qooqlle?
Started by
kanada1702
, Apr 25 2011 03:33 PM
-
This topic is locked
#1
Posted 25 April 2011 - 03:33 PM
kanada1702
-
- Member
-
- 21 posts
Member
#2
Posted 02 May 2011 - 04:07 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi kanada1702,
Sorry for the delay.
Welcome to Geekstogo. My name is Salagubang.
Are you still having problems with this computer?
Sorry for the delay.
Welcome to Geekstogo. My name is Salagubang.
Are you still having problems with this computer?
#3
Posted 03 May 2011 - 06:27 AM
kanada1702
- Topic Starter
-
- Member
-
- 21 posts
Member
hello
yes i am i have tried almost everthing but no change
yes i am i have tried almost everthing but no change
#4
Posted 03 May 2011 - 06:29 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
We need some logs. 
Download OTL to your Desktop
Next
GMER Rootkit Scanner
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click on Standard Output at the top
- Under the Extra Registry sectionm ensure that Safelist is selected
- Select All Users
- Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
- Double click inside the Custom Scan box at the bottom
- A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
- Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
- Select scan.txt and click Open. Writing will now appear under the Custom Scan box
- Click the
Quick Scan
button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
Next
GMER Rootkit Scanner
GMER Rootkit Scanner - Download - Homepage- Download GMER
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe.
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
#5
Posted 03 May 2011 - 10:44 AM
kanada1702
- Topic Starter
-
- Member
-
- 21 posts
Member
OTL logfile created on: 2011-05-03 17:37:49 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kanada1702\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 23,48 Gb Free Space | 10,08% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 61,65 Mb Free Space | 61,65% Space Free | Partition Type: NTFS
Drive G: | 124,84 Gb Total Space | 81,17 Gb Free Space | 65,02% Space Free | Partition Type: NTFS
Drive H: | 340,82 Gb Total Space | 19,78 Gb Free Space | 5,80% Space Free | Partition Type: NTFS
Computer Name: KANADA | User Name: Kanada1702 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011-05-03 17:33:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kanada1702\Downloads\OTL.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-12-02 19:22:24 | 000,395,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010-11-23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010-10-07 09:04:26 | 012,661,344 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
PRC - [2009-10-13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008-09-10 12:17:40 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
========== Modules (SafeList) ==========
MOD - [2011-05-03 17:33:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kanada1702\Downloads\OTL.exe
MOD - [2010-11-20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010-04-07 11:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-02-19 00:35:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011-02-19 00:33:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-12-08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-12-06 18:19:27 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-10-13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-12-08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010-11-12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010-09-29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010-09-21 21:06:13 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-09-13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010-09-07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010-09-07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010-08-03 15:24:28 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010-08-03 15:24:24 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010-07-30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010-07-30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010-07-30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010-07-30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010-07-15 13:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-04-08 17:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010-04-07 11:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010-04-07 11:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-04-07 10:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009-12-15 11:24:20 | 001,148,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-09-16 07:43:08 | 003,479,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008-01-19 05:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2010-01-29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2008-02-15 17:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys -- (FLASHSYS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\..\URLSearchHook: {0d0c3dac-76cf-403d-b7fb-d56fa2e186fe} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://pl.start3.moz...la:pl:official"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-02-05 21:35:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011-04-25 21:43:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-22 11:21:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-04-22 11:21:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-02-05 21:35:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2011-02-09 15:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kanada1702\AppData\Roaming\Mozilla\Extensions
[2011-04-25 22:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kanada1702\AppData\Roaming\Mozilla\Firefox\Profiles\sv9c2yuh.default\extensions
[2011-02-09 18:16:50 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Kanada1702\AppData\Roaming\Mozilla\Firefox\Profiles\sv9c2yuh.default\extensions\[email protected]
[2011-04-25 20:33:05 | 000,001,860 | ---- | M] () -- C:\Users\Kanada1702\AppData\Roaming\Mozilla\Firefox\Profiles\sv9c2yuh.default\searchplugins\search.xml
[2011-04-25 22:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-02-17 21:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-04-08 16:50:59 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011-04-01 18:35:11 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011-04-25 21:43:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011-02-05 21:35:13 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-04-11 20:37:10 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allegro-pl.xml
[2011-04-01 18:35:02 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2011-04-11 20:37:11 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-12-22 17:51:38 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchost.xml
[2011-04-11 20:37:11 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\merlin-pl.xml
[2011-04-11 20:37:11 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\pwn-pl.xml
[2011-04-11 20:37:11 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2011-04-11 20:37:11 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2010-12-06 16:25:11 | 000,000,869 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{849d6da7-c62a-11df-a461-001c25360540}\Shell - "" = AutoRun
O33 - MountPoints2\{849d6da7-c62a-11df-a461-001c25360540}\Shell\AutoRun\command - "" = I:\Razor1911_Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
========== Files/Folders - Created Within 30 Days ==========
[2011-04-29 18:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop
[2011-04-25 22:36:53 | 000,000,000 | ---D | C] -- C:\Users\Kanada1702\AppData\Roaming\Malwarebytes
[2011-04-25 22:36:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-04-25 22:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-04-25 22:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-04-25 22:36:41 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-04-25 22:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-04-25 22:27:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-04-25 21:33:33 | 000,000,000 | ---D | C] -- C:\Users\Kanada1702\AppData\Roaming\AVG
[2011-04-25 21:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011-04-25 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011-04-25 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\Kanada1702\AppData\Roaming\AVG10
[2011-04-25 20:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011-04-25 20:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011-04-25 20:08:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011-04-25 11:54:36 | 000,000,000 | ---D | C] -- C:\Users\Kanada1702\AppData\Local\ESET
[2011-04-13 19:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010-10-13 20:24:30 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Kanada1702\AppData\Roaming\tsdnwin.dll
[2010-02-04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
========== Files - Modified Within 30 Days ==========
[2011-05-03 17:30:37 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBz3952.html
[2011-05-03 17:30:37 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqX3952.html
[2011-05-03 17:30:36 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVa3952.html
[2011-05-03 17:30:36 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempYB3952.html
[2011-05-03 17:29:57 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-05-03 17:27:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674711036-1596238359-3314894375-1000UA.job
[2011-05-03 17:13:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-05-03 16:53:52 | 114,072,665 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011-05-03 16:50:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-05-03 10:27:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674711036-1596238359-3314894375-1000Core.job
[2011-05-03 08:27:35 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-05-03 08:27:35 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-05-03 08:20:08 | 2415,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-02 21:57:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuQ2592.html
[2011-05-02 21:57:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemppI2592.html
[2011-05-02 21:57:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempOw2592.html
[2011-05-02 21:57:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempOV2592.html
[2011-05-02 10:44:05 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGx2464.html
[2011-05-02 10:44:05 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGp2464.html
[2011-05-02 10:44:05 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempNX2464.html
[2011-05-02 10:44:05 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temphe2464.html
[2011-05-01 22:19:21 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempsr2448.html
[2011-05-01 22:19:21 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempas2448.html
[2011-05-01 22:19:21 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempIo2448.html
[2011-05-01 22:19:21 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempbw2448.html
[2011-05-01 10:42:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempfp2636.html
[2011-05-01 10:42:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempAb2636.html
[2011-05-01 10:42:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempSr2636.html
[2011-05-01 10:42:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemphH2636.html
[2011-05-01 01:09:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGJ2436.html
[2011-05-01 01:09:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempeh2436.html
[2011-05-01 01:09:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempWG2436.html
[2011-05-01 01:09:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temprj2436.html
[2011-04-30 20:27:35 | 000,002,388 | ---- | M] () -- C:\Users\Kanada1702\Desktop\Google Chrome.lnk
[2011-04-29 23:13:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuA3068.html
[2011-04-29 23:13:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempne3068.html
[2011-04-29 23:13:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempwz3068.html
[2011-04-29 23:13:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempir3068.html
[2011-04-29 12:45:36 | 000,301,568 | ---- | M] () -- C:\Users\Kanada1702\Desktop\gmer.exe
[2011-04-29 07:42:50 | 001,591,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-04-29 07:42:50 | 000,710,494 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2011-04-29 07:42:50 | 000,628,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-04-29 07:42:50 | 000,140,684 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2011-04-29 07:42:50 | 000,115,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-04-28 23:27:23 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemphU2308.html
[2011-04-28 23:27:23 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBl2308.html
[2011-04-28 23:27:23 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempXJ2308.html
[2011-04-28 23:27:23 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKK2308.html
[2011-04-28 17:49:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempHf3196.html
[2011-04-28 17:49:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempgN3196.html
[2011-04-28 17:49:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVW3196.html
[2011-04-28 17:49:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempnb3196.html
[2011-04-27 22:08:40 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuS2300.html
[2011-04-27 22:08:40 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqQ2300.html
[2011-04-27 22:08:40 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqN2300.html
[2011-04-27 22:08:40 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempcG2300.html
[2011-04-25 23:11:17 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKT2384.html
[2011-04-25 23:11:17 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBD2384.html
[2011-04-25 23:11:17 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempYN2384.html
[2011-04-25 23:11:17 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempCq2384.html
[2011-04-25 22:36:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-04-25 21:43:24 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011-04-25 20:09:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2011-04-25 20:09:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2011-04-24 22:01:10 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempkd2020.html
[2011-04-24 22:01:10 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempem2020.html
[2011-04-24 22:01:10 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempDi2020.html
[2011-04-24 22:01:10 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempCo2020.html
[2011-04-23 23:33:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempyC1836.html
[2011-04-23 23:33:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempfZ1836.html
[2011-04-23 23:33:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqO1836.html
[2011-04-23 23:33:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempMx1836.html
[2011-04-23 08:06:06 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVU1936.html
[2011-04-23 08:06:06 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemphP1936.html
[2011-04-23 08:06:05 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temply1936.html
[2011-04-23 08:06:05 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempyD1936.html
[2011-04-22 23:00:43 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempvV1908.html
[2011-04-22 23:00:43 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKx1908.html
[2011-04-22 23:00:43 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKV1908.html
[2011-04-22 23:00:43 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempiq1908.html
[2011-04-22 00:27:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempzi1880.html
[2011-04-22 00:27:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempjc1880.html
[2011-04-22 00:27:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempvf1880.html
[2011-04-22 00:27:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Templu1880.html
[2011-04-21 23:32:50 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempmI1968.html
[2011-04-21 23:32:50 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempFm1968.html
[2011-04-21 23:32:50 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempxx1968.html
[2011-04-21 23:32:50 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempSw1968.html
[2011-04-19 23:20:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempUb1908.html
[2011-04-19 23:20:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGw1908.html
[2011-04-19 23:20:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempWQ1908.html
[2011-04-19 23:20:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempPY1908.html
[2011-04-19 09:14:35 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZs1932.html
[2011-04-19 09:14:35 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBJ1932.html
[2011-04-19 09:14:35 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempMG1932.html
[2011-04-19 09:14:35 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempfH1932.html
[2011-04-18 23:35:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempWh2016.html
[2011-04-18 23:35:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBz2016.html
[2011-04-18 23:35:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuI2016.html
[2011-04-18 23:35:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempST2016.html
[2011-04-17 12:40:32 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempJp1936.html
[2011-04-16 18:48:36 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempqx1752.html
[2011-04-15 16:07:42 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempra1936.html
[2011-04-14 22:15:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempxI3444.html
[2011-04-14 22:15:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempnH3444.html
[2011-04-14 22:15:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZt3444.html
[2011-04-14 22:15:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZO3444.html
[2011-04-14 09:37:22 | 000,312,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-04-14 09:34:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempul1988.html
[2011-04-14 09:34:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempUA1988.html
[2011-04-14 09:34:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temptd1988.html
[2011-04-14 09:34:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempNP1988.html
[2011-04-13 20:42:26 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempTI1768.html
[2011-04-13 19:48:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempeO3040.html
[2011-04-13 19:48:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBV3040.html
[2011-04-13 19:48:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemppD3040.html
[2011-04-13 19:48:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempjY3040.html
[2011-04-13 17:56:39 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempaI1424.html
[2011-04-12 19:54:35 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempvl1556.html
[2011-04-11 23:14:32 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempYm2064.html
[2011-04-11 23:14:32 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempxc2064.html
[2011-04-11 23:14:32 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempxW2064.html
[2011-04-11 23:14:32 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempFT2064.html
[2011-04-10 22:20:11 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempzu1704.html
[2011-04-10 22:13:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempxy1872.html
[2011-04-10 22:13:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempXH1872.html
[2011-04-10 22:13:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempwy1872.html
[2011-04-10 22:13:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempNv1872.html
[2011-04-08 21:48:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVv1704.html
[2011-04-08 21:48:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempRM1704.html
[2011-04-08 21:48:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKl1704.html
[2011-04-08 21:48:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempCv1704.html
[2011-04-08 16:54:14 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZa1996.html
[2011-04-08 16:54:14 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempTV1996.html
[2011-04-08 16:54:14 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempyF1996.html
[2011-04-08 16:54:14 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempPu1996.html
[2011-04-08 16:51:57 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2011-04-08 16:51:57 | 000,000,000 | ---- | M] () -- C:\Users\Kanada1702\AppData\Roaming\Woodwind
[2011-04-08 16:51:57 | 000,000,000 | ---- | M] () -- C:\ProgramData\Plants
[2011-04-07 17:38:40 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempis1716.html
[2011-04-06 20:37:21 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temppw1512.html
[2011-04-05 21:04:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempgX1276.html
[2011-04-04 23:02:38 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempQs1880.html
[2011-04-04 23:02:38 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempJP1880.html
[2011-04-04 23:02:38 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempQB1880.html
[2011-04-04 23:02:38 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempaF1880.html
[2011-04-04 01:12:47 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempUE1880.html
[2011-04-04 01:12:47 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempcx1880.html
[2011-04-04 01:12:47 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempie1880.html
[2011-04-04 01:12:47 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempFn1880.html
[2011-04-04 00:32:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempwv1524.html
[2011-04-04 00:32:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempvB1524.html
[2011-04-04 00:32:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempLe1524.html
[2011-04-04 00:32:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempJp1524.html
========== Files Created - No Company Name ==========
[2011-05-03 17:40:01 | 000,301,568 | ---- | C] () -- C:\Users\Kanada1702\Desktop\gmer.exe
[2011-05-03 17:30:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBz3952.html
[2011-05-03 17:30:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqX3952.html
[2011-05-03 17:30:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVa3952.html
[2011-05-03 17:30:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYB3952.html
[2011-05-03 16:53:52 | 114,072,665 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011-05-02 14:54:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuQ2592.html
[2011-05-02 14:54:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOV2592.html
[2011-05-02 14:54:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppI2592.html
[2011-05-02 14:54:44 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOw2592.html
[2011-05-02 09:20:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGx2464.html
[2011-05-02 09:20:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphe2464.html
[2011-05-02 09:19:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGp2464.html
[2011-05-02 09:19:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNX2464.html
[2011-05-01 18:51:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsr2448.html
[2011-05-01 18:51:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbw2448.html
[2011-05-01 18:51:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempas2448.html
[2011-05-01 18:51:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIo2448.html
[2011-05-01 10:05:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfp2636.html
[2011-05-01 10:05:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphH2636.html
[2011-05-01 10:05:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAb2636.html
[2011-05-01 10:05:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSr2636.html
[2011-04-30 09:39:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGJ2436.html
[2011-04-30 09:39:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWG2436.html
[2011-04-30 09:39:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempeh2436.html
[2011-04-30 09:39:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprj2436.html
[2011-04-29 07:39:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempne3068.html
[2011-04-29 07:39:35 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempir3068.html
[2011-04-29 07:39:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuA3068.html
[2011-04-29 07:39:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwz3068.html
[2011-04-28 17:52:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBl2308.html
[2011-04-28 17:52:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXJ2308.html
[2011-04-28 17:52:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphU2308.html
[2011-04-28 17:52:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKK2308.html
[2011-04-28 15:46:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHf3196.html
[2011-04-28 15:46:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVW3196.html
[2011-04-28 15:46:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgN3196.html
[2011-04-28 15:46:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnb3196.html
[2011-04-27 10:35:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqQ2300.html
[2011-04-27 10:35:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqN2300.html
[2011-04-27 10:35:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuS2300.html
[2011-04-27 10:35:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcG2300.html
[2011-04-25 22:59:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKT2384.html
[2011-04-25 22:59:14 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCq2384.html
[2011-04-25 22:59:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBD2384.html
[2011-04-25 22:59:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYN2384.html
[2011-04-25 22:36:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-04-25 20:09:05 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011-04-24 08:50:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkd2020.html
[2011-04-24 08:50:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempem2020.html
[2011-04-24 08:50:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDi2020.html
[2011-04-24 08:50:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCo2020.html
[2011-04-23 15:13:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyC1836.html
[2011-04-23 15:13:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfZ1836.html
[2011-04-23 15:13:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqO1836.html
[2011-04-23 15:13:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMx1836.html
[2011-04-23 08:06:06 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVU1936.html
[2011-04-23 08:06:06 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphP1936.html
[2011-04-23 08:06:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temply1936.html
[2011-04-23 08:06:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyD1936.html
[2011-04-22 08:02:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvV1908.html
[2011-04-22 08:02:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempiq1908.html
[2011-04-22 08:02:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKx1908.html
[2011-04-22 08:02:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKV1908.html
[2011-04-22 00:21:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjc1880.html
[2011-04-22 00:21:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Templu1880.html
[2011-04-22 00:21:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzi1880.html
[2011-04-22 00:21:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvf1880.html
[2011-04-21 08:05:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmI1968.html
[2011-04-21 08:05:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFm1968.html
[2011-04-21 08:05:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxx1968.html
[2011-04-21 08:05:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSw1968.html
[2011-04-19 12:51:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUb1908.html
[2011-04-19 12:51:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGw1908.html
[2011-04-19 12:51:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWQ1908.html
[2011-04-19 12:51:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPY1908.html
[2011-04-19 07:39:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBJ1932.html
[2011-04-19 07:39:35 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfH1932.html
[2011-04-19 07:39:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZs1932.html
[2011-04-19 07:39:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMG1932.html
[2011-04-18 12:30:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWh2016.html
[2011-04-18 12:30:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempST2016.html
[2011-04-18 12:30:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBz2016.html
[2011-04-18 12:30:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuI2016.html
[2011-04-17 12:38:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJp1936.html
[2011-04-16 08:55:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqx1752.html
[2011-04-15 09:17:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempra1936.html
[2011-04-14 09:38:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxI3444.html
[2011-04-14 09:38:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnH3444.html
[2011-04-14 09:38:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZt3444.html
[2011-04-14 09:38:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZO3444.html
[2011-04-14 08:58:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempul1988.html
[2011-04-14 08:58:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUA1988.html
[2011-04-14 08:58:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temptd1988.html
[2011-04-14 08:58:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNP1988.html
[2011-04-13 19:51:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTI1768.html
[2011-04-13 19:31:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeO3040.html
[2011-04-13 19:31:33 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppD3040.html
[2011-04-13 19:31:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBV3040.html
[2011-04-13 19:31:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempjY3040.html
[2011-04-13 09:29:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaI1424.html
[2011-04-12 16:12:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvl1556.html
[2011-04-11 07:59:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYm2064.html
[2011-04-11 07:59:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxW2064.html
[2011-04-11 07:59:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxc2064.html
[2011-04-11 07:59:33 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFT2064.html
[2011-04-10 22:19:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzu1704.html
[2011-04-10 11:47:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxy1872.html
[2011-04-10 11:47:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXH1872.html
[2011-04-10 11:47:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwy1872.html
[2011-04-10 11:47:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNv1872.html
[2011-04-08 16:57:06 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRM1704.html
[2011-04-08 16:57:06 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKl1704.html
[2011-04-08 16:57:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVv1704.html
[2011-04-08 16:57:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCv1704.html
[2011-04-08 16:51:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\Plants
[2011-04-08 09:16:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZa1996.html
[2011-04-08 09:16:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPu1996.html
[2011-04-08 09:16:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTV1996.html
[2011-04-08 09:16:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyF1996.html
[2011-04-07 09:18:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempis1716.html
[2011-04-06 09:24:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppw1512.html
[2011-04-05 09:59:25 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgX1276.html
[2011-04-04 13:55:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJP1880.html
[2011-04-04 13:55:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaF1880.html
[2011-04-04 13:55:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQs1880.html
[2011-04-04 13:55:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQB1880.html
[2011-04-04 01:08:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUE1880.html
[2011-04-04 01:08:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFn1880.html
[2011-04-04 01:08:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcx1880.html
[2011-04-04 01:08:40 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempie1880.html
[2011-04-03 09:54:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwv1524.html
[2011-04-03 09:54:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJp1524.html
[2011-04-03 09:54:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvB1524.html
[2011-04-03 09:54:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLe1524.html
[2011-04-02 08:25:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYV1612.html
[2011-04-01 08:44:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLi1380.html
[2011-03-31 09:12:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTp1764.html
[2011-03-30 08:48:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQH1688.html
[2011-03-30 08:48:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBD1688.html
[2011-03-30 08:48:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGA1688.html
[2011-03-30 08:48:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLU1688.html
[2011-03-29 07:38:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTF1908.html
[2011-03-29 07:38:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDs1908.html
[2011-03-29 07:38:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuM1908.html
[2011-03-29 07:38:40 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXf1908.html
[2011-03-28 10:59:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKE1324.html
[2011-03-28 10:59:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCK1324.html
[2011-03-28 10:59:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdL1324.html
[2011-03-28 10:59:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYB1324.html
[2011-03-27 09:42:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbf1272.html
[2011-03-27 09:42:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqr1272.html
[2011-03-27 09:42:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLc1272.html
[2011-03-27 09:42:35 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIN1272.html
[2011-03-26 14:08:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJP2084.html
[2011-03-26 14:08:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKN2084.html
[2011-03-26 14:08:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmY2084.html
[2011-03-26 14:08:31 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAg2084.html
[2011-03-26 08:56:06 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnM2052.html
[2011-03-26 08:56:06 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbJ2052.html
[2011-03-26 08:56:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGP2052.html
[2011-03-26 08:56:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHE2052.html
[2011-03-25 10:21:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUM2064.html
[2011-03-25 10:21:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempia2064.html
[2011-03-25 10:21:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYk2064.html
[2011-03-25 10:21:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdR2064.html
[2011-03-24 10:34:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUO1320.html
[2011-03-24 10:34:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQR1320.html
[2011-03-24 10:34:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMg1320.html
[2011-03-24 10:34:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTD1320.html
[2011-03-23 22:15:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQi5276.html
[2011-03-23 22:15:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppE5276.html
[2011-03-23 22:15:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxy5276.html
[2011-03-23 22:15:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfp5276.html
[2011-03-23 11:06:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTO1672.html
[2011-03-23 11:06:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGW1672.html
[2011-03-22 16:12:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTJ2064.html
[2011-03-22 16:12:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIv2064.html
[2011-03-22 16:12:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDP2064.html
[2011-03-22 16:12:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempha2064.html
[2011-03-22 09:45:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBH2056.html
[2011-03-22 09:45:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDg2056.html
[2011-03-22 09:45:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempdi2056.html
[2011-03-22 09:45:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNO2056.html
[2011-03-21 09:46:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempex2188.html
[2011-03-21 09:46:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIN2188.html
[2011-03-21 09:46:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCL2188.html
[2011-03-21 09:46:44 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphV2188.html
[2011-03-20 10:31:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHw1376.html
[2011-03-20 10:31:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprs1376.html
[2011-03-20 10:31:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXM1376.html
[2011-03-20 10:31:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLW1376.html
[2011-03-19 09:49:24 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfz1588.html
[2011-03-19 02:55:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSY4692.html
[2011-03-19 02:55:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDw4692.html
[2011-03-19 02:55:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIF4692.html
[2011-03-19 02:55:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMQ4692.html
[2011-03-18 10:02:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJA2036.html
[2011-03-18 10:02:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdY2036.html
[2011-03-18 10:02:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempis2036.html
[2011-03-18 10:02:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnW2036.html
[2011-03-16 08:03:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHR2308.html
[2011-03-16 08:03:44 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcS2308.html
[2011-03-16 08:03:43 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyw2308.html
[2011-03-16 08:03:43 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqK2308.html
[2011-03-15 18:12:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKj2012.html
[2011-03-15 16:23:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBC1388.html
[2011-03-15 16:23:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqm1388.html
[2011-03-15 16:23:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAJ1388.html
[2011-03-15 16:23:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIl1388.html
[2011-03-15 10:06:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvR2044.html
[2011-03-15 10:06:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdA2044.html
[2011-03-15 10:06:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqZ2044.html
[2011-03-15 10:06:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMS2044.html
[2011-03-15 00:39:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcM1220.html
[2011-03-15 00:39:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTS1220.html
[2011-03-15 00:39:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempey1220.html
[2011-03-15 00:39:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempdk1220.html
[2011-03-14 08:46:53 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJR2052.html
[2011-03-12 10:02:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCk1896.html
[2011-03-11 16:51:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDD1884.html
[2011-03-11 08:31:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyn2072.html
[2011-03-11 08:31:55 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJP2072.html
[2011-03-11 08:31:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSu2072.html
[2011-03-11 08:31:54 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcs2072.html
[2011-03-10 12:15:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeD2160.html
[2011-03-10 12:15:26 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTa2160.html
[2011-03-10 12:15:25 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeB2160.html
[2011-03-10 12:15:25 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSu2160.html
[2011-03-09 23:48:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbI3660.html
[2011-03-09 23:48:13 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTI3660.html
[2011-03-09 23:48:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfn3660.html
[2011-03-09 23:48:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsb3660.html
[2011-03-09 13:31:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyv1460.html
[2011-03-09 13:31:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRT1460.html
[2011-03-09 13:31:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwx1460.html
[2011-03-09 13:31:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLp1460.html
[2011-03-08 19:29:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLe1684.html
[2011-03-08 09:51:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRJ2128.html
[2011-03-08 09:51:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuM2128.html
[2011-03-08 09:51:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempED2128.html
[2011-03-08 09:51:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmI2128.html
[2011-03-07 10:35:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnQ1584.html
[2011-03-07 10:35:58 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKF1584.html
[2011-03-07 10:35:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDI1584.html
[2011-03-07 10:35:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMr1584.html
[2011-03-06 11:26:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUg2060.html
[2011-03-06 11:26:11 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVa2060.html
[2011-03-06 11:26:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKk2060.html
[2011-03-06 11:26:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUo2060.html
[2011-03-06 11:04:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGf1660.html
[2011-03-06 11:04:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNg1660.html
[2011-03-06 11:04:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempmt1660.html
[2011-03-06 11:04:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsl1660.html
[2011-03-05 09:15:16 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXB1800.html
[2011-03-04 18:03:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUp1496.html
[2011-03-04 10:01:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqo1604.html
[2011-03-04 10:01:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNZ1604.html
[2011-03-04 10:01:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNQ1604.html
[2011-03-04 10:01:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBE1604.html
[2011-03-03 21:45:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempdc5256.html
[2011-03-03 21:45:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAI5256.html
[2011-03-03 21:45:40 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJQ5256.html
[2011-03-03 21:45:40 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaX5256.html
[2011-03-03 16:23:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMf1576.html
[2011-03-03 16:23:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprI1576.html
[2011-03-03 10:19:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjn1592.html
[2011-03-03 10:19:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnp1592.html
[2011-03-03 10:19:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGd1592.html
[2011-03-03 10:19:27 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMD1592.html
[2011-03-02 23:43:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNl1960.html
[2011-03-02 23:43:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temptm1960.html
[2011-03-02 23:43:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXC1960.html
[2011-03-02 23:43:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdH1960.html
[2011-03-02 11:04:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprl5964.html
[2011-03-02 11:04:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAM5964.html
[2011-03-02 11:04:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprw5964.html
[2011-03-02 11:04:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfg5964.html
[2011-03-01 10:17:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJN2140.html
[2011-03-01 10:17:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHz2140.html
[2011-03-01 10:17:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxY2140.html
[2011-03-01 10:17:15 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXf2140.html
[2011-02-28 11:47:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppW2104.html
[2011-02-28 00:30:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEN1908.html
[2011-02-28 00:30:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXr1908.html
[2011-02-28 00:30:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcM1908.html
[2011-02-28 00:30:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOk1908.html
[2011-02-27 23:00:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkw4548.html
[2011-02-27 23:00:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkG4548.html
[2011-02-27 23:00:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYp4548.html
[2011-02-27 23:00:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGA4548.html
[2011-02-27 14:41:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXp1888.html
[2011-02-27 14:41:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUr1888.html
[2011-02-27 10:30:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBY1712.html
[2011-02-27 10:30:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHZ1712.html
[2011-02-27 10:30:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHO1712.html
[2011-02-27 10:30:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKf1712.html
[2011-02-26 23:26:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUY1796.html
[2011-02-26 23:26:54 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppY1796.html
[2011-02-26 23:26:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNV1796.html
[2011-02-26 23:26:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVU1796.html
[2011-02-25 16:46:24 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqN2072.html
[2011-02-25 16:46:24 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAG2072.html
[2011-02-25 16:46:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempME2072.html
[2011-02-25 16:46:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGU2072.html
[2011-02-25 08:40:16 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKX1484.html
[2011-02-25 08:40:16 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempas1484.html
[2011-02-25 08:40:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkD1484.html
[2011-02-25 08:40:14 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNq1484.html
[2011-02-24 18:27:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkT1104.html
[2011-02-24 18:27:58 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEx1104.html
[2011-02-24 18:27:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeR1104.html
[2011-02-24 18:27:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXo1104.html
[2011-02-24 08:49:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxz3148.html
[2011-02-24 08:49:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQb3148.html
[2011-02-24 08:49:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTR3148.html
[2011-02-24 08:49:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKw3148.html
[2011-02-22 12:23:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempni1516.html
[2011-02-22 12:23:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGD1516.html
[2011-02-22 12:01:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWN1928.html
[2011-02-22 12:01:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbY1928.html
[2011-02-22 12:01:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWK1928.html
[2011-02-22 12:01:15 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqQ1928.html
[2011-02-21 20:43:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempok1072.html
[2011-02-21 20:43:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNW1072.html
[2011-02-21 20:43:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnk1072.html
[2011-02-21 20:43:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAu1072.html
[2011-02-21 09:36:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKr1080.html
[2011-02-21 09:36:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnM1080.html
[2011-02-21 09:36:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppp1080.html
[2011-02-21 09:36:35 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkU1080.html
[2011-02-20 18:54:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempni7100.html
[2011-02-20 18:54:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempig7100.html
[2011-02-20 18:54:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxW7100.html
[2011-02-20 18:54:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppy7100.html
[2011-02-20 05:01:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbo2656.html
[2011-02-20 05:01:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempgf2656.html
[2011-02-19 00:37:09 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-02-19 00:37:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-02-18 10:19:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcI1860.html
[2011-02-17 20:57:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxK1844.html
[2011-02-17 20:57:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOG1844.html
[2011-02-17 10:50:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsi1072.html
[2011-02-17 10:50:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempoi1072.html
[2011-02-17 10:49:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXR1072.html
[2011-02-17 10:49:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSM1072.html
[2011-02-17 09:08:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFb1996.html
[2011-02-17 09:08:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCl1996.html
[2011-02-16 15:30:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMl2040.html
[2011-02-16 15:30:27 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaD2040.html
[2011-02-16 15:30:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppa2040.html
[2011-02-16 15:30:26 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYJ2040.html
[2011-02-16 10:17:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqE2044.html
[2011-02-16 10:17:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDJ2044.html
[2011-02-16 10:17:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvc2044.html
[2011-02-16 10:17:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphC2044.html
[2011-02-15 22:06:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemplR1592.html
[2011-02-15 22:06:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphT1592.html
[2011-02-15 22:06:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJq1592.html
[2011-02-15 11:26:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemplG1320.html
[2011-02-15 11:26:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIG1320.html
[2011-02-15 11:26:51 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVD1320.html
[2011-02-15 11:26:51 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOI1320.html
[2011-02-14 14:28:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHy5216.html
[2011-02-14 14:28:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHC5216.html
[2011-02-14 11:05:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempko1324.html
[2011-02-14 11:05:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPd1324.html
[2011-02-13 11:07:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempww1304.html
[2011-02-13 11:07:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempdx1304.html
[2011-02-13 11:07:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGs1304.html
[2011-02-13 11:07:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgY1304.html
[2011-02-13 04:24:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNR3608.html
[2011-02-13 04:24:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbO3608.html
[2011-02-13 04:24:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdG3608.html
[2011-02-13 04:24:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFM3608.html
[2011-02-12 11:13:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJp1620.html
[2011-02-12 11:13:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIm1620.html
[2011-02-11 10:26:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVi2132.html
[2011-02-11 10:26:25 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCw2132.html
[2011-02-10 10:56:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMb1084.html
[2011-02-10 10:56:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZO1084.html
[2011-02-09 15:50:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTm3768.html
[2011-02-09 15:50:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEh3768.html
[2011-02-09 15:03:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-02-09 12:45:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxQ2220.html
[2011-02-09 12:45:43 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemptP2220.html
[2011-02-09 08:10:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuc1168.html
[2011-02-09 08:10:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempry1168.html
[2011-02-08 10:52:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempip5088.html
[2011-02-08 10:52:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuZ5088.html
[2011-02-08 10:30:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkt2008.html
[2011-02-08 10:30:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVd2008.html
[2011-02-07 16:27:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLt2024.html
[2011-02-07 16:27:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBg2024.html
[2011-02-07 12:13:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temptm1540.html
[2011-02-07 12:13:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVo1540.html
[2011-02-06 21:08:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZD1420.html
[2011-02-06 19:53:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBk1160.html
[2011-02-06 19:53:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXB1160.html
[2011-02-06 18:21:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJov900.html
[2011-02-06 18:21:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzdm900.html
[2011-02-06 10:57:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIC2052.html
[2011-02-06 10:57:55 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMi2052.html
[2011-02-06 10:57:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempjA2052.html
[2011-02-06 10:57:54 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbZ2052.html
[2011-02-05 21:47:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphG1984.html
[2011-02-05 21:47:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeS1984.html
[2011-02-05 20:01:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCQ2028.html
[2011-02-05 20:01:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWH2028.html
[2011-02-05 10:52:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaI1160.html
[2011-02-05 10:52:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgF1160.html
[2011-02-03 11:33:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSW1284.html
[2011-02-03 11:33:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfH1284.html
[2011-02-02 10:09:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPt1264.html
[2011-02-02 10:09:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkC1264.html
[2011-02-02 10:09:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyU1264.html
[2011-02-02 10:09:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjb1264.html
[2011-02-01 12:09:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSN1356.html
[2011-02-01 12:09:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxd1356.html
[2011-02-01 12:08:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkB1356.html
[2011-02-01 12:08:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBM1356.html
[2011-01-31 13:16:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTF5784.html
[2011-01-31 13:16:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphw5784.html
[2011-01-31 13:16:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYL5784.html
[2011-01-31 13:16:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUn5784.html
[2011-01-29 00:20:53 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAg3080.html
[2011-01-29 00:20:53 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmO3080.html
[2011-01-29 00:20:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHo3080.html
[2011-01-29 00:20:51 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUN3080.html
[2011-01-28 22:19:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Templr4212.html
[2011-01-27 23:59:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfO5604.html
[2011-01-27 23:59:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjv5604.html
[2011-01-27 23:59:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeO5604.html
[2011-01-27 23:59:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMV5604.html
[2011-01-27 16:52:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKq3648.html
[2011-01-27 16:52:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfe3648.html
[2011-01-27 11:39:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnl1384.html
[2011-01-27 11:39:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsl1384.html
[2011-01-26 11:42:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsN1056.html
[2011-01-26 11:42:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBu1056.html
[2011-01-25 12:41:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuE1292.html
[2011-01-25 12:41:58 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempET1292.html
[2011-01-25 12:41:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBY1292.html
[2011-01-25 12:41:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZN1292.html
[2011-01-24 19:35:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSz1256.html
[2011-01-24 19:35:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfE1256.html
[2011-01-24 19:35:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWQ1256.html
[2011-01-24 19:35:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgF1256.html
[2011-01-24 12:05:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVH1208.html
[2011-01-24 12:05:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoJ1208.html
[2011-01-24 12:05:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMq1208.html
[2011-01-24 12:05:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Templs1208.html
[2011-01-23 23:24:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMm6004.html
[2011-01-23 23:24:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIr6004.html
[2011-01-23 23:24:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqh6004.html
[2011-01-23 23:24:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxA6004.html
[2011-01-23 12:07:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfJ2044.html
[2011-01-23 12:07:44 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprM2044.html
[2011-01-23 12:07:43 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRo2044.html
[2011-01-23 12:07:43 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCQ2044.html
[2011-01-22 12:08:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNp1168.html
[2011-01-22 12:08:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempya1168.html
[2011-01-21 15:15:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLa6024.html
[2011-01-21 15:15:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkk6024.html
[2011-01-21 15:15:13 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvP6024.html
[2011-01-21 10:55:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyi1888.html
[2011-01-21 10:55:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAv1888.html
[2011-01-20 17:54:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsR2020.html
[2011-01-20 17:54:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempob2020.html
[2011-01-20 16:31:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphU5888.html
[2011-01-20 16:31:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempft5888.html
[2011-01-20 16:31:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempzB5888.html
[2011-01-20 16:31:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGe5888.html
[2011-01-20 10:21:06 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQG1832.html
[2011-01-20 10:21:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEP1832.html
[2011-01-19 23:37:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJF1144.html
[2011-01-19 23:37:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempME1144.html
[2011-01-19 23:37:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqQ1144.html
[2011-01-19 23:37:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNm1144.html
[2011-01-19 22:58:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprG2016.html
[2011-01-19 22:58:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTB2016.html
[2011-01-19 22:58:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempab2016.html
[2011-01-19 22:58:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOo2016.html
[2011-01-19 21:40:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempom2368.html
[2011-01-19 21:40:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAR2368.html
[2011-01-19 12:16:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaO2368.html
[2011-01-19 12:16:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZr2368.html
[2011-01-19 09:59:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuR1664.html
[2011-01-19 09:59:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKY1664.html
[2011-01-18 17:56:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphp2000.html
[2011-01-18 17:56:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJq2000.html
[2011-01-18 17:56:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfn2000.html
[2011-01-18 17:56:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfb2000.html
[2011-01-18 13:52:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFP1988.html
[2011-01-18 13:52:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAN1988.html
[2011-01-18 13:52:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuG1988.html
[2011-01-18 13:52:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRw1988.html
[2011-01-18 10:43:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprE1128.html
[2011-01-18 10:43:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSh1128.html
[2011-01-18 10:43:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQE1128.html
[2011-01-18 10:43:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWO1128.html
[2011-01-17 10:47:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcp2012.html
[2011-01-17 10:47:33 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFY2012.html
[2011-01-17 10:47:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRR2012.html
[2011-01-17 10:47:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIY2012.html
[2011-01-16 16:08:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfZ2872.html
[2011-01-16 16:08:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempac2872.html
[2011-01-16 16:08:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKf2872.html
[2011-01-16 16:08:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphQ2872.html
[2011-01-16 10:12:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempby1488.html
[2011-01-15 17:07:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUp3200.html
[2011-01-15 17:07:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKO3200.html
[2011-01-15 17:07:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjg3200.html
[2011-01-15 17:07:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcX3200.html
[2011-01-14 21:17:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVj5100.html
[2011-01-14 21:17:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTL5100.html
[2011-01-14 14:52:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHu5100.html
[2011-01-14 14:52:51 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGx5100.html
[2011-01-14 14:52:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSz5100.html
[2011-01-13 11:11:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkt2032.html
[2011-01-13 11:11:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRm2032.html
[2011-01-13 00:02:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCW1308.html
[2011-01-13 00:02:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppI1308.html
[2011-01-13 00:02:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaH1308.html
[2011-01-13 00:02:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoI1308.html
[2011-01-12 17:32:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCc3984.html
[2011-01-12 17:32:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempay3984.html
[2011-01-12 17:32:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUs3984.html
[2011-01-12 17:32:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUE3984.html
[2011-01-12 10:50:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSy1352.html
[2011-01-12 10:50:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempph1352.html
[2011-01-12 10:50:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempgg1352.html
[2011-01-12 10:50:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWi1352.html
[2011-01-11 22:54:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFt4344.html
[2011-01-11 22:54:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUv4344.html
[2011-01-11 22:54:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHG4344.html
[2011-01-11 22:54:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRV4344.html
[2011-01-11 09:29:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuu1032.html
[2011-01-10 12:07:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWe1376.html
[2011-01-10 12:07:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempzV1376.html
[2011-01-09 11:37:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempiu1828.html
[2011-01-09 11:37:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBC1828.html
[2011-01-09 11:37:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUy1828.html
[2011-01-09 11:37:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempav1828.html
[2011-01-08 20:54:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsO1744.html
[2011-01-08 20:54:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPC1744.html
[2011-01-08 20:54:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeY1744.html
[2011-01-08 20:54:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRW1744.html
[2011-01-08 19:37:53 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzw1340.html
[2011-01-08 19:37:53 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempoy1340.html
[2011-01-08 19:37:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFt1340.html
[2011-01-08 19:37:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCU1340.html
[2011-01-08 19:28:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyZ1724.html
[2011-01-08 19:28:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTN1724.html
[2011-01-08 19:28:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEj1724.html
[2011-01-08 19:28:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbi1724.html
[2011-01-08 12:28:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyu1496.html
[2011-01-08 12:28:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSF1496.html
[2011-01-08 12:28:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIL1496.html
[2011-01-08 12:28:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUK1496.html
[2011-01-07 22:43:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempra2044.html
[2011-01-07 22:43:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempba2044.html
[2011-01-07 22:43:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkH2044.html
[2011-01-07 22:43:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprL2044.html
[2011-01-07 21:52:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbL1260.html
[2011-01-07 21:52:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMo1260.html
[2011-01-07 21:52:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBx1260.html
[2011-01-07 21:52:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGi1260.html
[2011-01-07 11:59:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcY1288.html
[2011-01-07 11:59:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxC1288.html
[2011-01-07 11:59:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaH1288.html
[2011-01-07 11:59:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmE1288.html
[2011-01-06 12:55:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOK1824.html
[2011-01-06 12:55:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAa1824.html
[2011-01-06 12:55:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdZ1824.html
[2011-01-06 12:55:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgA1824.html
[2011-01-05 12:29:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempwC2044.html
[2011-01-05 12:29:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaQ2044.html
[2011-01-05 12:29:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTQ2044.html
[2011-01-05 12:29:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBM2044.html
[2011-01-04 11:26:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temptx1216.html
[2011-01-04 11:26:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqe1216.html
[2011-01-04 11:26:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoP1216.html
[2011-01-04 11:26:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGw1216.html
[2011-01-03 21:17:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFq2032.html
[2011-01-03 21:17:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcq2032.html
[2011-01-03 21:17:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempad2032.html
[2011-01-03 21:17:15 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuV2032.html
[2011-01-03 15:02:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJr1296.html
[2011-01-03 15:02:46 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphi1296.html
[2011-01-03 15:02:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZl1296.html
[2011-01-03 15:02:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCk1296.html
[2011-01-03 11:45:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBc1320.html
[2011-01-03 11:45:15 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppE1320.html
[2011-01-03 11:45:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYM1320.html
[2011-01-03 11:45:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWH1320.html
[2011-01-02 14:48:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmMB736.html
[2011-01-02 14:48:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempljH736.html
[2011-01-02 14:48:55 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSZH736.html
[2011-01-02 14:48:55 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMNU736.html
[2011-01-02 10:19:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTE1032.html
[2011-01-01 12:36:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSz2032.html
[2011-01-01 12:36:13 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbj2032.html
[2011-01-01 12:36:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempem2032.html
[2011-01-01 12:36:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphK2032.html
[2010-12-31 18:00:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkwP960.html
[2010-12-31 18:00:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNjN960.html
[2010-12-31 11:01:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCHn960.html
[2010-12-31 11:01:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmVH960.html
[2010-12-30 09:43:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgE2040.html
[2010-12-30 09:43:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqf2040.html
[2010-12-30 09:43:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZB2040.html
[2010-12-30 09:43:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCX2040.html
[2010-12-29 20:21:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoE1240.html
[2010-12-29 20:21:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempai1240.html
[2010-12-29 09:36:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempmc1240.html
[2010-12-29 09:36:31 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKt1240.html
[2010-12-28 10:20:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcG1940.html
[2010-12-27 09:11:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaX1308.html
[2010-12-27 09:11:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxX1308.html
[2010-12-26 19:56:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNY5516.html
[2010-12-26 19:56:14 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGo5516.html
[2010-12-24 09:35:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFy1572.html
[2010-12-23 16:57:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNo2012.html
[2010-12-22 19:31:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgC5504.html
[2010-12-22 09:38:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempax1496.html
[2010-12-22 00:21:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYD5344.html
[2010-12-20 09:07:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdN1732.html
[2010-12-19 09:07:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfdN560.html
[2010-12-18 09:13:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnC1700.html
[2010-12-17 22:18:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBj4080.html
[2010-12-17 17:55:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFi5984.html
[2010-12-17 09:26:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAe3456.html
[2010-12-16 22:45:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXq5244.html
[2010-12-16 22:45:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKp5244.html
[2010-12-16 08:59:25 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsA1920.html
[2010-12-14 09:14:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKE1924.html
[2010-12-13 10:03:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphb2124.html
[2010-12-12 10:01:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjv1040.html
[2010-12-11 09:18:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempra1496.html
[2010-12-10 20:36:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEH4744.html
[2010-12-10 17:01:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLP5804.html
[2010-12-10 16:43:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKR3024.html
[2010-12-10 16:38:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZM3544.html
[2010-12-10 08:28:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEP1972.html
[2010-12-08 10:38:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOp1988.html
[2010-12-07 11:11:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEs1428.html
[2010-12-06 16:53:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEg3984.html
[2010-12-06 16:04:14 | 000,000,000 | ---- | C] () -- C:\Users\Kanada1702\AppData\Roaming\Woodwind
[2010-12-06 15:56:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010-12-05 19:10:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcu5720.html
[2010-12-04 14:52:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRP6508.html
[2010-12-02 08:29:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTv1712.html
[2010-12-01 04:04:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqN2144.html
[2010-11-30 08:31:16 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuj1700.html
[2010-11-30 08:31:16 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbP1700.html
[2010-11-29 22:35:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmT1552.html
[2010-11-29 22:35:46 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsq1552.html
[2010-11-29 14:28:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqx4796.html
[2010-11-29 14:28:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppG4796.html
[2010-11-28 14:15:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHl5656.html
[2010-11-28 14:15:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbm5656.html
[2010-11-28 10:03:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnb1920.html
[2010-11-27 20:14:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRt2040.html
[2010-11-27 20:14:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnh2040.html
[2010-11-27 10:24:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVZ1896.html
[2010-11-26 09:52:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphp1924.html
[2010-11-26 09:52:11 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuq1924.html
[2010-11-25 19:27:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempiy1880.html
[2010-11-25 19:27:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempwK1880.html
[2010-11-25 16:32:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmV4480.html
[2010-11-25 16:32:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppL4480.html
[2010-11-25 08:36:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempom1288.html
[2010-11-24 17:53:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZl5296.html
[2010-11-24 17:53:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaT5296.html
[2010-11-24 09:21:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphh1652.html
[2010-11-23 17:08:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZk1524.html
[2010-11-20 18:37:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAT1484.html
[2010-11-20 18:37:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFo1484.html
[2010-11-19 17:53:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGO1920.html
[2010-11-19 17:53:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVS1920.html
[2010-11-17 20:59:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjh1240.html
[2010-11-17 20:59:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgA1240.html
[2010-11-16 21:08:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXN1256.html
[2010-11-15 22:00:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempph1988.html
[2010-11-15 22:00:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuV1988.html
[2010-11-15 21:21:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUR1408.html
[2010-11-15 21:21:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFz1408.html
[2010-11-15 12:55:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvo2036.html
[2010-11-15 12:55:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqA2036.html
[2010-11-15 08:56:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFD3988.html
[2010-11-15 08:56:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKZ3988.html
[2010-11-14 13:25:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRJ2060.html
[2010-11-14 13:25:31 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsZ2060.html
[2010-11-14 10:00:42 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFi1520.html
[2010-11-14 10:00:42 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphi1520.html
[2010-11-13 09:26:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphd1388.html
[2010-11-13 09:26:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYB1388.html
[2010-11-10 12:34:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempmn1872.html
[2010-11-10 12:34:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemptC1872.html
[2010-11-09 21:06:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPy1404.html
[2010-11-08 10:08:24 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCw1288.html
[2010-11-07 23:39:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOp2760.html
[2010-11-07 23:39:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppe2760.html
[2010-11-07 10:11:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOV1108.html
[2010-11-06 16:11:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTW1504.html
[2010-11-05 23:20:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKi1248.html
[2010-11-05 17:36:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcf1832.html
[2010-11-05 13:52:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphb3904.html
[2010-11-05 13:52:47 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjf3904.html
[2010-11-05 12:58:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempwE1168.html
[2010-11-05 12:58:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnK1168.html
[2010-11-05 12:13:43 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWl2068.html
[2010-11-05 12:13:43 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBR2068.html
[2010-11-05 09:51:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphI1736.html
[2010-11-05 09:51:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGk1736.html
[2010-11-05 09:24:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempzU1448.html
[2010-11-04 17:31:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZJ1980.html
[2010-11-04 17:31:54 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMw1980.html
[2010-11-04 17:26:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempgl1136.html
[2010-11-04 17:26:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphW1136.html
[2010-11-04 12:22:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdC1308.html
[2010-11-04 12:22:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIE1308.html
[2010-11-04 09:07:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLN2016.html
[2010-11-03 09:27:42 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDw1708.html
[2010-11-02 09:20:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprJ1740.html
[2010-11-01 14:11:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeZ2068.html
[2010-11-01 14:11:13 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIb2068.html
[2010-11-01 13:19:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDH4004.html
[2010-11-01 10:12:12 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-11-01 09:40:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMy1168.html
[2010-11-01 09:25:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJy1732.html
[2010-11-01 09:25:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprt1732.html
[2010-11-01 09:07:16 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyJ1912.html
[2010-10-31 22:03:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempee1316.html
[2010-10-31 22:03:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempwD1316.html
[2010-10-31 11:00:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHn1404.html
[2010-10-31 09:31:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyP1308.html
[2010-10-31 09:31:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJc1308.html
[2010-10-30 18:05:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBq3736.html
[2010-10-30 08:58:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXz1856.html
[2010-10-29 15:59:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqi1532.html
[2010-10-28 17:33:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyL1872.html
[2010-10-28 17:33:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuz1872.html
[2010-10-27 22:10:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoU1548.html
[2010-10-27 17:54:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKP1916.html
[2010-10-27 17:54:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIA1916.html
[2010-10-27 00:23:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvc1432.html
[2010-10-27 00:23:26 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgU1432.html
[2010-10-26 23:42:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUG1620.html
[2010-10-26 23:42:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvP1620.html
[2010-10-26 17:40:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgV1136.html
[2010-10-26 17:40:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempil1136.html
[2010-10-26 17:31:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYT2064.html
[2010-10-26 17:31:14 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuE2064.html
[2010-10-25 18:08:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBX1836.html
[2010-10-25 18:08:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwy1836.html
[2010-10-24 17:57:50 | 001,592,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-10-24 16:57:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzq4896.html
[2010-10-24 16:57:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgW4896.html
[2010-10-14 21:55:51 | 000,000,198 | ---- | C] () -- C:\Users\Kanada1702\AppData\Roaming\default.rss
[2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010-10-13 17:26:34 | 000,000,453 | ---- | C] () -- C:\Users\Kanada1702\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2010-09-04 18:44:16 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2010-08-28 19:10:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-03-15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-02-24 13:40:02 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2009-02-24 13:40:02 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2009-02-24 13:40:02 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2009-02-24 13:40:02 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2009-02-24 13:40:02 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2009-02-24 13:40:02 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2009-02-24 13:40:02 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2009-02-24 13:40:02 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2009-02-24 13:40:02 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2009-02-24 13:40:02 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini
[2008-09-10 12:17:24 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2008-09-10 11:46:10 | 000,044,064 | ---- | C] () -- C:\Windows\CPLUtl64.exe
========== LOP Check ==========
[2011-04-25 21:54:09 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\AVG
[2011-04-25 20:26:09 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\AVG10
[2010-09-08 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010-11-27 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\BESTplayer
[2010-11-27 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Christofer Persson
[2010-09-22 15:44:45 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\DAEMON Tools Lite
[2010-12-29 20:21:40 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Gadu-Gadu 10
[2010-10-24 16:07:21 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\GetRightToGo
[2011-04-19 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\ipla
[2010-12-06 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Nikon
[2011-02-05 21:37:15 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Nokia
[2010-10-24 22:00:51 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\OpenFM
[2010-10-31 13:54:55 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\PC Suite
[2011-04-19 23:19:37 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\RDRM
[2011-05-03 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\uTorrent
[2010-11-27 19:49:01 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Win7codecs
[2011-04-24 08:50:07 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kanada1702\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 23,48 Gb Free Space | 10,08% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 61,65 Mb Free Space | 61,65% Space Free | Partition Type: NTFS
Drive G: | 124,84 Gb Total Space | 81,17 Gb Free Space | 65,02% Space Free | Partition Type: NTFS
Drive H: | 340,82 Gb Total Space | 19,78 Gb Free Space | 5,80% Space Free | Partition Type: NTFS
Computer Name: KANADA | User Name: Kanada1702 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011-05-03 17:33:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kanada1702\Downloads\OTL.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-12-02 19:22:24 | 000,395,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010-11-23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010-10-07 09:04:26 | 012,661,344 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
PRC - [2009-10-13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008-09-10 12:17:40 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
========== Modules (SafeList) ==========
MOD - [2011-05-03 17:33:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kanada1702\Downloads\OTL.exe
MOD - [2010-11-20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010-04-07 11:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-02-19 00:35:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011-02-19 00:33:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-12-08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-12-06 18:19:27 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-10-13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-12-08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010-11-12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010-09-29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010-09-21 21:06:13 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-09-13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010-09-07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010-09-07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010-08-03 15:24:28 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010-08-03 15:24:24 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010-07-30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010-07-30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010-07-30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010-07-30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010-07-15 13:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-04-08 17:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010-04-07 11:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010-04-07 11:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-04-07 10:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009-12-15 11:24:20 | 001,148,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-09-16 07:43:08 | 003,479,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008-01-19 05:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2010-01-29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2008-02-15 17:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys -- (FLASHSYS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\..\URLSearchHook: {0d0c3dac-76cf-403d-b7fb-d56fa2e186fe} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://pl.start3.moz...la:pl:official"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-02-05 21:35:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011-04-25 21:43:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-22 11:21:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-04-22 11:21:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-02-05 21:35:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2011-02-09 15:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kanada1702\AppData\Roaming\Mozilla\Extensions
[2011-04-25 22:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kanada1702\AppData\Roaming\Mozilla\Firefox\Profiles\sv9c2yuh.default\extensions
[2011-02-09 18:16:50 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Kanada1702\AppData\Roaming\Mozilla\Firefox\Profiles\sv9c2yuh.default\extensions\[email protected]
[2011-04-25 20:33:05 | 000,001,860 | ---- | M] () -- C:\Users\Kanada1702\AppData\Roaming\Mozilla\Firefox\Profiles\sv9c2yuh.default\searchplugins\search.xml
[2011-04-25 22:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-02-17 21:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-04-08 16:50:59 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011-04-01 18:35:11 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011-04-25 21:43:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011-02-05 21:35:13 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-04-11 20:37:10 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allegro-pl.xml
[2011-04-01 18:35:02 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2011-04-11 20:37:11 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-12-22 17:51:38 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchost.xml
[2011-04-11 20:37:11 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\merlin-pl.xml
[2011-04-11 20:37:11 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\pwn-pl.xml
[2011-04-11 20:37:11 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2011-04-11 20:37:11 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2010-12-06 16:25:11 | 000,000,869 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{849d6da7-c62a-11df-a461-001c25360540}\Shell - "" = AutoRun
O33 - MountPoints2\{849d6da7-c62a-11df-a461-001c25360540}\Shell\AutoRun\command - "" = I:\Razor1911_Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
========== Files/Folders - Created Within 30 Days ==========
[2011-04-29 18:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop
[2011-04-25 22:36:53 | 000,000,000 | ---D | C] -- C:\Users\Kanada1702\AppData\Roaming\Malwarebytes
[2011-04-25 22:36:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-04-25 22:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-04-25 22:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-04-25 22:36:41 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-04-25 22:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-04-25 22:27:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-04-25 21:33:33 | 000,000,000 | ---D | C] -- C:\Users\Kanada1702\AppData\Roaming\AVG
[2011-04-25 21:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011-04-25 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011-04-25 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\Kanada1702\AppData\Roaming\AVG10
[2011-04-25 20:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011-04-25 20:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011-04-25 20:08:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011-04-25 11:54:36 | 000,000,000 | ---D | C] -- C:\Users\Kanada1702\AppData\Local\ESET
[2011-04-13 19:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010-10-13 20:24:30 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Kanada1702\AppData\Roaming\tsdnwin.dll
[2010-02-04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
========== Files - Modified Within 30 Days ==========
[2011-05-03 17:30:37 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBz3952.html
[2011-05-03 17:30:37 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqX3952.html
[2011-05-03 17:30:36 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVa3952.html
[2011-05-03 17:30:36 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempYB3952.html
[2011-05-03 17:29:57 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-05-03 17:27:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674711036-1596238359-3314894375-1000UA.job
[2011-05-03 17:13:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-05-03 16:53:52 | 114,072,665 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011-05-03 16:50:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-05-03 10:27:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674711036-1596238359-3314894375-1000Core.job
[2011-05-03 08:27:35 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-05-03 08:27:35 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-05-03 08:20:08 | 2415,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-02 21:57:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuQ2592.html
[2011-05-02 21:57:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemppI2592.html
[2011-05-02 21:57:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempOw2592.html
[2011-05-02 21:57:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempOV2592.html
[2011-05-02 10:44:05 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGx2464.html
[2011-05-02 10:44:05 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGp2464.html
[2011-05-02 10:44:05 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempNX2464.html
[2011-05-02 10:44:05 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temphe2464.html
[2011-05-01 22:19:21 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempsr2448.html
[2011-05-01 22:19:21 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempas2448.html
[2011-05-01 22:19:21 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempIo2448.html
[2011-05-01 22:19:21 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempbw2448.html
[2011-05-01 10:42:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempfp2636.html
[2011-05-01 10:42:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempAb2636.html
[2011-05-01 10:42:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempSr2636.html
[2011-05-01 10:42:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemphH2636.html
[2011-05-01 01:09:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGJ2436.html
[2011-05-01 01:09:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempeh2436.html
[2011-05-01 01:09:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempWG2436.html
[2011-05-01 01:09:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temprj2436.html
[2011-04-30 20:27:35 | 000,002,388 | ---- | M] () -- C:\Users\Kanada1702\Desktop\Google Chrome.lnk
[2011-04-29 23:13:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuA3068.html
[2011-04-29 23:13:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempne3068.html
[2011-04-29 23:13:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempwz3068.html
[2011-04-29 23:13:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempir3068.html
[2011-04-29 12:45:36 | 000,301,568 | ---- | M] () -- C:\Users\Kanada1702\Desktop\gmer.exe
[2011-04-29 07:42:50 | 001,591,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-04-29 07:42:50 | 000,710,494 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2011-04-29 07:42:50 | 000,628,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-04-29 07:42:50 | 000,140,684 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2011-04-29 07:42:50 | 000,115,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-04-28 23:27:23 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemphU2308.html
[2011-04-28 23:27:23 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBl2308.html
[2011-04-28 23:27:23 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempXJ2308.html
[2011-04-28 23:27:23 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKK2308.html
[2011-04-28 17:49:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempHf3196.html
[2011-04-28 17:49:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempgN3196.html
[2011-04-28 17:49:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVW3196.html
[2011-04-28 17:49:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempnb3196.html
[2011-04-27 22:08:40 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuS2300.html
[2011-04-27 22:08:40 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqQ2300.html
[2011-04-27 22:08:40 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqN2300.html
[2011-04-27 22:08:40 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempcG2300.html
[2011-04-25 23:11:17 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKT2384.html
[2011-04-25 23:11:17 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBD2384.html
[2011-04-25 23:11:17 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempYN2384.html
[2011-04-25 23:11:17 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempCq2384.html
[2011-04-25 22:36:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-04-25 21:43:24 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011-04-25 20:09:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2011-04-25 20:09:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2011-04-24 22:01:10 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempkd2020.html
[2011-04-24 22:01:10 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempem2020.html
[2011-04-24 22:01:10 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempDi2020.html
[2011-04-24 22:01:10 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempCo2020.html
[2011-04-23 23:33:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempyC1836.html
[2011-04-23 23:33:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempfZ1836.html
[2011-04-23 23:33:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqO1836.html
[2011-04-23 23:33:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempMx1836.html
[2011-04-23 08:06:06 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVU1936.html
[2011-04-23 08:06:06 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemphP1936.html
[2011-04-23 08:06:05 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temply1936.html
[2011-04-23 08:06:05 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempyD1936.html
[2011-04-22 23:00:43 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempvV1908.html
[2011-04-22 23:00:43 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKx1908.html
[2011-04-22 23:00:43 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKV1908.html
[2011-04-22 23:00:43 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempiq1908.html
[2011-04-22 00:27:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempzi1880.html
[2011-04-22 00:27:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempjc1880.html
[2011-04-22 00:27:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempvf1880.html
[2011-04-22 00:27:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Templu1880.html
[2011-04-21 23:32:50 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempmI1968.html
[2011-04-21 23:32:50 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempFm1968.html
[2011-04-21 23:32:50 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempxx1968.html
[2011-04-21 23:32:50 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempSw1968.html
[2011-04-19 23:20:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempUb1908.html
[2011-04-19 23:20:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGw1908.html
[2011-04-19 23:20:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempWQ1908.html
[2011-04-19 23:20:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempPY1908.html
[2011-04-19 09:14:35 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZs1932.html
[2011-04-19 09:14:35 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBJ1932.html
[2011-04-19 09:14:35 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempMG1932.html
[2011-04-19 09:14:35 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempfH1932.html
[2011-04-18 23:35:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempWh2016.html
[2011-04-18 23:35:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBz2016.html
[2011-04-18 23:35:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuI2016.html
[2011-04-18 23:35:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempST2016.html
[2011-04-17 12:40:32 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempJp1936.html
[2011-04-16 18:48:36 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempqx1752.html
[2011-04-15 16:07:42 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempra1936.html
[2011-04-14 22:15:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempxI3444.html
[2011-04-14 22:15:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempnH3444.html
[2011-04-14 22:15:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZt3444.html
[2011-04-14 22:15:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZO3444.html
[2011-04-14 09:37:22 | 000,312,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-04-14 09:34:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempul1988.html
[2011-04-14 09:34:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempUA1988.html
[2011-04-14 09:34:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temptd1988.html
[2011-04-14 09:34:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempNP1988.html
[2011-04-13 20:42:26 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempTI1768.html
[2011-04-13 19:48:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempeO3040.html
[2011-04-13 19:48:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBV3040.html
[2011-04-13 19:48:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemppD3040.html
[2011-04-13 19:48:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempjY3040.html
[2011-04-13 17:56:39 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempaI1424.html
[2011-04-12 19:54:35 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempvl1556.html
[2011-04-11 23:14:32 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempYm2064.html
[2011-04-11 23:14:32 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempxc2064.html
[2011-04-11 23:14:32 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempxW2064.html
[2011-04-11 23:14:32 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempFT2064.html
[2011-04-10 22:20:11 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempzu1704.html
[2011-04-10 22:13:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempxy1872.html
[2011-04-10 22:13:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempXH1872.html
[2011-04-10 22:13:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempwy1872.html
[2011-04-10 22:13:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempNv1872.html
[2011-04-08 21:48:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVv1704.html
[2011-04-08 21:48:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempRM1704.html
[2011-04-08 21:48:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKl1704.html
[2011-04-08 21:48:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempCv1704.html
[2011-04-08 16:54:14 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZa1996.html
[2011-04-08 16:54:14 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempTV1996.html
[2011-04-08 16:54:14 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempyF1996.html
[2011-04-08 16:54:14 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempPu1996.html
[2011-04-08 16:51:57 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2011-04-08 16:51:57 | 000,000,000 | ---- | M] () -- C:\Users\Kanada1702\AppData\Roaming\Woodwind
[2011-04-08 16:51:57 | 000,000,000 | ---- | M] () -- C:\ProgramData\Plants
[2011-04-07 17:38:40 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempis1716.html
[2011-04-06 20:37:21 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temppw1512.html
[2011-04-05 21:04:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempgX1276.html
[2011-04-04 23:02:38 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempQs1880.html
[2011-04-04 23:02:38 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempJP1880.html
[2011-04-04 23:02:38 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempQB1880.html
[2011-04-04 23:02:38 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempaF1880.html
[2011-04-04 01:12:47 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempUE1880.html
[2011-04-04 01:12:47 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempcx1880.html
[2011-04-04 01:12:47 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempie1880.html
[2011-04-04 01:12:47 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempFn1880.html
[2011-04-04 00:32:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempwv1524.html
[2011-04-04 00:32:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempvB1524.html
[2011-04-04 00:32:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempLe1524.html
[2011-04-04 00:32:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempJp1524.html
========== Files Created - No Company Name ==========
[2011-05-03 17:40:01 | 000,301,568 | ---- | C] () -- C:\Users\Kanada1702\Desktop\gmer.exe
[2011-05-03 17:30:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBz3952.html
[2011-05-03 17:30:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqX3952.html
[2011-05-03 17:30:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVa3952.html
[2011-05-03 17:30:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYB3952.html
[2011-05-03 16:53:52 | 114,072,665 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011-05-02 14:54:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuQ2592.html
[2011-05-02 14:54:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOV2592.html
[2011-05-02 14:54:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppI2592.html
[2011-05-02 14:54:44 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOw2592.html
[2011-05-02 09:20:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGx2464.html
[2011-05-02 09:20:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphe2464.html
[2011-05-02 09:19:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGp2464.html
[2011-05-02 09:19:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNX2464.html
[2011-05-01 18:51:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsr2448.html
[2011-05-01 18:51:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbw2448.html
[2011-05-01 18:51:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempas2448.html
[2011-05-01 18:51:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIo2448.html
[2011-05-01 10:05:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfp2636.html
[2011-05-01 10:05:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphH2636.html
[2011-05-01 10:05:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAb2636.html
[2011-05-01 10:05:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSr2636.html
[2011-04-30 09:39:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGJ2436.html
[2011-04-30 09:39:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWG2436.html
[2011-04-30 09:39:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempeh2436.html
[2011-04-30 09:39:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprj2436.html
[2011-04-29 07:39:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempne3068.html
[2011-04-29 07:39:35 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempir3068.html
[2011-04-29 07:39:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuA3068.html
[2011-04-29 07:39:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwz3068.html
[2011-04-28 17:52:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBl2308.html
[2011-04-28 17:52:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXJ2308.html
[2011-04-28 17:52:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphU2308.html
[2011-04-28 17:52:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKK2308.html
[2011-04-28 15:46:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHf3196.html
[2011-04-28 15:46:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVW3196.html
[2011-04-28 15:46:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgN3196.html
[2011-04-28 15:46:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnb3196.html
[2011-04-27 10:35:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqQ2300.html
[2011-04-27 10:35:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqN2300.html
[2011-04-27 10:35:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuS2300.html
[2011-04-27 10:35:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcG2300.html
[2011-04-25 22:59:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKT2384.html
[2011-04-25 22:59:14 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCq2384.html
[2011-04-25 22:59:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBD2384.html
[2011-04-25 22:59:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYN2384.html
[2011-04-25 22:36:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-04-25 20:09:05 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011-04-24 08:50:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkd2020.html
[2011-04-24 08:50:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempem2020.html
[2011-04-24 08:50:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDi2020.html
[2011-04-24 08:50:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCo2020.html
[2011-04-23 15:13:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyC1836.html
[2011-04-23 15:13:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfZ1836.html
[2011-04-23 15:13:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqO1836.html
[2011-04-23 15:13:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMx1836.html
[2011-04-23 08:06:06 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVU1936.html
[2011-04-23 08:06:06 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphP1936.html
[2011-04-23 08:06:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temply1936.html
[2011-04-23 08:06:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyD1936.html
[2011-04-22 08:02:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvV1908.html
[2011-04-22 08:02:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempiq1908.html
[2011-04-22 08:02:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKx1908.html
[2011-04-22 08:02:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKV1908.html
[2011-04-22 00:21:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjc1880.html
[2011-04-22 00:21:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Templu1880.html
[2011-04-22 00:21:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzi1880.html
[2011-04-22 00:21:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvf1880.html
[2011-04-21 08:05:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmI1968.html
[2011-04-21 08:05:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFm1968.html
[2011-04-21 08:05:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxx1968.html
[2011-04-21 08:05:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSw1968.html
[2011-04-19 12:51:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUb1908.html
[2011-04-19 12:51:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGw1908.html
[2011-04-19 12:51:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWQ1908.html
[2011-04-19 12:51:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPY1908.html
[2011-04-19 07:39:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBJ1932.html
[2011-04-19 07:39:35 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfH1932.html
[2011-04-19 07:39:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZs1932.html
[2011-04-19 07:39:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMG1932.html
[2011-04-18 12:30:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWh2016.html
[2011-04-18 12:30:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempST2016.html
[2011-04-18 12:30:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBz2016.html
[2011-04-18 12:30:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuI2016.html
[2011-04-17 12:38:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJp1936.html
[2011-04-16 08:55:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqx1752.html
[2011-04-15 09:17:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempra1936.html
[2011-04-14 09:38:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxI3444.html
[2011-04-14 09:38:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnH3444.html
[2011-04-14 09:38:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZt3444.html
[2011-04-14 09:38:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZO3444.html
[2011-04-14 08:58:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempul1988.html
[2011-04-14 08:58:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUA1988.html
[2011-04-14 08:58:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temptd1988.html
[2011-04-14 08:58:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNP1988.html
[2011-04-13 19:51:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTI1768.html
[2011-04-13 19:31:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeO3040.html
[2011-04-13 19:31:33 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppD3040.html
[2011-04-13 19:31:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBV3040.html
[2011-04-13 19:31:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempjY3040.html
[2011-04-13 09:29:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaI1424.html
[2011-04-12 16:12:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvl1556.html
[2011-04-11 07:59:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYm2064.html
[2011-04-11 07:59:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxW2064.html
[2011-04-11 07:59:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxc2064.html
[2011-04-11 07:59:33 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFT2064.html
[2011-04-10 22:19:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzu1704.html
[2011-04-10 11:47:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxy1872.html
[2011-04-10 11:47:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXH1872.html
[2011-04-10 11:47:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwy1872.html
[2011-04-10 11:47:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNv1872.html
[2011-04-08 16:57:06 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRM1704.html
[2011-04-08 16:57:06 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKl1704.html
[2011-04-08 16:57:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVv1704.html
[2011-04-08 16:57:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCv1704.html
[2011-04-08 16:51:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\Plants
[2011-04-08 09:16:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZa1996.html
[2011-04-08 09:16:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPu1996.html
[2011-04-08 09:16:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTV1996.html
[2011-04-08 09:16:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyF1996.html
[2011-04-07 09:18:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempis1716.html
[2011-04-06 09:24:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppw1512.html
[2011-04-05 09:59:25 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgX1276.html
[2011-04-04 13:55:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJP1880.html
[2011-04-04 13:55:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaF1880.html
[2011-04-04 13:55:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQs1880.html
[2011-04-04 13:55:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQB1880.html
[2011-04-04 01:08:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUE1880.html
[2011-04-04 01:08:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFn1880.html
[2011-04-04 01:08:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcx1880.html
[2011-04-04 01:08:40 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempie1880.html
[2011-04-03 09:54:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwv1524.html
[2011-04-03 09:54:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJp1524.html
[2011-04-03 09:54:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvB1524.html
[2011-04-03 09:54:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLe1524.html
[2011-04-02 08:25:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYV1612.html
[2011-04-01 08:44:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLi1380.html
[2011-03-31 09:12:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTp1764.html
[2011-03-30 08:48:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQH1688.html
[2011-03-30 08:48:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBD1688.html
[2011-03-30 08:48:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGA1688.html
[2011-03-30 08:48:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLU1688.html
[2011-03-29 07:38:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTF1908.html
[2011-03-29 07:38:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDs1908.html
[2011-03-29 07:38:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuM1908.html
[2011-03-29 07:38:40 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXf1908.html
[2011-03-28 10:59:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKE1324.html
[2011-03-28 10:59:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCK1324.html
[2011-03-28 10:59:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdL1324.html
[2011-03-28 10:59:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYB1324.html
[2011-03-27 09:42:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbf1272.html
[2011-03-27 09:42:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqr1272.html
[2011-03-27 09:42:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLc1272.html
[2011-03-27 09:42:35 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIN1272.html
[2011-03-26 14:08:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJP2084.html
[2011-03-26 14:08:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKN2084.html
[2011-03-26 14:08:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmY2084.html
[2011-03-26 14:08:31 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAg2084.html
[2011-03-26 08:56:06 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnM2052.html
[2011-03-26 08:56:06 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbJ2052.html
[2011-03-26 08:56:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGP2052.html
[2011-03-26 08:56:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHE2052.html
[2011-03-25 10:21:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUM2064.html
[2011-03-25 10:21:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempia2064.html
[2011-03-25 10:21:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYk2064.html
[2011-03-25 10:21:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdR2064.html
[2011-03-24 10:34:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUO1320.html
[2011-03-24 10:34:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQR1320.html
[2011-03-24 10:34:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMg1320.html
[2011-03-24 10:34:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTD1320.html
[2011-03-23 22:15:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQi5276.html
[2011-03-23 22:15:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppE5276.html
[2011-03-23 22:15:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxy5276.html
[2011-03-23 22:15:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfp5276.html
[2011-03-23 11:06:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTO1672.html
[2011-03-23 11:06:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGW1672.html
[2011-03-22 16:12:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTJ2064.html
[2011-03-22 16:12:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIv2064.html
[2011-03-22 16:12:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDP2064.html
[2011-03-22 16:12:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempha2064.html
[2011-03-22 09:45:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBH2056.html
[2011-03-22 09:45:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDg2056.html
[2011-03-22 09:45:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempdi2056.html
[2011-03-22 09:45:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNO2056.html
[2011-03-21 09:46:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempex2188.html
[2011-03-21 09:46:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIN2188.html
[2011-03-21 09:46:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCL2188.html
[2011-03-21 09:46:44 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphV2188.html
[2011-03-20 10:31:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHw1376.html
[2011-03-20 10:31:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprs1376.html
[2011-03-20 10:31:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXM1376.html
[2011-03-20 10:31:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLW1376.html
[2011-03-19 09:49:24 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfz1588.html
[2011-03-19 02:55:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSY4692.html
[2011-03-19 02:55:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDw4692.html
[2011-03-19 02:55:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIF4692.html
[2011-03-19 02:55:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMQ4692.html
[2011-03-18 10:02:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJA2036.html
[2011-03-18 10:02:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdY2036.html
[2011-03-18 10:02:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempis2036.html
[2011-03-18 10:02:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnW2036.html
[2011-03-16 08:03:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHR2308.html
[2011-03-16 08:03:44 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcS2308.html
[2011-03-16 08:03:43 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyw2308.html
[2011-03-16 08:03:43 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqK2308.html
[2011-03-15 18:12:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKj2012.html
[2011-03-15 16:23:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBC1388.html
[2011-03-15 16:23:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqm1388.html
[2011-03-15 16:23:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAJ1388.html
[2011-03-15 16:23:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIl1388.html
[2011-03-15 10:06:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvR2044.html
[2011-03-15 10:06:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdA2044.html
[2011-03-15 10:06:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqZ2044.html
[2011-03-15 10:06:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMS2044.html
[2011-03-15 00:39:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcM1220.html
[2011-03-15 00:39:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTS1220.html
[2011-03-15 00:39:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempey1220.html
[2011-03-15 00:39:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempdk1220.html
[2011-03-14 08:46:53 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJR2052.html
[2011-03-12 10:02:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCk1896.html
[2011-03-11 16:51:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDD1884.html
[2011-03-11 08:31:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyn2072.html
[2011-03-11 08:31:55 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJP2072.html
[2011-03-11 08:31:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSu2072.html
[2011-03-11 08:31:54 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcs2072.html
[2011-03-10 12:15:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeD2160.html
[2011-03-10 12:15:26 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTa2160.html
[2011-03-10 12:15:25 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeB2160.html
[2011-03-10 12:15:25 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSu2160.html
[2011-03-09 23:48:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbI3660.html
[2011-03-09 23:48:13 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTI3660.html
[2011-03-09 23:48:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfn3660.html
[2011-03-09 23:48:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsb3660.html
[2011-03-09 13:31:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyv1460.html
[2011-03-09 13:31:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRT1460.html
[2011-03-09 13:31:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwx1460.html
[2011-03-09 13:31:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLp1460.html
[2011-03-08 19:29:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLe1684.html
[2011-03-08 09:51:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRJ2128.html
[2011-03-08 09:51:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuM2128.html
[2011-03-08 09:51:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempED2128.html
[2011-03-08 09:51:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmI2128.html
[2011-03-07 10:35:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnQ1584.html
[2011-03-07 10:35:58 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKF1584.html
[2011-03-07 10:35:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDI1584.html
[2011-03-07 10:35:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMr1584.html
[2011-03-06 11:26:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUg2060.html
[2011-03-06 11:26:11 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVa2060.html
[2011-03-06 11:26:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKk2060.html
[2011-03-06 11:26:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUo2060.html
[2011-03-06 11:04:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGf1660.html
[2011-03-06 11:04:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNg1660.html
[2011-03-06 11:04:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempmt1660.html
[2011-03-06 11:04:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsl1660.html
[2011-03-05 09:15:16 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXB1800.html
[2011-03-04 18:03:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUp1496.html
[2011-03-04 10:01:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqo1604.html
[2011-03-04 10:01:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNZ1604.html
[2011-03-04 10:01:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNQ1604.html
[2011-03-04 10:01:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBE1604.html
[2011-03-03 21:45:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempdc5256.html
[2011-03-03 21:45:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAI5256.html
[2011-03-03 21:45:40 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJQ5256.html
[2011-03-03 21:45:40 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaX5256.html
[2011-03-03 16:23:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMf1576.html
[2011-03-03 16:23:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprI1576.html
[2011-03-03 10:19:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjn1592.html
[2011-03-03 10:19:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnp1592.html
[2011-03-03 10:19:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGd1592.html
[2011-03-03 10:19:27 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMD1592.html
[2011-03-02 23:43:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNl1960.html
[2011-03-02 23:43:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temptm1960.html
[2011-03-02 23:43:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXC1960.html
[2011-03-02 23:43:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdH1960.html
[2011-03-02 11:04:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprl5964.html
[2011-03-02 11:04:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAM5964.html
[2011-03-02 11:04:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprw5964.html
[2011-03-02 11:04:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfg5964.html
[2011-03-01 10:17:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJN2140.html
[2011-03-01 10:17:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHz2140.html
[2011-03-01 10:17:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxY2140.html
[2011-03-01 10:17:15 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXf2140.html
[2011-02-28 11:47:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppW2104.html
[2011-02-28 00:30:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEN1908.html
[2011-02-28 00:30:20 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXr1908.html
[2011-02-28 00:30:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcM1908.html
[2011-02-28 00:30:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOk1908.html
[2011-02-27 23:00:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkw4548.html
[2011-02-27 23:00:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkG4548.html
[2011-02-27 23:00:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYp4548.html
[2011-02-27 23:00:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGA4548.html
[2011-02-27 14:41:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXp1888.html
[2011-02-27 14:41:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUr1888.html
[2011-02-27 10:30:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBY1712.html
[2011-02-27 10:30:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHZ1712.html
[2011-02-27 10:30:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHO1712.html
[2011-02-27 10:30:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKf1712.html
[2011-02-26 23:26:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUY1796.html
[2011-02-26 23:26:54 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppY1796.html
[2011-02-26 23:26:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNV1796.html
[2011-02-26 23:26:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVU1796.html
[2011-02-25 16:46:24 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqN2072.html
[2011-02-25 16:46:24 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAG2072.html
[2011-02-25 16:46:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempME2072.html
[2011-02-25 16:46:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGU2072.html
[2011-02-25 08:40:16 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKX1484.html
[2011-02-25 08:40:16 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempas1484.html
[2011-02-25 08:40:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkD1484.html
[2011-02-25 08:40:14 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNq1484.html
[2011-02-24 18:27:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkT1104.html
[2011-02-24 18:27:58 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEx1104.html
[2011-02-24 18:27:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeR1104.html
[2011-02-24 18:27:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXo1104.html
[2011-02-24 08:49:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxz3148.html
[2011-02-24 08:49:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQb3148.html
[2011-02-24 08:49:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTR3148.html
[2011-02-24 08:49:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKw3148.html
[2011-02-22 12:23:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempni1516.html
[2011-02-22 12:23:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGD1516.html
[2011-02-22 12:01:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWN1928.html
[2011-02-22 12:01:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbY1928.html
[2011-02-22 12:01:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWK1928.html
[2011-02-22 12:01:15 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqQ1928.html
[2011-02-21 20:43:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempok1072.html
[2011-02-21 20:43:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNW1072.html
[2011-02-21 20:43:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnk1072.html
[2011-02-21 20:43:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAu1072.html
[2011-02-21 09:36:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKr1080.html
[2011-02-21 09:36:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnM1080.html
[2011-02-21 09:36:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppp1080.html
[2011-02-21 09:36:35 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkU1080.html
[2011-02-20 18:54:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempni7100.html
[2011-02-20 18:54:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempig7100.html
[2011-02-20 18:54:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxW7100.html
[2011-02-20 18:54:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppy7100.html
[2011-02-20 05:01:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbo2656.html
[2011-02-20 05:01:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempgf2656.html
[2011-02-19 00:37:09 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-02-19 00:37:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-02-18 10:19:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcI1860.html
[2011-02-17 20:57:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxK1844.html
[2011-02-17 20:57:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOG1844.html
[2011-02-17 10:50:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsi1072.html
[2011-02-17 10:50:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempoi1072.html
[2011-02-17 10:49:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXR1072.html
[2011-02-17 10:49:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSM1072.html
[2011-02-17 09:08:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFb1996.html
[2011-02-17 09:08:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCl1996.html
[2011-02-16 15:30:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMl2040.html
[2011-02-16 15:30:27 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaD2040.html
[2011-02-16 15:30:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppa2040.html
[2011-02-16 15:30:26 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYJ2040.html
[2011-02-16 10:17:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqE2044.html
[2011-02-16 10:17:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDJ2044.html
[2011-02-16 10:17:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvc2044.html
[2011-02-16 10:17:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphC2044.html
[2011-02-15 22:06:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemplR1592.html
[2011-02-15 22:06:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphT1592.html
[2011-02-15 22:06:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJq1592.html
[2011-02-15 11:26:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemplG1320.html
[2011-02-15 11:26:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIG1320.html
[2011-02-15 11:26:51 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVD1320.html
[2011-02-15 11:26:51 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOI1320.html
[2011-02-14 14:28:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHy5216.html
[2011-02-14 14:28:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHC5216.html
[2011-02-14 11:05:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempko1324.html
[2011-02-14 11:05:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPd1324.html
[2011-02-13 11:07:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempww1304.html
[2011-02-13 11:07:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempdx1304.html
[2011-02-13 11:07:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGs1304.html
[2011-02-13 11:07:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgY1304.html
[2011-02-13 04:24:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNR3608.html
[2011-02-13 04:24:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbO3608.html
[2011-02-13 04:24:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdG3608.html
[2011-02-13 04:24:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFM3608.html
[2011-02-12 11:13:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJp1620.html
[2011-02-12 11:13:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIm1620.html
[2011-02-11 10:26:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVi2132.html
[2011-02-11 10:26:25 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCw2132.html
[2011-02-10 10:56:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMb1084.html
[2011-02-10 10:56:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZO1084.html
[2011-02-09 15:50:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTm3768.html
[2011-02-09 15:50:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEh3768.html
[2011-02-09 15:03:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-02-09 12:45:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxQ2220.html
[2011-02-09 12:45:43 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemptP2220.html
[2011-02-09 08:10:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuc1168.html
[2011-02-09 08:10:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempry1168.html
[2011-02-08 10:52:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempip5088.html
[2011-02-08 10:52:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuZ5088.html
[2011-02-08 10:30:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkt2008.html
[2011-02-08 10:30:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVd2008.html
[2011-02-07 16:27:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLt2024.html
[2011-02-07 16:27:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBg2024.html
[2011-02-07 12:13:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temptm1540.html
[2011-02-07 12:13:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVo1540.html
[2011-02-06 21:08:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZD1420.html
[2011-02-06 19:53:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBk1160.html
[2011-02-06 19:53:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXB1160.html
[2011-02-06 18:21:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJov900.html
[2011-02-06 18:21:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzdm900.html
[2011-02-06 10:57:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIC2052.html
[2011-02-06 10:57:55 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMi2052.html
[2011-02-06 10:57:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempjA2052.html
[2011-02-06 10:57:54 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbZ2052.html
[2011-02-05 21:47:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphG1984.html
[2011-02-05 21:47:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeS1984.html
[2011-02-05 20:01:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCQ2028.html
[2011-02-05 20:01:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWH2028.html
[2011-02-05 10:52:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaI1160.html
[2011-02-05 10:52:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgF1160.html
[2011-02-03 11:33:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSW1284.html
[2011-02-03 11:33:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfH1284.html
[2011-02-02 10:09:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPt1264.html
[2011-02-02 10:09:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkC1264.html
[2011-02-02 10:09:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyU1264.html
[2011-02-02 10:09:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjb1264.html
[2011-02-01 12:09:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSN1356.html
[2011-02-01 12:09:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempxd1356.html
[2011-02-01 12:08:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkB1356.html
[2011-02-01 12:08:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBM1356.html
[2011-01-31 13:16:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTF5784.html
[2011-01-31 13:16:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphw5784.html
[2011-01-31 13:16:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYL5784.html
[2011-01-31 13:16:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUn5784.html
[2011-01-29 00:20:53 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAg3080.html
[2011-01-29 00:20:53 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmO3080.html
[2011-01-29 00:20:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHo3080.html
[2011-01-29 00:20:51 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUN3080.html
[2011-01-28 22:19:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Templr4212.html
[2011-01-27 23:59:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfO5604.html
[2011-01-27 23:59:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjv5604.html
[2011-01-27 23:59:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeO5604.html
[2011-01-27 23:59:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMV5604.html
[2011-01-27 16:52:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKq3648.html
[2011-01-27 16:52:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfe3648.html
[2011-01-27 11:39:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnl1384.html
[2011-01-27 11:39:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsl1384.html
[2011-01-26 11:42:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsN1056.html
[2011-01-26 11:42:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBu1056.html
[2011-01-25 12:41:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuE1292.html
[2011-01-25 12:41:58 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempET1292.html
[2011-01-25 12:41:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBY1292.html
[2011-01-25 12:41:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZN1292.html
[2011-01-24 19:35:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSz1256.html
[2011-01-24 19:35:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfE1256.html
[2011-01-24 19:35:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWQ1256.html
[2011-01-24 19:35:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgF1256.html
[2011-01-24 12:05:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVH1208.html
[2011-01-24 12:05:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoJ1208.html
[2011-01-24 12:05:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMq1208.html
[2011-01-24 12:05:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Templs1208.html
[2011-01-23 23:24:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMm6004.html
[2011-01-23 23:24:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIr6004.html
[2011-01-23 23:24:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqh6004.html
[2011-01-23 23:24:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxA6004.html
[2011-01-23 12:07:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfJ2044.html
[2011-01-23 12:07:44 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprM2044.html
[2011-01-23 12:07:43 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRo2044.html
[2011-01-23 12:07:43 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCQ2044.html
[2011-01-22 12:08:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNp1168.html
[2011-01-22 12:08:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempya1168.html
[2011-01-21 15:15:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLa6024.html
[2011-01-21 15:15:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkk6024.html
[2011-01-21 15:15:13 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvP6024.html
[2011-01-21 10:55:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyi1888.html
[2011-01-21 10:55:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAv1888.html
[2011-01-20 17:54:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsR2020.html
[2011-01-20 17:54:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempob2020.html
[2011-01-20 16:31:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphU5888.html
[2011-01-20 16:31:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempft5888.html
[2011-01-20 16:31:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempzB5888.html
[2011-01-20 16:31:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGe5888.html
[2011-01-20 10:21:06 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQG1832.html
[2011-01-20 10:21:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEP1832.html
[2011-01-19 23:37:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJF1144.html
[2011-01-19 23:37:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempME1144.html
[2011-01-19 23:37:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqQ1144.html
[2011-01-19 23:37:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNm1144.html
[2011-01-19 22:58:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprG2016.html
[2011-01-19 22:58:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTB2016.html
[2011-01-19 22:58:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempab2016.html
[2011-01-19 22:58:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOo2016.html
[2011-01-19 21:40:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempom2368.html
[2011-01-19 21:40:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAR2368.html
[2011-01-19 12:16:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaO2368.html
[2011-01-19 12:16:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZr2368.html
[2011-01-19 09:59:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuR1664.html
[2011-01-19 09:59:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKY1664.html
[2011-01-18 17:56:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphp2000.html
[2011-01-18 17:56:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJq2000.html
[2011-01-18 17:56:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfn2000.html
[2011-01-18 17:56:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempfb2000.html
[2011-01-18 13:52:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFP1988.html
[2011-01-18 13:52:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAN1988.html
[2011-01-18 13:52:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuG1988.html
[2011-01-18 13:52:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRw1988.html
[2011-01-18 10:43:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprE1128.html
[2011-01-18 10:43:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSh1128.html
[2011-01-18 10:43:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempQE1128.html
[2011-01-18 10:43:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWO1128.html
[2011-01-17 10:47:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcp2012.html
[2011-01-17 10:47:33 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFY2012.html
[2011-01-17 10:47:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRR2012.html
[2011-01-17 10:47:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIY2012.html
[2011-01-16 16:08:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfZ2872.html
[2011-01-16 16:08:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempac2872.html
[2011-01-16 16:08:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKf2872.html
[2011-01-16 16:08:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphQ2872.html
[2011-01-16 10:12:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempby1488.html
[2011-01-15 17:07:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUp3200.html
[2011-01-15 17:07:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKO3200.html
[2011-01-15 17:07:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjg3200.html
[2011-01-15 17:07:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcX3200.html
[2011-01-14 21:17:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVj5100.html
[2011-01-14 21:17:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTL5100.html
[2011-01-14 14:52:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHu5100.html
[2011-01-14 14:52:51 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGx5100.html
[2011-01-14 14:52:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSz5100.html
[2011-01-13 11:11:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempkt2032.html
[2011-01-13 11:11:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRm2032.html
[2011-01-13 00:02:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCW1308.html
[2011-01-13 00:02:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppI1308.html
[2011-01-13 00:02:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaH1308.html
[2011-01-13 00:02:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoI1308.html
[2011-01-12 17:32:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCc3984.html
[2011-01-12 17:32:04 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempay3984.html
[2011-01-12 17:32:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUs3984.html
[2011-01-12 17:32:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUE3984.html
[2011-01-12 10:50:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSy1352.html
[2011-01-12 10:50:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempph1352.html
[2011-01-12 10:50:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempgg1352.html
[2011-01-12 10:50:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWi1352.html
[2011-01-11 22:54:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFt4344.html
[2011-01-11 22:54:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUv4344.html
[2011-01-11 22:54:29 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHG4344.html
[2011-01-11 22:54:29 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRV4344.html
[2011-01-11 09:29:44 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuu1032.html
[2011-01-10 12:07:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWe1376.html
[2011-01-10 12:07:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempzV1376.html
[2011-01-09 11:37:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempiu1828.html
[2011-01-09 11:37:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBC1828.html
[2011-01-09 11:37:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUy1828.html
[2011-01-09 11:37:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempav1828.html
[2011-01-08 20:54:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsO1744.html
[2011-01-08 20:54:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPC1744.html
[2011-01-08 20:54:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeY1744.html
[2011-01-08 20:54:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRW1744.html
[2011-01-08 19:37:53 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzw1340.html
[2011-01-08 19:37:53 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempoy1340.html
[2011-01-08 19:37:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFt1340.html
[2011-01-08 19:37:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCU1340.html
[2011-01-08 19:28:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyZ1724.html
[2011-01-08 19:28:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTN1724.html
[2011-01-08 19:28:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEj1724.html
[2011-01-08 19:28:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbi1724.html
[2011-01-08 12:28:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempyu1496.html
[2011-01-08 12:28:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSF1496.html
[2011-01-08 12:28:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIL1496.html
[2011-01-08 12:28:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUK1496.html
[2011-01-07 22:43:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempra2044.html
[2011-01-07 22:43:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempba2044.html
[2011-01-07 22:43:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkH2044.html
[2011-01-07 22:43:07 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprL2044.html
[2011-01-07 21:52:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbL1260.html
[2011-01-07 21:52:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMo1260.html
[2011-01-07 21:52:08 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBx1260.html
[2011-01-07 21:52:08 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGi1260.html
[2011-01-07 11:59:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcY1288.html
[2011-01-07 11:59:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxC1288.html
[2011-01-07 11:59:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaH1288.html
[2011-01-07 11:59:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmE1288.html
[2011-01-06 12:55:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOK1824.html
[2011-01-06 12:55:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAa1824.html
[2011-01-06 12:55:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdZ1824.html
[2011-01-06 12:55:39 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgA1824.html
[2011-01-05 12:29:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempwC2044.html
[2011-01-05 12:29:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaQ2044.html
[2011-01-05 12:29:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTQ2044.html
[2011-01-05 12:29:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBM2044.html
[2011-01-04 11:26:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temptx1216.html
[2011-01-04 11:26:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqe1216.html
[2011-01-04 11:26:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoP1216.html
[2011-01-04 11:26:34 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGw1216.html
[2011-01-03 21:17:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFq2032.html
[2011-01-03 21:17:17 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcq2032.html
[2011-01-03 21:17:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempad2032.html
[2011-01-03 21:17:15 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuV2032.html
[2011-01-03 15:02:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJr1296.html
[2011-01-03 15:02:46 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphi1296.html
[2011-01-03 15:02:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZl1296.html
[2011-01-03 15:02:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCk1296.html
[2011-01-03 11:45:15 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBc1320.html
[2011-01-03 11:45:15 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppE1320.html
[2011-01-03 11:45:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYM1320.html
[2011-01-03 11:45:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWH1320.html
[2011-01-02 14:48:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmMB736.html
[2011-01-02 14:48:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempljH736.html
[2011-01-02 14:48:55 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSZH736.html
[2011-01-02 14:48:55 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMNU736.html
[2011-01-02 10:19:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTE1032.html
[2011-01-01 12:36:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempSz2032.html
[2011-01-01 12:36:13 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbj2032.html
[2011-01-01 12:36:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempem2032.html
[2011-01-01 12:36:12 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphK2032.html
[2010-12-31 18:00:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempkwP960.html
[2010-12-31 18:00:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNjN960.html
[2010-12-31 11:01:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCHn960.html
[2010-12-31 11:01:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmVH960.html
[2010-12-30 09:43:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgE2040.html
[2010-12-30 09:43:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqf2040.html
[2010-12-30 09:43:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZB2040.html
[2010-12-30 09:43:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCX2040.html
[2010-12-29 20:21:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoE1240.html
[2010-12-29 20:21:41 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempai1240.html
[2010-12-29 09:36:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempmc1240.html
[2010-12-29 09:36:31 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKt1240.html
[2010-12-28 10:20:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempcG1940.html
[2010-12-27 09:11:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaX1308.html
[2010-12-27 09:11:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempxX1308.html
[2010-12-26 19:56:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNY5516.html
[2010-12-26 19:56:14 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGo5516.html
[2010-12-24 09:35:39 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFy1572.html
[2010-12-23 16:57:35 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempNo2012.html
[2010-12-22 19:31:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgC5504.html
[2010-12-22 09:38:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempax1496.html
[2010-12-22 00:21:04 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYD5344.html
[2010-12-20 09:07:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdN1732.html
[2010-12-19 09:07:12 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempfdN560.html
[2010-12-18 09:13:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnC1700.html
[2010-12-17 22:18:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBj4080.html
[2010-12-17 17:55:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFi5984.html
[2010-12-17 09:26:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAe3456.html
[2010-12-16 22:45:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXq5244.html
[2010-12-16 22:45:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKp5244.html
[2010-12-16 08:59:25 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsA1920.html
[2010-12-14 09:14:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKE1924.html
[2010-12-13 10:03:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphb2124.html
[2010-12-12 10:01:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjv1040.html
[2010-12-11 09:18:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempra1496.html
[2010-12-10 20:36:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEH4744.html
[2010-12-10 17:01:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLP5804.html
[2010-12-10 16:43:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKR3024.html
[2010-12-10 16:38:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZM3544.html
[2010-12-10 08:28:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEP1972.html
[2010-12-08 10:38:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOp1988.html
[2010-12-07 11:11:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEs1428.html
[2010-12-06 16:53:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempEg3984.html
[2010-12-06 16:04:14 | 000,000,000 | ---- | C] () -- C:\Users\Kanada1702\AppData\Roaming\Woodwind
[2010-12-06 15:56:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010-12-05 19:10:58 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcu5720.html
[2010-12-04 14:52:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRP6508.html
[2010-12-02 08:29:17 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTv1712.html
[2010-12-01 04:04:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqN2144.html
[2010-11-30 08:31:16 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuj1700.html
[2010-11-30 08:31:16 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempbP1700.html
[2010-11-29 22:35:46 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmT1552.html
[2010-11-29 22:35:46 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempsq1552.html
[2010-11-29 14:28:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqx4796.html
[2010-11-29 14:28:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppG4796.html
[2010-11-28 14:15:36 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHl5656.html
[2010-11-28 14:15:36 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempbm5656.html
[2010-11-28 10:03:27 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnb1920.html
[2010-11-27 20:14:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRt2040.html
[2010-11-27 20:14:32 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempnh2040.html
[2010-11-27 10:24:40 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVZ1896.html
[2010-11-26 09:52:11 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphp1924.html
[2010-11-26 09:52:11 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuq1924.html
[2010-11-25 19:27:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempiy1880.html
[2010-11-25 19:27:05 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempwK1880.html
[2010-11-25 16:32:49 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempmV4480.html
[2010-11-25 16:32:49 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemppL4480.html
[2010-11-25 08:36:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempom1288.html
[2010-11-24 17:53:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZl5296.html
[2010-11-24 17:53:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempaT5296.html
[2010-11-24 09:21:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphh1652.html
[2010-11-23 17:08:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZk1524.html
[2010-11-20 18:37:50 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempAT1484.html
[2010-11-20 18:37:50 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFo1484.html
[2010-11-19 17:53:18 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGO1920.html
[2010-11-19 17:53:18 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempVS1920.html
[2010-11-17 20:59:09 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjh1240.html
[2010-11-17 20:59:09 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgA1240.html
[2010-11-16 21:08:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXN1256.html
[2010-11-15 22:00:38 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempph1988.html
[2010-11-15 22:00:38 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuV1988.html
[2010-11-15 21:21:01 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUR1408.html
[2010-11-15 21:21:01 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFz1408.html
[2010-11-15 12:55:56 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvo2036.html
[2010-11-15 12:55:56 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempqA2036.html
[2010-11-15 08:56:57 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFD3988.html
[2010-11-15 08:56:57 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKZ3988.html
[2010-11-14 13:25:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempRJ2060.html
[2010-11-14 13:25:31 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempsZ2060.html
[2010-11-14 10:00:42 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempFi1520.html
[2010-11-14 10:00:42 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphi1520.html
[2010-11-13 09:26:59 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphd1388.html
[2010-11-13 09:26:59 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYB1388.html
[2010-11-10 12:34:30 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempmn1872.html
[2010-11-10 12:34:30 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemptC1872.html
[2010-11-09 21:06:20 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempPy1404.html
[2010-11-08 10:08:24 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempCw1288.html
[2010-11-07 23:39:45 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOp2760.html
[2010-11-07 23:39:45 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temppe2760.html
[2010-11-07 10:11:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempOV1108.html
[2010-11-06 16:11:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempTW1504.html
[2010-11-05 23:20:41 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKi1248.html
[2010-11-05 17:36:55 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempcf1832.html
[2010-11-05 13:52:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temphb3904.html
[2010-11-05 13:52:47 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempjf3904.html
[2010-11-05 12:58:19 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempwE1168.html
[2010-11-05 12:58:19 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempnK1168.html
[2010-11-05 12:13:43 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempWl2068.html
[2010-11-05 12:13:43 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBR2068.html
[2010-11-05 09:51:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphI1736.html
[2010-11-05 09:51:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempGk1736.html
[2010-11-05 09:24:51 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempzU1448.html
[2010-11-04 17:31:54 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempZJ1980.html
[2010-11-04 17:31:54 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMw1980.html
[2010-11-04 17:26:21 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempgl1136.html
[2010-11-04 17:26:21 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemphW1136.html
[2010-11-04 12:22:22 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempdC1308.html
[2010-11-04 12:22:22 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIE1308.html
[2010-11-04 09:07:33 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempLN2016.html
[2010-11-03 09:27:42 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDw1708.html
[2010-11-02 09:20:47 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TemprJ1740.html
[2010-11-01 14:11:13 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempeZ2068.html
[2010-11-01 14:11:13 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIb2068.html
[2010-11-01 13:19:31 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempDH4004.html
[2010-11-01 10:12:12 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-11-01 09:40:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempMy1168.html
[2010-11-01 09:25:37 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJy1732.html
[2010-11-01 09:25:37 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Temprt1732.html
[2010-11-01 09:07:16 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyJ1912.html
[2010-10-31 22:03:03 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempee1316.html
[2010-10-31 22:03:03 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempwD1316.html
[2010-10-31 11:00:32 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempHn1404.html
[2010-10-31 09:31:02 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyP1308.html
[2010-10-31 09:31:02 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempJc1308.html
[2010-10-30 18:05:07 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBq3736.html
[2010-10-30 08:58:05 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempXz1856.html
[2010-10-29 15:59:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempqi1532.html
[2010-10-28 17:33:10 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempyL1872.html
[2010-10-28 17:33:10 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempuz1872.html
[2010-10-27 22:10:34 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempoU1548.html
[2010-10-27 17:54:00 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempKP1916.html
[2010-10-27 17:54:00 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempIA1916.html
[2010-10-27 00:23:26 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempvc1432.html
[2010-10-27 00:23:26 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgU1432.html
[2010-10-26 23:42:48 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempUG1620.html
[2010-10-26 23:42:48 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempvP1620.html
[2010-10-26 17:40:28 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgV1136.html
[2010-10-26 17:40:28 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempil1136.html
[2010-10-26 17:31:14 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempYT2064.html
[2010-10-26 17:31:14 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempuE2064.html
[2010-10-25 18:08:52 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempBX1836.html
[2010-10-25 18:08:52 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempwy1836.html
[2010-10-24 17:57:50 | 001,592,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-10-24 16:57:23 | 000,002,432 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\Tempzq4896.html
[2010-10-24 16:57:23 | 000,002,089 | ---- | C] () -- C:\Users\Kanada1702\AppData\Local\TempgW4896.html
[2010-10-14 21:55:51 | 000,000,198 | ---- | C] () -- C:\Users\Kanada1702\AppData\Roaming\default.rss
[2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010-10-13 17:26:34 | 000,000,453 | ---- | C] () -- C:\Users\Kanada1702\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2010-09-04 18:44:16 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2010-08-28 19:10:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-03-15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-02-24 13:40:02 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2009-02-24 13:40:02 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2009-02-24 13:40:02 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2009-02-24 13:40:02 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2009-02-24 13:40:02 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2009-02-24 13:40:02 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2009-02-24 13:40:02 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2009-02-24 13:40:02 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2009-02-24 13:40:02 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2009-02-24 13:40:02 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini
[2008-09-10 12:17:24 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2008-09-10 11:46:10 | 000,044,064 | ---- | C] () -- C:\Windows\CPLUtl64.exe
========== LOP Check ==========
[2011-04-25 21:54:09 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\AVG
[2011-04-25 20:26:09 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\AVG10
[2010-09-08 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010-11-27 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\BESTplayer
[2010-11-27 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Christofer Persson
[2010-09-22 15:44:45 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\DAEMON Tools Lite
[2010-12-29 20:21:40 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Gadu-Gadu 10
[2010-10-24 16:07:21 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\GetRightToGo
[2011-04-19 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\ipla
[2010-12-06 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Nikon
[2011-02-05 21:37:15 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Nokia
[2010-10-24 22:00:51 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\OpenFM
[2010-10-31 13:54:55 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\PC Suite
[2011-04-19 23:19:37 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\RDRM
[2011-05-03 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\uTorrent
[2010-11-27 19:49:01 | 000,000,000 | ---D | M] -- C:\Users\Kanada1702\AppData\Roaming\Win7codecs
[2011-04-24 08:50:07 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >
#6
Posted 03 May 2011 - 10:50 AM
kanada1702
- Topic Starter
-
- Member
-
- 21 posts
Member
i only got this one txt back
#7
Posted 03 May 2011 - 11:58 AM
kanada1702
- Topic Starter
-
- Member
-
- 21 posts
Member
GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-03 18:57:11
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0x6C 0x1B 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x60 0xDC 0x2C 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0x5D 0x5B 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0x6C 0x1B 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x60 0xDC 0x2C 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0x5D 0x5B 0xDC ...
---- EOF - GMER 1.0.15 ----
Rootkit scan 2011-05-03 18:57:11
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0x6C 0x1B 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x60 0xDC 0x2C 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0x5D 0x5B 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0x6C 0x1B 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x60 0xDC 0x2C 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0x5D 0x5B 0xDC ...
---- EOF - GMER 1.0.15 ----
#8
Posted 03 May 2011 - 04:51 PM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
=====================================
Some reminders:
Torrent
You may consider that P2P downloads are one of the most common way to geting infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using P2P programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware.
You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.
======================================
We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding
Download AppRemover and run it.
Click Next >>
Ensure "Remove Security Application" is collected and click Next >>
AppRemover will scan all the security applications on your PC
Select Any AVG entries from the applications offered and click Next >> twice.
Follow any further on-screen instructions. If asked to reboot,please do so.
Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed
Next
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Some reminders:
Torrent
You may consider that P2P downloads are one of the most common way to geting infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using P2P programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware.
You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.
======================================
We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding
Download AppRemover and run it.
Click Next >>
Ensure "Remove Security Application" is collected and click Next >>
AppRemover will scan all the security applications on your PC
Select Any AVG entries from the applications offered and click Next >> twice.
Follow any further on-screen instructions. If asked to reboot,please do so.
Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed
Next
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
- Double click on Combofix.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
#9
Posted 04 May 2011 - 06:14 AM
kanada1702
- Topic Starter
-
- Member
-
- 21 posts
Member
ComboFix 11-05-02.04 - Kanada1702 2011-05-04 13:04:49.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.3072.1708 [GMT 1:00]
Uruchomiony z: c:\users\Kanada1702\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\uninstall.exe
c:\program files (x86)\facemoods.com\sqlite3.dll
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-04-04 do 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 12:11 . 2011-05-04 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 11:52 . 2011-05-04 11:52 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-05-03 13:05 . 2010-11-20 04:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2011-05-03 13:05 . 2010-11-20 04:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-05-03 13:05 . 2009-07-13 16:24 2560 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2011-05-03 13:05 . 2010-11-20 04:13 6144 ----a-w- c:\windows\system32\drivers\en-US\rdvgkmd.sys.mui
2011-05-03 13:05 . 2010-11-20 04:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2011-05-03 13:05 . 2010-11-20 04:11 4096 ----a-w- c:\windows\system32\drivers\en-US\tsusbhub.sys.mui
2011-05-03 13:05 . 2010-11-20 03:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2011-05-03 13:05 . 2009-07-13 16:26 24576 ----a-w- c:\windows\system32\drivers\en-US\usbport.sys.mui
2011-05-03 13:05 . 2009-07-13 16:24 7680 ----a-w- c:\windows\system32\drivers\en-US\tunnel.sys.mui
2011-05-03 13:05 . 2009-07-13 16:27 7168 ----a-w- c:\windows\system32\drivers\en-US\battc.sys.mui
2011-04-29 17:14 . 2011-04-29 17:14 -------- d-----w- c:\program files (x86)\BBC iPlayer Desktop
2011-04-25 21:36 . 2011-04-25 21:36 -------- d-----w- c:\users\Kanada1702\AppData\Roaming\Malwarebytes
2011-04-25 21:36 . 2011-04-25 21:36 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 21:36 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 21:27 . 2011-04-25 21:27 -------- d-----w- C:\_OTL
2011-04-25 19:26 . 2011-04-25 19:26 -------- d-----w- c:\users\Kanada1702\AppData\Roaming\AVG10
2011-04-25 19:08 . 2011-05-04 10:44 -------- d-----w- c:\programdata\AVG10
2011-04-25 10:54 . 2011-04-25 10:54 -------- d-----w- c:\users\Kanada1702\AppData\Local\ESET
2011-04-13 20:52 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 20:51 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-13 18:02 . 2011-04-25 19:07 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:19 . 2011-04-27 09:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 09:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-27 21:30 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-27 21:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-19 12:05 . 2011-03-09 12:47 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 12:47 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 12:47 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 12:47 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 12:47 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 23:36 . 2011-02-18 23:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-18 23:36 . 2011-02-18 23:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-02-18 23:36 . 2011-02-18 23:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-18 23:36 . 2011-02-18 23:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-02-09 12:46 . 2011-02-09 12:46 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-02-09 12:46 . 2011-02-09 12:46 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLPlayer\ALLUpdate.exe" [2011-02-08 1362944]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-02 395128]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-18 79360]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 21:16]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 21:16]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674711036-1596238359-3314894375-1000Core.job
- c:\users\Kanada1702\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 17:11]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674711036-1596238359-3314894375-1000UA.job
- c:\users\Kanada1702\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 17:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2008-09-10 604704]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-06-22 109056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kanada1702\AppData\Roaming\Mozilla\Firefox\Profiles\sv9c2yuh.default\
FF - prefs.js: browser.search.selectedEngine - qooqlle
FF - prefs.js: browser.startup.homepage - hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 9666
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 9666
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9666
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Babylon Spelling and Proofreading: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Babylon: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: FoxyProxy Standard: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Basic: [email protected] - %profile%\extensions\[email protected]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{0d0c3dac-76cf-403d-b7fb-d56fa2e186fe} - (no file)
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\uninstall.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-05-04 13:13:21
ComboFix-quarantined-files.txt 2011-05-04 12:13
.
Przed: 27 063 386 112 bytes free
Po: 27 241 099 264 bytes free
.
- - End Of File - - 741F5DD151FEC2F9D67637D51D213DA7
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.3072.1708 [GMT 1:00]
Uruchomiony z: c:\users\Kanada1702\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\uninstall.exe
c:\program files (x86)\facemoods.com\sqlite3.dll
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-04-04 do 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 12:11 . 2011-05-04 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 11:52 . 2011-05-04 11:52 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-05-03 13:05 . 2010-11-20 04:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2011-05-03 13:05 . 2010-11-20 04:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-05-03 13:05 . 2009-07-13 16:24 2560 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2011-05-03 13:05 . 2010-11-20 04:13 6144 ----a-w- c:\windows\system32\drivers\en-US\rdvgkmd.sys.mui
2011-05-03 13:05 . 2010-11-20 04:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2011-05-03 13:05 . 2010-11-20 04:11 4096 ----a-w- c:\windows\system32\drivers\en-US\tsusbhub.sys.mui
2011-05-03 13:05 . 2010-11-20 03:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2011-05-03 13:05 . 2009-07-13 16:26 24576 ----a-w- c:\windows\system32\drivers\en-US\usbport.sys.mui
2011-05-03 13:05 . 2009-07-13 16:24 7680 ----a-w- c:\windows\system32\drivers\en-US\tunnel.sys.mui
2011-05-03 13:05 . 2009-07-13 16:27 7168 ----a-w- c:\windows\system32\drivers\en-US\battc.sys.mui
2011-04-29 17:14 . 2011-04-29 17:14 -------- d-----w- c:\program files (x86)\BBC iPlayer Desktop
2011-04-25 21:36 . 2011-04-25 21:36 -------- d-----w- c:\users\Kanada1702\AppData\Roaming\Malwarebytes
2011-04-25 21:36 . 2011-04-25 21:36 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 21:36 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 21:27 . 2011-04-25 21:27 -------- d-----w- C:\_OTL
2011-04-25 19:26 . 2011-04-25 19:26 -------- d-----w- c:\users\Kanada1702\AppData\Roaming\AVG10
2011-04-25 19:08 . 2011-05-04 10:44 -------- d-----w- c:\programdata\AVG10
2011-04-25 10:54 . 2011-04-25 10:54 -------- d-----w- c:\users\Kanada1702\AppData\Local\ESET
2011-04-13 20:52 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 20:51 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-13 18:02 . 2011-04-25 19:07 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:19 . 2011-04-27 09:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 09:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-27 21:30 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-27 21:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-19 12:05 . 2011-03-09 12:47 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 12:47 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 12:47 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 12:47 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 12:47 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 23:36 . 2011-02-18 23:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-18 23:36 . 2011-02-18 23:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-02-18 23:36 . 2011-02-18 23:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-18 23:36 . 2011-02-18 23:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-02-09 12:46 . 2011-02-09 12:46 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-02-09 12:46 . 2011-02-09 12:46 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLPlayer\ALLUpdate.exe" [2011-02-08 1362944]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-02 395128]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-18 79360]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 21:16]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 21:16]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674711036-1596238359-3314894375-1000Core.job
- c:\users\Kanada1702\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 17:11]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674711036-1596238359-3314894375-1000UA.job
- c:\users\Kanada1702\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 17:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2008-09-10 604704]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-06-22 109056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kanada1702\AppData\Roaming\Mozilla\Firefox\Profiles\sv9c2yuh.default\
FF - prefs.js: browser.search.selectedEngine - qooqlle
FF - prefs.js: browser.startup.homepage - hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 9666
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 9666
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9666
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Babylon Spelling and Proofreading: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Babylon: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: FoxyProxy Standard: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Basic: [email protected] - %profile%\extensions\[email protected]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{0d0c3dac-76cf-403d-b7fb-d56fa2e186fe} - (no file)
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\uninstall.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-05-04 13:13:21
ComboFix-quarantined-files.txt 2011-05-04 12:13
.
Przed: 27 063 386 112 bytes free
Po: 27 241 099 264 bytes free
.
- - End Of File - - 741F5DD151FEC2F9D67637D51D213DA7
#10
Posted 04 May 2011 - 06:41 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Run OTL
Next
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL IE - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000\..\URLSearchHook: {0d0c3dac-76cf-403d-b7fb-d56fa2e186fe} - Reg Error: Key error. File not found IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com) O4 - HKU\S-1-5-21-3674711036-1596238359-3314894375-1000..\Run: [] File not found [2011-05-03 17:30:37 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBz3952.html [2011-05-03 17:30:37 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqX3952.html [2011-05-03 17:30:36 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVa3952.html [2011-05-03 17:30:36 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempYB3952.html [2011-05-02 21:57:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuQ2592.html [2011-05-02 21:57:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemppI2592.html [2011-05-02 21:57:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempOw2592.html [2011-05-02 21:57:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempOV2592.html [2011-05-02 10:44:05 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGx2464.html [2011-05-02 10:44:05 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGp2464.html [2011-05-02 10:44:05 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempNX2464.html [2011-05-02 10:44:05 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temphe2464.html [2011-05-01 22:19:21 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempsr2448.html [2011-05-01 22:19:21 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempas2448.html [2011-05-01 22:19:21 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempIo2448.html [2011-05-01 22:19:21 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempbw2448.html [2011-05-01 10:42:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempfp2636.html [2011-05-01 10:42:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempAb2636.html [2011-05-01 10:42:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempSr2636.html [2011-05-01 10:42:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemphH2636.html [2011-05-01 01:09:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGJ2436.html [2011-05-01 01:09:28 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempeh2436.html [2011-05-01 01:09:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempWG2436.html [2011-05-01 01:09:28 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temprj2436.html [2011-04-29 23:13:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuA3068.html [2011-04-29 23:13:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempne3068.html [2011-04-29 23:13:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempwz3068.html [2011-04-29 23:13:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempir3068.html [2011-04-28 23:27:23 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemphU2308.html [2011-04-28 23:27:23 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBl2308.html [2011-04-28 23:27:23 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempXJ2308.html [2011-04-28 23:27:23 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKK2308.html [2011-04-28 17:49:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempHf3196.html [2011-04-28 17:49:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempgN3196.html [2011-04-28 17:49:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVW3196.html [2011-04-28 17:49:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempnb3196.html [2011-04-27 22:08:40 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuS2300.html [2011-04-27 22:08:40 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqQ2300.html [2011-04-27 22:08:40 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqN2300.html [2011-04-27 22:08:40 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempcG2300.html [2011-04-25 23:11:17 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKT2384.html [2011-04-25 23:11:17 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBD2384.html [2011-04-25 23:11:17 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempYN2384.html [2011-04-25 23:11:17 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempCq2384.html [2011-04-24 22:01:10 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempkd2020.html [2011-04-24 22:01:10 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempem2020.html [2011-04-24 22:01:10 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempDi2020.html [2011-04-24 22:01:10 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempCo2020.html [2011-04-23 23:33:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempyC1836.html [2011-04-23 23:33:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempfZ1836.html [2011-04-23 23:33:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempqO1836.html [2011-04-23 23:33:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempMx1836.html [2011-04-23 08:06:06 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVU1936.html [2011-04-23 08:06:06 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemphP1936.html [2011-04-23 08:06:05 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temply1936.html [2011-04-23 08:06:05 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempyD1936.html [2011-04-22 23:00:43 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempvV1908.html [2011-04-22 23:00:43 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKx1908.html [2011-04-22 23:00:43 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKV1908.html [2011-04-22 23:00:43 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempiq1908.html [2011-04-22 00:27:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempzi1880.html [2011-04-22 00:27:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempjc1880.html [2011-04-22 00:27:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempvf1880.html [2011-04-22 00:27:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Templu1880.html [2011-04-21 23:32:50 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempmI1968.html [2011-04-21 23:32:50 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempFm1968.html [2011-04-21 23:32:50 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempxx1968.html [2011-04-21 23:32:50 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempSw1968.html [2011-04-19 23:20:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempUb1908.html [2011-04-19 23:20:16 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempGw1908.html [2011-04-19 23:20:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempWQ1908.html [2011-04-19 23:20:16 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempPY1908.html [2011-04-19 09:14:35 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZs1932.html [2011-04-19 09:14:35 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBJ1932.html [2011-04-19 09:14:35 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempMG1932.html [2011-04-19 09:14:35 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempfH1932.html [2011-04-18 23:35:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempWh2016.html [2011-04-18 23:35:00 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBz2016.html [2011-04-18 23:35:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempuI2016.html [2011-04-18 23:35:00 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempST2016.html [2011-04-17 12:40:32 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempJp1936.html [2011-04-16 18:48:36 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempqx1752.html [2011-04-15 16:07:42 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempra1936.html [2011-04-14 22:15:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempxI3444.html [2011-04-14 22:15:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempnH3444.html [2011-04-14 22:15:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZt3444.html [2011-04-14 22:15:57 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZO3444.html [2011-04-14 09:34:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempul1988.html [2011-04-14 09:34:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempUA1988.html [2011-04-14 09:34:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temptd1988.html [2011-04-14 09:34:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempNP1988.html [2011-04-13 20:42:26 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempTI1768.html [2011-04-13 19:48:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempeO3040.html [2011-04-13 19:48:46 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempBV3040.html [2011-04-13 19:48:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TemppD3040.html [2011-04-13 19:48:46 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempjY3040.html [2011-04-13 17:56:39 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempaI1424.html [2011-04-12 19:54:35 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempvl1556.html [2011-04-11 23:14:32 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempYm2064.html [2011-04-11 23:14:32 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempxc2064.html [2011-04-11 23:14:32 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempxW2064.html [2011-04-11 23:14:32 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempFT2064.html [2011-04-10 22:20:11 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempzu1704.html [2011-04-10 22:13:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempxy1872.html [2011-04-10 22:13:04 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempXH1872.html [2011-04-10 22:13:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempwy1872.html [2011-04-10 22:13:04 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempNv1872.html [2011-04-08 21:48:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempVv1704.html [2011-04-08 21:48:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempRM1704.html [2011-04-08 21:48:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempKl1704.html [2011-04-08 21:48:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempCv1704.html [2011-04-08 16:54:14 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempZa1996.html [2011-04-08 16:54:14 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempTV1996.html [2011-04-08 16:54:14 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempyF1996.html [2011-04-08 16:54:14 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempPu1996.html [2011-04-07 17:38:40 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempis1716.html [2011-04-06 20:37:21 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Temppw1512.html [2011-04-05 21:04:57 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempgX1276.html [2011-04-04 23:02:38 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempQs1880.html [2011-04-04 23:02:38 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempJP1880.html [2011-04-04 23:02:38 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempQB1880.html [2011-04-04 23:02:38 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempaF1880.html [2011-04-04 01:12:47 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempUE1880.html [2011-04-04 01:12:47 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempcx1880.html [2011-04-04 01:12:47 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempie1880.html [2011-04-04 01:12:47 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempFn1880.html [2011-04-04 00:32:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\Tempwv1524.html [2011-04-04 00:32:52 | 000,002,432 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempvB1524.html [2011-04-04 00:32:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempLe1524.html [2011-04-04 00:32:52 | 000,002,089 | ---- | M] () -- C:\Users\Kanada1702\AppData\Local\TempJp1524.html @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4 :Services :Reg :Files :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Next
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
#11
Posted 04 May 2011 - 07:55 AM
kanada1702
- Topic Starter
-
- Member
-
- 21 posts
Member
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3674711036-1596238359-3314894375-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0d0c3dac-76cf-403d-b7fb-d56fa2e186fe} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d0c3dac-76cf-403d-b7fb-d56fa2e186fe}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp
Prefs.js: 9666 removed from network.proxy.backup.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.gopher
Prefs.js: 9666 removed from network.proxy.backup.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks
Prefs.js: 9666 removed from network.proxy.backup.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl
Prefs.js: 9666 removed from network.proxy.backup.ssl_port
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 9666 removed from network.proxy.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.gopher
Prefs.js: 9666 removed from network.proxy.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 9666 removed from network.proxy.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods not found.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe not found.
Registry value HKEY_USERS\S-1-5-21-3674711036-1596238359-3314894375-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
C:\Users\Kanada1702\AppData\Local\TempBz3952.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempqX3952.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempVa3952.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempYB3952.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempuQ2592.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemppI2592.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempOw2592.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempOV2592.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempGx2464.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempGp2464.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempNX2464.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temphe2464.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempsr2448.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempas2448.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempIo2448.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempbw2448.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempfp2636.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempAb2636.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempSr2636.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemphH2636.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempGJ2436.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempeh2436.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempWG2436.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temprj2436.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempuA3068.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempne3068.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempwz3068.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempir3068.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemphU2308.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBl2308.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempXJ2308.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKK2308.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempHf3196.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempgN3196.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempVW3196.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempnb3196.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempuS2300.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempqQ2300.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempqN2300.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempcG2300.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKT2384.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBD2384.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempYN2384.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempCq2384.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempkd2020.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempem2020.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempDi2020.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempCo2020.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempyC1836.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempfZ1836.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempqO1836.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempMx1836.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempVU1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemphP1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temply1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempyD1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempvV1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKx1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKV1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempiq1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempzi1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempjc1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempvf1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Templu1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempmI1968.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempFm1968.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempxx1968.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempSw1968.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempUb1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempGw1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempWQ1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempPY1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempZs1932.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBJ1932.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempMG1932.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempfH1932.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempWh2016.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBz2016.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempuI2016.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempST2016.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempJp1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempqx1752.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempra1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempxI3444.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempnH3444.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempZt3444.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempZO3444.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempul1988.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempUA1988.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temptd1988.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempNP1988.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempTI1768.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempeO3040.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBV3040.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemppD3040.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempjY3040.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempaI1424.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempvl1556.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempYm2064.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempxc2064.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempxW2064.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempFT2064.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempzu1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempxy1872.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempXH1872.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempwy1872.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempNv1872.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempVv1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempRM1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKl1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempCv1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempZa1996.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempTV1996.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempyF1996.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempPu1996.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempis1716.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temppw1512.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempgX1276.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempQs1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempJP1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempQB1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempaF1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempUE1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempcx1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempie1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempFn1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempwv1524.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempvB1524.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempLe1524.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempJp1524.html moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kanada1702
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 135741 bytes
->Java cache emptied: 62943 bytes
->FireFox cache emptied: 61473028 bytes
->Google Chrome cache emptied: 288418411 bytes
->Flash cache emptied: 61880 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 334,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Kanada1702
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_145214
Files\Folders moved on Reboot...
C:\Users\Kanada1702\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3674711036-1596238359-3314894375-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0d0c3dac-76cf-403d-b7fb-d56fa2e186fe} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d0c3dac-76cf-403d-b7fb-d56fa2e186fe}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp
Prefs.js: 9666 removed from network.proxy.backup.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.gopher
Prefs.js: 9666 removed from network.proxy.backup.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks
Prefs.js: 9666 removed from network.proxy.backup.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl
Prefs.js: 9666 removed from network.proxy.backup.ssl_port
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 9666 removed from network.proxy.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.gopher
Prefs.js: 9666 removed from network.proxy.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 9666 removed from network.proxy.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0C3DAC-76CF-403D-B7FB-D56FA2E186FE}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods not found.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe not found.
Registry value HKEY_USERS\S-1-5-21-3674711036-1596238359-3314894375-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
C:\Users\Kanada1702\AppData\Local\TempBz3952.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempqX3952.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempVa3952.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempYB3952.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempuQ2592.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemppI2592.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempOw2592.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempOV2592.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempGx2464.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempGp2464.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempNX2464.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temphe2464.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempsr2448.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempas2448.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempIo2448.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempbw2448.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempfp2636.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempAb2636.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempSr2636.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemphH2636.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempGJ2436.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempeh2436.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempWG2436.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temprj2436.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempuA3068.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempne3068.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempwz3068.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempir3068.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemphU2308.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBl2308.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempXJ2308.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKK2308.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempHf3196.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempgN3196.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempVW3196.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempnb3196.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempuS2300.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempqQ2300.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempqN2300.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempcG2300.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKT2384.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBD2384.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempYN2384.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempCq2384.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempkd2020.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempem2020.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempDi2020.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempCo2020.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempyC1836.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempfZ1836.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempqO1836.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempMx1836.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempVU1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemphP1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temply1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempyD1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempvV1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKx1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKV1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempiq1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempzi1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempjc1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempvf1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Templu1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempmI1968.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempFm1968.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempxx1968.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempSw1968.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempUb1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempGw1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempWQ1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempPY1908.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempZs1932.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBJ1932.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempMG1932.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempfH1932.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempWh2016.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBz2016.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempuI2016.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempST2016.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempJp1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempqx1752.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempra1936.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempxI3444.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempnH3444.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempZt3444.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempZO3444.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempul1988.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempUA1988.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temptd1988.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempNP1988.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempTI1768.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempeO3040.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempBV3040.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TemppD3040.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempjY3040.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempaI1424.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempvl1556.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempYm2064.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempxc2064.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempxW2064.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempFT2064.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempzu1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempxy1872.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempXH1872.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempwy1872.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempNv1872.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempVv1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempRM1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempKl1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempCv1704.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempZa1996.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempTV1996.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempyF1996.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempPu1996.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempis1716.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Temppw1512.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempgX1276.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempQs1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempJP1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempQB1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempaF1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempUE1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempcx1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempie1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempFn1880.html moved successfully.
C:\Users\Kanada1702\AppData\Local\Tempwv1524.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempvB1524.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempLe1524.html moved successfully.
C:\Users\Kanada1702\AppData\Local\TempJp1524.html moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kanada1702
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 135741 bytes
->Java cache emptied: 62943 bytes
->FireFox cache emptied: 61473028 bytes
->Google Chrome cache emptied: 288418411 bytes
->Flash cache emptied: 61880 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 334,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Kanada1702
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_145214
Files\Folders moved on Reboot...
C:\Users\Kanada1702\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
#12
Posted 04 May 2011 - 08:14 AM
kanada1702
- Topic Starter
-
- Member
-
- 21 posts
Member
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Wersja bazy: 6504
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
2011-05-04 15:13:47
mbam-log-2011-05-04 (15-13-47).txt
Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 161824
Upłynęło: 3 minut(y), 5 sekund(y)
Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0
Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)
Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
(Nie znaleziono zagrożeń)
www.malwarebytes.org
Wersja bazy: 6504
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
2011-05-04 15:13:47
mbam-log-2011-05-04 (15-13-47).txt
Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 161824
Upłynęło: 3 minut(y), 5 sekund(y)
Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0
Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)
Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
(Nie znaleziono zagrożeń)
#13
Posted 04 May 2011 - 08:17 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Great.
How is the machine running?
Now we need to do sweep for malware leftovers. This is to ensure that nothing is left to reinfect you in the future.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
How is the machine running?
Now we need to do sweep for malware leftovers. This is to ensure that nothing is left to reinfect you in the future.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
#14
Posted 04 May 2011 - 08:22 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
I missed a spot. Can you run this before running ESET.
Run OTL
Can you run this before running ESET. Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL FF - prefs.js..browser.search.selectedEngine: "qooqlle" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official" :Services :Reg :Files :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#15
Posted 04 May 2011 - 09:37 AM
kanada1702
- Topic Starter
-
- Member
-
- 21 posts
Member
All processes killed
========== OTL ==========
Prefs.js: "qooqlle" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://pl.start3.moz...la:pl:official" removed from browser.startup.homepage
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kanada1702
->Temp folder emptied: 118972 bytes
->Temporary Internet Files folder emptied: 6357943 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 52024231 bytes
->Flash cache emptied: 834 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 56,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Kanada1702
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_163303
Files\Folders moved on Reboot...
C:\Users\Kanada1702\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF05BB1531D29A86E1.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF0A27B2F6E1149D91.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF126CE5F5D43B6BFC.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF546FD1D2CF97AC37.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF7C46D93C9AB5555A.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DFFA1AA62B92D0DFCB.TMP not found!
C:\Users\Kanada1702\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1Y6U07M\online-scanner[1].htm moved successfully.
C:\Users\Kanada1702\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11DMEF2X\7407185e[1].txt moved successfully.
C:\Users\Kanada1702\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
Registry entries deleted on Reboot...
========== OTL ==========
Prefs.js: "qooqlle" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://pl.start3.moz...la:pl:official" removed from browser.startup.homepage
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kanada1702
->Temp folder emptied: 118972 bytes
->Temporary Internet Files folder emptied: 6357943 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 52024231 bytes
->Flash cache emptied: 834 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 56,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Kanada1702
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_163303
Files\Folders moved on Reboot...
C:\Users\Kanada1702\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF05BB1531D29A86E1.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF0A27B2F6E1149D91.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF126CE5F5D43B6BFC.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF546FD1D2CF97AC37.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DF7C46D93C9AB5555A.TMP not found!
File\Folder C:\Users\Kanada1702\AppData\Local\Temp\~DFFA1AA62B92D0DFCB.TMP not found!
C:\Users\Kanada1702\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1Y6U07M\online-scanner[1].htm moved successfully.
C:\Users\Kanada1702\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11DMEF2X\7407185e[1].txt moved successfully.
C:\Users\Kanada1702\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Kanada1702\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
Registry entries deleted on Reboot...
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
