortcut.lnk
[2012/07/03 23:03:36 | 000,000,864 | ---- | M] () -- C:\Users\Julian\Desktop\Downloads.lnk
[2012/07/03 14:13:37 | 000,000,134 | ---- | M] () -- C:\Users\Julian\Documents\.123.rtf
[2012/07/02 20:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) -- C:\windows\SysNative\drivers\teamviewervpn.sys
[2012/07/02 17:53:01 | 000,001,998 | -H-- | M] () -- C:\Users\Julian\Documents\Default.rdp
[2012/07/02 15:59:08 | 000,000,888 | ---- | M] () -- C:\Users\Julian\Desktop\Transactions_02_07_2012.csv
[2012/07/02 14:25:47 | 000,000,663 | ---- | M] () -- C:\windows\openrda.ini
[2012/07/02 09:51:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/06/27 17:46:06 | 000,112,258 | ---- | M] () -- C:\Users\Julian\Documents\ID224 - Rule 42.1.6.2 - Update on Legal Costs.pdf
[2012/06/27 17:42:06 | 000,095,649 | ---- | M] () -- C:\Users\Julian\Documents\ID198 - Ethical Issues for NSW Wills and Estates Practitioners.pdf
[2012/06/27 14:41:46 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012/06/26 11:50:07 | 000,001,267 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/25 14:58:46 | 000,017,936 | ---- | M] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalui2.dll
[2012/06/25 14:58:44 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalmon2.dll
[2012/06/22 14:27:04 | 000,026,112 | ---- | M] () -- C:\Users\Julian\Documents\RE Your transfer to Henderson and Love.msg
[2012/06/21 16:00:53 | 000,513,536 | ---- | M] () -- C:\Users\Julian\Documents\RE CHUNG JA SKERMAN.msg
[2012/06/20 17:29:47 | 000,073,877 | ---- | M] () -- C:\Users\Julian\Documents\ID181 - Effective Witness Preparation.pdf
[2012/06/18 12:48:54 | 000,027,255 | ---- | M] () -- C:\Users\Julian\Documents\Letter to A J Anthony & Associates - 18 June 2012 (Draft).pdf
[2012/06/18 09:26:46 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/18 09:23:00 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012/07/13 17:49:52 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/07/13 17:49:52 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/07/13 13:50:28 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/12 16:04:56 | 000,033,110 | ---- | C] () -- C:\Users\Julian\Documents\Bastick & Hay Contract Review - 6307.pdf
[2012/07/11 17:20:59 | 005,177,608 | ---- | C] () -- C:\Users\Julian\Documents\Contract Unit 11 at 24 Mount Street Coogee.pdf
[2012/07/06 14:39:35 | 000,002,639 | ---- | C] () -- C:\Users\Julian\Documents\VIDEO_TS.xspf
[2012/07/06 14:28:59 | 000,001,059 | ---- | C] () -- C:\Users\Julian\Desktop\VLC media player.lnk
[2012/07/06 13:45:11 | 000,049,879 | ---- | C] () -- C:\Users\Julian\Documents\Untitled (2).wma
[2012/07/06 11:02:43 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut (3).lnk
[2012/07/03 23:06:19 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut (2).lnk
[2012/07/03 23:06:05 | 000,000,904 | ---- | C] () -- C:\Users\Julian\Documents\Downloads - Shortcut.lnk
[2012/07/03 23:03:36 | 000,000,864 | ---- | C] () -- C:\Users\Julian\Desktop\Downloads.lnk
[2012/07/03 14:13:37 | 000,000,134 | ---- | C] () -- C:\Users\Julian\Documents\.123.rtf
[2012/07/02 15:35:36 | 000,000,888 | ---- | C] () -- C:\Users\Julian\Desktop\Transactions_02_07_2012.csv
[2012/07/02 09:51:24 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/07/02 09:51:17 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/06/29 19:02:14 | 000,076,491 | ---- | C] () -- C:\Users\Julian\Desktop\Letter from Otis - 11 October 2005.pdf
[2012/06/29 19:00:55 | 000,167,394 | ---- | C] () -- C:\Users\Julian\Desktop\Otis Termination Letter 23 May 2007.pdf
[2012/06/29 18:58:53 | 000,676,019 | ---- | C] () -- C:\Users\Julian\Desktop\OTIS ELEVATOR COMPANY.pdf
[2012/06/27 17:46:06 | 000,112,258 | ---- | C] () -- C:\Users\Julian\Documents\ID224 - Rule 42.1.6.2 - Update on Legal Costs.pdf
[2012/06/27 17:41:41 | 000,095,649 | ---- | C] () -- C:\Users\Julian\Documents\ID198 - Ethical Issues for NSW Wills and Estates Practitioners.pdf
[2012/06/27 14:41:46 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/06/27 14:41:46 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012/06/22 14:27:03 | 000,026,112 | ---- | C] () -- C:\Users\Julian\Documents\RE Your transfer to Henderson and Love.msg
[2012/06/21 16:00:53 | 000,513,536 | ---- | C] () -- C:\Users\Julian\Documents\RE CHUNG JA SKERMAN.msg
[2012/06/20 17:29:47 | 000,073,877 | ---- | C] () -- C:\Users\Julian\Documents\ID181 - Effective Witness Preparation.pdf
[2012/06/18 15:21:06 | 000,225,280 | ---- | C] () -- C:\windows\SysNative\NetFaxPort64.dll
[2012/06/18 15:21:06 | 000,002,560 | ---- | C] () -- C:\windows\SysNative\NetFaxPortMsgs64.dll
[2012/06/18 15:21:06 | 000,001,272 | ---- | C] () -- C:\windows\SysNative\NetFaxPort.ko.xml
[2012/06/18 12:50:08 | 000,027,255 | ---- | C] () -- C:\Users\Julian\Documents\Letter to A J Anthony & Associates - 18 June 2012 (Draft).pdf
[2012/06/18 09:26:46 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/18 09:23:00 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/04 21:12:18 | 000,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2012/04/02 14:09:42 | 000,000,663 | ---- | C] () -- C:\windows\openrda.ini
[2012/04/02 14:09:25 | 000,000,000 | ---- | C] () -- C:\windows\drvxl32.INI
[2012/04/02 14:09:24 | 000,000,000 | ---- | C] () -- C:\windows\drvwd32.INI
[2012/03/30 08:47:34 | 000,000,168 | ---- | C] () -- C:\windows\Clipbook.INI
[2012/03/27 10:03:12 | 000,001,995 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\SAS7_000.DAT
[2012/03/22 08:36:23 | 000,000,900 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2012/03/19 13:00:08 | 000,000,676 | ---- | C] () -- C:\windows\MYOBP.INI
[2012/03/19 13:00:08 | 000,000,039 | ---- | C] () -- C:\windows\MYOB.INI
[2012/03/19 12:21:34 | 000,000,136 | ---- | C] () -- C:\windows\Readiris.ini
[2012/03/19 12:21:29 | 000,023,040 | ---- | C] () -- C:\windows\SysWow64\irisco32.dll
[2012/03/19 12:20:44 | 000,950,585 | ---- | C] () -- C:\windows\SysWow64\libiconv-2.dll
[2012/03/19 12:15:19 | 000,260,688 | ---- | C] () -- C:\windows\SUPDRun.exe
[2012/03/19 11:47:38 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2012/03/19 11:47:31 | 000,000,156 | ---- | C] () -- C:\windows\ODBC.INI
[2012/03/19 11:47:18 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\SvcMan.exe
[2012/03/19 11:47:10 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\SecSNMP.dll
[2012/03/19 11:44:48 | 000,113,768 | R--- | C] () -- C:\windows\Wiainst.exe
[2012/03/16 17:37:14 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2012/03/16 10:42:14 | 000,802,678 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/04 12:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/03/23 08:33:35 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\com.livescribe.LivescribeConnect
[2012/06/27 14:21:08 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Downloaded Installations
[2012/07/15 00:52:00 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Dropbox
[2012/04/04 10:08:12 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LEAP Legal Software
[2012/07/13 09:45:27 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LEAP_Timesheet
[2012/07/13 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nitro PDF
[2012/03/26 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nuance
[2012/03/19 11:47:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Samsung
[2012/07/13 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\TeamViewer
[2012/03/16 21:27:19 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Tific
[2012/03/16 11:09:15 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Toshiba
[2012/05/09 08:58:26 | 000,032,654 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have had a play

Try this


1. Click on Customize and control Google Chrome icon and select Options.

Posted Image

2. Choose Basic Options. Change Google Chrome homepage to google.com or any other and click the Manage search engines... button.

Posted Image

3. Select Google from the list and make it your default search engine.

Posted Image

4. Select Web Search from the list remove it by clicking the "X" mark as shown in the image below. That's it.

Posted Image
  • 0

#9
WMXX

WMXX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Those steps don't seem to help.

The homepage was always set on google.com.au but it loaded an additional instance of that page in another tab while also loading searchnu.com/406 in a third tab.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is your Chrome synchronised with your google account ? As I feel that is where it is
  • 0

#11
WMXX

WMXX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I logged out of the account it was synced to but this didn't resolve this issue.

I re-installed Chrome afterwards and it seems to have gotten rid of the issue. Nonetheless, I'll keep a look out to see if this pops up again.

Edited by WMXX, 14 July 2012 - 10:21 AM.

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So stopping the synch did not cure the problem ?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP