Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackSystemHidden


  • Please log in to reply
14 replies to this topic

#1 Takii

Takii

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:33 AM

Posted 24 February 2009 - 08:03 PM

oohh geesh , may i have help please ... :thumbup2:

cpu shoots to 100, screen jumps , task bar goes white , windows firewall shuts down ,
not allowing it back on saying ISC (internet shared connection) and firewall log says
changed to mulithomed ?
this happens 15-20 a night , as it mostly happens on weeknights and weekdays if that
means anything.. the only way to get windows firewall back on is to reboot ...
i have use hijackthis, spoybot, malwarebytes, all updated , ran in safe mode
i thought i had this fixed but it keeps saying it is removed but it keeps returning ... :)
i do not know what else i can try ...


this is what malwarebytes finds
Files Infected:
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent)
C:\autorun.inf (Trojan.Agent)
C:\cv22.cmd (Trojan.Agent)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1)

(Hijack.System.Hidden) is this someone hacked into me ??

hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:10 PM, on 2/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\EzButton System V1.0\EzButton.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 8.0\waol.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - S-1-5-18 Startup: EzButton System.lnk = C:\Program Files\EzButton System V1.0\EzButton.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: EzButton System.lnk = C:\Program Files\EzButton System V1.0\EzButton.exe (User 'Default user')
O4 - .DEFAULT User Startup: EzButton System.lnk = C:\Program Files\EzButton System V1.0\EzButton.exe (User 'Default user')
O4 - Startup: EzButton System.lnk = C:\Program Files\EzButton System V1.0\EzButton.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{23CFCC43-2CF9-4C1C-A31C-3960F51C352C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS2\Services\Tcpip\..\{23CFCC43-2CF9-4C1C-A31C-3960F51C352C}: NameServer = 205.188.146.145
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intelģ Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3829 bytes

i am using windows xp, laptop
i thank you for taking the time to read this ,
any help is greatly appreciated ... :step4:

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 02 March 2009 - 03:26 PM

Takii

Your entire problem may not be malware related, but some of it is.

This can be done in Safe Mode

1. Go HERE and download File Lister.Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
Posted Image
Microsoft MVP - Windows Security

#3 Takii

Takii
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:33 AM

Posted 02 March 2009 - 05:43 PM

oh thank you so much for your reply , bamajim
i downloaded and ran , report is below
if this is not all malware , am i hacked?
thank you so very much for taking the time to help me....

+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.6
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>> 3/2/2009 5:25:39 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - -

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

1/17/2009 3:02:17 AM 6044360 C:\Config.Msi
1/29/2009 7:55:55 PM 953607 C:\Lop SD
2/23/2009 4:23:25 PM 59892 C:\rsit
2/7/2009 10:15:43 PM 107874 7 C:\1utbfd.bat
1/31/2009 2:58:37 PM 109930 7 C:\a2h2.com
1/10/2009 4:41:50 AM 24520 32 C:\EyeCandyLog.txt
3/2/2009 5:25:40 PM 1243 32 C:\Files.txt
1/30/2009 5:32:07 PM 109127 7 C:\hl80c6b1.com
1/23/2009 2:51:51 PM 13931 32 C:\lopR.txt
1/10/2009 7:54:57 PM 805306368 38 C:\pagefile.sys
2/3/2009 12:33:27 PM 108705 7 C:\pook.com
2/15/2009 10:59:54 PM 106803 7 C:\qphdin.com
2/12/2009 6:49:39 PM 107898 7 C:\ur0.com
1/17/2009 3:04:10 AM 618939 C:\WINDOWS\$NtUninstallKB938464$
1/17/2009 3:04:10 AM 618939 C:\WINDOWS\$NtUninstallKB938464$\spuninst
1/16/2009 10:35:14 AM 2834617 C:\WINDOWS\$NtUninstallKB944338-v2$
1/16/2009 10:35:14 AM 591951 C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst
1/17/2009 3:07:59 AM 703540 C:\WINDOWS\$NtUninstallKB946648$
1/17/2009 3:08:00 AM 620596 C:\WINDOWS\$NtUninstallKB946648$\spuninst
1/17/2009 3:05:29 AM 820598 C:\WINDOWS\$NtUninstallKB950762$
1/17/2009 3:05:29 AM 620534 C:\WINDOWS\$NtUninstallKB950762$\spuninst
1/17/2009 3:06:45 AM 864400 C:\WINDOWS\$NtUninstallKB950974$
1/17/2009 3:06:45 AM 621200 C:\WINDOWS\$NtUninstallKB950974$\spuninst
1/17/2009 3:04:47 AM 1298993 C:\WINDOWS\$NtUninstallKB951066$
1/17/2009 3:04:47 AM 620593 C:\WINDOWS\$NtUninstallKB951066$\spuninst
1/17/2009 3:08:18 AM 895763 C:\WINDOWS\$NtUninstallKB951376-v2$
1/17/2009 3:08:18 AM 621459 C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst
1/17/2009 3:06:35 AM 1908375 C:\WINDOWS\$NtUninstallKB951698$
1/17/2009 3:06:35 AM 620695 C:\WINDOWS\$NtUninstallKB951698$\spuninst
1/17/2009 3:04:32 AM 1841361 C:\WINDOWS\$NtUninstallKB951748$
1/17/2009 3:04:32 AM 626129 C:\WINDOWS\$NtUninstallKB951748$\spuninst
1/17/2009 3:05:37 AM 3880973 C:\WINDOWS\$NtUninstallKB952069_WM9$
1/17/2009 3:05:37 AM 621069 C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
1/17/2009 3:05:00 AM 952231 C:\WINDOWS\$NtUninstallKB952287$
1/17/2009 3:05:00 AM 620455 C:\WINDOWS\$NtUninstallKB952287$\spuninst
1/17/2009 3:08:08 AM 695246 C:\WINDOWS\$NtUninstallKB952954$
1/17/2009 3:08:08 AM 621518 C:\WINDOWS\$NtUninstallKB952954$\spuninst
1/17/2009 3:06:24 AM 2456580 C:\WINDOWS\$NtUninstallKB954211$
1/17/2009 3:06:24 AM 620676 C:\WINDOWS\$NtUninstallKB954211$\spuninst
1/17/2009 3:01:31 AM 2413508 C:\WINDOWS\$NtUninstallKB954600$
1/17/2009 3:01:31 AM 621816 C:\WINDOWS\$NtUninstallKB954600$\spuninst
1/17/2009 3:01:10 AM 3406330 C:\WINDOWS\$NtUninstallKB955069$
1/17/2009 3:01:10 AM 622254 C:\WINDOWS\$NtUninstallKB955069$\spuninst
1/17/2009 3:07:40 AM 621439 C:\WINDOWS\$NtUninstallKB955839$
1/17/2009 3:07:40 AM 621439 C:\WINDOWS\$NtUninstallKB955839$\spuninst
1/17/2009 3:07:29 AM 705105 C:\WINDOWS\$NtUninstallKB956391$
1/17/2009 3:07:29 AM 619089 C:\WINDOWS\$NtUninstallKB956391$\spuninst
1/17/2009 3:00:49 AM 2446256 C:\WINDOWS\$NtUninstallKB956802$
1/17/2009 3:00:49 AM 622203 C:\WINDOWS\$NtUninstallKB956802$\spuninst
1/17/2009 3:07:50 AM 897693 C:\WINDOWS\$NtUninstallKB956803$
1/17/2009 3:07:50 AM 620957 C:\WINDOWS\$NtUninstallKB956803$\spuninst
1/17/2009 3:06:05 AM 4861320 C:\WINDOWS\$NtUninstallKB956841$
1/17/2009 3:06:05 AM 623496 C:\WINDOWS\$NtUninstallKB956841$\spuninst
1/17/2009 3:05:19 AM 1072198 C:\WINDOWS\$NtUninstallKB957097$
1/17/2009 3:05:19 AM 620742 C:\WINDOWS\$NtUninstallKB957097$\spuninst
1/17/2009 3:07:05 AM 8468909 C:\WINDOWS\$NtUninstallKB958215$
1/17/2009 3:07:05 AM 635821 C:\WINDOWS\$NtUninstallKB958215$\spuninst
1/17/2009 3:01:20 AM 2500026 C:\WINDOWS\$NtUninstallKB958644$
1/17/2009 3:01:20 AM 622319 C:\WINDOWS\$NtUninstallKB958644$\spuninst
1/17/2009 3:05:09 AM 956649 C:\WINDOWS\$NtUninstallKB958687$
1/17/2009 3:05:09 AM 620393 C:\WINDOWS\$NtUninstallKB958687$\spuninst
1/17/2009 3:05:48 AM 3874346 C:\WINDOWS\$NtUninstallKB960714$
1/17/2009 3:05:48 AM 623146 C:\WINDOWS\$NtUninstallKB960714$\spuninst
2/14/2009 5:57:33 PM 128 C:\WINDOWS\CSC
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d1
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d2
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d3
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d4
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d5
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d6
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d7
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d8
1/10/2009 10:06:30 PM 0 C:\WINDOWS\PIF
1/11/2009 1:37:10 AM 2995958 C:\WINDOWS\Prefetch
1/16/2009 6:02:33 AM 0 C:\WINDOWS\Sun
1/16/2009 6:02:33 AM 0 C:\WINDOWS\Sun\Java
1/16/2009 6:02:33 AM 0 C:\WINDOWS\Sun\Java\Deployment
1/15/2009 5:21:07 PM 69120 32 C:\WINDOWS\AhnRpta.exe
1/11/2009 12:50:19 AM 178 32 C:\WINDOWS\DHCPUPG.LOG
1/8/2009 7:02:07 AM 11824 32 C:\WINDOWS\KB938464.log
1/8/2009 6:36:45 AM 24412 32 C:\WINDOWS\KB944338-v2.log
1/17/2009 3:07:58 AM 20462 32 C:\WINDOWS\KB946648.log
1/17/2009 3:05:28 AM 16345 32 C:\WINDOWS\KB950762.log
1/8/2009 6:41:31 AM 65059 32 C:\WINDOWS\KB950974.log
1/17/2009 3:04:45 AM 28917 32 C:\WINDOWS\KB951066.log
1/17/2009 3:08:16 AM 20995 32 C:\WINDOWS\KB951376-v2.log
1/8/2009 6:41:25 AM 27098 32 C:\WINDOWS\KB951698.log
1/16/2009 6:25:50 AM 53527 32 C:\WINDOWS\KB951748.log
1/17/2009 3:05:35 AM 44296 32 C:\WINDOWS\KB952069.log
1/17/2009 3:04:57 AM 16034 32 C:\WINDOWS\KB952287.log
1/8/2009 6:47:13 AM 73464 32 C:\WINDOWS\KB952954.log
1/17/2009 3:06:22 AM 17607 32 C:\WINDOWS\KB954211.log
1/8/2009 7:01:20 AM 18552 32 C:\WINDOWS\KB954600.log
1/8/2009 7:00:58 AM 33983 32 C:\WINDOWS\KB955069.log
1/8/2009 6:46:25 AM 44723 32 C:\WINDOWS\KB955839.log
1/17/2009 3:07:29 AM 19597 32 C:\WINDOWS\KB956391.log
1/8/2009 6:36:50 AM 50592 32 C:\WINDOWS\KB956802.log
1/17/2009 3:07:48 AM 21183 32 C:\WINDOWS\KB956803.log
1/17/2009 3:06:01 AM 18984 32 C:\WINDOWS\KB956841.log
1/17/2009 3:05:17 AM 16406 32 C:\WINDOWS\KB957097.log
1/17/2009 3:06:53 AM 61277 32 C:\WINDOWS\KB958215.log
1/8/2009 7:01:09 AM 36052 32 C:\WINDOWS\KB958644.log
1/17/2009 3:05:08 AM 16327 32 C:\WINDOWS\KB958687.log
1/17/2009 3:05:46 AM 47644 32 C:\WINDOWS\KB960714.log
1/16/2009 5:23:18 AM 1220 32 C:\WINDOWS\mozver.dat
1/11/2009 1:10:53 AM 56552 32 C:\WINDOWS\msmqinst.log
1/16/2009 10:35:32 AM 314768 32 C:\WINDOWS\msxml4-KB954430-enu.LOG
1/11/2009 1:10:57 AM 29865 32 C:\WINDOWS\netfxocm.log
2/12/2009 4:00:08 PM 502480 32 C:\WINDOWS\ntbtlog.txt
1/21/2009 4:12:31 AM 1409 32 C:\WINDOWS\QTFont.for
1/21/2009 4:12:30 AM 54156 34 C:\WINDOWS\QTFont.qfn
1/8/2009 12:24:35 AM 193427 32 C:\WINDOWS\Scrapbook MAX! Trial Setup Log.txt
1/8/2009 6:58:57 PM 88043 32 C:\WINDOWS\Scrapbook MAX! Trial Uninstall Log.txt
1/11/2009 12:53:03 AM 71302 32 C:\WINDOWS\setupact.log
1/11/2009 1:08:42 AM 413649 32 C:\WINDOWS\setupapi.log
1/11/2009 12:53:03 AM 468 32 C:\WINDOWS\setuperr.log
1/11/2009 1:05:43 AM 650388 32 C:\WINDOWS\setuplog.txt
1/11/2009 1:10:56 AM 9027 32 C:\WINDOWS\tabletoc.log
1/8/2009 7:00:53 AM 22317 32 C:\WINDOWS\updspapi.log
1/11/2009 12:52:25 AM 1314 32 C:\WINDOWS\UPGRADE.TXT
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\WindowsShell.Manifest
1/11/2009 12:50:16 AM 10643 32 C:\WINDOWS\WINNT32.LOG
1/11/2009 12:52:12 AM 148 32 C:\WINDOWS\wsdu.log
2/1/2009 10:24:52 PM 296448 32 C:\WINDOWS\Xenofex.ini
2/28/2009 4:55:21 AM 21840 32 C:\WINDOWS\yacs.log
1/16/2009 6:35:21 AM 0 C:\WINDOWS\system32\appmgmt
1/16/2009 6:35:21 AM 0 C:\WINDOWS\system32\appmgmt\MACHINE
1/16/2009 6:35:21 AM 0 C:\WINDOWS\system32\appmgmt\S-1-5-21-3921004004-1071396914-2547918761-1003
1/8/2009 6:57:16 AM 0 C:\WINDOWS\system32\CatRoot_bak
2/13/2009 6:21:55 PM 38 C:\WINDOWS\system32\GroupPolicy
2/13/2009 6:21:55 PM 0 C:\WINDOWS\system32\GroupPolicy\Machine
2/13/2009 6:21:55 PM 0 C:\WINDOWS\system32\GroupPolicy\User
1/9/2009 2:46:04 AM 88 7 C:\WINDOWS\system32\33713BE055.sys
1/10/2009 5:34:36 PM 2855 32 C:\WINDOWS\system32\command.PIF
1/11/2009 12:35:57 AM 118784 32 C:\WINDOWS\system32\iavlsp.dll
1/11/2009 1:39:59 AM 155648 32 C:\WINDOWS\system32\igfxres.dll
1/11/2009 1:10:28 AM 13312 32 C:\WINDOWS\system32\irclass.dll
1/21/2009 1:37:23 AM 49248 32 C:\WINDOWS\system32\java.exe
1/21/2009 1:37:23 AM 49250 32 C:\WINDOWS\system32\javaw.exe
1/21/2009 1:37:23 AM 127078 32 C:\WINDOWS\system32\javaws.exe
1/16/2009 6:01:49 AM 49265 32 C:\WINDOWS\system32\jpicpl32.cpl
1/16/2009 6:01:31 AM 3460 32 C:\WINDOWS\system32\jupdate-1.5.0_03-b07.log
1/9/2009 2:46:04 AM 2516 38 C:\WINDOWS\system32\KGyGaAvL.sys
1/11/2009 1:26:06 AM 488 35 C:\WINDOWS\system32\logonui.exe.manifest
1/11/2009 12:29:25 AM 74703 32 C:\WINDOWS\system32\mfc45.dll
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\system32\ncpa.cpl.manifest
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\system32\nwc.cpl.manifest
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\system32\sapi.cpl.manifest
1/16/2009 6:17:29 AM 283648 0 C:\WINDOWS\system32\SET11.tmp
1/16/2009 6:17:36 AM 1106944 0 C:\WINDOWS\system32\SET15.tmp
1/16/2009 6:17:41 AM 332800 0 C:\WINDOWS\system32\SET19.tmp
1/16/2009 6:17:29 AM 283648 32 C:\WINDOWS\system32\SET197.tmp
1/16/2009 6:17:36 AM 1106944 32 C:\WINDOWS\system32\SET19A.tmp
1/16/2009 6:17:41 AM 332800 32 C:\WINDOWS\system32\SET19D.tmp
1/16/2009 6:17:55 AM 683520 32 C:\WINDOWS\system32\SET26D.tmp
1/16/2009 6:18:08 AM 3060224 32 C:\WINDOWS\system32\SET294.tmp
1/16/2009 6:18:41 AM 253952 32 C:\WINDOWS\system32\SET2BD.tmp
1/16/2009 6:18:52 AM 659456 32 C:\WINDOWS\system32\SET2C3.tmp
1/16/2009 6:18:52 AM 615936 32 C:\WINDOWS\system32\SET2C4.tmp
1/16/2009 6:18:52 AM 474112 32 C:\WINDOWS\system32\SET2C5.tmp
1/16/2009 6:18:52 AM 1494528 32 C:\WINDOWS\system32\SET2C6.tmp
1/16/2009 6:18:51 AM 449024 32 C:\WINDOWS\system32\SET2CA.tmp
1/16/2009 6:18:49 AM 1023488 32 C:\WINDOWS\system32\SET2D2.tmp
1/16/2009 6:19:16 AM 74240 32 C:\WINDOWS\system32\SET316.tmp
1/16/2009 6:18:08 AM 3060224 0 C:\WINDOWS\system32\SETA8.tmp
1/16/2009 6:18:41 AM 253952 0 C:\WINDOWS\system32\SETAD.tmp
1/16/2009 6:18:52 AM 659456 0 C:\WINDOWS\system32\SETBC.tmp
1/16/2009 6:18:52 AM 615936 0 C:\WINDOWS\system32\SETBD.tmp
1/16/2009 6:18:52 AM 474112 0 C:\WINDOWS\system32\SETBE.tmp
1/16/2009 6:18:52 AM 1494528 0 C:\WINDOWS\system32\SETBF.tmp
1/16/2009 6:18:49 AM 1023488 0 C:\WINDOWS\system32\SETC1.tmp
1/16/2009 6:19:16 AM 74240 0 C:\WINDOWS\system32\SETC5.tmp
1/11/2009 1:10:28 AM 24661 32 C:\WINDOWS\system32\spxcoins.dll
1/16/2009 6:19:05 AM 62976 0 C:\WINDOWS\system32\tzchange.exe
1/17/2009 3:07:38 AM 211792 32 C:\WINDOWS\system32\TZLog.log
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\system32\wuaucpl.cpl.manifest
1/16/2009 6:18:53 AM 351744 0 C:\WINDOWS\system32\xpsp3res.dll

====== Files under "\Administrator\Startup" Last 60 Days======



====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======

1/16/2009 12:01:01 AM 130498948 C:\Program Files\App
1/16/2009 12:01:01 AM 125933956 C:\Program Files\App\Photoshop
1/16/2009 12:01:01 AM 25847 C:\Program Files\App\Photoshop\adobe_epic
1/16/2009 12:01:01 AM 25847 C:\Program Files\App\Photoshop\adobe_epic\eula
1/16/2009 12:01:01 AM 6982 C:\Program Files\App\Photoshop\adobe_epic\eula\en_gb
1/16/2009 12:01:01 AM 4411 C:\Program Files\App\Photoshop\adobe_epic\eula\en_us
1/16/2009 12:01:01 AM 7125 C:\Program Files\App\Photoshop\adobe_epic\eula\fr_ca
1/16/2009 12:01:01 AM 7125 C:\Program Files\App\Photoshop\adobe_epic\eula\fr_fr
1/16/2009 12:01:02 AM 4680835 C:\Program Files\App\Photoshop\AMT
1/16/2009 12:01:02 AM 4680835 C:\Program Files\App\Photoshop\AMT\legal
1/16/2009 12:01:04 AM 350887 C:\Program Files\App\Photoshop\AMT\legal\ar_ae
1/16/2009 12:01:04 AM 335178 C:\Program Files\App\Photoshop\AMT\legal\bg_bg
1/16/2009 12:01:03 AM 100492 C:\Program Files\App\Photoshop\AMT\legal\cs_cz
1/16/2009 12:01:02 AM 69654 C:\Program Files\App\Photoshop\AMT\legal\da_dk
1/16/2009 12:01:02 AM 73646 C:\Program Files\App\Photoshop\AMT\legal\de_de
1/16/2009 12:01:04 AM 353306 C:\Program Files\App\Photoshop\AMT\legal\el_gr
1/16/2009 12:01:02 AM 61384 C:\Program Files\App\Photoshop\AMT\legal\en_gb
1/16/2009 12:01:02 AM 61270 C:\Program Files\App\Photoshop\AMT\legal\en_us
1/16/2009 12:01:02 AM 72845 C:\Program Files\App\Photoshop\AMT\legal\es_es
1/16/2009 12:01:02 AM 72845 C:\Program Files\App\Photoshop\AMT\legal\es_mx
1/16/2009 12:01:02 AM 70486 C:\Program Files\App\Photoshop\AMT\legal\et_ee
1/16/2009 12:01:03 AM 80985 C:\Program Files\App\Photoshop\AMT\legal\fi_fi
1/16/2009 12:01:03 AM 84604 C:\Program Files\App\Photoshop\AMT\legal\fr_ca
1/16/2009 12:01:03 AM 84604 C:\Program Files\App\Photoshop\AMT\legal\fr_fr
1/16/2009 12:01:04 AM 304340 C:\Program Files\App\Photoshop\AMT\legal\he_il
1/16/2009 12:01:02 AM 69809 C:\Program Files\App\Photoshop\AMT\legal\hr_hr
1/16/2009 12:01:03 AM 107329 C:\Program Files\App\Photoshop\AMT\legal\hu_hu
1/16/2009 12:01:03 AM 73651 C:\Program Files\App\Photoshop\AMT\legal\it_it
1/16/2009 12:01:04 AM 193377 C:\Program Files\App\Photoshop\AMT\legal\ja_jp
1/16/2009 12:01:04 AM 160787 C:\Program Files\App\Photoshop\AMT\legal\ko_kr
1/16/2009 12:01:03 AM 83220 C:\Program Files\App\Photoshop\AMT\legal\lt_lt
1/16/2009 12:01:03 AM 90157 C:\Program Files\App\Photoshop\AMT\legal\lv_lv
1/16/2009 12:01:02 AM 68613 C:\Program Files\App\Photoshop\AMT\legal\nb_no
1/16/2009 12:01:02 AM 69818 C:\Program Files\App\Photoshop\AMT\legal\nl_nl
1/16/2009 12:01:03 AM 87829 C:\Program Files\App\Photoshop\AMT\legal\pl_pl
1/16/2009 12:01:03 AM 78831 C:\Program Files\App\Photoshop\AMT\legal\pt_br
1/16/2009 12:01:03 AM 83545 C:\Program Files\App\Photoshop\AMT\legal\ro_ro
1/16/2009 12:01:04 AM 394797 C:\Program Files\App\Photoshop\AMT\legal\ru_ru
1/16/2009 12:01:03 AM 100930 C:\Program Files\App\Photoshop\AMT\legal\sk_sk
1/16/2009 12:01:02 AM 73104 C:\Program Files\App\Photoshop\AMT\legal\sl_si
1/16/2009 12:01:02 AM 73357 C:\Program Files\App\Photoshop\AMT\legal\sv_se
1/16/2009 12:01:03 AM 95971 C:\Program Files\App\Photoshop\AMT\legal\tr_tr
1/16/2009 12:01:04 AM 359302 C:\Program Files\App\Photoshop\AMT\legal\uk_ua
1/16/2009 12:01:04 AM 117355 C:\Program Files\App\Photoshop\AMT\legal\zh_cn
1/16/2009 12:01:04 AM 122527 C:\Program Files\App\Photoshop\AMT\legal\zh_tw
1/16/2009 12:01:02 AM 231809 C:\Program Files\App\Photoshop\Legal
1/16/2009 12:01:02 AM 1331 C:\Program Files\App\Photoshop\Legal\en_GB
1/16/2009 12:01:02 AM 61270 C:\Program Files\App\Photoshop\Legal\en_US
1/16/2009 12:01:03 AM 84604 C:\Program Files\App\Photoshop\Legal\fr_CA
1/16/2009 12:01:03 AM 84604 C:\Program Files\App\Photoshop\Legal\fr_FR
1/16/2009 12:01:01 AM 251842 C:\Program Files\App\Photoshop\lmresources
1/16/2009 12:01:01 AM 31237 C:\Program Files\App\Photoshop\lmresources\en_gb
1/16/2009 12:01:01 AM 31237 C:\Program Files\App\Photoshop\lmresources\en_us
1/16/2009 12:01:01 AM 31395 C:\Program Files\App\Photoshop\lmresources\fr_ca
1/16/2009 12:01:01 AM 31395 C:\Program Files\App\Photoshop\lmresources\fr_fr
1/16/2009 12:01:01 AM 126578 C:\Program Files\App\Photoshop\lmresources\privacystatements
1/16/2009 12:01:01 AM 21210 C:\Program Files\App\Photoshop\Locales
1/16/2009 12:01:01 AM 21210 C:\Program Files\App\Photoshop\Locales\en_US
1/16/2009 12:01:01 AM 21210 C:\Program Files\App\Photoshop\Locales\en_US\Support Files
1/16/2009 12:01:01 AM 96 C:\Program Files\App\Photoshop\Locales\en_US\Support Files\Shortcuts
1/16/2009 12:01:01 AM 96 C:\Program Files\App\Photoshop\Locales\en_US\Support Files\Shortcuts\Win
1/16/2009 12:01:04 AM 198717 C:\Program Files\App\Photoshop\MATLAB
1/16/2009 12:01:04 AM 198717 C:\Program Files\App\Photoshop\MATLAB\Required
1/16/2009 12:01:04 AM 24887 C:\Program Files\App\Photoshop\MATLAB\Required\English
1/16/2009 12:01:16 AM 57344 C:\Program Files\App\Photoshop\Plug-ins
1/16/2009 12:01:16 AM 57344 C:\Program Files\App\Photoshop\Plug-ins\Import-Export
1/16/2009 12:01:05 AM 425984 C:\Program Files\App\Photoshop\Required
1/16/2009 12:01:14 AM 4564992 C:\Program Files\App\WinSxS
1/16/2009 12:01:14 AM 96256 C:\Program Files\App\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474
1/16/2009 12:01:18 AM 1654784 C:\Program Files\App\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700
1/16/2009 12:01:17 AM 491520 C:\Program Files\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303
1/16/2009 12:01:17 AM 2322432 C:\Program Files\App\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05
1/28/2009 4:11:16 PM 0 C:\Program Files\Bonjour
1/9/2009 2:44:34 AM 444220391 C:\Program Files\Corel
1/9/2009 2:48:07 AM 235336551 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI
1/9/2009 2:48:07 AM 18770944 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Commands
1/9/2009 2:48:22 AM 351905 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_01
1/9/2009 2:48:22 AM 86903 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_01\Corel_01_01
1/9/2009 2:48:23 AM 172355 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_01\Corel_01_02
1/9/2009 2:48:23 AM 61672 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_01\Corel_01_03
1/9/2009 2:48:23 AM 1906452 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_02
1/9/2009 2:48:24 AM 842932 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_03
1/9/2009 2:48:24 AM 551641 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_04
1/9/2009 2:48:24 AM 4043312 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_05
1/9/2009 2:48:26 AM 140449 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06
2/21/2009 1:31:31 AM 68191 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06\Chic Gradients
1/9/2009 2:48:26 AM 804 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06\Corel_06_01
1/9/2009 2:48:26 AM 1772 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06\Corel_06_02
1/9/2009 2:48:26 AM 2279 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06\Corel_06_03
1/9/2009 2:48:26 AM 15756113 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_07
1/9/2009 2:48:26 AM 5741958 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_07\Corel_07_01
1/9/2009 2:48:28 AM 9843358 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_07\Corel_07_02
1/9/2009 2:48:29 AM 2737151 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_08
1/9/2009 2:48:30 AM 70905 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_08\Corel_08_01
1/9/2009 2:48:30 AM 2176731 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_08\Corel_08_02
1/9/2009 2:48:33 AM 41753245 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09
1/9/2009 2:48:33 AM 26289587 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09\Corel_09_01
1/9/2009 2:48:41 AM 5427759 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09\Corel_09_02
1/9/2009 2:48:43 AM 5180726 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09\Corel_09_03
1/9/2009 2:48:44 AM 4855173 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09\Corel_09_04
1/9/2009 2:48:46 AM 22758122 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10
1/9/2009 2:48:46 AM 1813141 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_01
1/9/2009 2:48:46 AM 3180740 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_02
1/9/2009 2:48:48 AM 2298780 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_03
1/9/2009 2:48:49 AM 7201045 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_04
1/9/2009 2:48:52 AM 7145756 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_05
1/9/2009 2:48:54 AM 1090530 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_06
1/9/2009 2:48:55 AM 825412 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_11
1/9/2009 2:48:55 AM 227000 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_11\Corel_11_01
1/9/2009 2:48:56 AM 407325 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_11\Corel_11_02
1/9/2009 2:48:56 AM 119927 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_11\Corel_11_03
1/9/2009 2:48:56 AM 529081 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_12
1/9/2009 2:48:56 AM 2884 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_13
1/9/2009 2:48:56 AM 1112 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_13\Corel_13_01
1/9/2009 2:48:56 AM 596 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_13\Corel_13_02
1/9/2009 2:48:56 AM 1072 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_13\Corel_13_03
1/9/2009 2:48:56 AM 14441 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_14
1/9/2009 2:48:57 AM 6325064 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_15
1/9/2009 2:48:57 AM 1244528 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_15\Corel_15_01
1/9/2009 2:48:57 AM 1492024 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_15\Corel_15_02
1/9/2009 2:48:57 AM 3588512 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_15\Corel_15_03
1/9/2009 2:51:00 AM 0 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_16
1/9/2009 2:48:17 AM 83528 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Icons
1/9/2009 2:49:32 AM 2785 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Palettes
1/9/2009 2:48:59 AM 664435 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI
1/9/2009 2:48:59 AM 529702 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI\Images
1/9/2009 2:49:00 AM 7233 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI\Images\Button
1/9/2009 2:49:01 AM 5188 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI\Images\Frame
1/9/2009 2:49:00 AM 3335 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI\Images\TrialCounter
1/9/2009 2:49:27 AM 229376 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Photoservices
1/21/2009 1:25:08 AM 13712539 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns
2/1/2009 10:20:14 PM 1166219 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\factoryA
2/1/2009 10:34:41 PM 865192 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\simple
2/1/2009 10:20:26 PM 1492640 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 1.1
2/1/2009 10:20:26 PM 10188440 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2
2/1/2009 10:26:02 PM 5958246 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2
2/1/2009 10:26:03 PM 2891888 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Help
2/1/2009 10:26:03 PM 149349 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings
2/1/2009 10:26:03 PM 2081 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\BurntEdges
2/1/2009 10:26:03 PM 1260 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\ClassicMosaic
2/1/2009 10:26:04 PM 2556 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Constellation
2/1/2009 10:26:04 PM 1438 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Cracks
2/1/2009 10:26:04 PM 2642 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Crumple
2/1/2009 10:26:04 PM 2431 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Electrify
2/1/2009 10:26:04 PM 1697 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Flag
2/1/2009 10:26:04 PM 3893 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Lightning
2/1/2009 10:26:04 PM 3951 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\LittleFluffyClouds
2/1/2009 10:26:04 PM 117525 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Puzzle
2/1/2009 10:26:04 PM 2115 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\RipOpen
2/1/2009 10:26:04 PM 2701 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Shatter
2/1/2009 10:26:05 PM 2502 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Stain
2/1/2009 10:26:05 PM 2557 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Television
1/9/2009 2:49:33 AM 672685 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Presets
1/9/2009 2:49:38 AM 3148 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Presets\English
1/9/2009 2:49:39 AM 2543 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Presets\Metric
1/9/2009 2:49:39 AM 352498 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates
1/9/2009 2:49:39 AM 198671 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates\Avery
1/9/2009 2:49:40 AM 102585 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates\Avery International
1/9/2009 2:49:40 AM 32674 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates\Combinations
1/9/2009 2:49:40 AM 18568 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates\Standard Sizes
1/9/2009 2:48:19 AM 14479115 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries
1/9/2009 2:49:12 AM 3853824 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\DLLs
1/9/2009 2:49:12 AM 6326629 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib
1/9/2009 2:49:18 AM 182777 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\bsddb
1/9/2009 2:49:18 AM 114260 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\bsddb\test
1/9/2009 2:49:23 AM 185639 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\compiler
1/9/2009 2:49:12 AM 18866 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\curses
1/9/2009 2:49:13 AM 695247 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\distutils
1/9/2009 2:49:13 AM 317400 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\distutils\command
1/9/2009 2:49:24 AM 14767 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\distutils\tests
1/9/2009 2:49:15 AM 368230 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\email
1/9/2009 2:49:21 AM 202845 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\email\test
1/9/2009 2:49:21 AM 83945 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\email\test\data
1/9/2009 2:49:12 AM 462558 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\encodings
1/9/2009 2:49:17 AM 12415 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\hotshot
1/9/2009 2:49:12 AM 605766 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\idlelib
1/9/2009 2:49:23 AM 58065 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\idlelib\Icons
1/9/2009 2:49:12 AM 83274 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\lib-old
1/9/2009 2:49:22 AM 311377 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\lib-tk
1/9/2009 2:49:17 AM 95803 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\logging
1/9/2009 2:49:24 AM 121 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\site-packages
1/9/2009 2:49:12 AM 206239 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\xml
1/9/2009 2:49:12 AM 144552 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\xml\dom
1/9/2009 2:49:17 AM 291 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\xml\parsers
1/9/2009 2:49:12 AM 60343 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\xml\sax
1/9/2009 2:49:12 AM 4197905 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl
1/9/2009 2:49:13 AM 13653 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\dde1.2
1/9/2009 2:49:13 AM 13191 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\reg1.1
1/9/2009 2:49:12 AM 1748954 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4
1/9/2009 2:49:20 AM 1436996 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\encoding
1/9/2009 2:49:23 AM 10884 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\http1.0
1/9/2009 2:49:23 AM 25643 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\http2.4
1/9/2009 2:49:23 AM 13552 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\msgcat1.3
1/9/2009 2:49:23 AM 34717 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\opt0.4
1/9/2009 2:49:23 AM 102007 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\tcltest2.2
1/9/2009 2:49:12 AM 851611 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tix8.1
1/9/2009 2:49:12 AM 18805 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tix8.1\bitmaps
1/9/2009 2:49:12 AM 236295 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tix8.1\pref
1/9/2009 2:49:12 AM 1159868 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4
1/9/2009 2:49:12 AM 554277 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4\demos
1/9/2009 2:49:23 AM 278117 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4\demos\images
1/9/2009 2:49:23 AM 101217 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4\images
1/9/2009 2:49:23 AM 52577 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4\msgs
1/9/2009 2:49:40 AM 430061 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Restricted
1/9/2009 2:49:40 AM 140610 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Restricted\Artistic
1/9/2009 2:49:40 AM 3149 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Restricted\FileOpen
1/9/2009 2:49:40 AM 16109 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Restricted\Photo
1/9/2009 2:49:40 AM 57790 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Trusted
1/9/2009 2:49:40 AM 2391 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Trusted\LexarAMS
1/9/2009 2:49:40 AM 9212 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Trusted\Photo
1/9/2009 2:49:01 AM 32151370 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Snapfire
1/9/2009 2:50:59 AM 0 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Workspaces
1/9/2009 2:44:34 AM 208883840 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI - Installation Files
1/21/2009 1:36:31 AM 59707956 C:\Program Files\Java
1/21/2009 1:36:31 AM 59707956 C:\Program Files\Java\jre1.5.0_03
1/21/2009 1:36:36 AM 19898320 C:\Program Files\Java\jre1.5.0_03\bin
1/21/2009 1:36:37 AM 13649440 C:\Program Files\Java\jre1.5.0_03\bin\client
1/21/2009 1:36:39 AM 39712132 C:\Program Files\Java\jre1.5.0_03\lib
1/21/2009 1:36:41 AM 0 C:\Program Files\Java\jre1.5.0_03\lib\applet
1/21/2009 1:36:41 AM 203280 C:\Program Files\Java\jre1.5.0_03\lib\cmm
1/21/2009 1:36:41 AM 336467 C:\Program Files\Java\jre1.5.0_03\lib\ext
1/21/2009 1:36:41 AM 698236 C:\Program Files\Java\jre1.5.0_03\lib\fonts
1/21/2009 1:36:41 AM 671 C:\Program Files\Java\jre1.5.0_03\lib\i386
1/21/2009 1:36:41 AM 18178 C:\Program Files\Java\jre1.5.0_03\lib\im
1/21/2009 1:36:41 AM 2410 C:\Program Files\Java\jre1.5.0_03\lib\images
1/21/2009 1:36:41 AM 2410 C:\Program Files\Java\jre1.5.0_03\lib\images\cursors
1/21/2009 1:36:41 AM 30621 C:\Program Files\Java\jre1.5.0_03\lib\javaws
1/21/2009 1:36:41 AM 19486 C:\Program Files\Java\jre1.5.0_03\lib\management
1/21/2009 1:36:41 AM 47589 C:\Program Files\Java\jre1.5.0_03\lib\security
1/21/2009 1:36:42 AM 242523 C:\Program Files\Java\jre1.5.0_03\lib\zi
1/21/2009 1:36:42 AM 8309 C:\Program Files\Java\jre1.5.0_03\lib\zi\Africa
1/21/2009 1:36:43 AM 82237 C:\Program Files\Java\jre1.5.0_03\lib\zi\America
1/21/2009 1:36:43 AM 1311 C:\Program Files\Java\jre1.5.0_03\lib\zi\America\Indiana
1/21/2009 1:36:43 AM 1260 C:\Program Files\Java\jre1.5.0_03\lib\zi\America\Kentucky
1/21/2009 1:36:43 AM 1276 C:\Program Files\Java\jre1.5.0_03\lib\zi\America\North_Dakota
1/21/2009 1:36:43 AM 2755 C:\Program Files\Java\jre1.5.0_03\lib\zi\Antarctica
1/21/2009 1:36:43 AM 51032 C:\Program Files\Java\jre1.5.0_03\lib\zi\Asia
1/21/2009 1:36:43 AM 8762 C:\Program Files\Java\jre1.5.0_03\lib\zi\Atlantic
1/21/2009 1:36:43 AM 7888 C:\Program Files\Java\jre1.5.0_03\lib\zi\Australia
1/21/2009 1:36:43 AM 783 C:\Program Files\Java\jre1.5.0_03\lib\zi\Etc
1/21/2009 1:36:43 AM 55696 C:\Program Files\Java\jre1.5.0_03\lib\zi\Europe
1/21/2009 1:36:43 AM 663 C:\Program Files\Java\jre1.5.0_03\lib\zi\Indian
1/21/2009 1:36:43 AM 6872 C:\Program Files\Java\jre1.5.0_03\lib\zi\Pacific
1/23/2009 3:20:15 PM 4536488 C:\Program Files\Malwarebytes' Anti-Malware
1/23/2009 3:20:16 PM 372760 C:\Program Files\Malwarebytes' Anti-Malware\Languages
1/16/2009 10:35:36 AM 0 C:\Program Files\MSXML 4.0
1/16/2009 6:43:21 AM 91994681 C:\Program Files\Panda Security
1/16/2009 6:43:21 AM 91994681 C:\Program Files\Panda Security\ActiveScan 2.0
1/16/2009 6:43:44 AM 2104716 C:\Program Files\Panda Security\ActiveScan 2.0\psqstore
1/28/2009 1:13:13 PM 232987435 C:\Program Files\PhotoshopPortable
1/28/2009 1:13:13 PM 227207407 C:\Program Files\PhotoshopPortable\App
1/28/2009 1:13:13 PM 222566486 C:\Program Files\PhotoshopPortable\App\Photoshop
1/28/2009 1:13:13 PM 6461874 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT
1/28/2009 1:13:35 PM 3796 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ar_ae
1/28/2009 1:13:13 PM 2605 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\Core key files
1/28/2009 1:13:36 PM 4280 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\cs_cz
1/28/2009 1:13:36 PM 4294 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\da_dk
1/28/2009 1:13:36 PM 4712 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\de_de
1/28/2009 1:13:36 PM 4610 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\el_gr
1/28/2009 1:13:36 PM 4268 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\en_gb
1/28/2009 1:13:36 PM 4268 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\en_us
1/28/2009 1:13:36 PM 4268 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\en_xm
1/28/2009 1:13:36 PM 4568 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\es_es
1/28/2009 1:13:36 PM 4568 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\es_mx
1/28/2009 1:13:36 PM 4380 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\fi_fi
1/28/2009 1:13:36 PM 4624 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\fr_ca
1/28/2009 1:13:36 PM 4624 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\fr_fr
1/28/2009 1:13:36 PM 4614 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\fr_xm
1/28/2009 1:13:35 PM 3532 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\he_il
1/28/2009 1:13:36 PM 4478 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\hu_hu
1/28/2009 1:13:36 PM 4474 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\it_it
1/28/2009 1:13:35 PM 3264 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ja_jp
1/28/2009 1:13:35 PM 3206 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ko_kr
1/28/2009 1:13:14 PM 4680835 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal
1/28/2009 1:13:15 PM 350887 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ar_ae
1/28/2009 1:13:15 PM 335178 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\bg_bg
1/28/2009 1:13:15 PM 100492 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\cs_cz
1/28/2009 1:13:14 PM 69654 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\da_dk
1/28/2009 1:13:14 PM 73646 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\de_de
1/28/2009 1:13:15 PM 353306 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\el_gr
1/28/2009 1:13:14 PM 61384 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\en_gb
1/28/2009 1:13:14 PM 61270 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\en_us
1/28/2009 1:13:14 PM 72845 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\es_es
1/28/2009 1:13:14 PM 72845 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\es_mx
1/28/2009 1:13:14 PM 70486 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\et_ee
1/28/2009 1:13:15 PM 80985 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\fi_fi
1/28/2009 1:13:15 PM 84604 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\fr_ca
1/28/2009 1:13:15 PM 84604 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\fr_fr
1/28/2009 1:13:15 PM 304340 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\he_il
1/28/2009 1:13:14 PM 69809 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\hr_hr
1/28/2009 1:13:15 PM 107329 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\hu_hu
1/28/2009 1:13:15 PM 73651 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\it_it
1/28/2009 1:13:15 PM 193377 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ja_jp
1/28/2009 1:13:15 PM 160787 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ko_kr
1/28/2009 1:13:15 PM 83220 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\lt_lt
1/28/2009 1:13:15 PM 90157 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\lv_lv
1/28/2009 1:13:14 PM 68613 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\nb_no
1/28/2009 1:13:14 PM 69818 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\nl_nl
1/28/2009 1:13:15 PM 87829 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\pl_pl
1/28/2009 1:13:15 PM 78831 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\pt_br
1/28/2009 1:13:15 PM 83545 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ro_ro
1/28/2009 1:13:15 PM 394797 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ru_ru
1/28/2009 1:13:15 PM 100930 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\sk_sk
1/28/2009 1:13:14 PM 73104 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\sl_si
1/28/2009 1:13:14 PM 73357 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\sv_se
1/28/2009 1:13:15 PM 95971 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\tr_tr
1/28/2009 1:13:15 PM 359302 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\uk_ua
1/28/2009 1:13:15 PM 117355 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\zh_cn
1/28/2009 1:13:15 PM 122527 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\zh_tw
1/28/2009 1:13:14 PM 35259 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\LMResources
1/28/2009 1:13:36 PM 4350 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\nb_no
1/28/2009 1:13:36 PM 4602 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\nl_nl
1/28/2009 1:13:36 PM 4332 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\pl_pl
1/28/2009 1:13:36 PM 4274 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\pt_br
1/28/2009 1:13:36 PM 4330 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ro_ro
1/28/2009 1:13:36 PM 4398 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ru_ru
1/28/2009 1:13:36 PM 4196 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\sv_se
1/28/2009 1:13:36 PM 4202 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\tr_tr
1/28/2009 1:13:36 PM 4362 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\uk_ua
1/28/2009 1:13:35 PM 2720 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\zh_cn
1/28/2009 1:13:35 PM 2730 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\zh_tw
1/28/2009 1:13:14 PM 8097 C:\Program Files\PhotoshopPortable\App\Photoshop\Configuration
1/28/2009 1:13:13 PM 7017631 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales
1/28/2009 1:13:13 PM 2166259 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Plug-Ins
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Plug-Ins\Win
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Plug-Ins\Win\Filters
1/28/2009 1:13:13 PM 1308883 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets
1/28/2009 1:13:13 PM 1308883 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win
1/28/2009 1:13:31 PM 4911 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win\Menu Customization
1/28/2009 1:13:13 PM 1303972 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces
1/28/2009 1:13:13 PM 134655 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\1-Basic Workspaces
1/28/2009 1:13:13 PM 1169317 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces
1/28/2009 1:13:30 PM 10688 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Help
1/28/2009 1:13:14 PM 782176 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Support Files
1/28/2009 1:13:14 PM 757743 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Support Files\Feature Help
1/28/2009 1:13:15 PM 3319 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Support Files\Shortcuts
1/28/2009 1:13:15 PM 3319 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Support Files\Shortcuts\Win
1/28/2009 1:13:13 PM 4851372 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Plug-Ins
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Plug-Ins\Win
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Plug-Ins\Win\Filters
1/28/2009 1:13:13 PM 1202811 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets
1/28/2009 1:13:13 PM 1202811 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win
1/28/2009 1:13:31 PM 4821 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win\Menu Customization
1/28/2009 1:13:13 PM 1197990 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win\Workspaces
1/28/2009 1:13:13 PM 125729 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win\Workspaces\1-Basic Workspaces
1/28/2009 1:13:13 PM 1072261 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win\Workspaces\2-Task-based Workspaces
1/28/2009 1:13:30 PM 12042 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Help
1/28/2009 1:13:15 PM 3572007 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Support Files
1/28/2009 1:13:15 PM 3167 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Support Files\Shortcuts
1/28/2009 1:13:15 PM 3167 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Support Files\Shortcuts\Win
1/28/2009 1:13:13 PM 44540534 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins
1/28/2009 1:13:20 PM 749568 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\3D Engines
1/28/2009 1:13:24 PM 1380352 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\ADM
1/28/2009 1:13:17 PM 2067968 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Automate
1/28/2009 1:13:16 PM 2491882 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc
1/28/2009 1:13:16 PM 2491882 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win
1/28/2009 1:13:34 PM 80884 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread
1/28/2009 1:13:34 PM 3599 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\cs.lproj
1/28/2009 1:13:34 PM 3517 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\da.lproj
1/28/2009 1:13:34 PM 3658 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\de.lproj
1/28/2009 1:13:34 PM 3364 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\en_US.lproj
1/28/2009 1:13:34 PM 3652 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\es.lproj
1/28/2009 1:13:34 PM 3457 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\fi.lproj
1/28/2009 1:13:34 PM 3585 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\fr.lproj
1/28/2009 1:13:34 PM 3682 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\hu.lproj
1/28/2009 1:13:34 PM 3492 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\it.lproj
1/28/2009 1:13:34 PM 3850 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ja.lproj
1/28/2009 1:13:34 PM 3567 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ko.lproj
1/28/2009 1:13:34 PM 3478 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\nl.lproj
1/28/2009 1:13:34 PM 3467 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\no.lproj
1/28/2009 1:13:34 PM 3772 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\pl.lproj
1/28/2009 1:13:34 PM 3713 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\pt_BR.lproj
1/28/2009 1:13:34 PM 3624 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ro.lproj
1/28/2009 1:13:34 PM 5018 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ru.lproj
1/28/2009 1:13:34 PM 3416 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\sv.lproj
1/28/2009 1:13:34 PM 3624 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\tr.lproj
1/28/2009 1:13:34 PM 4992 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\uk.lproj
1/28/2009 1:13:34 PM 3196 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\zh_CN.lproj
1/28/2009 1:13:34 PM 3161 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\zh_TW.lproj
1/28/2009 1:13:34 PM 157174 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign
1/28/2009 1:13:35 PM 6923 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\cs.lproj
1/28/2009 1:13:35 PM 6681 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\da.lproj
1/28/2009 1:13:35 PM 7212 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\de.lproj
1/28/2009 1:13:35 PM 6391 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\en_US.lproj
1/28/2009 1:13:35 PM 6931 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\es.lproj
1/28/2009 1:13:35 PM 6663 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\fi.lproj
1/28/2009 1:13:35 PM 6858 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\fr.lproj
1/28/2009 1:13:35 PM 7192 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\hu.lproj
1/28/2009 1:13:35 PM 6843 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\it.lproj
1/28/2009 1:13:35 PM 7599 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ja.lproj
1/28/2009 1:13:35 PM 7041 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ko.lproj
1/28/2009 1:13:35 PM 6884 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\nl.lproj
1/28/2009 1:13:35 PM 6521 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\no.lproj
1/28/2009 1:13:35 PM 7099 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\pl.lproj
1/28/2009 1:13:35 PM 7046 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\pt_BR.lproj
1/28/2009 1:13:35 PM 7225 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ro.lproj
1/28/2009 1:13:35 PM 9786 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ru.lproj
1/28/2009 1:13:35 PM 6572 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\sv.lproj
1/28/2009 1:13:35 PM 7038 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\tr.lproj
1/28/2009 1:13:35 PM 10169 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\uk.lproj
1/28/2009 1:13:34 PM 6230 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\zh_CN.lproj
1/28/2009 1:13:34 PM 6270 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\zh_TW.lproj
1/28/2009 1:13:16 PM 4067328 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Effects
1/28/2009 1:13:21 PM 2990080 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Extensions
1/28/2009 1:13:19 PM 12775424 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\File Formats
1/28/2009 1:13:13 PM 11780236 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Filters
1/28/2009 1:13:13 PM 1676 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Filters\Lighting Styles
1/28/2009 1:13:15 PM 59392 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Image Stacks
1/28/2009 1:13:16 PM 6084096 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Import-Export
1/28/2009 1:13:21 PM 94208 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Measurements
1/28/2009 1:14:03 PM 0 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Panels
1/28/2009 1:13:14 PM 39093620 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets
1/28/2009 1:13:28 PM 299625 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Actions
1/28/2009 1:13:28 PM 3588 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Black and White
1/28/2009 1:13:21 PM 5472263 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Brushes
1/28/2009 1:13:14 PM 12029 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Camera Profiles
1/28/2009 1:13:28 PM 264 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Channel Mixer
1/28/2009 1:13:22 PM 545123 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Color Books
1/28/2009 1:13:15 PM 1644154 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Color Swatches
1/28/2009 1:13:34 PM 5145 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Contours
1/28/2009 1:13:23 PM 578 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Curves
1/28/2009 1:13:28 PM 786836 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Custom Shapes
1/28/2009 1:13:23 PM 71788 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones
1/28/2009 1:13:23 PM 46112 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Duotones
1/28/2009 1:13:23 PM 12052 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones
1/28/2009 1:13:23 PM 27772 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones
1/28/2009 1:13:24 PM 6288 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Duotones\Process Duotones
1/28/2009 1:13:23 PM 7336 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Quadtones
1/28/2009 1:13:23 PM 2096 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Quadtones\Gray Quadtones
1/28/2009 1:13:23 PM 2096 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Quadtones\PANTONE® Quadtones
1/28/2009 1:13:23 PM 3144 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Quadtones\Process Quadtones
1/28/2009 1:13:23 PM 18340 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Tritones
1/28/2009 1:13:23 PM 4192 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones
1/28/2009 1:13:23 PM 3668 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Tritones\PANTONE® Tritones
1/28/2009 1:13:23 PM 10480 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Tritones\Process Tritones
1/28/2009 1:13:31 PM 56 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Exposure
1/28/2009 1:13:31 PM 93432 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Gradients
1/28/2009 1:13:24 PM 800 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Hue and Saturation
1/28/2009 1:13:24 PM 5040 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Levels
1/28/2009 1:13:31 PM 286253 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Lights
1/28/2009 1:13:31 PM 3828119 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Materials
1/28/2009 1:13:29 PM 9545022 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Meshes
1/28/2009 1:13:23 PM 3080 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Optimized Colors
1/28/2009 1:13:31 PM 3335 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Optimized Output Settings
1/28/2009 1:13:31 PM 13380 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Optimized Settings
1/28/2009 1:13:33 PM 6495325 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Patterns
1/28/2009 1:13:32 PM 283635 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Render Settings
1/28/2009 1:13:14 PM 598873 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Scripts
1/28/2009 1:13:31 PM 26749 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Scripts\Event Scripts Only
1/28/2009 1:13:14 PM 165389 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Scripts\Stack Scripts Only
1/28/2009 1:13:24 PM 6686464 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Styles
1/28/2009 1:13:35 PM 1271912 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Tools
1/28/2009 1:13:32 PM 740484 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Volumes
1/28/2009 1:13:29 PM 349689 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Widgets
1/28/2009 1:13:14 PM 47328 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Zoomify
1/28/2009 1:13:13 PM 1662634 C:\Program Files\PhotoshopPortable\App\Photoshop\Required
1/28/2009 1:13:23 PM 22121 C:\Program Files\PhotoshopPortable\App\Photoshop\Required\OWL
1/28/2009 1:13:14 PM 4640921 C:\Program Files\PhotoshopPortable\App\WinSxS
1/28/2009 1:13:14 PM 39297 C:\Program Files\PhotoshopPortable\App\WinSxS\Manifests
1/28/2009 1:13:28 PM 36632 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies
1/28/2009 1:13:28 PM 9155 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff
1/28/2009 1:13:28 PM 9155 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773
1/28/2009 1:13:28 PM 9167 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150
1/28/2009 1:13:28 PM 9155 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e
1/28/2009 1:13:56 PM 96256 C:\Program Files\PhotoshopPortable\App\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474
1/28/2009 1:14:00 PM 1654784 C:\Program Files\PhotoshopPortable\App\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700
1/28/2009 1:13:59 PM 491520 C:\Program Files\PhotoshopPortable\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303
1/28/2009 1:13:58 PM 2322432 C:\Program Files\PhotoshopPortable\App\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05
1/28/2009 1:15:33 PM 5723923 C:\Program Files\PhotoshopPortable\Data
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Adobe PDF
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Adobe PDF\Settings
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Color
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Color\Proofing
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Color\Settings
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Flash Player
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Flash Player\AssetCache
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Flash Player\AssetCache\7KY2SE5P
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Linguistics
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Linguistics\Dictionaries
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all
2/18/2009 12:17:45 AM 0 C:\Program Files\PhotoshopPortable\Data\AllAdobe
2/18/2009 12:17:45 AM 8170 C:\Program Files\PhotoshopPortable\Data\LocalAdobe
2/18/2009 12:17:45 AM 4782 C:\Program Files\PhotoshopPortable\Data\LocalAdobe\Color
2/18/2009 12:17:45 AM 0 C:\Program Files\PhotoshopPortable\Data\LocalAdobe\TypeSupport
2/18/2009 12:17:45 AM 3388 C:\Program Files\PhotoshopPortable\Data\LocalAdobe\Updater6
2/18/2009 12:17:45 AM 0 C:\Program Files\PhotoshopPortable\Data\LocalAdobe\Updater6\Install
1/28/2009 1:15:38 PM 5712395 C:\Program Files\PhotoshopPortable\Data\Photoshop
1/28/2009 1:15:38 PM 5712395 C:\Program Files\PhotoshopPortable\Data\Photoshop\Settings
1/28/2009 1:16:44 PM 0 C:\Program Files\PhotoshopPortable\Data\Photoshop\Settings\WorkSpaces
2/11/2009 10:33:25 PM 52689784 C:\Program Files\Spybot - Search & Destroy
2/11/2009 10:33:31 PM 55992 C:\Program Files\Spybot - Search & Destroy\Dummies
2/11/2009 10:33:35 PM 573029 C:\Program Files\Spybot - Search & Destroy\Help
2/11/2009 10:33:32 PM 14266197 C:\Program Files\Spybot - Search & Destroy\Includes
2/11/2009 10:33:34 PM 4261934 C:\Program Files\Spybot - Search & Destroy\Languages
2/11/2009 10:33:30 PM 2424432 C:\Program Files\Spybot - Search & Destroy\Plugins
2/11/2009 10:33:35 PM 49349 C:\Program Files\Spybot - Search & Destroy\Skins
2/11/2009 10:33:35 PM 3306372 C:\Program Files\Spybot - Search & Destroy\Updates
2/28/2009 4:44:21 AM 26195236 C:\Program Files\Yahoo!
2/28/2009 4:44:21 AM 26107956 C:\Program Files\Yahoo!\Messenger
2/28/2009 4:46:59 AM 721569 C:\Program Files\Yahoo!\Messenger\cache
2/28/2009 4:47:04 AM 87350 C:\Program Files\Yahoo!\Messenger\cache\Audibles
2/28/2009 4:47:05 AM 6212 C:\Program Files\Yahoo!\Messenger\cache\branding
2/28/2009 11:13:48 AM 14973 C:\Program Files\Yahoo!\Messenger\cache\Icon
2/28/2009 4:47:03 AM 90404 C:\Program Files\Yahoo!\Messenger\cache\IMScanners
2/28/2009 4:46:59 AM 313884 C:\Program Files\Yahoo!\Messenger\cache\q.2KTE74JY7j_pA6N4tWOA--
2/28/2009 4:46:59 AM 313884 C:\Program Files\Yahoo!\Messenger\cache\q.2KTE74JY7j_pA6N4tWOA--\RingTones
2/28/2009 4:47:00 AM 17484 C:\Program Files\Yahoo!\Messenger\cache\SearchBar
2/28/2009 4:47:05 AM 3257 C:\Program Files\Yahoo!\Messenger\Games
2/28/2009 4:47:05 AM 3257 C:\Program Files\Yahoo!\Messenger\Games\icons
2/28/2009 4:46:29 AM 24548 C:\Program Files\Yahoo!\Messenger\logs
2/28/2009 4:44:21 AM 2020404 C:\Program Files\Yahoo!\Messenger\Media
2/28/2009 4:44:22 AM 14884 C:\Program Files\Yahoo!\Messenger\Media\Audibles
2/28/2009 4:44:40 AM 61127 C:\Program Files\Yahoo!\Messenger\Media\Etc
2/28/2009 4:44:26 AM 77688 C:\Program Files\Yahoo!\Messenger\Media\FriendIcon
2/28/2009 4:44:26 AM 2760 C:\Program Files\Yahoo!\Messenger\Media\Images
2/28/2009 4:44:21 AM 304151 C:\Program Files\Yahoo!\Messenger\Media\misc
2/28/2009 4:44:22 AM 717236 C:\Program Files\Yahoo!\Messenger\Media\RingTones
2/28/2009 4:44:27 AM 340683 C:\Program Files\Yahoo!\Messenger\Media\Smileys
2/28/2009 4:44:22 AM 6663 C:\Program Files\Yahoo!\Messenger\Media\Voice
2/28/2009 4:46:56 AM 0 C:\Program Files\Yahoo!\Messenger\Plugin
2/28/2009 4:46:56 AM 0 C:\Program Files\Yahoo!\Messenger\Plugin\Test
2/28/2009 4:46:30 AM 14496 C:\Program Files\Yahoo!\Messenger\Profiles
2/28/2009 4:46:30 AM 0 C:\Program Files\Yahoo!\Messenger\Profiles\Archive
2/28/2009 4:46:56 AM 14496 C:\Program Files\Yahoo!\Messenger\Profiles\sasssies2
2/28/2009 11:54:33 PM 0 C:\Program Files\Yahoo!\Messenger\Profiles\sasssies2\Archive
2/28/2009 4:47:00 AM 14284 C:\Program Files\Yahoo!\Messenger\Profiles\sasssies2\My Icons
2/28/2009 4:44:29 AM 1672173 C:\Program Files\Yahoo!\Messenger\skins
2/28/2009 4:44:29 AM 498158 C:\Program Files\Yahoo!\Messenger\skins\Default
2/28/2009 4:44:29 AM 1843 C:\Program Files\Yahoo!\Messenger\skins\Default\AddRequest
2/28/2009 4:44:29 AM 28240 C:\Program Files\Yahoo!\Messenger\skins\Default\ContactCard
2/28/2009 4:44:29 AM 46605 C:\Program Files\Yahoo!\Messenger\skins\Default\FriendList
2/28/2009 4:44:29 AM 52199 C:\Program Files\Yahoo!\Messenger\skins\Default\images
2/28/2009 4:44:29 AM 56425 C:\Program Files\Yahoo!\Messenger\skins\Default\IMWindow
2/28/2009 4:44:30 AM 658 C:\Program Files\Yahoo!\Messenger\skins\Default\MiscSmallUI
2/28/2009 4:44:30 AM 4545 C:\Program Files\Yahoo!\Messenger\skins\Default\SlotManager
2/28/2009 4:44:30 AM 34775 C:\Program Files\Yahoo!\Messenger\skins\Default\sumo
2/28/2009 4:44:30 AM 249738 C:\Program Files\Yahoo!\Messenger\skins\Default\theme
2/28/2009 4:44:31 AM 112209 C:\Program Files\Yahoo!\Messenger\skins\Graffiti
2/28/2009 4:44:31 AM 11097 C:\Program Files\Yahoo!\Messenger\skins\Graffiti\ContactCard
2/28/2009 4:44:31 AM 15709 C:\Program Files\Yahoo!\Messenger\skins\Graffiti\FriendList
2/28/2009 4:44:31 AM 13984 C:\Program Files\Yahoo!\Messenger\skins\Graffiti\images
2/28/2009 4:44:32 AM 56225 C:\Program Files\Yahoo!\Messenger\skins\Graffiti\theme
2/28/2009 4:44:33 AM 91545 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia
2/28/2009 4:44:33 AM 11486 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia\ContactCard
2/28/2009 4:44:33 AM 15697 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia\FriendList
2/28/2009 4:44:34 AM 14948 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia\images
2/28/2009 4:44:34 AM 36377 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia\theme
2/28/2009 4:44:34 AM 82604 C:\Program Files\Yahoo!\Messenger\skins\Icy blue
2/28/2009 4:44:34 AM 11071 C:\Program Files\Yahoo!\Messenger\skins\Icy blue\ContactCard
2/28/2009 4:44:34 AM 15771 C:\Program Files\Yahoo!\Messenger\skins\Icy blue\FriendList
2/28/2009 4:44:34 AM 13345 C:\Program Files\Yahoo!\Messenger\skins\Icy blue\images
2/28/2009 4:44:35 AM 29847 C:\Program Files\Yahoo!\Messenger\skins\Icy blue\theme
2/28/2009 4:44:35 AM 160390 C:\Program Files\Yahoo!\Messenger\skins\Mystic black
2/28/2009 4:44:35 AM 9978 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\ContactCard
2/28/2009 4:44:35 AM 8147 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\FriendList
2/28/2009 4:44:35 AM 13227 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\images
2/28/2009 4:44:35 AM 11972 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\IMWindow
2/28/2009 4:44:35 AM 1864 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\SlotManager
2/28/2009 4:44:35 AM 51020 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\sumo
2/28/2009 4:44:35 AM 49756 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\theme
2/28/2009 4:44:36 AM 96811 C:\Program Files\Yahoo!\Messenger\skins\Purple
2/28/2009 4:44:36 AM 28302 C:\Program Files\Yahoo!\Messenger\skins\Purple\ContactCard
2/28/2009 4:44:36 AM 14582 C:\Program Files\Yahoo!\Messenger\skins\Purple\FriendList
2/28/2009 4:44:36 AM 13660 C:\Program Files\Yahoo!\Messenger\skins\Purple\images
2/28/2009 4:44:36 AM 28042 C:\Program Files\Yahoo!\Messenger\skins\Purple\theme
2/28/2009 4:44:36 AM 315237 C:\Program Files\Yahoo!\Messenger\skins\Ruby red
2/28/2009 4:44:36 AM 41574 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\ContactCard
2/28/2009 4:44:37 AM 33972 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\FriendList
2/28/2009 4:44:37 AM 35707 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\images
2/28/2009 4:44:37 AM 23628 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\IMWindow
2/28/2009 4:44:37 AM 5807 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\SlotManager
2/28/2009 4:44:38 AM 51021 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\sumo
2/28/2009 4:44:38 AM 102702 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\theme
2/28/2009 4:44:38 AM 27096 C:\Program Files\Yahoo!\Messenger\skins\Silver
2/28/2009 4:44:38 AM 907 C:\Program Files\Yahoo!\Messenger\skins\Silver\ContactCard
2/28/2009 4:44:38 AM 8026 C:\Program Files\Yahoo!\Messenger\skins\Silver\FriendList
2/28/2009 4:44:38 AM 7871 C:\Program Files\Yahoo!\Messenger\skins\Silver\theme
2/28/2009 4:44:38 AM 27318 C:\Program Files\Yahoo!\Messenger\skins\Sky blue
2/28/2009 4:44:38 AM 1182 C:\Program Files\Yahoo!\Messenger\skins\Sky blue\ContactCard
2/28/2009 4:44:38 AM 5576 C:\Program Files\Yahoo!\Messenger\skins\Sky blue\FriendList
2/28/2009 4:44:38 AM 10256 C:\Program Files\Yahoo!\Messenger\skins\Sky blue\theme
2/28/2009 4:44:38 AM 83685 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink
2/28/2009 4:44:38 AM 10482 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink\ContactCard
2/28/2009 4:44:39 AM 14152 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink\FriendList
2/28/2009 4:44:39 AM 12944 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink\images
2/28/2009 4:44:39 AM 32335 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink\theme
2/28/2009 4:44:39 AM 89023 C:\Program Files\Yahoo!\Messenger\skins\Violet flame
2/28/2009 4:44:39 AM 11192 C:\Program Files\Yahoo!\Messenger\skins\Violet flame\ContactCard
2/28/2009 4:44:39 AM 14628 C:\Program Files\Yahoo!\Messenger\skins\Violet flame\FriendList
2/28/2009 4:44:39 AM 10921 C:\Program Files\Yahoo!\Messenger\skins\Violet flame\images
2/28/2009 4:44:39 AM 38558 C:\Program Files\Yahoo!\Messenger\skins\Violet flame\theme
2/28/2009 4:44:39 AM 88097 C:\Program Files\Yahoo!\Messenger\skins\Wood
2/28/2009 4:44:40 AM 11107 C:\Program Files\Yahoo!\Messenger\skins\Wood\ContactCard
2/28/2009 4:44:40 AM 17269 C:\Program Files\Yahoo!\Messenger\skins\Wood\FriendList
2/28/2009 4:44:40 AM 14823 C:\Program Files\Yahoo!\Messenger\skins\Wood\images
2/28/2009 4:44:40 AM 31534 C:\Program Files\Yahoo!\Messenger\skins\Wood\theme
2/28/2009 4:44:25 AM 87280 C:\Program Files\Yahoo!\Shared

====== Files under "\System32\Drivers" Last 60 Days======

1/23/2009 3:20:20 PM 15504 32 C:\WINDOWS\system32\drivers\mbam.sys
1/23/2009 3:20:17 PM 38496 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
1/16/2009 6:43:42 AM 28544 32 C:\WINDOWS\system32\drivers\pavboot.sys
1/21/2009 1:52:49 AM 102664 32 C:\WINDOWS\system32\drivers\tmcomm.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\Owner\LOCALS~1\Temp\AcrB.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AcrC.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AcrD.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AcrE.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG10.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG11.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG12.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG13.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG14.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG15.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG16.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG17.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG18.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG19.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG1B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG1C.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG1D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG1E.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG1F.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG20.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG21.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG22.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG23.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG24.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG25.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG26.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG27.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG28.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG29.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG2A.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG2B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG2C.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG2D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG2E.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG2F.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG6.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCG9.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCGA.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCGB.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCGC.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCGD.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCGE.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\BCGF.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\fffrvfnf.ABI
C:\DOCUME~1\Owner\LOCALS~1\Temp\lffffz.ABI
C:\DOCUME~1\Owner\LOCALS~1\Temp\lyyfaggjf.ABI
C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_744.dat
C:\DOCUME~1\Owner\LOCALS~1\Temp\TWAIN.LOG
C:\DOCUME~1\Owner\LOCALS~1\Temp\Twain001.Mtx

50 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

2/28/2009 5:22:17 PM 0 C:\Documents and Settings\All Users\Application Data\Adobe
1/29/2009 12:18:03 AM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable
1/30/2009 9:54:00 PM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable\Acrobat
1/30/2009 9:54:00 PM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable\Acrobat\6.0
1/30/2009 9:54:00 PM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable\Acrobat\6.0\Replicate
1/30/2009 9:54:00 PM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable\Acrobat\6.0\Replicate\Security
1/9/2009 2:49:48 AM 434523 C:\Documents and Settings\All Users\Application Data\Corel
1/9/2009 2:49:48 AM 434523 C:\Documents and Settings\All Users\Application Data\Corel\Messages
1/9/2009 2:49:48 AM 434523 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029
1/9/2009 2:49:48 AM 434361 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en
1/9/2009 2:49:48 AM 434361 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en\MessageCache1
1/9/2009 2:49:48 AM 188148 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en\MessageCache1\1153841220005
1/9/2009 2:49:48 AM 188313 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en\MessageCache1\1153841220036
1/9/2009 2:49:48 AM 52747 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en\MessageCache1\skin
1/11/2009 12:29:22 AM 9564336 C:\Documents and Settings\All Users\Application Data\iolo
1/11/2009 12:34:52 AM 1028 C:\Documents and Settings\All Users\Application Data\iolo\AntiVirus
1/11/2009 12:36:01 AM 9527388 C:\Documents and Settings\All Users\Application Data\iolo\FileInfoList
1/11/2009 12:34:52 AM 35920 C:\Documents and Settings\All Users\Application Data\iolo\Personal Firewall
1/23/2009 3:20:16 PM 4525386 C:\Documents and Settings\All Users\Application Data\Malwarebytes
1/23/2009 3:20:16 PM 4525386 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
2/11/2009 10:33:25 PM 28090645 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2/11/2009 10:35:08 PM 28048759 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups
2/11/2009 10:33:25 PM 144 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes
2/11/2009 10:58:59 PM 34358 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
2/11/2009 10:35:08 PM 2492 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
1/8/2009 12:25:46 AM 0 C:\Documents and Settings\All Users\Application Data\TEMP
2/28/2009 4:44:24 AM 608928 C:\Documents and Settings\All Users\Application Data\Yahoo!
2/28/2009 4:46:56 AM 1456 C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger
2/28/2009 4:46:56 AM 1456 C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin
2/28/2009 4:47:04 AM 1456 C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin
2/28/2009 4:47:04 AM 1456 C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin\MANIFEST
2/28/2009 4:44:24 AM 607472 C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\ccApp


HKLM\Software\microsoft\shared tools\msconfig\startupreg\ccRegVfy


HKLM\Software\microsoft\shared tools\msconfig\startupreg\cdoosoft


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DDCM


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MSMSGS


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Pando


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SoundMan


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched


HKLM\Software\microsoft\shared tools\msconfig\startupreg\vptray


====== Services ( Services that are Whitelisted are not shown) ======

ApfiltrService (Alps Pointing-device Filter Driver)- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys - Manual/Stopped
ASCTRM (ASCTRM)- C:\WINDOWS\system32\drivers\ASCTRM.sys - Auto/Stopped
cdudf_xp (cdudf_xp)- C:\WINDOWS\system32\drivers\cdudf_xp.sys - System/Running
DVDVRRdr_xp (DVDVRRdr_xp)- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys - System/Running
dvd_2K (dvd_2K)- C:\WINDOWS\system32\drivers\dvd_2K.sys - Manual/Stopped
gv3 (Intel GV3 Processor Driver)- C:\WINDOWS\system32\DRIVERS\gv3.sys - Manual/Stopped
klgahq (klgahq)- C:\WINDOWS\system32\drivers\leoyct.sys - Boot/Stopped
mmc_2K (mmc_2K)- C:\WINDOWS\system32\drivers\mmc_2K.sys - Manual/Stopped
MxlW2k (MxlW2k)- C:\WINDOWS\system32\drivers\MxlW2k.sys - Manual/Running
pavboot (pavboot)- C:\WINDOWS\system32\drivers\pavboot.sys - Boot/Stopped
pwd_2k (pwd_2k)- C:\WINDOWS\system32\drivers\pwd_2k.sys - System/Running
sbp2port (SBP-2 Transport/Protocol Bus Driver)- C:\WINDOWS\system32\DRIVERS\sbp2port.sys - Boot/Running
SYMNDIS (SYMNDIS)- \??\C:\WINDOWS\System32\Drivers\SYMNDIS.SYS - Manual/Stopped
UdfReadr_xp (UdfReadr_xp)- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys - System/Running
w70n51 (Intel® PRO/Wireless 7100 Adapter Driver)- C:\WINDOWS\system32\DRIVERS\w70n51.sys - Manual/Stopped
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Stopped
ylszp (ylszp)- C:\WINDOWS\system32\drivers\dyir.sys - Boot/Stopped

====== Uninstall List From Registry ======

123 Free Solitaire
Panda ActiveScan 2.0
Adobe Flash Player 10 ActiveX
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop CS3
Agere Systems AC'97 Modem
AOL (Choose which version to remove)
Carpet Golf VR
Eye Candy 4000
EzButton System
Filters Unlimited 2.0
HijackThis 2.0.2
Hoyle Card Games Demo
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
MUSICMATCH Jukebox
QuickTime
RealPlayer Basic
SereneScreen Marine Aquarium 2
Slingo Deluxe
Slot Machine 98 v5.2
Top Girl Strip Poker
Viewpoint Media Player
WinRAR archiver
Xenofex 1.0
Alien Skin Xenofex 2.0
Yahoo! Messenger
Intel® PROSet
Symantec AntiVirus Client
Space Rocks
PSP Thumbnail Handler
J2SE Runtime Environment 5.0 Update 3
WebFldrs XP
Microsoft Windows Journal Viewer
Easy CD & DVD Creator 6
Virtual Warfare
Logitech MouseWare 9.76
Pig Pen
PowerDVD
Microsoft Visual C++ 2005 Redistributable
Adobe Asset Services CS3
Microsoft Works 7.0
Intel® Extreme Graphics Driver
Logitech Desktop Messenger
Corel Paint Shop Pro Photo XI
Blasterball 2
Gem Master 2
Adobe Anchor Service CS3


Pando
Adobe Reader 6.0
Adobe Camera Raw 4.0
Norton Internet Security
Spybot - Search & Destroy
Adobe Version Cue CS3 Client
Blasterball Wild
Microsoft .NET Framework 1.1
Adobe Setup
Adobe Photoshop CS3
Blackhawk Striker
Realtek AC'97 Audio

======== Other Info ========

TOTAL PHYSICAL RAM: 534 MB



2nd page

SERVICE_NAME: Alerter
DISPLAY_NAME: Alerter
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: AppMgmt
DISPLAY_NAME: Application Management
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: aspnet_state
DISPLAY_NAME: ASP.NET State Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: BITS
DISPLAY_NAME: Background Intelligent Transfer Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Bonjour Service
DISPLAY_NAME: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Browser
DISPLAY_NAME: Computer Browser
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ccEvtMgr
DISPLAY_NAME: Symantec Event Manager
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ccPwdSvc
DISPLAY_NAME: Symantec Password Validation Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ccPxySvc
DISPLAY_NAME: Symantec Proxy Service
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: CiSvc
DISPLAY_NAME: Indexing Service
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ClipSrv
DISPLAY_NAME: ClipBook
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: COMSysApp
DISPLAY_NAME: COM+ System Application
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: CryptSvc
DISPLAY_NAME: Cryptographic Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: DefWatch
DISPLAY_NAME: DefWatch
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: dmadmin
DISPLAY_NAME: Logical Disk Manager Administrative Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: dmserver
DISPLAY_NAME: Logical Disk Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ERSvc
DISPLAY_NAME: Error Reporting Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: FastUserSwitchingCompatibility
DISPLAY_NAME: Fast User Switching Compatibility
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: FLEXnet Licensing Service
DISPLAY_NAME: FLEXnet Licensing Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: HidServ
DISPLAY_NAME: Human Interface Device Access
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: HTTPFilter
DISPLAY_NAME: HTTP SSL
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ImapiService
DISPLAY_NAME: IMAPI CD-Burning COM Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: lanmanserver
DISPLAY_NAME: Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Messenger
DISPLAY_NAME: Messenger
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: mnmsrvc
DISPLAY_NAME: NetMeeting Remote Desktop Sharing
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: MSDTC
DISPLAY_NAME: Distributed Transaction Coordinator
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: MSIServer
DISPLAY_NAME: Windows Installer
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: NetDDE
DISPLAY_NAME: Network DDE
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: NetDDEdsdm
DISPLAY_NAME: Network DDE DSDM
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Netlogon
DISPLAY_NAME: Net Logon
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: NetSvc
DISPLAY_NAME: Intel NCS NetService
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: NISUM
DISPLAY_NAME: Norton Internet Security Accounts Manager
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Nla
DISPLAY_NAME: Network Location Awareness (NLA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Norton AntiVirus Server
DISPLAY_NAME: Symantec AntiVirus Client
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: NtLmSsp
DISPLAY_NAME: NT LM Security Support Provider
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: NtmsSvc
DISPLAY_NAME: Removable Storage
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PolicyAgent
DISPLAY_NAME: IPSEC Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RasAuto
DISPLAY_NAME: Remote Access Auto Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RDSessMgr
DISPLAY_NAME: Remote Desktop Help Session Manager
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RemoteAccess
DISPLAY_NAME: Routing and Remote Access
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RemoteRegistry
DISPLAY_NAME: Remote Registry
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RpcLocator
DISPLAY_NAME: Remote Procedure Call (RPC) Locator
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RSVP
DISPLAY_NAME: QoS RSVP
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SCardSvr
DISPLAY_NAME: Smart Card
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: seclogon
DISPLAY_NAME: Secondary Logon
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SSDPSRV
DISPLAY_NAME: SSDP Discovery Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SwPrv
DISPLAY_NAME: MS Software Shadow Copy Provider
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SysmonLog
DISPLAY_NAME: Performance Logs and Alerts
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Themes
DISPLAY_NAME: Themes
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TlntSvr
DISPLAY_NAME: Telnet
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: upnphost
DISPLAY_NAME: Universal Plug and Play Device Host
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: UPS
DISPLAY_NAME: Uninterruptible Power Supply
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: VSS
DISPLAY_NAME: Volume Shadow Copy
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: W32Time
DISPLAY_NAME: Windows Time
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WANMiniportService
DISPLAY_NAME: WAN Miniport (ATW) Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WebClient
DISPLAY_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WMDM PMSP Service
DISPLAY_NAME: WMDM PMSP Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WmdmPmSN
DISPLAY_NAME: Portable Media Serial Number Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Wmi
DISPLAY_NAME: Windows Management Instrumentation Driver Extensions
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WmiApSrv
DISPLAY_NAME: WMI Performance Adapter
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wuauserv
DISPLAY_NAME: Automatic Updates
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1084 (0x43c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WZCSVC
DISPLAY_NAME: Wireless Zero Configuration
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: xmlprov
DISPLAY_NAME: Network Provisioning Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 02 March 2009 - 09:42 PM

Takii

You are most welcome. Yes you are infected.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
    (How to extract (decompress) zipped or compressed files, help in the link here: )
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):


Drivers to Delete:
klgahq
ylszp

Files to Delete:
C:\Lop SD
C:\1utbfd.bat
C:\1utbfd.bat
C:\a2h2.com
C:\hl80c6b1.com
C:\lopR.txt
C:\pook.com
C:\qphdin.com
C:\ur0.com
C:\WINDOWS\AhnRpta.exe
C:\WINDOWS\system32\drivers\leoyct.sys
C:\WINDOWS\system32\drivers\dyir.sys


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
Posted Image
Microsoft MVP - Windows Security

#5 Takii

Takii
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:33 AM

Posted 03 March 2009 - 01:21 AM

Oh thank you bamajim , i can notice a big difference ...
Avenger file posted below :
may i ask was that what is reffered to as a back door hack ?
it just seemed odd the later at night the worse it is ..
thank you again so very much for helping me ...

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "klgahq" deleted successfully.
Driver "ylszp" deleted successfully.

Error: "C:\Lop SD" is a folder, not a file!
Deletion of file "C:\Lop SD" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

File "C:\1utbfd.bat" deleted successfully.

Error: file "C:\1utbfd.bat" not found!
Deletion of file "C:\1utbfd.bat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\a2h2.com" deleted successfully.
File "C:\hl80c6b1.com" deleted successfully.
File "C:\lopR.txt" deleted successfully.
File "C:\pook.com" deleted successfully.
File "C:\qphdin.com" deleted successfully.
File "C:\ur0.com" deleted successfully.
File "C:\WINDOWS\AhnRpta.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\leoyct.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\leoyct.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\dyir.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\dyir.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

#6 Takii

Takii
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:33 AM

Posted 03 March 2009 - 03:45 AM

ohh sorry bamajim , one small thing ..

norton internet security seems to have locked me out
when i try to activate it , it says, do not have necessary rights , need supervisor rights
the name i am using has administrative prividleges
thank you very much for all of your help, it is greatly apprciated ...

#7 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 03 March 2009 - 08:42 AM

Takii

Glad to hear there is some improvement.

Let's finish getting you cleaned up then we will see if we can fix Norton.

We need to use Avenger once more.

1. Rerun Avenger

2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Lop SD


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh FileLister log.
Posted Image
Microsoft MVP - Windows Security

#8 Takii

Takii
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:33 AM

Posted 03 March 2009 - 10:31 PM

thank you very much bamajim ..

(last night i had one instance where firewall went down , then tonight when trying to sign
on i would type password and something would erase it, not allowing me to sign on)
curious is this a hacker we are taking out?

report just ran listed below:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Lop SD" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


i am sorry it took me time to answer , i went out of town today and was late returning
thank you so very much for your help..

#9 Takii

Takii
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:33 AM

Posted 04 March 2009 - 12:03 AM

sorry bamajim ..
here is my file lister
thank you so much for helping me ..

+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.6
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>> 3/3/2009 11:59:51 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AOL 8.0\waol.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - -

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

3/3/2009 1:12:50 AM 1043393 C:\Avenger
1/17/2009 3:02:17 AM 6044360 C:\Config.Msi
2/23/2009 4:23:25 PM 59892 C:\rsit
3/3/2009 10:20:24 PM 970 32 C:\avenger.txt
1/10/2009 4:41:50 AM 24520 32 C:\EyeCandyLog.txt
3/2/2009 5:25:40 PM 1945 32 C:\Files.txt
3/2/2009 5:30:36 PM 534237184 38 C:\hiberfil.sys
1/10/2009 7:54:57 PM 805306368 38 C:\pagefile.sys
1/17/2009 3:04:10 AM 618939 C:\WINDOWS\$NtUninstallKB938464$
1/17/2009 3:04:10 AM 618939 C:\WINDOWS\$NtUninstallKB938464$\spuninst
1/16/2009 10:35:14 AM 2834617 C:\WINDOWS\$NtUninstallKB944338-v2$
1/16/2009 10:35:14 AM 591951 C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst
1/17/2009 3:07:59 AM 703540 C:\WINDOWS\$NtUninstallKB946648$
1/17/2009 3:08:00 AM 620596 C:\WINDOWS\$NtUninstallKB946648$\spuninst
1/17/2009 3:05:29 AM 820598 C:\WINDOWS\$NtUninstallKB950762$
1/17/2009 3:05:29 AM 620534 C:\WINDOWS\$NtUninstallKB950762$\spuninst
1/17/2009 3:06:45 AM 864400 C:\WINDOWS\$NtUninstallKB950974$
1/17/2009 3:06:45 AM 621200 C:\WINDOWS\$NtUninstallKB950974$\spuninst
1/17/2009 3:04:47 AM 1298993 C:\WINDOWS\$NtUninstallKB951066$
1/17/2009 3:04:47 AM 620593 C:\WINDOWS\$NtUninstallKB951066$\spuninst
1/17/2009 3:08:18 AM 895763 C:\WINDOWS\$NtUninstallKB951376-v2$
1/17/2009 3:08:18 AM 621459 C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst
1/17/2009 3:06:35 AM 1908375 C:\WINDOWS\$NtUninstallKB951698$
1/17/2009 3:06:35 AM 620695 C:\WINDOWS\$NtUninstallKB951698$\spuninst
1/17/2009 3:04:32 AM 1841361 C:\WINDOWS\$NtUninstallKB951748$
1/17/2009 3:04:32 AM 626129 C:\WINDOWS\$NtUninstallKB951748$\spuninst
1/17/2009 3:05:37 AM 3880973 C:\WINDOWS\$NtUninstallKB952069_WM9$
1/17/2009 3:05:37 AM 621069 C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
1/17/2009 3:05:00 AM 952231 C:\WINDOWS\$NtUninstallKB952287$
1/17/2009 3:05:00 AM 620455 C:\WINDOWS\$NtUninstallKB952287$\spuninst
1/17/2009 3:08:08 AM 695246 C:\WINDOWS\$NtUninstallKB952954$
1/17/2009 3:08:08 AM 621518 C:\WINDOWS\$NtUninstallKB952954$\spuninst
1/17/2009 3:06:24 AM 2456580 C:\WINDOWS\$NtUninstallKB954211$
1/17/2009 3:06:24 AM 620676 C:\WINDOWS\$NtUninstallKB954211$\spuninst
1/17/2009 3:01:31 AM 2413508 C:\WINDOWS\$NtUninstallKB954600$
1/17/2009 3:01:31 AM 621816 C:\WINDOWS\$NtUninstallKB954600$\spuninst
1/17/2009 3:01:10 AM 3406330 C:\WINDOWS\$NtUninstallKB955069$
1/17/2009 3:01:10 AM 622254 C:\WINDOWS\$NtUninstallKB955069$\spuninst
1/17/2009 3:07:40 AM 621439 C:\WINDOWS\$NtUninstallKB955839$
1/17/2009 3:07:40 AM 621439 C:\WINDOWS\$NtUninstallKB955839$\spuninst
1/17/2009 3:07:29 AM 705105 C:\WINDOWS\$NtUninstallKB956391$
1/17/2009 3:07:29 AM 619089 C:\WINDOWS\$NtUninstallKB956391$\spuninst
1/17/2009 3:00:49 AM 2446256 C:\WINDOWS\$NtUninstallKB956802$
1/17/2009 3:00:49 AM 622203 C:\WINDOWS\$NtUninstallKB956802$\spuninst
1/17/2009 3:07:50 AM 897693 C:\WINDOWS\$NtUninstallKB956803$
1/17/2009 3:07:50 AM 620957 C:\WINDOWS\$NtUninstallKB956803$\spuninst
1/17/2009 3:06:05 AM 4861320 C:\WINDOWS\$NtUninstallKB956841$
1/17/2009 3:06:05 AM 623496 C:\WINDOWS\$NtUninstallKB956841$\spuninst
1/17/2009 3:05:19 AM 1072198 C:\WINDOWS\$NtUninstallKB957097$
1/17/2009 3:05:19 AM 620742 C:\WINDOWS\$NtUninstallKB957097$\spuninst
1/17/2009 3:07:05 AM 8468909 C:\WINDOWS\$NtUninstallKB958215$
1/17/2009 3:07:05 AM 635821 C:\WINDOWS\$NtUninstallKB958215$\spuninst
1/17/2009 3:01:20 AM 2500026 C:\WINDOWS\$NtUninstallKB958644$
1/17/2009 3:01:20 AM 622319 C:\WINDOWS\$NtUninstallKB958644$\spuninst
1/17/2009 3:05:09 AM 956649 C:\WINDOWS\$NtUninstallKB958687$
1/17/2009 3:05:09 AM 620393 C:\WINDOWS\$NtUninstallKB958687$\spuninst
1/17/2009 3:05:48 AM 3874346 C:\WINDOWS\$NtUninstallKB960714$
1/17/2009 3:05:48 AM 623146 C:\WINDOWS\$NtUninstallKB960714$\spuninst
2/14/2009 5:57:33 PM 128 C:\WINDOWS\CSC
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d1
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d2
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d3
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d4
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d5
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d6
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d7
2/14/2009 5:57:33 PM 0 C:\WINDOWS\CSC\d8
1/10/2009 10:06:30 PM 0 C:\WINDOWS\PIF
1/11/2009 1:37:10 AM 3535748 C:\WINDOWS\Prefetch
1/16/2009 6:02:33 AM 0 C:\WINDOWS\Sun
1/16/2009 6:02:33 AM 0 C:\WINDOWS\Sun\Java
1/16/2009 6:02:33 AM 0 C:\WINDOWS\Sun\Java\Deployment
1/11/2009 12:50:19 AM 178 32 C:\WINDOWS\DHCPUPG.LOG
1/8/2009 7:02:07 AM 11824 32 C:\WINDOWS\KB938464.log
1/8/2009 6:36:45 AM 24412 32 C:\WINDOWS\KB944338-v2.log
1/17/2009 3:07:58 AM 20462 32 C:\WINDOWS\KB946648.log
1/17/2009 3:05:28 AM 16345 32 C:\WINDOWS\KB950762.log
1/8/2009 6:41:31 AM 65059 32 C:\WINDOWS\KB950974.log
1/17/2009 3:04:45 AM 28917 32 C:\WINDOWS\KB951066.log
1/17/2009 3:08:16 AM 20995 32 C:\WINDOWS\KB951376-v2.log
1/8/2009 6:41:25 AM 27098 32 C:\WINDOWS\KB951698.log
1/16/2009 6:25:50 AM 53527 32 C:\WINDOWS\KB951748.log
1/17/2009 3:05:35 AM 44296 32 C:\WINDOWS\KB952069.log
1/17/2009 3:04:57 AM 16034 32 C:\WINDOWS\KB952287.log
1/8/2009 6:47:13 AM 73464 32 C:\WINDOWS\KB952954.log
1/17/2009 3:06:22 AM 17607 32 C:\WINDOWS\KB954211.log
1/8/2009 7:01:20 AM 18552 32 C:\WINDOWS\KB954600.log
1/8/2009 7:00:58 AM 33983 32 C:\WINDOWS\KB955069.log
1/8/2009 6:46:25 AM 44723 32 C:\WINDOWS\KB955839.log
1/17/2009 3:07:29 AM 19597 32 C:\WINDOWS\KB956391.log
1/8/2009 6:36:50 AM 50592 32 C:\WINDOWS\KB956802.log
1/17/2009 3:07:48 AM 21183 32 C:\WINDOWS\KB956803.log
1/17/2009 3:06:01 AM 18984 32 C:\WINDOWS\KB956841.log
1/17/2009 3:05:17 AM 16406 32 C:\WINDOWS\KB957097.log
1/17/2009 3:06:53 AM 61277 32 C:\WINDOWS\KB958215.log
1/8/2009 7:01:09 AM 36052 32 C:\WINDOWS\KB958644.log
1/17/2009 3:05:08 AM 16327 32 C:\WINDOWS\KB958687.log
1/17/2009 3:05:46 AM 47644 32 C:\WINDOWS\KB960714.log
1/16/2009 5:23:18 AM 1220 32 C:\WINDOWS\mozver.dat
1/11/2009 1:10:53 AM 56552 32 C:\WINDOWS\msmqinst.log
1/16/2009 10:35:32 AM 314768 32 C:\WINDOWS\msxml4-KB954430-enu.LOG
1/11/2009 1:10:57 AM 29865 32 C:\WINDOWS\netfxocm.log
2/12/2009 4:00:08 PM 502480 32 C:\WINDOWS\ntbtlog.txt
1/21/2009 4:12:31 AM 1409 32 C:\WINDOWS\QTFont.for
1/21/2009 4:12:30 AM 54156 34 C:\WINDOWS\QTFont.qfn
1/8/2009 12:24:35 AM 193427 32 C:\WINDOWS\Scrapbook MAX! Trial Setup Log.txt
1/8/2009 6:58:57 PM 88043 32 C:\WINDOWS\Scrapbook MAX! Trial Uninstall Log.txt
1/11/2009 12:53:03 AM 71542 32 C:\WINDOWS\setupact.log
1/11/2009 1:08:42 AM 413649 32 C:\WINDOWS\setupapi.log
1/11/2009 12:53:03 AM 468 32 C:\WINDOWS\setuperr.log
1/11/2009 1:05:43 AM 650388 32 C:\WINDOWS\setuplog.txt
1/11/2009 1:10:56 AM 9027 32 C:\WINDOWS\tabletoc.log
1/8/2009 7:00:53 AM 22317 32 C:\WINDOWS\updspapi.log
1/11/2009 12:52:25 AM 1314 32 C:\WINDOWS\UPGRADE.TXT
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\WindowsShell.Manifest
1/11/2009 12:50:16 AM 10643 32 C:\WINDOWS\WINNT32.LOG
1/11/2009 12:52:12 AM 148 32 C:\WINDOWS\wsdu.log
2/1/2009 10:24:52 PM 296448 32 C:\WINDOWS\Xenofex.ini
2/28/2009 4:55:21 AM 21840 32 C:\WINDOWS\yacs.log
1/16/2009 6:35:21 AM 0 C:\WINDOWS\system32\appmgmt
1/16/2009 6:35:21 AM 0 C:\WINDOWS\system32\appmgmt\MACHINE
1/16/2009 6:35:21 AM 0 C:\WINDOWS\system32\appmgmt\S-1-5-21-3921004004-1071396914-2547918761-1003
1/8/2009 6:57:16 AM 0 C:\WINDOWS\system32\CatRoot_bak
2/13/2009 6:21:55 PM 38 C:\WINDOWS\system32\GroupPolicy
2/13/2009 6:21:55 PM 0 C:\WINDOWS\system32\GroupPolicy\Machine
2/13/2009 6:21:55 PM 0 C:\WINDOWS\system32\GroupPolicy\User
1/9/2009 2:46:04 AM 88 7 C:\WINDOWS\system32\33713BE055.sys
1/10/2009 5:34:36 PM 2855 32 C:\WINDOWS\system32\command.PIF
1/11/2009 12:35:57 AM 118784 32 C:\WINDOWS\system32\iavlsp.dll
1/11/2009 1:39:59 AM 155648 32 C:\WINDOWS\system32\igfxres.dll
1/11/2009 1:10:28 AM 13312 32 C:\WINDOWS\system32\irclass.dll
1/21/2009 1:37:23 AM 49248 32 C:\WINDOWS\system32\java.exe
1/21/2009 1:37:23 AM 49250 32 C:\WINDOWS\system32\javaw.exe
1/21/2009 1:37:23 AM 127078 32 C:\WINDOWS\system32\javaws.exe
1/16/2009 6:01:49 AM 49265 32 C:\WINDOWS\system32\jpicpl32.cpl
1/16/2009 6:01:31 AM 3460 32 C:\WINDOWS\system32\jupdate-1.5.0_03-b07.log
1/9/2009 2:46:04 AM 2516 38 C:\WINDOWS\system32\KGyGaAvL.sys
1/11/2009 1:26:06 AM 488 35 C:\WINDOWS\system32\logonui.exe.manifest
1/11/2009 12:29:25 AM 74703 32 C:\WINDOWS\system32\mfc45.dll
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\system32\ncpa.cpl.manifest
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\system32\nwc.cpl.manifest
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\system32\sapi.cpl.manifest
1/16/2009 6:17:29 AM 283648 0 C:\WINDOWS\system32\SET11.tmp
1/16/2009 6:17:36 AM 1106944 0 C:\WINDOWS\system32\SET15.tmp
1/16/2009 6:17:41 AM 332800 0 C:\WINDOWS\system32\SET19.tmp
1/16/2009 6:17:29 AM 283648 32 C:\WINDOWS\system32\SET197.tmp
1/16/2009 6:17:36 AM 1106944 32 C:\WINDOWS\system32\SET19A.tmp
1/16/2009 6:17:41 AM 332800 32 C:\WINDOWS\system32\SET19D.tmp
1/16/2009 6:17:55 AM 683520 32 C:\WINDOWS\system32\SET26D.tmp
1/16/2009 6:18:08 AM 3060224 32 C:\WINDOWS\system32\SET294.tmp
1/16/2009 6:18:41 AM 253952 32 C:\WINDOWS\system32\SET2BD.tmp
1/16/2009 6:18:52 AM 659456 32 C:\WINDOWS\system32\SET2C3.tmp
1/16/2009 6:18:52 AM 615936 32 C:\WINDOWS\system32\SET2C4.tmp
1/16/2009 6:18:52 AM 474112 32 C:\WINDOWS\system32\SET2C5.tmp
1/16/2009 6:18:52 AM 1494528 32 C:\WINDOWS\system32\SET2C6.tmp
1/16/2009 6:18:51 AM 449024 32 C:\WINDOWS\system32\SET2CA.tmp
1/16/2009 6:18:49 AM 1023488 32 C:\WINDOWS\system32\SET2D2.tmp
1/16/2009 6:19:16 AM 74240 32 C:\WINDOWS\system32\SET316.tmp
1/16/2009 6:18:08 AM 3060224 0 C:\WINDOWS\system32\SETA8.tmp
1/16/2009 6:18:41 AM 253952 0 C:\WINDOWS\system32\SETAD.tmp
1/16/2009 6:18:52 AM 659456 0 C:\WINDOWS\system32\SETBC.tmp
1/16/2009 6:18:52 AM 615936 0 C:\WINDOWS\system32\SETBD.tmp
1/16/2009 6:18:52 AM 474112 0 C:\WINDOWS\system32\SETBE.tmp
1/16/2009 6:18:52 AM 1494528 0 C:\WINDOWS\system32\SETBF.tmp
1/16/2009 6:18:49 AM 1023488 0 C:\WINDOWS\system32\SETC1.tmp
1/16/2009 6:19:16 AM 74240 0 C:\WINDOWS\system32\SETC5.tmp
1/11/2009 1:10:28 AM 24661 32 C:\WINDOWS\system32\spxcoins.dll
1/16/2009 6:19:05 AM 62976 0 C:\WINDOWS\system32\tzchange.exe
1/17/2009 3:07:38 AM 211792 32 C:\WINDOWS\system32\TZLog.log
1/11/2009 1:25:52 AM 749 35 C:\WINDOWS\system32\wuaucpl.cpl.manifest
1/16/2009 6:18:53 AM 351744 0 C:\WINDOWS\system32\xpsp3res.dll

====== Files under "\Administrator\Startup" Last 60 Days======



====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======

1/16/2009 12:01:01 AM 130498948 C:\Program Files\App
1/16/2009 12:01:01 AM 125933956 C:\Program Files\App\Photoshop
1/16/2009 12:01:01 AM 25847 C:\Program Files\App\Photoshop\adobe_epic
1/16/2009 12:01:01 AM 25847 C:\Program Files\App\Photoshop\adobe_epic\eula
1/16/2009 12:01:01 AM 6982 C:\Program Files\App\Photoshop\adobe_epic\eula\en_gb
1/16/2009 12:01:01 AM 4411 C:\Program Files\App\Photoshop\adobe_epic\eula\en_us
1/16/2009 12:01:01 AM 7125 C:\Program Files\App\Photoshop\adobe_epic\eula\fr_ca
1/16/2009 12:01:01 AM 7125 C:\Program Files\App\Photoshop\adobe_epic\eula\fr_fr
1/16/2009 12:01:02 AM 4680835 C:\Program Files\App\Photoshop\AMT
1/16/2009 12:01:02 AM 4680835 C:\Program Files\App\Photoshop\AMT\legal
1/16/2009 12:01:04 AM 350887 C:\Program Files\App\Photoshop\AMT\legal\ar_ae
1/16/2009 12:01:04 AM 335178 C:\Program Files\App\Photoshop\AMT\legal\bg_bg
1/16/2009 12:01:03 AM 100492 C:\Program Files\App\Photoshop\AMT\legal\cs_cz
1/16/2009 12:01:02 AM 69654 C:\Program Files\App\Photoshop\AMT\legal\da_dk
1/16/2009 12:01:02 AM 73646 C:\Program Files\App\Photoshop\AMT\legal\de_de
1/16/2009 12:01:04 AM 353306 C:\Program Files\App\Photoshop\AMT\legal\el_gr
1/16/2009 12:01:02 AM 61384 C:\Program Files\App\Photoshop\AMT\legal\en_gb
1/16/2009 12:01:02 AM 61270 C:\Program Files\App\Photoshop\AMT\legal\en_us
1/16/2009 12:01:02 AM 72845 C:\Program Files\App\Photoshop\AMT\legal\es_es
1/16/2009 12:01:02 AM 72845 C:\Program Files\App\Photoshop\AMT\legal\es_mx
1/16/2009 12:01:02 AM 70486 C:\Program Files\App\Photoshop\AMT\legal\et_ee
1/16/2009 12:01:03 AM 80985 C:\Program Files\App\Photoshop\AMT\legal\fi_fi
1/16/2009 12:01:03 AM 84604 C:\Program Files\App\Photoshop\AMT\legal\fr_ca
1/16/2009 12:01:03 AM 84604 C:\Program Files\App\Photoshop\AMT\legal\fr_fr
1/16/2009 12:01:04 AM 304340 C:\Program Files\App\Photoshop\AMT\legal\he_il
1/16/2009 12:01:02 AM 69809 C:\Program Files\App\Photoshop\AMT\legal\hr_hr
1/16/2009 12:01:03 AM 107329 C:\Program Files\App\Photoshop\AMT\legal\hu_hu
1/16/2009 12:01:03 AM 73651 C:\Program Files\App\Photoshop\AMT\legal\it_it
1/16/2009 12:01:04 AM 193377 C:\Program Files\App\Photoshop\AMT\legal\ja_jp
1/16/2009 12:01:04 AM 160787 C:\Program Files\App\Photoshop\AMT\legal\ko_kr
1/16/2009 12:01:03 AM 83220 C:\Program Files\App\Photoshop\AMT\legal\lt_lt
1/16/2009 12:01:03 AM 90157 C:\Program Files\App\Photoshop\AMT\legal\lv_lv
1/16/2009 12:01:02 AM 68613 C:\Program Files\App\Photoshop\AMT\legal\nb_no
1/16/2009 12:01:02 AM 69818 C:\Program Files\App\Photoshop\AMT\legal\nl_nl
1/16/2009 12:01:03 AM 87829 C:\Program Files\App\Photoshop\AMT\legal\pl_pl
1/16/2009 12:01:03 AM 78831 C:\Program Files\App\Photoshop\AMT\legal\pt_br
1/16/2009 12:01:03 AM 83545 C:\Program Files\App\Photoshop\AMT\legal\ro_ro
1/16/2009 12:01:04 AM 394797 C:\Program Files\App\Photoshop\AMT\legal\ru_ru
1/16/2009 12:01:03 AM 100930 C:\Program Files\App\Photoshop\AMT\legal\sk_sk
1/16/2009 12:01:02 AM 73104 C:\Program Files\App\Photoshop\AMT\legal\sl_si
1/16/2009 12:01:02 AM 73357 C:\Program Files\App\Photoshop\AMT\legal\sv_se
1/16/2009 12:01:03 AM 95971 C:\Program Files\App\Photoshop\AMT\legal\tr_tr
1/16/2009 12:01:04 AM 359302 C:\Program Files\App\Photoshop\AMT\legal\uk_ua
1/16/2009 12:01:04 AM 117355 C:\Program Files\App\Photoshop\AMT\legal\zh_cn
1/16/2009 12:01:04 AM 122527 C:\Program Files\App\Photoshop\AMT\legal\zh_tw
1/16/2009 12:01:02 AM 231809 C:\Program Files\App\Photoshop\Legal
1/16/2009 12:01:02 AM 1331 C:\Program Files\App\Photoshop\Legal\en_GB
1/16/2009 12:01:02 AM 61270 C:\Program Files\App\Photoshop\Legal\en_US
1/16/2009 12:01:03 AM 84604 C:\Program Files\App\Photoshop\Legal\fr_CA
1/16/2009 12:01:03 AM 84604 C:\Program Files\App\Photoshop\Legal\fr_FR
1/16/2009 12:01:01 AM 251842 C:\Program Files\App\Photoshop\lmresources
1/16/2009 12:01:01 AM 31237 C:\Program Files\App\Photoshop\lmresources\en_gb
1/16/2009 12:01:01 AM 31237 C:\Program Files\App\Photoshop\lmresources\en_us
1/16/2009 12:01:01 AM 31395 C:\Program Files\App\Photoshop\lmresources\fr_ca
1/16/2009 12:01:01 AM 31395 C:\Program Files\App\Photoshop\lmresources\fr_fr
1/16/2009 12:01:01 AM 126578 C:\Program Files\App\Photoshop\lmresources\privacystatements
1/16/2009 12:01:01 AM 21210 C:\Program Files\App\Photoshop\Locales
1/16/2009 12:01:01 AM 21210 C:\Program Files\App\Photoshop\Locales\en_US
1/16/2009 12:01:01 AM 21210 C:\Program Files\App\Photoshop\Locales\en_US\Support Files
1/16/2009 12:01:01 AM 96 C:\Program Files\App\Photoshop\Locales\en_US\Support Files\Shortcuts
1/16/2009 12:01:01 AM 96 C:\Program Files\App\Photoshop\Locales\en_US\Support Files\Shortcuts\Win
1/16/2009 12:01:04 AM 198717 C:\Program Files\App\Photoshop\MATLAB
1/16/2009 12:01:04 AM 198717 C:\Program Files\App\Photoshop\MATLAB\Required
1/16/2009 12:01:04 AM 24887 C:\Program Files\App\Photoshop\MATLAB\Required\English
1/16/2009 12:01:16 AM 57344 C:\Program Files\App\Photoshop\Plug-ins
1/16/2009 12:01:16 AM 57344 C:\Program Files\App\Photoshop\Plug-ins\Import-Export
1/16/2009 12:01:05 AM 425984 C:\Program Files\App\Photoshop\Required
1/16/2009 12:01:14 AM 4564992 C:\Program Files\App\WinSxS
1/16/2009 12:01:14 AM 96256 C:\Program Files\App\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474
1/16/2009 12:01:18 AM 1654784 C:\Program Files\App\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700
1/16/2009 12:01:17 AM 491520 C:\Program Files\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303
1/16/2009 12:01:17 AM 2322432 C:\Program Files\App\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05
1/28/2009 4:11:16 PM 0 C:\Program Files\Bonjour
1/9/2009 2:44:34 AM 444220391 C:\Program Files\Corel
1/9/2009 2:48:07 AM 235336551 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI
1/9/2009 2:48:07 AM 18770944 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Commands
1/9/2009 2:48:22 AM 351905 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_01
1/9/2009 2:48:22 AM 86903 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_01\Corel_01_01
1/9/2009 2:48:23 AM 172355 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_01\Corel_01_02
1/9/2009 2:48:23 AM 61672 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_01\Corel_01_03
1/9/2009 2:48:23 AM 1906452 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_02
1/9/2009 2:48:24 AM 842932 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_03
1/9/2009 2:48:24 AM 551641 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_04
1/9/2009 2:48:24 AM 4043312 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_05
1/9/2009 2:48:26 AM 140449 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06
2/21/2009 1:31:31 AM 68191 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06\Chic Gradients
1/9/2009 2:48:26 AM 804 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06\Corel_06_01
1/9/2009 2:48:26 AM 1772 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06\Corel_06_02
1/9/2009 2:48:26 AM 2279 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_06\Corel_06_03
1/9/2009 2:48:26 AM 15756113 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_07
1/9/2009 2:48:26 AM 5741958 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_07\Corel_07_01
1/9/2009 2:48:28 AM 9843358 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_07\Corel_07_02
1/9/2009 2:48:29 AM 2737151 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_08
1/9/2009 2:48:30 AM 70905 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_08\Corel_08_01
1/9/2009 2:48:30 AM 2176731 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_08\Corel_08_02
1/9/2009 2:48:33 AM 41753245 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09
1/9/2009 2:48:33 AM 26289587 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09\Corel_09_01
1/9/2009 2:48:41 AM 5427759 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09\Corel_09_02
1/9/2009 2:48:43 AM 5180726 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09\Corel_09_03
1/9/2009 2:48:44 AM 4855173 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_09\Corel_09_04
1/9/2009 2:48:46 AM 22758122 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10
1/9/2009 2:48:46 AM 1813141 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_01
1/9/2009 2:48:46 AM 3180740 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_02
1/9/2009 2:48:48 AM 2298780 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_03
1/9/2009 2:48:49 AM 7201045 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_04
1/9/2009 2:48:52 AM 7145756 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_05
1/9/2009 2:48:54 AM 1090530 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_10\Corel_10_06
1/9/2009 2:48:55 AM 825412 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_11
1/9/2009 2:48:55 AM 227000 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_11\Corel_11_01
1/9/2009 2:48:56 AM 407325 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_11\Corel_11_02
1/9/2009 2:48:56 AM 119927 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_11\Corel_11_03
1/9/2009 2:48:56 AM 529081 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_12
1/9/2009 2:48:56 AM 2884 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_13
1/9/2009 2:48:56 AM 1112 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_13\Corel_13_01
1/9/2009 2:48:56 AM 596 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_13\Corel_13_02
1/9/2009 2:48:56 AM 1072 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_13\Corel_13_03
1/9/2009 2:48:56 AM 14441 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_14
1/9/2009 2:48:57 AM 6325064 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_15
1/9/2009 2:48:57 AM 1244528 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_15\Corel_15_01
1/9/2009 2:48:57 AM 1492024 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_15\Corel_15_02
1/9/2009 2:48:57 AM 3588512 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_15\Corel_15_03
1/9/2009 2:51:00 AM 0 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel_16
1/9/2009 2:48:17 AM 83528 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Icons
1/9/2009 2:49:32 AM 2785 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Palettes
1/9/2009 2:48:59 AM 664435 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI
1/9/2009 2:48:59 AM 529702 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI\Images
1/9/2009 2:49:00 AM 7233 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI\Images\Button
1/9/2009 2:49:01 AM 5188 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI\Images\Frame
1/9/2009 2:49:00 AM 3335 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PCUUI\Images\TrialCounter
1/9/2009 2:49:27 AM 229376 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Photoservices
1/21/2009 1:25:08 AM 13712539 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns
2/1/2009 10:20:14 PM 1166219 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\factoryA
2/1/2009 10:34:41 PM 865192 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\simple
2/1/2009 10:20:26 PM 1492640 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 1.1
2/1/2009 10:20:26 PM 10188440 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2
2/1/2009 10:26:02 PM 5958246 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2
2/1/2009 10:26:03 PM 2891888 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Help
2/1/2009 10:26:03 PM 149349 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings
2/1/2009 10:26:03 PM 2081 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\BurntEdges
2/1/2009 10:26:03 PM 1260 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\ClassicMosaic
2/1/2009 10:26:04 PM 2556 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Constellation
2/1/2009 10:26:04 PM 1438 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Cracks
2/1/2009 10:26:04 PM 2642 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Crumple
2/1/2009 10:26:04 PM 2431 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Electrify
2/1/2009 10:26:04 PM 1697 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Flag
2/1/2009 10:26:04 PM 3893 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Lightning
2/1/2009 10:26:04 PM 3951 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\LittleFluffyClouds
2/1/2009 10:26:04 PM 117525 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Puzzle
2/1/2009 10:26:04 PM 2115 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\RipOpen
2/1/2009 10:26:04 PM 2701 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Shatter
2/1/2009 10:26:05 PM 2502 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Stain
2/1/2009 10:26:05 PM 2557 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\Xenofex 2\Xenofex 2\Settings\Television
1/9/2009 2:49:33 AM 672685 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Presets
1/9/2009 2:49:38 AM 3148 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Presets\English
1/9/2009 2:49:39 AM 2543 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Presets\Metric
1/9/2009 2:49:39 AM 352498 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates
1/9/2009 2:49:39 AM 198671 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates\Avery
1/9/2009 2:49:40 AM 102585 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates\Avery International
1/9/2009 2:49:40 AM 32674 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates\Combinations
1/9/2009 2:49:40 AM 18568 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Print Templates\Standard Sizes
1/9/2009 2:48:19 AM 14479115 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries
1/9/2009 2:49:12 AM 3853824 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\DLLs
1/9/2009 2:49:12 AM 6326629 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib
1/9/2009 2:49:18 AM 182777 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\bsddb
1/9/2009 2:49:18 AM 114260 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\bsddb\test
1/9/2009 2:49:23 AM 185639 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\compiler
1/9/2009 2:49:12 AM 18866 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\curses
1/9/2009 2:49:13 AM 695247 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\distutils
1/9/2009 2:49:13 AM 317400 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\distutils\command
1/9/2009 2:49:24 AM 14767 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\distutils\tests
1/9/2009 2:49:15 AM 368230 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\email
1/9/2009 2:49:21 AM 202845 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\email\test
1/9/2009 2:49:21 AM 83945 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\email\test\data
1/9/2009 2:49:12 AM 462558 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\encodings
1/9/2009 2:49:17 AM 12415 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\hotshot
1/9/2009 2:49:12 AM 605766 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\idlelib
1/9/2009 2:49:23 AM 58065 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\idlelib\Icons
1/9/2009 2:49:12 AM 83274 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\lib-old
1/9/2009 2:49:22 AM 311377 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\lib-tk
1/9/2009 2:49:17 AM 95803 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\logging
1/9/2009 2:49:24 AM 121 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\site-packages
1/9/2009 2:49:12 AM 206239 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\xml
1/9/2009 2:49:12 AM 144552 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\xml\dom
1/9/2009 2:49:17 AM 291 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\xml\parsers
1/9/2009 2:49:12 AM 60343 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\xml\sax
1/9/2009 2:49:12 AM 4197905 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl
1/9/2009 2:49:13 AM 13653 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\dde1.2
1/9/2009 2:49:13 AM 13191 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\reg1.1
1/9/2009 2:49:12 AM 1748954 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4
1/9/2009 2:49:20 AM 1436996 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\encoding
1/9/2009 2:49:23 AM 10884 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\http1.0
1/9/2009 2:49:23 AM 25643 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\http2.4
1/9/2009 2:49:23 AM 13552 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\msgcat1.3
1/9/2009 2:49:23 AM 34717 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\opt0.4
1/9/2009 2:49:23 AM 102007 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tcl8.4\tcltest2.2
1/9/2009 2:49:12 AM 851611 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tix8.1
1/9/2009 2:49:12 AM 18805 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tix8.1\bitmaps
1/9/2009 2:49:12 AM 236295 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tix8.1\pref
1/9/2009 2:49:12 AM 1159868 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4
1/9/2009 2:49:12 AM 554277 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4\demos
1/9/2009 2:49:23 AM 278117 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4\demos\images
1/9/2009 2:49:23 AM 101217 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4\images
1/9/2009 2:49:23 AM 52577 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\tk8.4\msgs
1/9/2009 2:49:40 AM 430061 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Restricted
1/9/2009 2:49:40 AM 140610 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Restricted\Artistic
1/9/2009 2:49:40 AM 3149 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Restricted\FileOpen
1/9/2009 2:49:40 AM 16109 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Restricted\Photo
1/9/2009 2:49:40 AM 57790 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Trusted
1/9/2009 2:49:40 AM 2391 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Trusted\LexarAMS
1/9/2009 2:49:40 AM 9212 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Scripts-Trusted\Photo
1/9/2009 2:49:01 AM 32151370 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Snapfire
1/9/2009 2:50:59 AM 0 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Workspaces
1/9/2009 2:44:34 AM 208883840 C:\Program Files\Corel\Corel Paint Shop Pro Photo XI - Installation Files
1/21/2009 1:36:31 AM 59707956 C:\Program Files\Java
1/21/2009 1:36:31 AM 59707956 C:\Program Files\Java\jre1.5.0_03
1/21/2009 1:36:36 AM 19898320 C:\Program Files\Java\jre1.5.0_03\bin
1/21/2009 1:36:37 AM 13649440 C:\Program Files\Java\jre1.5.0_03\bin\client
1/21/2009 1:36:39 AM 39712132 C:\Program Files\Java\jre1.5.0_03\lib
1/21/2009 1:36:41 AM 0 C:\Program Files\Java\jre1.5.0_03\lib\applet
1/21/2009 1:36:41 AM 203280 C:\Program Files\Java\jre1.5.0_03\lib\cmm
1/21/2009 1:36:41 AM 336467 C:\Program Files\Java\jre1.5.0_03\lib\ext
1/21/2009 1:36:41 AM 698236 C:\Program Files\Java\jre1.5.0_03\lib\fonts
1/21/2009 1:36:41 AM 671 C:\Program Files\Java\jre1.5.0_03\lib\i386
1/21/2009 1:36:41 AM 18178 C:\Program Files\Java\jre1.5.0_03\lib\im
1/21/2009 1:36:41 AM 2410 C:\Program Files\Java\jre1.5.0_03\lib\images
1/21/2009 1:36:41 AM 2410 C:\Program Files\Java\jre1.5.0_03\lib\images\cursors
1/21/2009 1:36:41 AM 30621 C:\Program Files\Java\jre1.5.0_03\lib\javaws
1/21/2009 1:36:41 AM 19486 C:\Program Files\Java\jre1.5.0_03\lib\management
1/21/2009 1:36:41 AM 47589 C:\Program Files\Java\jre1.5.0_03\lib\security
1/21/2009 1:36:42 AM 242523 C:\Program Files\Java\jre1.5.0_03\lib\zi
1/21/2009 1:36:42 AM 8309 C:\Program Files\Java\jre1.5.0_03\lib\zi\Africa
1/21/2009 1:36:43 AM 82237 C:\Program Files\Java\jre1.5.0_03\lib\zi\America
1/21/2009 1:36:43 AM 1311 C:\Program Files\Java\jre1.5.0_03\lib\zi\America\Indiana
1/21/2009 1:36:43 AM 1260 C:\Program Files\Java\jre1.5.0_03\lib\zi\America\Kentucky
1/21/2009 1:36:43 AM 1276 C:\Program Files\Java\jre1.5.0_03\lib\zi\America\North_Dakota
1/21/2009 1:36:43 AM 2755 C:\Program Files\Java\jre1.5.0_03\lib\zi\Antarctica
1/21/2009 1:36:43 AM 51032 C:\Program Files\Java\jre1.5.0_03\lib\zi\Asia
1/21/2009 1:36:43 AM 8762 C:\Program Files\Java\jre1.5.0_03\lib\zi\Atlantic
1/21/2009 1:36:43 AM 7888 C:\Program Files\Java\jre1.5.0_03\lib\zi\Australia
1/21/2009 1:36:43 AM 783 C:\Program Files\Java\jre1.5.0_03\lib\zi\Etc
1/21/2009 1:36:43 AM 55696 C:\Program Files\Java\jre1.5.0_03\lib\zi\Europe
1/21/2009 1:36:43 AM 663 C:\Program Files\Java\jre1.5.0_03\lib\zi\Indian
1/21/2009 1:36:43 AM 6872 C:\Program Files\Java\jre1.5.0_03\lib\zi\Pacific
1/23/2009 3:20:15 PM 4536488 C:\Program Files\Malwarebytes' Anti-Malware
1/23/2009 3:20:16 PM 372760 C:\Program Files\Malwarebytes' Anti-Malware\Languages
1/16/2009 10:35:36 AM 0 C:\Program Files\MSXML 4.0
1/16/2009 6:43:21 AM 91994681 C:\Program Files\Panda Security
1/16/2009 6:43:21 AM 91994681 C:\Program Files\Panda Security\ActiveScan 2.0
1/16/2009 6:43:44 AM 2104716 C:\Program Files\Panda Security\ActiveScan 2.0\psqstore
1/28/2009 1:13:13 PM 232987435 C:\Program Files\PhotoshopPortable
1/28/2009 1:13:13 PM 227207407 C:\Program Files\PhotoshopPortable\App
1/28/2009 1:13:13 PM 222566486 C:\Program Files\PhotoshopPortable\App\Photoshop
1/28/2009 1:13:13 PM 6461874 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT
1/28/2009 1:13:35 PM 3796 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ar_ae
1/28/2009 1:13:13 PM 2605 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\Core key files
1/28/2009 1:13:36 PM 4280 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\cs_cz
1/28/2009 1:13:36 PM 4294 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\da_dk
1/28/2009 1:13:36 PM 4712 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\de_de
1/28/2009 1:13:36 PM 4610 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\el_gr
1/28/2009 1:13:36 PM 4268 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\en_gb
1/28/2009 1:13:36 PM 4268 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\en_us
1/28/2009 1:13:36 PM 4268 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\en_xm
1/28/2009 1:13:36 PM 4568 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\es_es
1/28/2009 1:13:36 PM 4568 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\es_mx
1/28/2009 1:13:36 PM 4380 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\fi_fi
1/28/2009 1:13:36 PM 4624 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\fr_ca
1/28/2009 1:13:36 PM 4624 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\fr_fr
1/28/2009 1:13:36 PM 4614 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\fr_xm
1/28/2009 1:13:35 PM 3532 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\he_il
1/28/2009 1:13:36 PM 4478 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\hu_hu
1/28/2009 1:13:36 PM 4474 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\it_it
1/28/2009 1:13:35 PM 3264 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ja_jp
1/28/2009 1:13:35 PM 3206 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ko_kr
1/28/2009 1:13:14 PM 4680835 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal
1/28/2009 1:13:15 PM 350887 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ar_ae
1/28/2009 1:13:15 PM 335178 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\bg_bg
1/28/2009 1:13:15 PM 100492 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\cs_cz
1/28/2009 1:13:14 PM 69654 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\da_dk
1/28/2009 1:13:14 PM 73646 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\de_de
1/28/2009 1:13:15 PM 353306 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\el_gr
1/28/2009 1:13:14 PM 61384 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\en_gb
1/28/2009 1:13:14 PM 61270 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\en_us
1/28/2009 1:13:14 PM 72845 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\es_es
1/28/2009 1:13:14 PM 72845 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\es_mx
1/28/2009 1:13:14 PM 70486 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\et_ee
1/28/2009 1:13:15 PM 80985 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\fi_fi
1/28/2009 1:13:15 PM 84604 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\fr_ca
1/28/2009 1:13:15 PM 84604 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\fr_fr
1/28/2009 1:13:15 PM 304340 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\he_il
1/28/2009 1:13:14 PM 69809 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\hr_hr
1/28/2009 1:13:15 PM 107329 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\hu_hu
1/28/2009 1:13:15 PM 73651 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\it_it
1/28/2009 1:13:15 PM 193377 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ja_jp
1/28/2009 1:13:15 PM 160787 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ko_kr
1/28/2009 1:13:15 PM 83220 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\lt_lt
1/28/2009 1:13:15 PM 90157 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\lv_lv
1/28/2009 1:13:14 PM 68613 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\nb_no
1/28/2009 1:13:14 PM 69818 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\nl_nl
1/28/2009 1:13:15 PM 87829 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\pl_pl
1/28/2009 1:13:15 PM 78831 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\pt_br
1/28/2009 1:13:15 PM 83545 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ro_ro
1/28/2009 1:13:15 PM 394797 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\ru_ru
1/28/2009 1:13:15 PM 100930 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\sk_sk
1/28/2009 1:13:14 PM 73104 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\sl_si
1/28/2009 1:13:14 PM 73357 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\sv_se
1/28/2009 1:13:15 PM 95971 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\tr_tr
1/28/2009 1:13:15 PM 359302 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\uk_ua
1/28/2009 1:13:15 PM 117355 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\zh_cn
1/28/2009 1:13:15 PM 122527 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\legal\zh_tw
1/28/2009 1:13:14 PM 35259 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\LMResources
1/28/2009 1:13:36 PM 4350 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\nb_no
1/28/2009 1:13:36 PM 4602 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\nl_nl
1/28/2009 1:13:36 PM 4332 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\pl_pl
1/28/2009 1:13:36 PM 4274 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\pt_br
1/28/2009 1:13:36 PM 4330 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ro_ro
1/28/2009 1:13:36 PM 4398 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\ru_ru
1/28/2009 1:13:36 PM 4196 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\sv_se
1/28/2009 1:13:36 PM 4202 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\tr_tr
1/28/2009 1:13:36 PM 4362 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\uk_ua
1/28/2009 1:13:35 PM 2720 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\zh_cn
1/28/2009 1:13:35 PM 2730 C:\Program Files\PhotoshopPortable\App\Photoshop\AMT\zh_tw
1/28/2009 1:13:14 PM 8097 C:\Program Files\PhotoshopPortable\App\Photoshop\Configuration
1/28/2009 1:13:13 PM 7017631 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales
1/28/2009 1:13:13 PM 2166259 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Plug-Ins
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Plug-Ins\Win
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Plug-Ins\Win\Filters
1/28/2009 1:13:13 PM 1308883 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets
1/28/2009 1:13:13 PM 1308883 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win
1/28/2009 1:13:31 PM 4911 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win\Menu Customization
1/28/2009 1:13:13 PM 1303972 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces
1/28/2009 1:13:13 PM 134655 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\1-Basic Workspaces
1/28/2009 1:13:13 PM 1169317 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces
1/28/2009 1:13:30 PM 10688 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Help
1/28/2009 1:13:14 PM 782176 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Support Files
1/28/2009 1:13:14 PM 757743 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Support Files\Feature Help
1/28/2009 1:13:15 PM 3319 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Support Files\Shortcuts
1/28/2009 1:13:15 PM 3319 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\en_US\Support Files\Shortcuts\Win
1/28/2009 1:13:13 PM 4851372 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Plug-Ins
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Plug-Ins\Win
1/28/2009 1:13:18 PM 64512 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Plug-Ins\Win\Filters
1/28/2009 1:13:13 PM 1202811 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets
1/28/2009 1:13:13 PM 1202811 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win
1/28/2009 1:13:31 PM 4821 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win\Menu Customization
1/28/2009 1:13:13 PM 1197990 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win\Workspaces
1/28/2009 1:13:13 PM 125729 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win\Workspaces\1-Basic Workspaces
1/28/2009 1:13:13 PM 1072261 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Additional Presets\Win\Workspaces\2-Task-based Workspaces
1/28/2009 1:13:30 PM 12042 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Help
1/28/2009 1:13:15 PM 3572007 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Support Files
1/28/2009 1:13:15 PM 3167 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Support Files\Shortcuts
1/28/2009 1:13:15 PM 3167 C:\Program Files\PhotoshopPortable\App\Photoshop\Locales\fr_CA\Support Files\Shortcuts\Win
1/28/2009 1:13:13 PM 44540534 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins
1/28/2009 1:13:20 PM 749568 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\3D Engines
1/28/2009 1:13:24 PM 1380352 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\ADM
1/28/2009 1:13:17 PM 2067968 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Automate
1/28/2009 1:13:16 PM 2491882 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc
1/28/2009 1:13:16 PM 2491882 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win
1/28/2009 1:13:34 PM 80884 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread
1/28/2009 1:13:34 PM 3599 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\cs.lproj
1/28/2009 1:13:34 PM 3517 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\da.lproj
1/28/2009 1:13:34 PM 3658 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\de.lproj
1/28/2009 1:13:34 PM 3364 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\en_US.lproj
1/28/2009 1:13:34 PM 3652 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\es.lproj
1/28/2009 1:13:34 PM 3457 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\fi.lproj
1/28/2009 1:13:34 PM 3585 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\fr.lproj
1/28/2009 1:13:34 PM 3682 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\hu.lproj
1/28/2009 1:13:34 PM 3492 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\it.lproj
1/28/2009 1:13:34 PM 3850 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ja.lproj
1/28/2009 1:13:34 PM 3567 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ko.lproj
1/28/2009 1:13:34 PM 3478 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\nl.lproj
1/28/2009 1:13:34 PM 3467 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\no.lproj
1/28/2009 1:13:34 PM 3772 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\pl.lproj
1/28/2009 1:13:34 PM 3713 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\pt_BR.lproj
1/28/2009 1:13:34 PM 3624 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ro.lproj
1/28/2009 1:13:34 PM 5018 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ru.lproj
1/28/2009 1:13:34 PM 3416 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\sv.lproj
1/28/2009 1:13:34 PM 3624 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\tr.lproj
1/28/2009 1:13:34 PM 4992 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\uk.lproj
1/28/2009 1:13:34 PM 3196 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\zh_CN.lproj
1/28/2009 1:13:34 PM 3161 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\zh_TW.lproj
1/28/2009 1:13:34 PM 157174 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign
1/28/2009 1:13:35 PM 6923 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\cs.lproj
1/28/2009 1:13:35 PM 6681 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\da.lproj
1/28/2009 1:13:35 PM 7212 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\de.lproj
1/28/2009 1:13:35 PM 6391 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\en_US.lproj
1/28/2009 1:13:35 PM 6931 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\es.lproj
1/28/2009 1:13:35 PM 6663 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\fi.lproj
1/28/2009 1:13:35 PM 6858 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\fr.lproj
1/28/2009 1:13:35 PM 7192 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\hu.lproj
1/28/2009 1:13:35 PM 6843 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\it.lproj
1/28/2009 1:13:35 PM 7599 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ja.lproj
1/28/2009 1:13:35 PM 7041 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ko.lproj
1/28/2009 1:13:35 PM 6884 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\nl.lproj
1/28/2009 1:13:35 PM 6521 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\no.lproj
1/28/2009 1:13:35 PM 7099 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\pl.lproj
1/28/2009 1:13:35 PM 7046 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\pt_BR.lproj
1/28/2009 1:13:35 PM 7225 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ro.lproj
1/28/2009 1:13:35 PM 9786 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ru.lproj
1/28/2009 1:13:35 PM 6572 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\sv.lproj
1/28/2009 1:13:35 PM 7038 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\tr.lproj
1/28/2009 1:13:35 PM 10169 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\uk.lproj
1/28/2009 1:13:34 PM 6230 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\zh_CN.lproj
1/28/2009 1:13:34 PM 6270 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\zh_TW.lproj
1/28/2009 1:13:16 PM 4067328 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Effects
1/28/2009 1:13:21 PM 2990080 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Extensions
1/28/2009 1:13:19 PM 12775424 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\File Formats
1/28/2009 1:13:13 PM 11780236 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Filters
1/28/2009 1:13:13 PM 1676 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Filters\Lighting Styles
1/28/2009 1:13:15 PM 59392 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Image Stacks
1/28/2009 1:13:16 PM 6084096 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Import-Export
1/28/2009 1:13:21 PM 94208 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Measurements
1/28/2009 1:14:03 PM 0 C:\Program Files\PhotoshopPortable\App\Photoshop\Plug-ins\Panels
1/28/2009 1:13:14 PM 39093620 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets
1/28/2009 1:13:28 PM 299625 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Actions
1/28/2009 1:13:28 PM 3588 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Black and White
1/28/2009 1:13:21 PM 5472263 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Brushes
1/28/2009 1:13:14 PM 12029 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Camera Profiles
1/28/2009 1:13:28 PM 264 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Channel Mixer
1/28/2009 1:13:22 PM 545123 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Color Books
1/28/2009 1:13:15 PM 1644154 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Color Swatches
1/28/2009 1:13:34 PM 5145 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Contours
1/28/2009 1:13:23 PM 578 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Curves
1/28/2009 1:13:28 PM 786836 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Custom Shapes
1/28/2009 1:13:23 PM 71788 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones
1/28/2009 1:13:23 PM 46112 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Duotones
1/28/2009 1:13:23 PM 12052 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones
1/28/2009 1:13:23 PM 27772 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones
1/28/2009 1:13:24 PM 6288 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Duotones\Process Duotones
1/28/2009 1:13:23 PM 7336 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Quadtones
1/28/2009 1:13:23 PM 2096 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Quadtones\Gray Quadtones
1/28/2009 1:13:23 PM 2096 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Quadtones\PANTONE® Quadtones
1/28/2009 1:13:23 PM 3144 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Quadtones\Process Quadtones
1/28/2009 1:13:23 PM 18340 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Tritones
1/28/2009 1:13:23 PM 4192 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones
1/28/2009 1:13:23 PM 3668 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Tritones\PANTONE® Tritones
1/28/2009 1:13:23 PM 10480 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Duotones\Tritones\Process Tritones
1/28/2009 1:13:31 PM 56 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Exposure
1/28/2009 1:13:31 PM 93432 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Gradients
1/28/2009 1:13:24 PM 800 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Hue and Saturation
1/28/2009 1:13:24 PM 5040 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Levels
1/28/2009 1:13:31 PM 286253 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Lights
1/28/2009 1:13:31 PM 3828119 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Materials
1/28/2009 1:13:29 PM 9545022 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Meshes
1/28/2009 1:13:23 PM 3080 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Optimized Colors
1/28/2009 1:13:31 PM 3335 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Optimized Output Settings
1/28/2009 1:13:31 PM 13380 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Optimized Settings
1/28/2009 1:13:33 PM 6495325 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Patterns
1/28/2009 1:13:32 PM 283635 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Render Settings
1/28/2009 1:13:14 PM 598873 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Scripts
1/28/2009 1:13:31 PM 26749 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Scripts\Event Scripts Only
1/28/2009 1:13:14 PM 165389 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Scripts\Stack Scripts Only
1/28/2009 1:13:24 PM 6686464 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Styles
1/28/2009 1:13:35 PM 1271912 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Tools
1/28/2009 1:13:32 PM 740484 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Volumes
1/28/2009 1:13:29 PM 349689 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Widgets
1/28/2009 1:13:14 PM 47328 C:\Program Files\PhotoshopPortable\App\Photoshop\Presets\Zoomify
1/28/2009 1:13:13 PM 1662634 C:\Program Files\PhotoshopPortable\App\Photoshop\Required
1/28/2009 1:13:23 PM 22121 C:\Program Files\PhotoshopPortable\App\Photoshop\Required\OWL
1/28/2009 1:13:14 PM 4640921 C:\Program Files\PhotoshopPortable\App\WinSxS
1/28/2009 1:13:14 PM 39297 C:\Program Files\PhotoshopPortable\App\WinSxS\Manifests
1/28/2009 1:13:28 PM 36632 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies
1/28/2009 1:13:28 PM 9155 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff
1/28/2009 1:13:28 PM 9155 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773
1/28/2009 1:13:28 PM 9167 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150
1/28/2009 1:13:28 PM 9155 C:\Program Files\PhotoshopPortable\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e
1/28/2009 1:13:56 PM 96256 C:\Program Files\PhotoshopPortable\App\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474
1/28/2009 1:14:00 PM 1654784 C:\Program Files\PhotoshopPortable\App\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700
1/28/2009 1:13:59 PM 491520 C:\Program Files\PhotoshopPortable\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303
1/28/2009 1:13:58 PM 2322432 C:\Program Files\PhotoshopPortable\App\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05
1/28/2009 1:15:33 PM 5723923 C:\Program Files\PhotoshopPortable\Data
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Adobe PDF
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Adobe PDF\Settings
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Color
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Color\Proofing
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Color\Settings
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Flash Player
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Flash Player\AssetCache
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Flash Player\AssetCache\7KY2SE5P
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Linguistics
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Linguistics\Dictionaries
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary
2/18/2009 12:17:44 AM 0 C:\Program Files\PhotoshopPortable\Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all
2/18/2009 12:17:45 AM 0 C:\Program Files\PhotoshopPortable\Data\AllAdobe
2/18/2009 12:17:45 AM 8170 C:\Program Files\PhotoshopPortable\Data\LocalAdobe
2/18/2009 12:17:45 AM 4782 C:\Program Files\PhotoshopPortable\Data\LocalAdobe\Color
2/18/2009 12:17:45 AM 0 C:\Program Files\PhotoshopPortable\Data\LocalAdobe\TypeSupport
2/18/2009 12:17:45 AM 3388 C:\Program Files\PhotoshopPortable\Data\LocalAdobe\Updater6
2/18/2009 12:17:45 AM 0 C:\Program Files\PhotoshopPortable\Data\LocalAdobe\Updater6\Install
1/28/2009 1:15:38 PM 5712395 C:\Program Files\PhotoshopPortable\Data\Photoshop
1/28/2009 1:15:38 PM 5712395 C:\Program Files\PhotoshopPortable\Data\Photoshop\Settings
1/28/2009 1:16:44 PM 0 C:\Program Files\PhotoshopPortable\Data\Photoshop\Settings\WorkSpaces
2/11/2009 10:33:25 PM 52689784 C:\Program Files\Spybot - Search & Destroy
2/11/2009 10:33:31 PM 55992 C:\Program Files\Spybot - Search & Destroy\Dummies
2/11/2009 10:33:35 PM 573029 C:\Program Files\Spybot - Search & Destroy\Help
2/11/2009 10:33:32 PM 14266197 C:\Program Files\Spybot - Search & Destroy\Includes
2/11/2009 10:33:34 PM 4261934 C:\Program Files\Spybot - Search & Destroy\Languages
2/11/2009 10:33:30 PM 2424432 C:\Program Files\Spybot - Search & Destroy\Plugins
2/11/2009 10:33:35 PM 49349 C:\Program Files\Spybot - Search & Destroy\Skins
2/11/2009 10:33:35 PM 3306372 C:\Program Files\Spybot - Search & Destroy\Updates
2/28/2009 4:44:21 AM 26195236 C:\Program Files\Yahoo!
2/28/2009 4:44:21 AM 26107956 C:\Program Files\Yahoo!\Messenger
2/28/2009 4:46:59 AM 721569 C:\Program Files\Yahoo!\Messenger\cache
2/28/2009 4:47:04 AM 87350 C:\Program Files\Yahoo!\Messenger\cache\Audibles
2/28/2009 4:47:05 AM 6212 C:\Program Files\Yahoo!\Messenger\cache\branding
2/28/2009 11:13:48 AM 14973 C:\Program Files\Yahoo!\Messenger\cache\Icon
2/28/2009 4:47:03 AM 90404 C:\Program Files\Yahoo!\Messenger\cache\IMScanners
2/28/2009 4:46:59 AM 313884 C:\Program Files\Yahoo!\Messenger\cache\q.2KTE74JY7j_pA6N4tWOA--
2/28/2009 4:46:59 AM 313884 C:\Program Files\Yahoo!\Messenger\cache\q.2KTE74JY7j_pA6N4tWOA--\RingTones
2/28/2009 4:47:00 AM 17484 C:\Program Files\Yahoo!\Messenger\cache\SearchBar
2/28/2009 4:47:05 AM 3257 C:\Program Files\Yahoo!\Messenger\Games
2/28/2009 4:47:05 AM 3257 C:\Program Files\Yahoo!\Messenger\Games\icons
2/28/2009 4:46:29 AM 24548 C:\Program Files\Yahoo!\Messenger\logs
2/28/2009 4:44:21 AM 2020404 C:\Program Files\Yahoo!\Messenger\Media
2/28/2009 4:44:22 AM 14884 C:\Program Files\Yahoo!\Messenger\Media\Audibles
2/28/2009 4:44:40 AM 61127 C:\Program Files\Yahoo!\Messenger\Media\Etc
2/28/2009 4:44:26 AM 77688 C:\Program Files\Yahoo!\Messenger\Media\FriendIcon
2/28/2009 4:44:26 AM 2760 C:\Program Files\Yahoo!\Messenger\Media\Images
2/28/2009 4:44:21 AM 304151 C:\Program Files\Yahoo!\Messenger\Media\misc
2/28/2009 4:44:22 AM 717236 C:\Program Files\Yahoo!\Messenger\Media\RingTones
2/28/2009 4:44:27 AM 340683 C:\Program Files\Yahoo!\Messenger\Media\Smileys
2/28/2009 4:44:22 AM 6663 C:\Program Files\Yahoo!\Messenger\Media\Voice
2/28/2009 4:46:56 AM 0 C:\Program Files\Yahoo!\Messenger\Plugin
2/28/2009 4:46:56 AM 0 C:\Program Files\Yahoo!\Messenger\Plugin\Test
2/28/2009 4:46:30 AM 14496 C:\Program Files\Yahoo!\Messenger\Profiles
2/28/2009 4:46:30 AM 0 C:\Program Files\Yahoo!\Messenger\Profiles\Archive
2/28/2009 4:46:56 AM 14496 C:\Program Files\Yahoo!\Messenger\Profiles\sasssies2
2/28/2009 11:54:33 PM 0 C:\Program Files\Yahoo!\Messenger\Profiles\sasssies2\Archive
2/28/2009 4:47:00 AM 14284 C:\Program Files\Yahoo!\Messenger\Profiles\sasssies2\My Icons
2/28/2009 4:44:29 AM 1672173 C:\Program Files\Yahoo!\Messenger\skins
2/28/2009 4:44:29 AM 498158 C:\Program Files\Yahoo!\Messenger\skins\Default
2/28/2009 4:44:29 AM 1843 C:\Program Files\Yahoo!\Messenger\skins\Default\AddRequest
2/28/2009 4:44:29 AM 28240 C:\Program Files\Yahoo!\Messenger\skins\Default\ContactCard
2/28/2009 4:44:29 AM 46605 C:\Program Files\Yahoo!\Messenger\skins\Default\FriendList
2/28/2009 4:44:29 AM 52199 C:\Program Files\Yahoo!\Messenger\skins\Default\images
2/28/2009 4:44:29 AM 56425 C:\Program Files\Yahoo!\Messenger\skins\Default\IMWindow
2/28/2009 4:44:30 AM 658 C:\Program Files\Yahoo!\Messenger\skins\Default\MiscSmallUI
2/28/2009 4:44:30 AM 4545 C:\Program Files\Yahoo!\Messenger\skins\Default\SlotManager
2/28/2009 4:44:30 AM 34775 C:\Program Files\Yahoo!\Messenger\skins\Default\sumo
2/28/2009 4:44:30 AM 249738 C:\Program Files\Yahoo!\Messenger\skins\Default\theme
2/28/2009 4:44:31 AM 112209 C:\Program Files\Yahoo!\Messenger\skins\Graffiti
2/28/2009 4:44:31 AM 11097 C:\Program Files\Yahoo!\Messenger\skins\Graffiti\ContactCard
2/28/2009 4:44:31 AM 15709 C:\Program Files\Yahoo!\Messenger\skins\Graffiti\FriendList
2/28/2009 4:44:31 AM 13984 C:\Program Files\Yahoo!\Messenger\skins\Graffiti\images
2/28/2009 4:44:32 AM 56225 C:\Program Files\Yahoo!\Messenger\skins\Graffiti\theme
2/28/2009 4:44:33 AM 91545 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia
2/28/2009 4:44:33 AM 11486 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia\ContactCard
2/28/2009 4:44:33 AM 15697 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia\FriendList
2/28/2009 4:44:34 AM 14948 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia\images
2/28/2009 4:44:34 AM 36377 C:\Program Files\Yahoo!\Messenger\skins\Green fantasia\theme
2/28/2009 4:44:34 AM 82604 C:\Program Files\Yahoo!\Messenger\skins\Icy blue
2/28/2009 4:44:34 AM 11071 C:\Program Files\Yahoo!\Messenger\skins\Icy blue\ContactCard
2/28/2009 4:44:34 AM 15771 C:\Program Files\Yahoo!\Messenger\skins\Icy blue\FriendList
2/28/2009 4:44:34 AM 13345 C:\Program Files\Yahoo!\Messenger\skins\Icy blue\images
2/28/2009 4:44:35 AM 29847 C:\Program Files\Yahoo!\Messenger\skins\Icy blue\theme
2/28/2009 4:44:35 AM 160390 C:\Program Files\Yahoo!\Messenger\skins\Mystic black
2/28/2009 4:44:35 AM 9978 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\ContactCard
2/28/2009 4:44:35 AM 8147 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\FriendList
2/28/2009 4:44:35 AM 13227 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\images
2/28/2009 4:44:35 AM 11972 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\IMWindow
2/28/2009 4:44:35 AM 1864 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\SlotManager
2/28/2009 4:44:35 AM 51020 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\sumo
2/28/2009 4:44:35 AM 49756 C:\Program Files\Yahoo!\Messenger\skins\Mystic black\theme
2/28/2009 4:44:36 AM 96811 C:\Program Files\Yahoo!\Messenger\skins\Purple
2/28/2009 4:44:36 AM 28302 C:\Program Files\Yahoo!\Messenger\skins\Purple\ContactCard
2/28/2009 4:44:36 AM 14582 C:\Program Files\Yahoo!\Messenger\skins\Purple\FriendList
2/28/2009 4:44:36 AM 13660 C:\Program Files\Yahoo!\Messenger\skins\Purple\images
2/28/2009 4:44:36 AM 28042 C:\Program Files\Yahoo!\Messenger\skins\Purple\theme
2/28/2009 4:44:36 AM 315237 C:\Program Files\Yahoo!\Messenger\skins\Ruby red
2/28/2009 4:44:36 AM 41574 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\ContactCard
2/28/2009 4:44:37 AM 33972 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\FriendList
2/28/2009 4:44:37 AM 35707 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\images
2/28/2009 4:44:37 AM 23628 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\IMWindow
2/28/2009 4:44:37 AM 5807 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\SlotManager
2/28/2009 4:44:38 AM 51021 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\sumo
2/28/2009 4:44:38 AM 102702 C:\Program Files\Yahoo!\Messenger\skins\Ruby red\theme
2/28/2009 4:44:38 AM 27096 C:\Program Files\Yahoo!\Messenger\skins\Silver
2/28/2009 4:44:38 AM 907 C:\Program Files\Yahoo!\Messenger\skins\Silver\ContactCard
2/28/2009 4:44:38 AM 8026 C:\Program Files\Yahoo!\Messenger\skins\Silver\FriendList
2/28/2009 4:44:38 AM 7871 C:\Program Files\Yahoo!\Messenger\skins\Silver\theme
2/28/2009 4:44:38 AM 27318 C:\Program Files\Yahoo!\Messenger\skins\Sky blue
2/28/2009 4:44:38 AM 1182 C:\Program Files\Yahoo!\Messenger\skins\Sky blue\ContactCard
2/28/2009 4:44:38 AM 5576 C:\Program Files\Yahoo!\Messenger\skins\Sky blue\FriendList
2/28/2009 4:44:38 AM 10256 C:\Program Files\Yahoo!\Messenger\skins\Sky blue\theme
2/28/2009 4:44:38 AM 83685 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink
2/28/2009 4:44:38 AM 10482 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink\ContactCard
2/28/2009 4:44:39 AM 14152 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink\FriendList
2/28/2009 4:44:39 AM 12944 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink\images
2/28/2009 4:44:39 AM 32335 C:\Program Files\Yahoo!\Messenger\skins\Twinkle pink\theme
2/28/2009 4:44:39 AM 89023 C:\Program Files\Yahoo!\Messenger\skins\Violet flame
2/28/2009 4:44:39 AM 11192 C:\Program Files\Yahoo!\Messenger\skins\Violet flame\ContactCard
2/28/2009 4:44:39 AM 14628 C:\Program Files\Yahoo!\Messenger\skins\Violet flame\FriendList
2/28/2009 4:44:39 AM 10921 C:\Program Files\Yahoo!\Messenger\skins\Violet flame\images
2/28/2009 4:44:39 AM 38558 C:\Program Files\Yahoo!\Messenger\skins\Violet flame\theme
2/28/2009 4:44:39 AM 88097 C:\Program Files\Yahoo!\Messenger\skins\Wood
2/28/2009 4:44:40 AM 11107 C:\Program Files\Yahoo!\Messenger\skins\Wood\ContactCard
2/28/2009 4:44:40 AM 17269 C:\Program Files\Yahoo!\Messenger\skins\Wood\FriendList
2/28/2009 4:44:40 AM 14823 C:\Program Files\Yahoo!\Messenger\skins\Wood\images
2/28/2009 4:44:40 AM 31534 C:\Program Files\Yahoo!\Messenger\skins\Wood\theme
2/28/2009 4:44:25 AM 87280 C:\Program Files\Yahoo!\Shared

====== Files under "\System32\Drivers" Last 60 Days======

1/23/2009 3:20:20 PM 15504 32 C:\WINDOWS\system32\drivers\mbam.sys
1/23/2009 3:20:17 PM 38496 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
1/16/2009 6:43:42 AM 28544 32 C:\WINDOWS\system32\drivers\pavboot.sys
1/21/2009 1:52:49 AM 102664 32 C:\WINDOWS\system32\drivers\tmcomm.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\Owner\LOCALS~1\Temp\TWAIN.LOG
C:\DOCUME~1\Owner\LOCALS~1\Temp\Twain001.Mtx
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF57B.tmp

3 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

2/28/2009 5:22:17 PM 0 C:\Documents and Settings\All Users\Application Data\Adobe
1/29/2009 12:18:03 AM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable
1/30/2009 9:54:00 PM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable\Acrobat
1/30/2009 9:54:00 PM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable\Acrobat\6.0
1/30/2009 9:54:00 PM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable\Acrobat\6.0\Replicate
1/30/2009 9:54:00 PM 477 C:\Documents and Settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable\Acrobat\6.0\Replicate\Security
1/9/2009 2:49:48 AM 434523 C:\Documents and Settings\All Users\Application Data\Corel
1/9/2009 2:49:48 AM 434523 C:\Documents and Settings\All Users\Application Data\Corel\Messages
1/9/2009 2:49:48 AM 434523 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029
1/9/2009 2:49:48 AM 434361 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en
1/9/2009 2:49:48 AM 434361 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en\MessageCache1
1/9/2009 2:49:48 AM 188148 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en\MessageCache1\1153841220005
1/9/2009 2:49:48 AM 188313 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en\MessageCache1\1153841220036
1/9/2009 2:49:48 AM 52747 C:\Documents and Settings\All Users\Application Data\Corel\Messages\540228105_210029\en\MessageCache1\skin
1/11/2009 12:29:22 AM 9564336 C:\Documents and Settings\All Users\Application Data\iolo
1/11/2009 12:34:52 AM 1028 C:\Documents and Settings\All Users\Application Data\iolo\AntiVirus
1/11/2009 12:36:01 AM 9527388 C:\Documents and Settings\All Users\Application Data\iolo\FileInfoList
1/11/2009 12:34:52 AM 35920 C:\Documents and Settings\All Users\Application Data\iolo\Personal Firewall
1/23/2009 3:20:16 PM 4525386 C:\Documents and Settings\All Users\Application Data\Malwarebytes
1/23/2009 3:20:16 PM 4525386 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
2/11/2009 10:33:25 PM 28090645 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2/11/2009 10:35:08 PM 28048759 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups
2/11/2009 10:33:25 PM 144 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes
2/11/2009 10:58:59 PM 34358 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
2/11/2009 10:35:08 PM 2492 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
1/8/2009 12:25:46 AM 0 C:\Documents and Settings\All Users\Application Data\TEMP
2/28/2009 4:44:24 AM 608928 C:\Documents and Settings\All Users\Application Data\Yahoo!
2/28/2009 4:46:56 AM 1456 C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger
2/28/2009 4:46:56 AM 1456 C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin
2/28/2009 4:47:04 AM 1456 C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin
2/28/2009 4:47:04 AM 1456 C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin\MANIFEST
2/28/2009 4:44:24 AM 607472 C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\ccApp


HKLM\Software\microsoft\shared tools\msconfig\startupreg\ccRegVfy


HKLM\Software\microsoft\shared tools\msconfig\startupreg\cdoosoft


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DDCM


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MSMSGS


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Pando


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SoundMan


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched


HKLM\Software\microsoft\shared tools\msconfig\startupreg\vptray


====== Services ( Services that are Whitelisted are not shown) ======

ApfiltrService (Alps Pointing-device Filter Driver)- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys - Manual/Stopped
ASCTRM (ASCTRM)- C:\WINDOWS\system32\drivers\ASCTRM.sys - Auto/Running
cdudf_xp (cdudf_xp)- C:\WINDOWS\system32\drivers\cdudf_xp.sys - System/Running
DVDVRRdr_xp (DVDVRRdr_xp)- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys - System/Running
dvd_2K (dvd_2K)- C:\WINDOWS\system32\drivers\dvd_2K.sys - Manual/Stopped
gv3 (Intel GV3 Processor Driver)- C:\WINDOWS\system32\DRIVERS\gv3.sys - Manual/Stopped
mmc_2K (mmc_2K)- C:\WINDOWS\system32\drivers\mmc_2K.sys - Manual/Running
MxlW2k (MxlW2k)- C:\WINDOWS\system32\drivers\MxlW2k.sys - Manual/Running
pavboot (pavboot)- C:\WINDOWS\system32\drivers\pavboot.sys - Boot/Running
pwd_2k (pwd_2k)- C:\WINDOWS\system32\drivers\pwd_2k.sys - System/Running
sbp2port (SBP-2 Transport/Protocol Bus Driver)- C:\WINDOWS\system32\DRIVERS\sbp2port.sys - Boot/Stopped
SYMNDIS (SYMNDIS)- \??\C:\WINDOWS\System32\Drivers\SYMNDIS.SYS - Manual/Running
UdfReadr_xp (UdfReadr_xp)- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys - System/Running
w70n51 (Intel® PRO/Wireless 7100 Adapter Driver)- C:\WINDOWS\system32\DRIVERS\w70n51.sys - Manual/Stopped
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Running

====== Uninstall List From Registry ======

123 Free Solitaire
Panda ActiveScan 2.0
Adobe Flash Player 10 ActiveX
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop CS3
Agere Systems AC'97 Modem
AOL (Choose which version to remove)
Carpet Golf VR
Eye Candy 4000
EzButton System
Filters Unlimited 2.0
HijackThis 2.0.2
Hoyle Card Games Demo
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
MUSICMATCH Jukebox
QuickTime
RealPlayer Basic
SereneScreen Marine Aquarium 2
Slingo Deluxe
Slot Machine 98 v5.2
Top Girl Strip Poker
Viewpoint Media Player
WinRAR archiver
Xenofex 1.0
Alien Skin Xenofex 2.0
Yahoo! Messenger
Intel® PROSet
Symantec AntiVirus Client
Space Rocks
PSP Thumbnail Handler
J2SE Runtime Environment 5.0 Update 3
WebFldrs XP
Microsoft Windows Journal Viewer
Easy CD & DVD Creator 6
Virtual Warfare
Logitech MouseWare 9.76
Pig Pen
PowerDVD
Microsoft Visual C++ 2005 Redistributable
Adobe Asset Services CS3
Microsoft Works 7.0
Intel® Extreme Graphics Driver
Logitech Desktop Messenger
Corel Paint Shop Pro Photo XI
Blasterball 2
Gem Master 2
Adobe Anchor Service CS3
Pando
Adobe Reader 6.0
Adobe Camera Raw 4.0
Norton Internet Security
Spybot - Search & Destroy
Adobe Version Cue CS3 Client
Blasterball Wild
Microsoft .NET Framework 1.1
Adobe Setup
Adobe Photoshop CS3
Blackhawk Striker
Realtek AC'97 Audio

======== Other Info ========

TOTAL PHYSICAL RAM: 534 MB

#10 Takii

Takii
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:33 AM

Posted 05 March 2009 - 01:43 AM

bamajim please ..
sending you a screenshot of what is happening here on my computer....
( task bar turned white , firewall went off and will not reconnect )
i thought it had stopped but it is back .. :thumbup2:

i hope it attached properly ,
thank you so much ....

Attached Files



#11 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 05 March 2009 - 05:24 PM

Takii

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#12 Takii

Takii
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:33 AM

Posted 05 March 2009 - 10:36 PM

thank you bamajim ...
i ram combo fix , report listed below:

i notice there is a program there
2009-01-23 02:01 1,122,674 ----a-w c:\program files\databaseuhack.zip
i looked in program files and do not see this , so i ran a scan and found a file ...
i do not know what this is so took screenshot to show you ..
one is zipped and one is txt file , like large report (i can also send if u need)

ComboFix 09-03-04.01 - Owner 2009-03-05 20:59:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.509.204 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\AUTORUN.INF
c:\windows\system\oeminfo.ini
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\command.pif

.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-02-28 17:22 . 2009-03-02 03:36 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-28 04:44 . 2009-02-28 04:44 <DIR> d-------- c:\program files\Yahoo!
2009-02-28 04:44 . 2009-02-28 04:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-23 16:23 . 2009-02-23 16:24 <DIR> d-------- C:\rsit
2009-02-13 18:21 . 2009-02-13 18:21 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-11 22:33 . 2009-02-11 22:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-11 22:33 . 2009-02-11 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 01:16 --------- d-----w c:\program files\AOL 8.0
2009-03-03 12:15 --------- d-----w c:\documents and settings\Owner\Application Data\Corel
2009-03-03 12:13 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-01 05:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-26 22:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-02 04:48 --------- d-----w c:\program files\Bonjour
2009-01-31 04:20 --------- d-----w c:\documents and settings\Owner\Application Data\Adobe-BackupByPhotoshopPortable
2009-01-31 02:54 --------- d-----w c:\program files\Common Files\Adobe-BackupByPhotoshopPortable
2009-01-31 02:54 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable
2009-01-28 21:13 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-28 18:15 --------- d-----w c:\program files\PhotoshopPortable
2009-01-27 09:20 --------- d-----w c:\documents and settings\Owner\Application Data\Thinstall
2009-01-23 20:20 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-23 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-23 02:01 1,122,674 ----a-w c:\program files\databaseuhack.zip
2009-01-21 06:52 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-01-21 06:37 --------- d-----w c:\program files\Java
2009-01-21 06:35 --------- d-----w c:\program files\Common Files\Java
2009-01-16 15:35 --------- d-----w c:\program files\MSXML 4.0
2009-01-16 11:43 --------- d-----w c:\program files\Panda Security
2009-01-16 05:01 --------- d-----w c:\program files\App
2009-01-11 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2009-01-11 05:36 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2009-01-11 05:29 74,703 ----a-w c:\windows\system32\mfc45.dll
2009-01-11 05:29 --------- d-----w c:\documents and settings\Owner\Application Data\iolo
2009-01-09 07:49 --------- d-----w c:\program files\Common Files\Corel
2009-01-09 07:49 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-01-09 07:48 --------- d-----w c:\program files\Corel
2009-01-09 07:43 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-08 05:26 --------- d-----w c:\documents and settings\Owner\Application Data\IndigoRose
2009-01-08 05:25 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 17:33 3,060,224 ----a-w c:\windows\system32\SET294.tmp
2008-12-12 17:33 3,060,224 ------w c:\windows\system32\SETA8.tmp
2001-09-17 09:45 127 -c--a-w c:\documents and settings\Owner\setup.bat
2001-09-17 09:44 1,007,761 -c--a-w c:\documents and settings\Owner\unpack.exe
2001-08-20 14:47 4,657,152 -c--a-w c:\documents and settings\Owner\CardGames.exe
2001-07-13 14:55 27,648 -c--a-w c:\documents and settings\Owner\startw.exe
2001-07-03 19:02 782,336 -c--a-w c:\documents and settings\Owner\Hoyle_Card_Games.exe
2001-05-09 14:49 176,128 -c--a-w c:\documents and settings\Owner\INSTAIDE.DLL
2000-03-18 07:29 49,152 -c--a-w c:\documents and settings\Owner\INJECT.EXE
1997-12-24 15:45 105,472 -c--a-w c:\documents and settings\Owner\SOS9503.DLL
2008-04-26 18:54 2 --shatr c:\windows\winstart.bat
2004-03-23 10:39 32 -csha-w c:\windows\{D853E56D-E395-42F1-8A3B-456E23B0F363}.dat
2004-03-23 10:39 32 -csha-w c:\windows\system32\{3520D83C-3483-4B03-BC0F-5170CB092B47}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 86016]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
EzButton System.lnk - c:\program files\EzButton System V1.0\EzButton.exe [2003-07-01 188416]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 8.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^EzButton System.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\EzButton System.lnk
backup=c:\windows\pss\EzButton System.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2002-11-14 21:29 54976 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
--a------ 2002-11-14 21:29 59072 c:\program files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-02-20 14:22 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a--c--- 2002-05-20 19:36 90112 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:56 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2008-11-20 19:04 3647304 c:\program files\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-05-31 00:27 77824 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-12-27 20:09 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a--c--- 2003-05-22 20:36 319488 c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a--c--- 2003-05-30 02:21 868352 c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a--c--- 2003-05-01 20:44 65536 c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 c:\program files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a--c--- 2003-05-21 01:21 90112 c:\progra~1\SYMANT~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-03-27 18:34 53248 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 8.0\\waol.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Thinstall\\Spy Emergency 2008\\400000b100002i\\SpyEmergencySrv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"58627:TCP"= 58627:TCP:Pando P2P TCP Listening Port
"58627:UDP"= 58627:UDP:Pando P2P UDP Listening Port

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-16 28544]
R2 ccPxySvc;Symantec Proxy Service;c:\program files\Norton Internet Security\ccPxySvc.exe [2002-09-14 34496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WANMINIPORTSERVICE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - cv22.cmd
\Shell\open\Command - cv22.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5aca10-f54f-11dd-b200-00038a000015}]
\Shell\AutoRun\command - cv22.cmd
\Shell\open\Command - cv22.cmd
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 11:04]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{BB4C402F-882A-4526-8C08-51278EA437C1} - c:\windows\system32\afmain0.dll
MSConfigStartUp-cdoosoft - c:\windows\system32\olhrwef.exe
MSConfigStartUp-DDCActiveMenu - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
MSConfigStartUp-DDCM - c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 21:03:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-05 21:07:25
ComboFix-quarantined-files.txt 2009-03-06 02:06:29

Pre-Run: 2,789,146,624 bytes free
Post-Run: 2,776,367,104 bytes free

177 --- E O F --- 2009-01-23 08:02:41


thank you very much bamajim ....

Attached Files



#13 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 06 March 2009 - 09:26 AM

Takii

You are most welcome.

A couple of things.

1. The file you posted a screen shot of (c:\program files\databaseuhack.zip), Do you know what that file is? Is that somethig you installed?

2. We need to make sure we can see hidden files and folders

To enable the viewing of Hidden and System files follow these steps: Right click on Start and select Explore.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Click Yes To confirm
Press the Apply button and then the OK button.
3. You have a file I would like to have a look at

Please go HERE

Put Your Name, and BC HJT forum

And In the file to submit box, click Browse.Using Windows Explorer

Locate the filec:\windows\winstart.bat
In the comments tell them that I asked you to upload the file
Then Select Send File.

4. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
c:\windows\system32\SET294.tmp
c:\windows\system32\SETA8.tmp

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E].
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5aca10-f54f-11dd-b200-00038a000015}]


Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#14 Takii

Takii
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:33 AM

Posted 06 March 2009 - 03:41 PM

thank you Bamajim ...

the screenshot i posted , i do not know what that is ,
i did not install it ..
i just saw the filename on the post made to you , when i looked for it in program files it was
not there , so i ran a search in computer for that name ...
that is what it found ...
(this laptop belonged to my dad , was given to me , i am not the original owner)
he used to play games on here ...

last night my firewall went down once , but the night before it was 6-7 times and
i had to reboot few times to get it back on. i can tell when it is going to happen ..
cpu shoots high , task bar skips to a white colour , then fire wall shuts like other pic..
it will not allow me to activate it due to - internet shared connection
in firewall log it says ... changed to multihomed


i enabled hidden files and sent file winstart.bat

Your file (winstart.bat) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file


below is combo report after dropping in script:

ComboFix 09-03-04.01 - Owner 2009-03-06 14:19:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.509.252 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\SET294.tmp
c:\windows\system32\SETA8.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SET294.tmp
c:\windows\system32\SETA8.tmp

.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-06 14:17 . 2009-03-06 14:17 <DIR> d-------- C:\32788R22FWJFW
2009-02-28 17:22 . 2009-03-02 03:36 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-28 04:44 . 2009-02-28 04:44 <DIR> d-------- c:\program files\Yahoo!
2009-02-28 04:44 . 2009-02-28 04:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-23 16:23 . 2009-02-23 16:24 <DIR> d-------- C:\rsit
2009-02-13 18:21 . 2009-02-13 18:21 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-11 22:33 . 2009-02-11 22:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-11 22:33 . 2009-02-11 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 19:05 --------- d-----w c:\program files\AOL 8.0
2009-03-03 12:15 --------- d-----w c:\documents and settings\Owner\Application Data\Corel
2009-03-03 12:13 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-01 05:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-26 22:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-02 04:48 --------- d-----w c:\program files\Bonjour
2009-01-31 04:20 --------- d-----w c:\documents and settings\Owner\Application Data\Adobe-BackupByPhotoshopPortable
2009-01-31 02:54 --------- d-----w c:\program files\Common Files\Adobe-BackupByPhotoshopPortable
2009-01-31 02:54 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable
2009-01-28 21:13 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-28 18:15 --------- d-----w c:\program files\PhotoshopPortable
2009-01-27 09:20 --------- d-----w c:\documents and settings\Owner\Application Data\Thinstall
2009-01-23 20:20 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-23 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-23 02:01 1,122,674 ----a-w c:\program files\databaseuhack.zip
2009-01-21 06:52 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-01-21 06:37 --------- d-----w c:\program files\Java
2009-01-21 06:35 --------- d-----w c:\program files\Common Files\Java
2009-01-16 15:35 --------- d-----w c:\program files\MSXML 4.0
2009-01-16 11:43 --------- d-----w c:\program files\Panda Security
2009-01-16 05:01 --------- d-----w c:\program files\App
2009-01-11 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2009-01-11 05:36 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2009-01-11 05:29 74,703 ----a-w c:\windows\system32\mfc45.dll
2009-01-11 05:29 --------- d-----w c:\documents and settings\Owner\Application Data\iolo
2009-01-09 07:49 --------- d-----w c:\program files\Common Files\Corel
2009-01-09 07:49 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-01-09 07:48 --------- d-----w c:\program files\Corel
2009-01-09 07:43 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-08 05:26 --------- d-----w c:\documents and settings\Owner\Application Data\IndigoRose
2009-01-08 05:25 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2001-09-17 09:45 127 -c--a-w c:\documents and settings\Owner\setup.bat
2001-09-17 09:44 1,007,761 -c--a-w c:\documents and settings\Owner\unpack.exe
2001-08-20 14:47 4,657,152 -c--a-w c:\documents and settings\Owner\CardGames.exe
2001-07-13 14:55 27,648 -c--a-w c:\documents and settings\Owner\startw.exe
2001-07-03 19:02 782,336 -c--a-w c:\documents and settings\Owner\Hoyle_Card_Games.exe
2001-05-09 14:49 176,128 -c--a-w c:\documents and settings\Owner\INSTAIDE.DLL
2000-03-18 07:29 49,152 -c--a-w c:\documents and settings\Owner\INJECT.EXE
1997-12-24 15:45 105,472 -c--a-w c:\documents and settings\Owner\SOS9503.DLL
2008-04-26 18:54 2 --shatr c:\windows\winstart.bat
2004-03-23 10:39 32 -csha-w c:\windows\{D853E56D-E395-42F1-8A3B-456E23B0F363}.dat
2004-03-23 10:39 32 -csha-w c:\windows\system32\{3520D83C-3483-4B03-BC0F-5170CB092B47}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 86016]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
EzButton System.lnk - c:\program files\EzButton System V1.0\EzButton.exe [2003-07-01 188416]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 8.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^EzButton System.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\EzButton System.lnk
backup=c:\windows\pss\EzButton System.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2002-11-14 21:29 54976 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
--a------ 2002-11-14 21:29 59072 c:\program files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-02-20 14:22 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a--c--- 2002-05-20 19:36 90112 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:56 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2008-11-20 19:04 3647304 c:\program files\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-05-31 00:27 77824 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-12-27 20:09 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a--c--- 2003-05-22 20:36 319488 c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a--c--- 2003-05-30 02:21 868352 c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a--c--- 2003-05-01 20:44 65536 c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 c:\program files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a--c--- 2003-05-21 01:21 90112 c:\progra~1\SYMANT~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-03-27 18:34 53248 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 8.0\\waol.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Thinstall\\Spy Emergency 2008\\400000b100002i\\SpyEmergencySrv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"58627:TCP"= 58627:TCP:Pando P2P TCP Listening Port
"58627:UDP"= 58627:UDP:Pando P2P UDP Listening Port

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-16 28544]
R2 ccPxySvc;Symantec Proxy Service;c:\program files\Norton Internet Security\ccPxySvc.exe [2002-09-14 34496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - cv22.cmd
\Shell\open\Command - cv22.cmd
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 11:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 14:23:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2009-03-06 14:27:29
ComboFix-quarantined-files.txt 2009-03-06 19:26:11
ComboFix2.txt 2009-03-06 02:07:26

Pre-Run: 1,852,252,160 bytes free
Post-Run: 2,013,847,552 bytes free

167 --- E O F --- 2009-01-23 08:02:41


thank you Bamajim for all your help with this ....

Attached Files

  • Attached File  fwll.jpg   88.43KB   1 downloads

Edited by Takii, 06 March 2009 - 03:42 PM.


#15 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 10 March 2009 - 08:35 AM

Takii

We are going to re-run Combofix

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
c:\program files\databaseuhack.zip
c:\windows\winstart.bat

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users