OTL: Code:
OTL logfile created on: 11/15/2012 10:01:10 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\weh\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 35.90% Memory free
7.72 Gb Paging File | 4.76 Gb Available in Paging File | 61.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 74.86 Gb Free Space | 26.66% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.56% Space Free | Partition Type: FAT32
Drive S: | 149.04 Gb Total Space | 50.54 Gb Free Space | 33.91% Space Free | Partition Type: NTFS
Computer Name: WEHBOOK | User Name: weh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\weh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe (Kerio Technologies Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (domain1) -- C:\Program Files\GlassFish\EnterpriseServer 3.0\glassfish\domains\domain1\bin\domain1Service.exe (Sun Microsystems, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (postgresql-x64-9.0) -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV:64bit: - (DEBridge) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (ktupdaterservice) -- C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe (Kerio Technologies Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (MySQL) -- C:\Software\Mysql5.5\bin\mysqld.exe ()
SRV - (Apache CouchDB01cbce7481a03700) -- C:\Software\ApacheSoftwareFoundation\CouchDB\erts-5.8\bin\erlsrv.exe ()
SRV - (CableAssociation) -- C:\Program Files (x86)\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe (Wisair Ltd.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe (IDT, Inc.)
SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_6.1.32700.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (SaiK0CCB) -- C:\Windows\SysNative\drivers\SaiK0CCB.sys (Saitek)
DRV:64bit: - (SaiU0CCB) -- C:\Windows\SysNative\drivers\SaiU0CCB.sys (Saitek)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HWARadio) -- C:\Windows\SysNative\drivers\WSR_RCI.SYS ()
DRV:64bit: - (DWA) -- C:\Windows\SysNative\drivers\WSR_DWA.SYS ()
DRV:64bit: - (hwa) -- C:\Windows\SysNative\drivers\WSR_HWA.SYS ()
DRV:64bit: - (WSR_USF) -- C:\Windows\SysNative\drivers\WSR_USF.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (DLCopyFilter) -- C:\Windows\SysNative\drivers\WSR_TBF.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV - (kqemu) -- C:\Windows\SysWOW64\drivers\kqemu.sys ()
DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71}
IE:64bit: - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71}
IE - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\..\SearchScopes,DefaultScope = {56A5D131-8A06-4305-B524-F456A810B422}
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\..\SearchScopes\{56A5D131-8A06-4305-B524-F456A810B422}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://localhost:8080/mastertool-proto/"
FF - prefs.js..extensions.enabledAddons: info@elime.be:1.5
FF - prefs.js..extensions.enabledAddons: SQLiteManager@mrinalkant.blogspot.com:0.7.7
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledAddons: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledAddons: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledAddons: {ad0d925d-88f8-47f1-85ea-8463569e756e}:2.0.3
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: jsonview@brh.numbera.com:0.7
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\weh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\weh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/10 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/08 08:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/08 08:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/08 08:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011/08/11 14:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Extensions
[2011/02/09 12:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/04 09:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
[2011/08/11 14:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\nvxzih3d.default\extensions
[2011/08/11 14:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\nvxzih3d.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/11/01 09:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions
[2011/08/12 11:51:06 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/09/20 14:15:44 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/08/06 09:19:53 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/08/11 14:34:23 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/09/20 14:15:43 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\firefox@ghostery.com
[2012/11/01 09:08:10 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\firebug@software.joehewitt.com.xpi
[2012/04/11 13:06:48 | 000,084,034 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\FirePHPExtension-Build@firephp.org.xpi
[2011/11/07 16:38:02 | 000,013,136 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\info@elime.be.xpi
[2012/10/22 15:32:01 | 000,026,234 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\jsonview@brh.numbera.com.xpi
[2011/11/25 10:12:23 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2011/08/24 18:34:34 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2011/11/23 09:48:18 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2012/06/04 09:11:14 | 000,261,871 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi
[2011/12/08 14:07:22 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012/09/05 12:25:27 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/07/31 16:48:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/11 09:05:58 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/10/16 09:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/14 17:50:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/16 09:22:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/29 15:40:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/12 16:31:37 | 000,218,192 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/06/20 09:00:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 09:04:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 09:00:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/20 09:00:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/20 09:00:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/20 09:00:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\weh\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\weh\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\weh\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\weh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Tampermonkey = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.7.2820_0\
CHR - Extension: Postman - REST Client = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm\0.7.5_0\
CHR - Extension: Stylish = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: Edit This Cookie = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.1.24_0\
CHR - Extension: Window Resizer = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh\1.7.0_0\
CHR - Extension: Skype Click to Call = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Ghostery = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: Google Mail = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/11/14 17:27:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files (x86)\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Software\Malwarebytes-Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\weh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\network.bat ()
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22E969A9-1727-48F8-BD63-EE822EE53033}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22E969A9-1727-48F8-BD63-EE822EE53033}: NameServer = 192.168.10.1,82.237.169.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F54ACD9A-BA6E-432A-98EF-28A5BC5BB78A}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/15 10:00:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\weh\Desktop\OTL.exe
[2012/11/15 09:41:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/15 09:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/15 09:02:39 | 005,001,537 | R--- | C] (Swearware) -- C:\Users\weh\Desktop\ComboFix.exe
[2012/11/14 17:06:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/14 17:06:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/14 17:06:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/14 17:04:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/14 17:03:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/14 11:10:20 | 000,741,184 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\easyupdatusapiu64.dll
[2012/11/14 11:09:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/11/13 22:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/13 21:57:48 | 000,000,000 | ---D | C] -- C:\Users\weh\Desktop\Trojan
[2012/11/13 19:02:14 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\Malwarebytes
[2012/11/13 19:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/13 19:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/13 19:01:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/11/13 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\weh\Documents\Sublime
[2012/11/09 20:48:52 | 000,000,000 | ---D | C] -- C:\Users\weh\.openshift
[2012/11/09 19:46:00 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\LibreOffice
[2012/11/09 19:45:38 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6
[2012/11/08 09:46:14 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\NetBeans
[2012/11/08 09:46:14 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Local\NetBeans
[2012/11/08 08:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.2.1
[2012/11/08 08:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/05 15:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\sges-v3
[2012/11/05 15:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 6.8
[2012/11/05 11:49:24 | 000,000,000 | ---D | C] -- C:\Users\weh\Desktop\CJB-00412
[2012/11/01 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\weh\Documents\Calibre Bibliothek
[2012/11/01 13:33:18 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\calibre
[2012/11/01 13:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/11/01 08:41:03 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\Veodin
[2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2012/10/23 09:50:10 | 000,000,000 | ---D | C] -- C:\Users\weh\hpremote
[2012/10/18 15:43:24 | 000,000,000 | ---D | C] -- C:\Users\weh\target
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/15 09:56:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000UA.job
[2012/11/15 09:34:00 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 09:13:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 09:04:32 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 09:04:32 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 09:02:58 | 005,001,537 | R--- | M] (Swearware) -- C:\Users\weh\Desktop\ComboFix.exe
[2012/11/15 08:56:54 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 08:55:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/15 08:55:17 | 3107,487,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/14 17:59:31 | 000,783,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/14 17:59:31 | 000,655,280 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/14 17:59:31 | 000,122,152 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/14 17:27:39 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/11/14 16:13:16 | 000,055,734 | ---- | M] () -- C:\windows\sess_elic86qhudtd5392i3u311qo07
[2012/11/14 16:13:13 | 000,055,730 | ---- | M] () -- C:\windows\sess_1qnh9omr5kil9puqv0qddirvq3
[2012/11/14 16:13:13 | 000,055,729 | ---- | M] () -- C:\windows\sess_vo5fggrtttbe86645o7h756u52
[2012/11/14 16:13:09 | 000,055,730 | ---- | M] () -- C:\windows\sess_boipbv5o0e4r6sdujsqas4v8q1
[2012/11/14 16:11:24 | 000,000,153 | ---- | M] () -- C:\windows\SysWow64\assist.err
[2012/11/14 15:56:16 | 000,055,730 | ---- | M] () -- C:\windows\sess_kdgdalnljs6v08kqp467cgl4e6
[2012/11/14 14:55:17 | 000,055,730 | ---- | M] () -- C:\windows\sess_n6l116gr8e9vt4f74gmn97p534
[2012/11/14 14:55:17 | 000,055,730 | ---- | M] () -- C:\windows\sess_db8h2kpom9n7le0ac7ddjlmsc5
[2012/11/14 14:55:17 | 000,055,729 | ---- | M] () -- C:\windows\sess_f282qaodkkj1doetntq3ud4c11
[2012/11/14 13:50:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\weh\Desktop\OTL.exe
[2012/11/14 10:56:09 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000Core.job
[2012/11/14 09:53:24 | 000,041,696 | ---- | M] () -- C:\windows\sess_gq6280i5vcd41n05la62tdsdn7
[2012/11/14 09:36:52 | 000,041,696 | ---- | M] () -- C:\windows\sess_thcnfg8v2gveb1lcdh26tknob3
[2012/11/14 09:25:30 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\kerio-connect-koff-7.4.2-7694-win32.properties
[2012/11/13 22:21:34 | 000,000,000 | ---- | M] () -- C:\Users\weh\defogger_reenable
[2012/11/13 20:19:02 | 000,000,079 | ---- | M] () -- C:\Users\weh\AppData\Roaming\mbam.context.scan
[2012/11/13 17:57:26 | 000,055,734 | ---- | M] () -- C:\windows\sess_9tu987fm4hcn27ni6sag6m76p0
[2012/11/13 17:41:15 | 000,008,109 | ---- | M] () -- C:\Users\weh\AppData\Local\recently-used.xbel
[2012/11/13 17:21:59 | 000,055,730 | ---- | M] () -- C:\windows\sess_lvdmkq4qo7uoeu0luggma50vu2
[2012/11/13 17:21:59 | 000,055,730 | ---- | M] () -- C:\windows\sess_huhqi5nf4p3eboo3knds16qju0
[2012/11/13 17:21:58 | 000,055,729 | ---- | M] () -- C:\windows\sess_oao0jadssfb5agj7hmekr17fm6
[2012/11/13 17:06:14 | 000,000,600 | ---- | M] () -- C:\Users\weh\AppData\Roaming\winscp.rnd
[2012/11/13 10:43:47 | 000,000,600 | ---- | M] () -- C:\Users\weh\AppData\Local\PUTTY.RND
[2012/11/12 18:12:41 | 000,055,992 | ---- | M] () -- C:\windows\sess_ji29oqrt9huntmklq78ggo0bk5
[2012/11/12 11:02:09 | 000,052,802 | ---- | M] () -- C:\windows\sess_asu56gesboattdncig0gqug6j1
[2012/11/12 11:01:38 | 000,054,216 | ---- | M] () -- C:\windows\sess_nb4ot5pb7hs2snjabn46pjp9k6
[2012/11/12 10:56:59 | 000,052,862 | ---- | M] () -- C:\windows\sess_r6mhsfuv5uordl8apdvqjism67
[2012/11/12 10:50:36 | 000,052,845 | ---- | M] () -- C:\windows\sess_pckn5i8ha6dga3s3h7r67qjom7
[2012/11/12 10:50:36 | 000,052,840 | ---- | M] () -- C:\windows\sess_qubak97vfdur7nspfk92dpd0i1
[2012/11/12 10:50:36 | 000,052,840 | ---- | M] () -- C:\windows\sess_nbqhuufsaf5tr5hbppfukbvaf6
[2012/11/12 10:50:36 | 000,052,840 | ---- | M] () -- C:\windows\sess_n3gqemksbvio7btlp44sclkb53
[2012/11/12 10:22:56 | 000,002,020 | -H-- | M] () -- C:\Users\weh\Documents\Default.rdp
[2012/11/12 09:02:07 | 002,444,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/11/07 13:16:53 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwot.sys
[2012/11/07 13:16:53 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwim.sys
[2012/11/06 13:53:09 | 000,000,096 | ---- | M] () -- C:\Users\weh\.asadminpass
[2012/11/02 13:18:16 | 000,000,446 | ---- | M] () -- C:\windows\tasks\SyncBack weh-data.job
[2012/11/01 08:41:11 | 000,000,192 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/11/01 08:30:33 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForweh.job
[2012/10/31 10:40:43 | 000,055,734 | ---- | M] () -- C:\windows\sess_bq3ft83me4bkvqjl50roco4vt1
[2012/10/31 10:40:40 | 000,055,730 | ---- | M] () -- C:\windows\sess_u4ag8hh90qo752dkhbgq9e6e82
[2012/10/31 10:40:40 | 000,055,730 | ---- | M] () -- C:\windows\sess_4s4j4256h1s9mu5pao5hvr8b56
[2012/10/31 10:40:40 | 000,055,729 | ---- | M] () -- C:\windows\sess_o3po215620bqp6rssrrqkfl5q3
[2012/10/30 18:46:47 | 000,055,730 | ---- | M] () -- C:\windows\sess_97g5ndv6n5o25ci5etdreb4h02
[2012/10/30 18:36:34 | 000,055,730 | ---- | M] () -- C:\windows\sess_tktolkoofr7u3crek1cifj2om6
[2012/10/30 18:36:34 | 000,055,730 | ---- | M] () -- C:\windows\sess_gs7qglktm7em1ob32tqpclpid0
[2012/10/30 18:36:34 | 000,055,729 | ---- | M] () -- C:\windows\sess_ck6e78o57orm6m3v0fsnsmkrs6
[2012/10/30 18:26:10 | 000,055,734 | ---- | M] () -- C:\windows\sess_g1tcgje7g0tie17cssiukruqi6
[2012/10/30 16:00:06 | 000,055,730 | ---- | M] () -- C:\windows\sess_ackbcevao4ig9084nbraq9qnh4
[2012/10/30 16:00:06 | 000,055,729 | ---- | M] () -- C:\windows\sess_i43imlcd2pd6ht0ubu4vv5c4i5
[2012/10/30 16:00:05 | 000,055,730 | ---- | M] () -- C:\windows\sess_uvqhk201to9k2tkc6imefa2d15
[2012/10/30 13:24:55 | 000,055,730 | ---- | M] () -- C:\windows\sess_f15i3h1cj0fjh60tqnb5ajbvt2
[2012/10/30 13:24:51 | 000,055,734 | ---- | M] () -- C:\windows\sess_hov3ermjgs1ur3841b47lph4f4
[2012/10/30 13:24:50 | 000,055,731 | ---- | M] () -- C:\windows\sess_shkkuv5aqhlp1s7m430l5k7fs3
[2012/10/30 13:24:50 | 000,055,731 | ---- | M] () -- C:\windows\sess_rhrl77qni5rk1stoskms2kqbo3
[2012/10/30 13:24:50 | 000,055,731 | ---- | M] () -- C:\windows\sess_gd1rqlnjm9e4j9hefpm1vksqb2
[2012/10/30 13:24:49 | 000,055,731 | ---- | M] () -- C:\windows\sess_o24j3kvdfc09r6dag3pnri5bi0
[2012/10/30 13:24:49 | 000,055,731 | ---- | M] () -- C:\windows\sess_m3rgr8db3uuqt0ojmmlhra5g32
[2012/10/30 13:24:48 | 000,055,731 | ---- | M] () -- C:\windows\sess_aorbrupfupovpp6tr7dtca3p26
[2012/10/30 13:24:48 | 000,055,731 | ---- | M] () -- C:\windows\sess_13mmfq3o9r5ubc2r9eitbec7v6
[2012/10/30 13:24:47 | 000,055,731 | ---- | M] () -- C:\windows\sess_tihdchg92788a5tt2h5gfl29n2
[2012/10/30 13:24:47 | 000,055,731 | ---- | M] () -- C:\windows\sess_ji6jlu4bco9s36sdudfafrak95
[2012/10/30 13:24:46 | 000,055,731 | ---- | M] () -- C:\windows\sess_lmgics2ip5502cjhldkkqe2qu7
[2012/10/30 13:24:46 | 000,055,731 | ---- | M] () -- C:\windows\sess_8te5urvfeompimvtssndfagi84
[2012/10/30 13:24:45 | 000,055,731 | ---- | M] () -- C:\windows\sess_vta7v900oq9pcbpcg28uu7dh81
[2012/10/30 13:24:45 | 000,055,731 | ---- | M] () -- C:\windows\sess_rvmpobnojji97b2n64b8n1agl2
[2012/10/30 13:24:44 | 000,055,731 | ---- | M] () -- C:\windows\sess_i6s745qlsldc9u5b5gsmhl6vd3
[2012/10/30 13:24:43 | 000,055,731 | ---- | M] () -- C:\windows\sess_sdakhk1u8d7cgvve2orq8fo187
[2012/10/30 13:24:43 | 000,055,731 | ---- | M] () -- C:\windows\sess_9tnks1fnjlss99ocghdvafv5b3
[2012/10/30 13:24:41 | 000,055,731 | ---- | M] () -- C:\windows\sess_6mj1b5cvm0259qt0litdq5s5s1
[2012/10/30 13:24:39 | 000,055,731 | ---- | M] () -- C:\windows\sess_cv2fr793jsvscuuifetdiit6s5
[2012/10/30 13:24:38 | 000,055,731 | ---- | M] () -- C:\windows\sess_8a3a7oq9fbf6mh5ctt0bsvrb40
[2012/10/30 13:24:38 | 000,055,731 | ---- | M] () -- C:\windows\sess_808hnu32uct2qnoafud9fg3875
[2012/10/30 13:24:37 | 000,055,737 | ---- | M] () -- C:\windows\sess_lqtc2glsll58gkmnimvfrgokk1
[2012/10/30 12:59:22 | 000,056,998 | ---- | M] () -- C:\windows\sess_mr42h249sfc361jognvd4n0ed5
[2012/10/30 11:07:37 | 000,055,755 | ---- | M] () -- C:\windows\sess_ngsvm19ab9mj25vn38u3792gq2
[2012/10/30 11:07:29 | 000,055,730 | ---- | M] () -- C:\windows\sess_udha87qccf1agmojk1g7u7nha1
[2012/10/30 11:07:29 | 000,055,730 | ---- | M] () -- C:\windows\sess_6ke4qfdea2slffai9dom9ohba7
[2012/10/30 11:07:29 | 000,055,729 | ---- | M] () -- C:\windows\sess_hrs3582avmtrivu1q1ktuts220
[2012/10/30 10:45:13 | 000,056,998 | ---- | M] () -- C:\windows\sess_jr6m113onblrsq6ijiud2vn5e3
[2012/10/30 10:43:30 | 000,055,713 | ---- | M] () -- C:\windows\sess_90dkcda0b7rqu0q0h6sa0dpbj5
[2012/10/30 10:35:52 | 000,055,755 | ---- | M] () -- C:\windows\sess_53d2sgamtrsu5tg7i2e80jojc5
[2012/10/30 10:34:43 | 000,017,207 | ---- | M] () -- C:\windows\sess_5g79d29snkoa34eagq8qn5vtk6
[2012/10/30 10:31:09 | 000,055,734 | ---- | M] () -- C:\windows\sess_fkbct4t16nvbgt96tfjqmiuu97
[2012/10/30 10:30:58 | 000,055,730 | ---- | M] () -- C:\windows\sess_g24u7htafegheojc00372ga214
[2012/10/30 10:30:57 | 000,055,730 | ---- | M] () -- C:\windows\sess_e8s1evn067dacp3d6uqh8l0et3
[2012/10/30 10:30:57 | 000,055,729 | ---- | M] () -- C:\windows\sess_8oc2suk2jl2mfieju3afriodv6
[2012/10/30 10:30:32 | 000,045,283 | ---- | M] () -- C:\windows\sess_uaubatcuej9sccitroqgbrdtg2
[2012/10/29 18:28:45 | 000,055,355 | ---- | M] () -- C:\windows\sess_p9u03qr02m5er9s5r8qscejs82
[2012/10/29 16:58:56 | 000,017,180 | ---- | M] () -- C:\windows\sess_ckg5krd4al0kmeb6v7ea95av30
[2012/10/29 16:32:15 | 000,055,334 | ---- | M] () -- C:\windows\sess_9gu4eaaeg471uam8tc922b2de5
[2012/10/29 16:32:05 | 000,055,330 | ---- | M] () -- C:\windows\sess_54l46ldslo0486iqagsemqtu60
[2012/10/29 16:32:02 | 000,055,330 | ---- | M] () -- C:\windows\sess_oo8e57s72jli2gmkit9ckk1lo6
[2012/10/29 15:36:07 | 000,055,331 | ---- | M] () -- C:\windows\sess_nf9dktvoqpat9ngg7d55mmj081
[2012/10/29 15:36:06 | 000,055,334 | ---- | M] () -- C:\windows\sess_vr1p8694sg1oj73kfr9tnl4391
[2012/10/29 15:36:01 | 000,055,331 | ---- | M] () -- C:\windows\sess_ceoamnsfguhlfj7omrlhjur5h3
[2012/10/29 15:36:00 | 000,055,334 | ---- | M] () -- C:\windows\sess_uqeibbekcgelidagl0efp370b4
[2012/10/29 15:04:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_e48gsn7b30649srbsdd5v2jad2
[2012/10/29 15:04:53 | 000,055,334 | ---- | M] () -- C:\windows\sess_m0eff5cro6cmecll7ta423f7m3
[2012/10/29 15:04:49 | 000,055,331 | ---- | M] () -- C:\windows\sess_80qqdd7vcugmqcprg7m0mrdc63
[2012/10/29 15:04:48 | 000,055,334 | ---- | M] () -- C:\windows\sess_e1hek2huu5in47umqhisq2qts3
[2012/10/29 14:22:03 | 000,020,945 | ---- | M] () -- C:\Users\weh\_viminfo
[2012/10/29 13:34:14 | 000,055,337 | ---- | M] () -- C:\windows\sess_79fdpon8qand25v3e948b4qbc2
[2012/10/29 13:22:26 | 000,056,549 | ---- | M] () -- C:\windows\sess_or5ti5vc0huujf3amhdp6ktgr7
[2012/10/29 12:44:26 | 000,056,018 | ---- | M] () -- C:\windows\sess_3g8v3hdrf5h8pfm3hoa0c7v810
[2012/10/29 12:43:59 | 000,056,018 | ---- | M] () -- C:\windows\sess_hptd0jobar5v9rg5lh5banu106
[2012/10/29 12:42:04 | 000,055,331 | ---- | M] () -- C:\windows\sess_jl1hm965gj4arq1bj12f6h36s2
[2012/10/29 12:42:03 | 000,055,334 | ---- | M] () -- C:\windows\sess_3dvkc4cn7gmeiqsdmp1n0kd604
[2012/10/29 12:41:54 | 000,055,334 | ---- | M] () -- C:\windows\sess_uk1138urs57j7ttqucr63cvm64
[2012/10/29 12:41:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_a27e56h9km988m32t56noav4e5
[2012/10/29 12:41:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_9jgs504p6p70ljkjopt4goj604
[2012/10/29 12:41:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_9dshatt5b3btt5p40jgu94dn86
[2012/10/29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_sfc2m3gigflvlfeptsgqp8qd31
[2012/10/29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_rh2u220939aj3s2hhapeq7aa92
[2012/10/29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_ko5k1i7r82ggrp3lqp1ks6el53
[2012/10/29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_dpa68cs7bpne1jh70ctf4uvvn7
[2012/10/29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_uo6iktgako59la171ejqrtp2d7
[2012/10/29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_qlkgj6c37uqfo3mrfsi96ekvb3
[2012/10/29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_hfd3ep695kf6o746d36vekcdr7
[2012/10/29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_6mtp4dvm2bn31akdfc20i1c992
[2012/10/29 12:41:51 | 000,055,331 | ---- | M] () -- C:\windows\sess_di3br0qgoqhb4kabbjq5hv9da6
[2012/10/29 12:41:51 | 000,055,331 | ---- | M] () -- C:\windows\sess_8h140ng9m69cc58mnm9ehtkuo7
[2012/10/29 12:41:50 | 000,055,331 | ---- | M] () -- C:\windows\sess_h18pqh6dqbf3vcerlp0fm45q25
[2012/10/29 12:41:49 | 000,055,331 | ---- | M] () -- C:\windows\sess_uct1u8q8ksh0h4v678siujstm0
[2012/10/29 12:41:49 | 000,055,331 | ---- | M] () -- C:\windows\sess_k9clsss02l2m8kun3f1p20kma6
[2012/10/29 12:41:46 | 000,055,331 | ---- | M] () -- C:\windows\sess_ai0013ue12ol6b8f8jb3ebuub1
[2012/10/29 12:41:43 | 000,055,331 | ---- | M] () -- C:\windows\sess_dj4ds0m76l3j28i14lau54ul64
[2012/10/29 12:41:42 | 000,055,331 | ---- | M] () -- C:\windows\sess_i95efddtfib87roh9u7s4oife0
[2012/10/29 12:41:41 | 000,055,337 | ---- | M] () -- C:\windows\sess_b0oorbo902kds8ik3euh8n9u36
[2012/10/29 12:41:41 | 000,055,331 | ---- | M] () -- C:\windows\sess_n4rtaj9673lgl1c8paojsadct3
[2012/10/29 11:17:44 | 000,117,914 | ---- | M] () -- C:\windows\sess_r8aqfbre4t9eu7ptb0lk4kp753
[2012/10/29 10:53:36 | 000,055,337 | ---- | M] () -- C:\windows\sess_1b34unhehtj5drqqj002g2c341
[2012/10/29 10:45:19 | 000,055,337 | ---- | M] () -- C:\windows\sess_4ddeobtrm2h933s9tbmdrd1195
[2012/10/29 10:19:10 | 000,055,337 | ---- | M] () -- C:\windows\sess_37rp294k6ngpqghg8slht4js25
[2012/10/29 10:18:58 | 000,056,018 | ---- | M] () -- C:\windows\sess_c2u7mnhd5qli6lkjh7g54jusa4
[2012/10/29 10:18:48 | 000,056,014 | ---- | M] () -- C:\windows\sess_cmqq0pi5vinkd1efgcbodl51k6
[2012/10/29 10:18:48 | 000,056,014 | ---- | M] () -- C:\windows\sess_abgllcvef9pe6erhu8ekq6ggq7
[2012/10/29 09:00:22 | 000,055,337 | ---- | M] () -- C:\windows\sess_mr1cat7qm67s5gcp6tkdjk3cv0
[2012/10/29 08:26:46 | 000,056,014 | ---- | M] () -- C:\windows\sess_jlicsl856i6kpbdk139ehmdmu5
[2012/10/29 08:26:46 | 000,056,014 | ---- | M] () -- C:\windows\sess_b7j2b41nrl3h4knbj1jublks24
[2012/10/29 08:26:46 | 000,056,013 | ---- | M] () -- C:\windows\sess_m47mnj6fnjr6bed2m33s2ovcj1
[2012/10/29 08:26:45 | 000,056,018 | ---- | M] () -- C:\windows\sess_glhj9012kcitku78q76j44kpd1
[2012/10/26 17:38:44 | 000,055,334 | ---- | M] () -- C:\windows\sess_7d0o08b2jvb3o56aqs6jfc9no3
[2012/10/26 17:28:19 | 000,055,334 | ---- | M] () -- C:\windows\sess_9j4qcm8bujgnngn3hnc5459te0
[2012/10/26 17:28:18 | 000,055,330 | ---- | M] () -- C:\windows\sess_80kg347lala241i37juhb2ht33
[2012/10/26 17:28:18 | 000,055,329 | ---- | M] () -- C:\windows\sess_rouoeojkmh2qjg2rin3vohnoo5
[2012/10/26 14:57:03 | 000,055,334 | ---- | M] () -- C:\windows\sess_003f8llqf9juv54l19p34fa2t0
[2012/10/26 14:43:00 | 000,055,334 | ---- | M] () -- C:\windows\sess_2gg91ani31jr2mk1g4oauj7a66
[2012/10/26 14:34:59 | 000,017,197 | ---- | M] () -- C:\windows\sess_oktj28skagalmeu1n49vd5kja1
[2012/10/26 14:20:16 | 000,056,018 | ---- | M] () -- C:\windows\sess_9g3vvudfgeplqafi035mj10pb4
[2012/10/26 14:00:44 | 000,056,018 | ---- | M] () -- C:\windows\sess_iaco566vveo1nk8hh38fk9psh1
[2012/10/26 14:00:35 | 000,056,014 | ---- | M] () -- C:\windows\sess_vu76hmdaq64d03456rdmcqejo3
[2012/10/26 14:00:35 | 000,056,014 | ---- | M] () -- C:\windows\sess_2mtr6rnmg46li3sm6pml8aq922
[2012/10/26 14:00:27 | 000,017,197 | ---- | M] () -- C:\windows\sess_ohl13bigcbtbr1q4utedjbvb63
[2012/10/26 14:00:11 | 000,008,135 | ---- | M] () -- C:\windows\sess_1dd31c0bv81j7fqeq6ijo79t32
[2012/10/26 14:00:06 | 000,008,135 | ---- | M] () -- C:\windows\sess_n4ojdb7vouu7dv4eh3bb7oeas0
[2012/10/26 14:00:06 | 000,008,135 | ---- | M] () -- C:\windows\sess_dfr7j3g68dko7tqlt9a5kk5l71
[2012/10/26 14:00:06 | 000,008,135 | ---- | M] () -- C:\windows\sess_9h9vk071a9lqu6ngerj10327c3
[2012/10/26 13:57:52 | 000,017,744 | ---- | M] () -- C:\windows\sess_hm6rs9vngkei8anekqp7kpj695
[2012/10/26 13:57:44 | 000,056,039 | ---- | M] () -- C:\windows\sess_laso3tial542op3adau0k3u4s4
[2012/10/26 13:56:55 | 000,056,018 | ---- | M] () -- C:\windows\sess_7h4c9p4209n4j7tcistfdsgdf5
[2012/10/26 13:56:43 | 000,056,014 | ---- | M] () -- C:\windows\sess_7d5r342kicj3r8knhlhopaf103
[2012/10/26 13:56:43 | 000,056,013 | ---- | M] () -- C:\windows\sess_d5j44ssniv68iiha5lkdb3ho71
[2012/10/26 13:56:42 | 000,056,014 | ---- | M] () -- C:\windows\sess_dtuns1pog6bnbm3csfss34fae1
[2012/10/26 13:51:01 | 000,117,912 | ---- | M] () -- C:\windows\sess_3t4t9o9bcfktnbudkkfia0ho32
[2012/10/26 13:50:30 | 000,045,473 | ---- | M] () -- C:\windows\sess_o8h8vrob84aootauinbka1kdb7
[2012/10/26 13:46:43 | 000,017,744 | ---- | M] () -- C:\windows\sess_tp5elbhkdj0pd0k28qttd18bf1
[2012/10/26 13:46:28 | 000,017,744 | ---- | M] () -- C:\windows\sess_euiecr1raruhctmvvi276nl8l6
[2012/10/26 09:52:26 | 006,506,496 | ---- | M] () -- C:\Users\weh\Desktop\magento1.5.1-brentford.eap
[2012/10/26 08:38:56 | 000,000,642 | ---- | M] () -- C:\windows\ODBC.INI
[2012/10/26 08:38:10 | 000,000,105 | ---- | M] () -- C:\Users\weh\Documents\brentford_magento.dsn
[2012/10/25 18:01:23 | 000,055,334 | ---- | M] () -- C:\windows\sess_6e531cq1p7s7iassi6v52m1bv4
[2012/10/25 18:00:58 | 000,055,334 | ---- | M] () -- C:\windows\sess_q5bafm61pcrfmlpb7gr38da994
[2012/10/25 18:00:49 | 000,055,330 | ---- | M] () -- C:\windows\sess_6bbkkqldn5dntv14pa1agp9mb5
[2012/10/25 18:00:49 | 000,055,329 | ---- | M] () -- C:\windows\sess_0llk0cipmv6g70rhdpqq8td881
[2012/10/25 14:15:09 | 000,055,355 | ---- | M] () -- C:\windows\sess_jklmtai3q2bv8bl2au34503i31
[2012/10/25 14:05:30 | 000,055,334 | ---- | M] () -- C:\windows\sess_h90983pa344ace3u217utjh6a7
[2012/10/25 14:05:20 | 000,055,330 | ---- | M] () -- C:\windows\sess_l1auaakfkhf7ona7rmftht0hh0
[2012/10/25 14:05:20 | 000,055,330 | ---- | M] () -- C:\windows\sess_1irk55glhtu785oeeefu8q0om6
[2012/10/25 14:05:20 | 000,055,329 | ---- | M] () -- C:\windows\sess_319di38o2l4c20m69q9qpg95c5
[2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2012/10/24 09:45:34 | 000,007,665 | ---- | M] () -- C:\Users\weh\AppData\Local\Resmon.ResmonCfg
[2012/10/24 08:08:55 | 000,000,022 | ---- | M] () -- C:\windows\SysWow64\devconinfo
[2012/10/24 08:08:55 | 000,000,021 | ---- | M] () -- C:\windows\SysNative\devconinfo
[2012/10/17 09:34:13 | 000,053,989 | ---- | M] () -- C:\windows\sess_lu43omd1jijp04254o8upvou53
[2012/10/17 09:29:56 | 000,055,334 | ---- | M] () -- C:\windows\sess_vq4pa77dgs8bmfet4je9oqr2n5
[2012/10/17 09:29:45 | 000,055,334 | ---- | M] () -- C:\windows\sess_li9m6gajg2gt3mj0km03a3bda4
[2012/10/17 09:29:42 | 000,055,330 | ---- | M] () -- C:\windows\sess_arn2psussqhgdu9u5c3e1gmdg6
[2012/10/17 09:29:41 | 000,055,330 | ---- | M] () -- C:\windows\sess_fiestfqdrk3elset0epm6vbqu6
[2012/10/17 09:29:41 | 000,055,329 | ---- | M] () -- C:\windows\sess_0q4rp9ekmb6hrubjdb0milis13
[2012/10/17 09:29:32 | 000,055,330 | ---- | M] () -- C:\windows\sess_hqhe0m60dmtpe5s9v279jnmba6
[2012/10/17 09:29:32 | 000,055,330 | ---- | M] () -- C:\windows\sess_1tquf8v4rek4o28hqi5va5l890
[2012/10/17 09:29:31 | 000,055,329 | ---- | M] () -- C:\windows\sess_8aq6fm6cdqimhd0jb9qhfqcg80
[2012/10/16 15:48:06 | 000,055,340 | ---- | M] () -- C:\windows\sess_lo7ubcqd4547gnmiqvugct6tl2
[2012/10/16 15:36:45 | 000,055,334 | ---- | M] () -- C:\windows\sess_210d12007katu43nc58jiv9gv0
[2012/10/16 15:02:33 | 000,055,337 | ---- | M] () -- C:\windows\sess_ojpd9jnu8itdde4v59utfrp2g7
[2012/10/16 15:01:31 | 000,052,764 | ---- | M] () -- C:\windows\sess_1aru2t09vrhnvj4jiupcptdq35
[2012/10/16 12:52:01 | 000,055,335 | ---- | M] () -- C:\windows\sess_gmntlm6kmaseratfn59q5ju450
[2012/10/16 12:50:19 | 000,052,764 | ---- | M] () -- C:\windows\sess_m3prje56a0st38hnas035gjv26
[2012/10/16 12:49:41 | 000,055,340 | ---- | M] () -- C:\windows\sess_7bq1n0hda1dn5g7bbno2n0lpn2
[2012/10/16 12:07:28 | 000,055,334 | ---- | M] () -- C:\windows\sess_bj84k794pf96fatnl849j1fvh6
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/14 17:06:36 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/14 17:06:36 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/14 17:06:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/14 17:06:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/14 17:06:36 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/14 16:13:11 | 000,055,734 | ---- | C] () -- C:\windows\sess_elic86qhudtd5392i3u311qo07
[2012/11/14 16:13:11 | 000,055,730 | ---- | C] () -- C:\windows\sess_1qnh9omr5kil9puqv0qddirvq3
[2012/11/14 16:13:11 | 000,055,729 | ---- | C] () -- C:\windows\sess_vo5fggrtttbe86645o7h756u52
[2012/11/14 16:13:08 | 000,055,730 | ---- | C] () -- C:\windows\sess_boipbv5o0e4r6sdujsqas4v8q1
[2012/11/14 14:55:10 | 000,055,730 | ---- | C] () -- C:\windows\sess_n6l116gr8e9vt4f74gmn97p534
[2012/11/14 14:55:10 | 000,055,730 | ---- | C] () -- C:\windows\sess_kdgdalnljs6v08kqp467cgl4e6
[2012/11/14 14:55:10 | 000,055,729 | ---- | C] () -- C:\windows\sess_f282qaodkkj1doetntq3ud4c11
[2012/11/14 14:55:08 | 000,055,730 | ---- | C] () -- C:\windows\sess_db8h2kpom9n7le0ac7ddjlmsc5
[2012/11/14 09:53:23 | 000,041,696 | ---- | C] () -- C:\windows\sess_gq6280i5vcd41n05la62tdsdn7
[2012/11/14 09:36:40 | 000,041,696 | ---- | C] () -- C:\windows\sess_thcnfg8v2gveb1lcdh26tknob3
[2012/11/14 09:25:30 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\kerio-connect-koff-7.4.2-7694-win32.properties
[2012/11/13 22:21:34 | 000,000,000 | ---- | C] () -- C:\Users\weh\defogger_reenable
[2012/11/13 20:19:02 | 000,000,079 | ---- | C] () -- C:\Users\weh\AppData\Roaming\mbam.context.scan
[2012/11/13 17:41:15 | 000,008,109 | ---- | C] () -- C:\Users\weh\AppData\Local\recently-used.xbel
[2012/11/13 17:21:50 | 000,055,734 | ---- | C] () -- C:\windows\sess_9tu987fm4hcn27ni6sag6m76p0
[2012/11/13 17:21:50 | 000,055,730 | ---- | C] () -- C:\windows\sess_lvdmkq4qo7uoeu0luggma50vu2
[2012/11/13 17:21:50 | 000,055,729 | ---- | C] () -- C:\windows\sess_oao0jadssfb5agj7hmekr17fm6
[2012/11/13 17:21:47 | 000,055,730 | ---- | C] () -- C:\windows\sess_huhqi5nf4p3eboo3knds16qju0
[2012/11/12 11:04:07 | 000,055,992 | ---- | C] () -- C:\windows\sess_ji29oqrt9huntmklq78ggo0bk5
[2012/11/12 11:02:01 | 000,052,802 | ---- | C] () -- C:\windows\sess_asu56gesboattdncig0gqug6j1
[2012/11/12 10:50:32 | 000,052,862 | ---- | C] () -- C:\windows\sess_r6mhsfuv5uordl8apdvqjism67
[2012/11/12 10:50:32 | 000,052,845 | ---- | C] () -- C:\windows\sess_pckn5i8ha6dga3s3h7r67qjom7
[2012/11/12 10:50:32 | 000,052,840 | ---- | C] () -- C:\windows\sess_qubak97vfdur7nspfk92dpd0i1
[2012/11/12 10:50:32 | 000,052,840 | ---- | C] () -- C:\windows\sess_nbqhuufsaf5tr5hbppfukbvaf6
[2012/11/12 10:50:32 | 000,052,840 | ---- | C] () -- C:\windows\sess_n3gqemksbvio7btlp44sclkb53
[2012/11/12 10:23:57 | 000,054,216 | ---- | C] () -- C:\windows\sess_nb4ot5pb7hs2snjabn46pjp9k6
[2012/11/01 08:41:11 | 000,000,192 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/10/31 10:40:37 | 000,055,734 | ---- | C] () -- C:\windows\sess_bq3ft83me4bkvqjl50roco4vt1
[2012/10/31 10:40:37 | 000,055,730 | ---- | C] () -- C:\windows\sess_4s4j4256h1s9mu5pao5hvr8b56
[2012/10/31 10:40:37 | 000,055,729 | ---- | C] () -- C:\windows\sess_o3po215620bqp6rssrrqkfl5q3
[2012/10/31 10:40:35 | 000,055,730 | ---- | C] () -- C:\windows\sess_u4ag8hh90qo752dkhbgq9e6e82
[2012/10/30 18:36:35 | 000,055,730 | ---- | C] () -- C:\windows\sess_97g5ndv6n5o25ci5etdreb4h02
[2012/10/30 18:36:32 | 000,055,730 | ---- | C] () -- C:\windows\sess_tktolkoofr7u3crek1cifj2om6
[2012/10/30 18:36:32 | 000,055,730 | ---- | C] () -- C:\windows\sess_gs7qglktm7em1ob32tqpclpid0
[2012/10/30 18:36:32 | 000,055,729 | ---- | C] () -- C:\windows\sess_ck6e78o57orm6m3v0fsnsmkrs6
[2012/10/30 16:00:04 | 000,055,734 | ---- | C] () -- C:\windows\sess_g1tcgje7g0tie17cssiukruqi6
[2012/10/30 16:00:04 | 000,055,730 | ---- | C] () -- C:\windows\sess_ackbcevao4ig9084nbraq9qnh4
[2012/10/30 16:00:04 | 000,055,729 | ---- | C] () -- C:\windows\sess_i43imlcd2pd6ht0ubu4vv5c4i5
[2012/10/30 16:00:02 | 000,055,730 | ---- | C] () -- C:\windows\sess_uvqhk201to9k2tkc6imefa2d15
[2012/10/30 13:24:50 | 000,055,734 | ---- | C] () -- C:\windows\sess_hov3ermjgs1ur3841b47lph4f4
[2012/10/30 13:24:50 | 000,055,731 | ---- | C] () -- C:\windows\sess_shkkuv5aqhlp1s7m430l5k7fs3
[2012/10/30 13:24:50 | 000,055,731 | ---- | C] () -- C:\windows\sess_rhrl77qni5rk1stoskms2kqbo3
[2012/10/30 13:24:49 | 000,055,731 | ---- | C] () -- C:\windows\sess_o24j3kvdfc09r6dag3pnri5bi0
[2012/10/30 13:24:49 | 000,055,731 | ---- | C] () -- C:\windows\sess_gd1rqlnjm9e4j9hefpm1vksqb2
[2012/10/30 13:24:48 | 000,055,731 | ---- | C] () -- C:\windows\sess_m3rgr8db3uuqt0ojmmlhra5g32
[2012/10/30 13:24:48 | 000,055,731 | ---- | C] () -- C:\windows\sess_aorbrupfupovpp6tr7dtca3p26
[2012/10/30 13:24:47 | 000,055,731 | ---- | C] () -- C:\windows\sess_ji6jlu4bco9s36sdudfafrak95
[2012/10/30 13:24:47 | 000,055,731 | ---- | C] () -- C:\windows\sess_13mmfq3o9r5ubc2r9eitbec7v6
[2012/10/30 13:24:46 | 000,055,731 | ---- | C] () -- C:\windows\sess_tihdchg92788a5tt2h5gfl29n2
[2012/10/30 13:24:46 | 000,055,731 | ---- | C] () -- C:\windows\sess_8te5urvfeompimvtssndfagi84
[2012/10/30 13:24:45 | 000,055,731 | ---- | C] () -- C:\windows\sess_vta7v900oq9pcbpcg28uu7dh81
[2012/10/30 13:24:45 | 000,055,731 | ---- | C] () -- C:\windows\sess_lmgics2ip5502cjhldkkqe2qu7
[2012/10/30 13:24:44 | 000,055,731 | ---- | C] () -- C:\windows\sess_rvmpobnojji97b2n64b8n1agl2
[2012/10/30 13:24:43 | 000,055,731 | ---- | C] () -- C:\windows\sess_sdakhk1u8d7cgvve2orq8fo187
[2012/10/30 13:24:43 | 000,055,731 | ---- | C] () -- C:\windows\sess_i6s745qlsldc9u5b5gsmhl6vd3
[2012/10/30 13:24:41 | 000,055,731 | ---- | C] () -- C:\windows\sess_9tnks1fnjlss99ocghdvafv5b3
[2012/10/30 13:24:39 | 000,055,731 | ---- | C] () -- C:\windows\sess_6mj1b5cvm0259qt0litdq5s5s1
[2012/10/30 13:24:38 | 000,055,731 | ---- | C] () -- C:\windows\sess_cv2fr793jsvscuuifetdiit6s5
[2012/10/30 13:24:38 | 000,055,731 | ---- | C] () -- C:\windows\sess_8a3a7oq9fbf6mh5ctt0bsvrb40
[2012/10/30 13:24:37 | 000,055,731 | ---- | C] () -- C:\windows\sess_808hnu32uct2qnoafud9fg3875
[2012/10/30 13:24:36 | 000,055,737 | ---- | C] () -- C:\windows\sess_lqtc2glsll58gkmnimvfrgokk1
[2012/10/30 11:07:30 | 000,055,730 | ---- | C] () -- C:\windows\sess_f15i3h1cj0fjh60tqnb5ajbvt2
[2012/10/30 11:07:29 | 000,055,755 | ---- | C] () -- C:\windows\sess_ngsvm19ab9mj25vn38u3792gq2
[2012/10/30 11:07:28 | 000,055,730 | ---- | C] () -- C:\windows\sess_udha87qccf1agmojk1g7u7nha1
[2012/10/30 11:07:28 | 000,055,730 | ---- | C] () -- C:\windows\sess_6ke4qfdea2slffai9dom9ohba7
[2012/10/30 11:07:28 | 000,055,729 | ---- | C] () -- C:\windows\sess_hrs3582avmtrivu1q1ktuts220
[2012/10/30 10:45:32 | 000,056,998 | ---- | C] () -- C:\windows\sess_mr42h249sfc361jognvd4n0ed5
[2012/10/30 10:41:46 | 000,056,998 | ---- | C] () -- C:\windows\sess_jr6m113onblrsq6ijiud2vn5e3
[2012/10/30 10:40:50 | 000,055,713 | ---- | C] () -- C:\windows\sess_90dkcda0b7rqu0q0h6sa0dpbj5
[2012/10/30 10:30:55 | 000,055,755 | ---- | C] () -- C:\windows\sess_53d2sgamtrsu5tg7i2e80jojc5
[2012/10/30 10:30:51 | 000,055,734 | ---- | C] () -- C:\windows\sess_fkbct4t16nvbgt96tfjqmiuu97
[2012/10/30 10:30:51 | 000,055,730 | ---- | C] () -- C:\windows\sess_e8s1evn067dacp3d6uqh8l0et3
[2012/10/30 10:30:51 | 000,055,729 | ---- | C] () -- C:\windows\sess_8oc2suk2jl2mfieju3afriodv6
[2012/10/30 10:30:49 | 000,055,730 | ---- | C] () -- C:\windows\sess_g24u7htafegheojc00372ga214
[2012/10/30 10:28:45 | 000,017,207 | ---- | C] () -- C:\windows\sess_5g79d29snkoa34eagq8qn5vtk6
[2012/10/30 10:19:05 | 000,045,283 | ---- | C] () -- C:\windows\sess_uaubatcuej9sccitroqgbrdtg2
[2012/10/29 16:58:48 | 000,017,180 | ---- | C] () -- C:\windows\sess_ckg5krd4al0kmeb6v7ea95av30
[2012/10/29 16:32:04 | 000,055,334 | ---- | C] () -- C:\windows\sess_9gu4eaaeg471uam8tc922b2de5
[2012/10/29 16:32:04 | 000,055,330 | ---- | C] () -- C:\windows\sess_54l46ldslo0486iqagsemqtu60
[2012/10/29 16:32:02 | 000,055,355 | ---- | C] () -- C:\windows\sess_p9u03qr02m5er9s5r8qscejs82
[2012/10/29 16:32:01 | 000,055,330 | ---- | C] () -- C:\windows\sess_oo8e57s72jli2gmkit9ckk1lo6
[2012/10/29 15:36:07 | 000,055,331 | ---- | C] () -- C:\windows\sess_nf9dktvoqpat9ngg7d55mmj081
[2012/10/29 15:36:06 | 000,055,334 | ---- | C] () -- C:\windows\sess_vr1p8694sg1oj73kfr9tnl4391
[2012/10/29 15:36:01 | 000,055,331 | ---- | C] () -- C:\windows\sess_ceoamnsfguhlfj7omrlhjur5h3
[2012/10/29 15:36:00 | 000,055,334 | ---- | C] () -- C:\windows\sess_uqeibbekcgelidagl0efp370b4
[2012/10/29 15:04:54 | 000,055,331 | ---- | C] () -- C:\windows\sess_e48gsn7b30649srbsdd5v2jad2
[2012/10/29 15:04:53 | 000,055,334 | ---- | C] () -- C:\windows\sess_m0eff5cro6cmecll7ta423f7m3
[2012/10/29 15:04:49 | 000,055,331 | ---- | C] () -- C:\windows\sess_80qqdd7vcugmqcprg7m0mrdc63
[2012/10/29 15:04:48 | 000,055,334 | ---- | C] () -- C:\windows\sess_e1hek2huu5in47umqhisq2qts3
[2012/10/29 13:34:14 | 000,055,337 | ---- | C] () -- C:\windows\sess_79fdpon8qand25v3e948b4qbc2
[2012/10/29 12:42:04 | 000,055,331 | ---- | C] () -- C:\windows\sess_jl1hm965gj4arq1bj12f6h36s2
[2012/10/29 12:42:03 | 000,055,334 | ---- | C] () -- C:\windows\sess_3dvkc4cn7gmeiqsdmp1n0kd604
[2012/10/29 12:41:54 | 000,055,334 | ---- | C] () -- C:\windows\sess_uk1138urs57j7ttqucr63cvm64
[2012/10/29 12:41:54 | 000,055,331 | ---- | C] () -- C:\windows\sess_9jgs504p6p70ljkjopt4goj604
[2012/10/29 12:41:54 | 000,055,331 | ---- | C] () -- C:\windows\sess_9dshatt5b3btt5p40jgu94dn86
[2012/10/29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_sfc2m3gigflvlfeptsgqp8qd31
[2012/10/29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_ko5k1i7r82ggrp3lqp1ks6el53
[2012/10/29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_dpa68cs7bpne1jh70ctf4uvvn7
[2012/10/29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_a27e56h9km988m32t56noav4e5
[2012/10/29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_uo6iktgako59la171ejqrtp2d7
[2012/10/29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_rh2u220939aj3s2hhapeq7aa92
[2012/10/29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_qlkgj6c37uqfo3mrfsi96ekvb3
[2012/10/29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_6mtp4dvm2bn31akdfc20i1c992
[2012/10/29 12:41:51 | 000,055,331 | ---- | C] () -- C:\windows\sess_hfd3ep695kf6o746d36vekcdr7
[2012/10/29 12:41:51 | 000,055,331 | ---- | C] () -- C:\windows\sess_di3br0qgoqhb4kabbjq5hv9da6
[2012/10/29 12:41:50 | 000,055,331 | ---- | C] () -- C:\windows\sess_8h140ng9m69cc58mnm9ehtkuo7
[2012/10/29 12:41:49 | 000,055,331 | ---- | C] () -- C:\windows\sess_k9clsss02l2m8kun3f1p20kma6
[2012/10/29 12:41:49 | 000,055,331 | ---- | C] () -- C:\windows\sess_h18pqh6dqbf3vcerlp0fm45q25
[2012/10/29 12:41:46 | 000,055,331 | ---- | C] () -- C:\windows\sess_uct1u8q8ksh0h4v678siujstm0
[2012/10/29 12:41:43 | 000,055,331 | ---- | C] () -- C:\windows\sess_ai0013ue12ol6b8f8jb3ebuub1
[2012/10/29 12:41:42 | 000,055,331 | ---- | C] () -- C:\windows\sess_dj4ds0m76l3j28i14lau54ul64
[2012/10/29 12:41:41 | 000,055,337 | ---- | C] () -- C:\windows\sess_b0oorbo902kds8ik3euh8n9u36
[2012/10/29 12:41:41 | 000,055,331 | ---- | C] () -- C:\windows\sess_n4rtaj9673lgl1c8paojsadct3
[2012/10/29 12:41:41 | 000,055,331 | ---- | C] () -- C:\windows\sess_i95efddtfib87roh9u7s4oife0
[2012/10/29 10:53:36 | 000,055,337 | ---- | C] () -- C:\windows\sess_1b34unhehtj5drqqj002g2c341
[2012/10/29 10:45:19 | 000,055,337 | ---- | C] () -- C:\windows\sess_4ddeobtrm2h933s9tbmdrd1195
[2012/10/29 10:44:16 | 000,117,914 | ---- | C] () -- C:\windows\sess_r8aqfbre4t9eu7ptb0lk4kp753
[2012/10/29 10:19:09 | 000,055,337 | ---- | C] () -- C:\windows\sess_37rp294k6ngpqghg8slht4js25
[2012/10/29 10:18:47 | 000,056,018 | ---- | C] () -- C:\windows\sess_c2u7mnhd5qli6lkjh7g54jusa4
[2012/10/29 10:18:47 | 000,056,018 | ---- | C] () -- C:\windows\sess_3g8v3hdrf5h8pfm3hoa0c7v810
[2012/10/29 10:18:47 | 000,056,014 | ---- | C] () -- C:\windows\sess_cmqq0pi5vinkd1efgcbodl51k6
[2012/10/29 10:18:45 | 000,056,014 | ---- | C] () -- C:\windows\sess_abgllcvef9pe6erhu8ekq6ggq7
[2012/10/29 09:04:06 | 000,056,549 | ---- | C] () -- C:\windows\sess_or5ti5vc0huujf3amhdp6ktgr7
[2012/10/29 09:00:21 | 000,055,337 | ---- | C] () -- C:\windows\sess_mr1cat7qm67s5gcp6tkdjk3cv0
[2012/10/29 08:26:46 | 000,056,018 | ---- | C] () -- C:\windows\sess_hptd0jobar5v9rg5lh5banu106
[2012/10/29 08:26:42 | 000,056,018 | ---- | C] () -- C:\windows\sess_glhj9012kcitku78q76j44kpd1
[2012/10/29 08:26:42 | 000,056,014 | ---- | C] () -- C:\windows\sess_b7j2b41nrl3h4knbj1jublks24
[2012/10/29 08:26:42 | 000,056,013 | ---- | C] () -- C:\windows\sess_m47mnj6fnjr6bed2m33s2ovcj1
[2012/10/29 08:26:39 | 000,056,014 | ---- | C] () -- C:\windows\sess_jlicsl856i6kpbdk139ehmdmu5
[2012/10/26 17:28:19 | 000,055,334 | ---- | C] () -- C:\windows\sess_9j4qcm8bujgnngn3hnc5459te0
[2012/10/26 17:28:19 | 000,055,334 | ---- | C] () -- C:\windows\sess_7d0o08b2jvb3o56aqs6jfc9no3
[2012/10/26 17:28:18 | 000,055,330 | ---- | C] () -- C:\windows\sess_80kg347lala241i37juhb2ht33
[2012/10/26 17:28:18 | 000,055,329 | ---- | C] () -- C:\windows\sess_rouoeojkmh2qjg2rin3vohnoo5
[2012/10/26 14:42:27 | 000,055,334 | ---- | C] () -- C:\windows\sess_2gg91ani31jr2mk1g4oauj7a66
[2012/10/26 14:41:22 | 000,055,334 | ---- | C] () -- C:\windows\sess_003f8llqf9juv54l19p34fa2t0
[2012/10/26 14:34:59 | 000,017,197 | ---- | C] () -- C:\windows\sess_oktj28skagalmeu1n49vd5kja1
[2012/10/26 14:00:34 | 000,056,018 | ---- | C] () -- C:\windows\sess_iaco566vveo1nk8hh38fk9psh1
[2012/10/26 14:00:34 | 000,056,018 | ---- | C] () -- C:\windows\sess_9g3vvudfgeplqafi035mj10pb4
[2012/10/26 14:00:34 | 000,056,014 | ---- | C] () -- C:\windows\sess_vu76hmdaq64d03456rdmcqejo3
[2012/10/26 14:00:34 | 000,056,014 | ---- | C] () -- C:\windows\sess_2mtr6rnmg46li3sm6pml8aq922
[2012/10/26 14:00:26 | 000,017,197 | ---- | C] () -- C:\windows\sess_ohl13bigcbtbr1q4utedjbvb63
[2012/10/26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_n4ojdb7vouu7dv4eh3bb7oeas0
[2012/10/26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_dfr7j3g68dko7tqlt9a5kk5l71
[2012/10/26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_9h9vk071a9lqu6ngerj10327c3
[2012/10/26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_1dd31c0bv81j7fqeq6ijo79t32
[2012/10/26 13:56:42 | 000,056,039 | ---- | C] () -- C:\windows\sess_laso3tial542op3adau0k3u4s4
[2012/10/26 13:56:41 | 000,056,018 | ---- | C] () -- C:\windows\sess_7h4c9p4209n4j7tcistfdsgdf5
[2012/10/26 13:56:41 | 000,056,014 | ---- | C] () -- C:\windows\sess_7d5r342kicj3r8knhlhopaf103
[2012/10/26 13:56:40 | 000,056,013 | ---- | C] () -- C:\windows\sess_d5j44ssniv68iiha5lkdb3ho71
[2012/10/26 13:56:38 | 000,056,014 | ---- | C] () -- C:\windows\sess_dtuns1pog6bnbm3csfss34fae1
[2012/10/26 13:50:46 | 000,117,912 | ---- | C] () -- C:\windows\sess_3t4t9o9bcfktnbudkkfia0ho32
[2012/10/26 13:47:34 | 000,045,473 | ---- | C] () -- C:\windows\sess_o8h8vrob84aootauinbka1kdb7
[2012/10/26 13:46:43 | 000,017,744 | ---- | C] () -- C:\windows\sess_tp5elbhkdj0pd0k28qttd18bf1
[2012/10/26 13:46:01 | 000,017,744 | ---- | C] () -- C:\windows\sess_euiecr1raruhctmvvi276nl8l6
[2012/10/26 13:39:07 | 000,017,744 | ---- | C] () -- C:\windows\sess_hm6rs9vngkei8anekqp7kpj695
[2012/10/26 08:38:10 | 000,000,105 | ---- | C] () -- C:\Users\weh\Documents\brentford_magento.dsn
[2012/10/26 08:35:54 | 006,506,496 | ---- | C] () -- C:\Users\weh\Desktop\magento1.5.1-brentford.eap
[2012/10/25 18:00:48 | 000,055,334 | ---- | C] () -- C:\windows\sess_q5bafm61pcrfmlpb7gr38da994
[2012/10/25 18:00:48 | 000,055,330 | ---- | C] () -- C:\windows\sess_6bbkkqldn5dntv14pa1agp9mb5
[2012/10/25 18:00:48 | 000,055,329 | ---- | C] () -- C:\windows\sess_0llk0cipmv6g70rhdpqq8td881
[2012/10/25 18:00:46 | 000,055,334 | ---- | C] () -- C:\windows\sess_6e531cq1p7s7iassi6v52m1bv4
[2012/10/25 14:05:20 | 000,055,355 | ---- | C] () -- C:\windows\sess_jklmtai3q2bv8bl2au34503i31
[2012/10/25 14:05:11 | 000,055,334 | ---- | C] () -- C:\windows\sess_h90983pa344ace3u217utjh6a7
[2012/10/25 14:05:11 | 000,055,330 | ---- | C] () -- C:\windows\sess_1irk55glhtu785oeeefu8q0om6
[2012/10/25 14:05:11 | 000,055,329 | ---- | C] () -- C:\windows\sess_319di38o2l4c20m69q9qpg95c5
[2012/10/25 14:05:09 | 000,055,330 | ---- | C] () -- C:\windows\sess_l1auaakfkhf7ona7rmftht0hh0
[2012/10/24 08:08:54 | 000,000,022 | ---- | C] () -- C:\windows\SysWow64\devconinfo
[2012/10/24 08:08:54 | 000,000,021 | ---- | C] () -- C:\windows\SysNative\devconinfo
[2012/10/17 09:32:39 | 000,053,989 | ---- | C] () -- C:\windows\sess_lu43omd1jijp04254o8upvou53
[2012/10/17 09:29:42 | 000,055,334 | ---- | C] () -- C:\windows\sess_vq4pa77dgs8bmfet4je9oqr2n5
[2012/10/17 09:29:40 | 000,055,330 | ---- | C] () -- C:\windows\sess_fiestfqdrk3elset0epm6vbqu6
[2012/10/17 09:29:40 | 000,055,330 | ---- | C] () -- C:\windows\sess_arn2psussqhgdu9u5c3e1gmdg6
[2012/10/17 09:29:40 | 000,055,329 | ---- | C] () -- C:\windows\sess_0q4rp9ekmb6hrubjdb0milis13
[2012/10/17 09:29:27 | 000,055,334 | ---- | C] () -- C:\windows\sess_li9m6gajg2gt3mj0km03a3bda4
[2012/10/17 09:29:27 | 000,055,330 | ---- | C] () -- C:\windows\sess_hqhe0m60dmtpe5s9v279jnmba6
[2012/10/17 09:29:27 | 000,055,329 | ---- | C] () -- C:\windows\sess_8aq6fm6cdqimhd0jb9qhfqcg80
[2012/10/17 09:29:24 | 000,055,330 | ---- | C] () -- C:\windows\sess_1tquf8v4rek4o28hqi5va5l890
[2012/10/16 15:36:22 | 000,055,334 | ---- | C] () -- C:\windows\sess_210d12007katu43nc58jiv9gv0
[2012/10/16 15:02:33 | 000,055,337 | ---- | C] () -- C:\windows\sess_ojpd9jnu8itdde4v59utfrp2g7
[2012/10/16 15:01:27 | 000,052,764 | ---- | C] () -- C:\windows\sess_1aru2t09vrhnvj4jiupcptdq35
[2012/10/16 12:50:14 | 000,055,335 | ---- | C] () -- C:\windows\sess_gmntlm6kmaseratfn59q5ju450
[2012/10/16 12:50:09 | 000,052,764 | ---- | C] () -- C:\windows\sess_m3prje56a0st38hnas035gjv26
[2012/10/16 12:49:36 | 000,055,340 | ---- | C] () -- C:\windows\sess_7bq1n0hda1dn5g7bbno2n0lpn2
[2012/08/14 14:08:40 | 000,000,152 | ---- | C] () -- C:\windows\SysWow64\RSLSP.ini
[2012/08/14 12:34:03 | 000,000,236 | ---- | C] () -- C:\windows\sripper.ini
[2012/08/14 12:34:03 | 000,000,052 | ---- | C] () -- C:\windows\StreamRipper32.INI
[2012/07/20 19:05:53 | 000,000,424 | ---- | C] () -- C:\Users\weh\AppData\Roaming\.ptbt1
[2012/07/17 10:22:56 | 000,001,484 | ---- | C] () -- C:\Users\weh\.h2.server.properties
[2012/07/09 09:44:01 | 000,000,158 | ---- | C] () -- C:\Users\weh\.gtkrc-2.0
[2012/05/08 11:52:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd9.dll
[2012/05/08 11:52:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd11.dll
[2012/05/08 11:52:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd10.dll
[2012/03/30 10:08:41 | 000,040,757 | ---- | C] () -- C:\Users\weh\AppData\Local\recently-used.xbel.I07BCW
[2012/02/27 15:16:43 | 000,000,017 | ---- | C] () -- C:\Users\weh\_pentadactylrc
[2011/11/11 19:15:41 | 000,003,190 | ---- | C] () -- C:\Users\weh\.ganttproject
[2011/11/04 10:11:00 | 000,000,335 | ---- | C] () -- C:\Users\weh\.gitconfig
[2011/11/04 10:00:01 | 000,000,189 | ---- | C] () -- C:\Users\weh\.gitignore
[2011/08/22 20:11:16 | 000,007,665 | ---- | C] () -- C:\Users\weh\AppData\Local\Resmon.ResmonCfg
[2011/08/17 12:50:33 | 002,463,976 | ---- | C] () -- C:\windows\SysWow64\NPSWF32.dll
[2011/06/22 09:13:36 | 000,000,067 | ---- | C] () -- C:\windows\Emu48.ini
[2011/06/01 12:04:19 | 000,001,117 | ---- | C] () -- C:\Users\weh\.scala_history
[2011/05/06 10:34:16 | 000,167,784 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/04/28 07:52:27 | 000,001,854 | ---- | C] () -- C:\Users\weh\AppData\Roaming\GhostObjGAFix.xml
[2011/04/11 16:18:46 | 000,695,642 | ---- | C] () -- C:\windows\unins000.exe
[2011/04/11 16:18:46 | 000,001,729 | ---- | C] () -- C:\windows\unins000.dat
[2011/03/30 12:26:16 | 000,000,012 | ---- | C] () -- C:\windows\dirsaver.ini
[2011/03/30 12:26:09 | 000,028,672 | ---- | C] () -- C:\windows\gscr.dll
[2011/03/18 09:35:26 | 000,000,017 | ---- | C] () -- C:\Users\weh\.javafx_ping_sent
[2011/03/01 18:15:28 | 000,000,642 | ---- | C] () -- C:\windows\ODBC.INI
[2011/03/01 18:13:58 | 000,000,232 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011/03/01 10:59:10 | 000,000,920 | -H-- | C] () -- C:\Users\weh\.gitk
[2011/03/01 09:11:02 | 000,020,945 | ---- | C] () -- C:\Users\weh\_viminfo
[2011/02/21 10:20:08 | 000,000,255 | ---- | C] () -- C:\Users\weh\AppData\Roaming\sqlite3Explorer.xml
[2011/02/17 17:54:46 | 000,144,622 | ---- | C] () -- C:\windows\SysWow64\drivers\kqemu.sys
[2011/02/17 15:02:37 | 000,000,600 | ---- | C] () -- C:\Users\weh\AppData\Local\PUTTY.RND
[2011/02/09 12:39:32 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/02/03 10:46:23 | 000,000,182 | ---- | C] () -- C:\Users\weh\.zf.ini
[2011/02/02 09:00:04 | 000,000,600 | ---- | C] () -- C:\Users\weh\AppData\Roaming\winscp.rnd
[2011/02/01 15:50:39 | 000,000,727 | ---- | C] () -- C:\windows\hpntwksetup.ini
[2011/02/01 15:49:34 | 000,176,788 | ---- | C] () -- C:\windows\hppins12.dat
[2011/02/01 15:49:34 | 000,007,855 | ---- | C] () -- C:\windows\hppmdl12.dat
[2011/02/01 15:30:41 | 000,769,286 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/01 14:27:11 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/02/01 11:03:03 | 000,000,096 | ---- | C] () -- C:\Users\weh\.asadminpass
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/08/10 10:44:59 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Acronis
[2012/08/28 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2011/07/08 08:03:32 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Bitcoin
[2012/11/01 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\calibre
[2011/02/01 09:26:29 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\DigitalPersona
[2012/11/14 16:55:01 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Dropbox
[2011/07/26 11:38:57 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\EasyTax
[2012/10/31 09:25:13 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\FileZilla
[2012/05/22 12:23:46 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\GitHub
[2012/04/13 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\gtk-2.0
[2012/03/20 11:03:52 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\HandBrake
[2011/02/01 17:12:48 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\HeidiSQL
[2011/09/21 14:42:36 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\InfraRecorder
[2012/06/01 13:13:47 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\inkscape
[2012/10/31 19:31:51 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\KeePass
[2011/05/19 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Launchy
[2011/04/13 10:03:22 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Leadertech
[2012/11/09 19:46:00 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\LibreOffice
[2011/02/03 09:17:20 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\motorola
[2011/02/22 09:46:08 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\MySQL
[2012/11/08 09:48:15 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\NetBeans
[2011/05/19 17:38:37 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Notepad++
[2012/03/16 13:00:08 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\npm
[2012/03/16 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\npm-cache
[2011/02/02 12:57:47 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\OpenOffice.org
[2011/09/07 12:09:59 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Opera
[2011/11/24 10:21:25 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\pdfforge
[2011/02/04 09:44:14 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Pencil
[2011/02/01 17:11:05 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\postgresql
[2011/02/01 16:28:25 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Sparx Systems
[2011/10/13 09:32:13 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Sublime Text 2
[2011/02/01 10:37:24 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Subversion
[2012/02/29 13:53:13 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\TeamViewer
[2011/02/09 12:39:32 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Thunderbird
[2012/11/01 08:41:03 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Veodin
[2012/09/12 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\webex
[2011/11/22 16:15:58 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Wireshark
========== Purity Check ==========
< End of report > |