KB922582 -> Update for Windows XP (KB922582)
KB922616 -> Security Update for Windows XP (KB922616)
KB922760 -> Security Update for Windows XP (KB922760)
KB922819 -> Security Update for Windows XP (KB922819)
KB923191 -> Security Update for Windows XP (KB923191)
KB923414 -> Security Update for Windows XP (KB923414)
KB923689 -> Security Update for Windows XP (KB923689)
KB923694 -> Security Update for Windows XP (KB923694)
KB923980 -> Security Update for Windows XP (KB923980)
KB924191 -> Security Update for Windows XP (KB924191)
KB924270 -> Security Update for Windows XP (KB924270)
KB924496 -> Security Update for Windows XP (KB924496)
KB924667 -> Security Update for Windows XP (KB924667)
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398)
KB925454 -> Security Update for Windows XP (KB925454)
KB925486 -> Security Update for Windows XP (KB925486)
KB925902 -> Security Update for Windows XP (KB925902)
KB926239 -> Hotfix for Windows XP (KB926239)
KB926255 -> Security Update for Windows XP (KB926255)
KB926436 -> Security Update for Windows XP (KB926436)
KB927779 -> Security Update for Windows XP (KB927779)
KB927802 -> Security Update for Windows XP (KB927802)
KB927891 -> Update for Windows XP (KB927891)
KB928090 -> Security Update for Windows XP (KB928090)
KB928255 -> Security Update for Windows XP (KB928255)
KB928365.T1_1ToU569_1 -> Security Update for Microsoft .NET Framework 2.0 (KB928365)
KB928843 -> Security Update for Windows XP (KB928843)
KB929123 -> Security Update for Windows XP (KB929123)
KB929338 -> Update for Windows XP (KB929338)
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)
KB929969 -> Security Update for Windows XP (KB929969)
KB930178 -> Security Update for Windows XP (KB930178)
KB930916 -> Update for Windows XP (KB930916)
KB931261 -> Security Update for Windows XP (KB931261)
KB931768 -> Security Update for Windows XP (KB931768)
KB931784 -> Security Update for Windows XP (KB931784)
KB931836 -> Update for Windows XP (KB931836)
KB932168 -> Security Update for Windows XP (KB932168)
KB933360 -> Update for Windows XP (KB933360)
KB933729 -> Security Update for Windows XP (KB933729)
KB935839 -> Security Update for Windows XP (KB935839)
KB935840 -> Security Update for Windows XP (KB935840)
KB936021 -> Security Update for Windows XP (KB936021)
KB936357 -> Update for Windows XP (KB936357)
KB936782_WMP10 -> Security Update for Windows Media Player 10 (KB936782)
KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782)
KB938127 -> Security Update for Windows XP (KB938127)
KB938828 -> Update for Windows XP (KB938828)
KB938829 -> Security Update for Windows XP (KB938829)
KB939653 -> Security Update for Windows XP (KB939653)
KB939683 -> Hotfix for Windows Media Player 11 (KB939683)
KB941202 -> Security Update for Windows XP (KB941202)
KB941568 -> Security Update for Windows XP (KB941568)
KB941569 -> Security Update for Windows XP (KB941569)
KB941644 -> Security Update for Windows XP (KB941644)
KB942615 -> Security Update for Windows XP (KB942615)
KB942763 -> Update for Windows XP (KB942763)
KB942840 -> Update for Windows XP (KB942840)
KB943055 -> Security Update for Windows XP (KB943055)
KB943460 -> Security Update for Windows XP (KB943460)
KB943485 -> Security Update for Windows XP (KB943485)
KB944533 -> Security Update for Windows XP (KB944533)
KB944653 -> Security Update for Windows XP (KB944653)
KB946026 -> Security Update for Windows XP (KB946026)
KB946627 -> Update for Windows XP (KB946627)
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366)
MAGIX Movie Edit Pro 12 US -> MAGIX Movie Edit Pro 12 6.5.4.0 (US)
MAGIX Music Manager 2007 US -> MAGIX Music Manager 2007 8.1.0.727 (US)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
Panda ActiveScan -> Panda ActiveScan
Paradise Poker -> Paradise Poker
PartyPoker -> PartyPoker
Plaxo -> Plaxo Toolbar for Outlook (with AIM Enhancements)
PremElem20 -> Adobe Premiere Elements 2.0
PROSet -> Intel® PRO Network Connections Drivers
RealArcade 1.2 -> RealArcade
Red Alert 2 -> Command & Conquer Red Alert 2
RemoteCapture -> Canon Utilities RemoteCapture 1.3
Sandlot Games Client Services_is1 -> Sandlot Games Client Services
The Weather Channel Desktop -> The Weather Channel Desktop
Transnavicom Satellite Map of Zurich_is1 -> Uninstall
WGA -> Windows Genuine Advantage Validation Tool (KB892130)
WgaNotify -> Windows Genuine Advantage Notifications (KB905474)
WIC -> Windows Imaging Component
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 2
WMCSetup -> Windows Media Connect
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
WOLAPI -> Westwood Shared Internet Components
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Companion -> Yahoo! Toolbar
Yahoo! Toolbar -> Yahoo! Toolbar
ZoomBrowserEXDeInstall -> Canon Utilities ZoomBrowser EX
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
Move Networks Player - IE -> Move Networks Media Player for Internet Explorer
< Uninstall List [HKEY_USERS\S-1-5-21-1202660629-813497703-1801674531-1006\] > -> HKEY_USERS\S-1-5-21-1202660629-813497703-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
Move Networks Player - IE -> Move Networks Media Player for Internet Explorer
[Files/Folders - Created Within 90 days]
BFU -> %SystemDrive%\BFU -> [Folder | Created Date = 4/1/2008 4:19:09 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 4/1/2008 12:50:28 PM | Attr = ]
HostsXpert 4.2 - Hosts File Manager -> %SystemDrive%\HostsXpert 4.2 - Hosts File Manager -> [Folder | Created Date = 4/2/2008 7:35:46 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 4/2/2008 1:25:50 PM | Attr = ]
apphelp.sdb -> %SystemRoot%\System32\dllcache\apphelp.sdb -> MD5 = F535724626E595E2E77FBB7AF75E4CB7 | [Ver = | Size = 217118 bytes | Created Date = 2/23/2008 10:13:47 PM | Attr = ]
apph_sp.sdb -> %SystemRoot%\System32\dllcache\apph_sp.sdb -> MD5 = FFC0769320266C86B5D57094446327C6 | [Ver = | Size = 764868 bytes | Created Date = 2/23/2008 10:13:47 PM | Attr = ]
sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> MD5 = 5DDEF97C436C595F32C4889C973BE815 | [Ver = | Size = 1197294 bytes | Created Date = 2/23/2008 10:13:47 PM | Attr = ]
SDTHOOK.SYS -> %SystemRoot%\System32\drivers\SDTHOOK.SYS -> MD5 = F88D17B93621EEB8BEF33B81E3AF9207 | Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 2/4/2008 11:41:54 PM | Attr = ]
SSFS0BB9.sys -> %SystemRoot%\System32\drivers\SSFS0BB9.sys -> MD5 = D3AD8D2E550B262694B024D1EB1EFFFC | Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Created Date = 2/5/2008 9:12:24 PM | Attr = ]
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 2/23/2008 10:10:10 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Created Date = 2/23/2008 10:10:15 PM | Attr = H ]
ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 2/4/2008 11:29:37 PM | Attr = ]
7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> MD5 = 0626E7EE37B9BF78658F6957A92EBFE8 | Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2/4/2008 11:30:11 PM | Attr = ]
cpnprt2.cid -> %SystemRoot%\System32\cpnprt2.cid -> MD5 = 704EBC33555A645E0340694EF905B2EF | Coupons, Inc. [Ver = 4, 3, 2, 1 | Size = 193880 bytes | Created Date = 2/9/2008 3:00:43 PM | Attr = ]
dcbeg.ini -> %SystemRoot%\System32\dcbeg.ini -> MD5 = CF4C2555273BEED031DDA89397EE861E | [Ver = | Size = 15633 bytes | Created Date = 1/31/2008 7:00:23 PM | Attr = HS]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> MD5 = F464045F5AD11DD2708E620A8404DA7B | Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 4/2/2008 1:25:49 PM | Attr = ]
grep.exe -> %SystemRoot%\System32\grep.exe -> MD5 = 9E05A9C264C8A908A8E79450FCBFF047 | [Ver = | Size = 80412 bytes | Created Date = 4/2/2008 1:25:49 PM | Attr = ]
Help.ico -> %SystemRoot%\System32\Help.ico -> MD5 = 94DEACD6A0C37D631C137A0E49A2F6DC | [Ver = | Size = 1406 bytes | Created Date = 2/4/2008 11:29:41 PM | Attr = ]
java.exe -> %SystemRoot%\System32\java.exe -> MD5 = 08996DD4135EEDCB346BC4AD97B88A72 | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/5/2008 11:00:18 PM | Attr = ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> MD5 = 88E46E21782BFAA2A558E4FBD1B0D7A9 | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 2/5/2008 11:00:18 PM | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> MD5 = 80D62C1F4C24794FF54CFE2F98BB307E | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/5/2008 11:00:18 PM | Attr = ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 4/2/2008 2:52:47 PM | Attr = ]
pavas.ico -> %SystemRoot%\System32\pavas.ico -> MD5 = E429EF56CECD2F69510CC0AFC19D8B8E | [Ver = | Size = 30590 bytes | Created Date = 2/4/2008 11:29:40 PM | Attr = ]
sed.exe -> %SystemRoot%\System32\sed.exe -> MD5 = 2B657A67AEBB84AEA5632C53E61E23BF | [Ver = | Size = 98816 bytes | Created Date = 4/2/2008 1:25:49 PM | Attr = ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B | SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 4/2/2008 1:25:49 PM | Attr = ]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> MD5 = B7517DB073B28F5696A1E5528ABEB5D0 | SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 4/2/2008 1:25:49 PM | Attr = ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> MD5 = B1A9CF0B6F80611D31987C247EC630B4 | SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 4/2/2008 1:25:49 PM | Attr = ]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> MD5 = D1294B3A9BE1E491FA9F534B4C4E59A9 | [Ver = | Size = 2550 bytes | Created Date = 2/4/2008 11:29:41 PM | Attr = ]
VFind.exe -> %SystemRoot%\System32\VFind.exe -> MD5 = AB44CCD0FA8E55EF88DB941EEF95560A | [Ver = | Size = 49152 bytes | Created Date = 4/2/2008 1:25:49 PM | Attr = ]
zip.exe -> %SystemRoot%\System32\zip.exe -> MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8 | [Ver = | Size = 68096 bytes | Created Date = 4/2/2008 1:25:49 PM | Attr = ]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll -> MD5 = 4A7D1F5FD7416FF84D2932A64D6B482D | [Ver = | Size = 11776 bytes | Created Date = 2/4/2008 11:30:11 PM | Attr = ]
Cache -> %SystemRoot%\Cache -> [Folder | Created Date = 2/9/2008 3:00:42 PM | Attr = ]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
cpnprt2.cid -> %SystemRoot%\cpnprt2.cid -> MD5 = 704EBC33555A645E0340694EF905B2EF | Coupons, Inc. [Ver = 4, 3, 2, 1 | Size = 193880 bytes | Created Date = 2/9/2008 3:00:44 PM | Attr = RH ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2/4/2008 10:13:42 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 4/2/2008 2:52:45 PM | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> MD5 = 1D56C98258B6D70F56BAA32380DEA992 | NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 4/2/2008 1:25:49 PM | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> MD5 = 34567437E1881533D582028E95456FBC | Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 4/2/2008 1:30:52 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 4/2/2008 1:30:57 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
2ACA5CC3-0F83-453D-A079-1076FE1A8B65 -> %AllUsersProfile%\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 -> [Folder | Created Date = 1/31/2008 3:33:05 PM | Attr = ]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 4/2/2008 2:52:48 PM | Attr = ]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 4/1/2008 6:32:48 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2/4/2008 6:38:32 PM | Attr = ]
Google -> %AppData%\Google -> [Folder | Created Date = 2/8/2008 11:23:30 AM | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 4/1/2008 6:33:06 PM | Attr = ]
100_7190.JPG -> %UserProfile%\My Documents\100_7190.JPG -> MD5 = A5CA741FEE2820AA9F00F9F7E6CF9CC4 | [Ver = | Size = 1471205 bytes | Created Date = 2/22/2008 11:57:36 AM | Attr = ]
100_7193.JPG -> %UserProfile%\My Documents\100_7193.JPG -> MD5 = CDFF7B97BFDFCC5741E2833D0499D887 | [Ver = | Size = 1476128 bytes | Created Date = 2/22/2008 11:57:23 AM | Attr = ]
100_7203.JPG -> %UserProfile%\My Documents\100_7203.JPG -> MD5 = 5AF14A9C32EA708B836F93051B564AE7 | [Ver = | Size = 918139 bytes | Created Date = 2/22/2008 11:57:23 AM | Attr = ]
100_7204.JPG -> %UserProfile%\My Documents\100_7204.JPG -> MD5 = C1865BFDE537BF0C4801134F2FFC6005 | [Ver = | Size = 1239311 bytes | Created Date = 2/22/2008 11:57:36 AM | Attr = ]
100_7211.JPG -> %UserProfile%\My Documents\100_7211.JPG -> MD5 = F5AB1B109D87EBD984D033C98F10C526 | [Ver = | Size = 952911 bytes | Created Date = 2/22/2008 11:57:36 AM | Attr = ]
100_7215.JPG -> %UserProfile%\My Documents\100_7215.JPG -> MD5 = 8A1D5446F203949F685374DA8FBA1A67 | [Ver = | Size = 659561 bytes | Created Date = 2/22/2008 11:57:36 AM | Attr = ]
100_7220.JPG -> %UserProfile%\My Documents\100_7220.JPG -> MD5 = 5CA09D215EBAC54F386F5D58AB7A4534 | [Ver = | Size = 1472546 bytes | Created Date = 2/22/2008 11:57:36 AM | Attr = ]
100_7222.JPG -> %UserProfile%\My Documents\100_7222.JPG -> MD5 = 308F3A4AAD01199CB1CDFF59D9D480A0 | [Ver = | Size = 598534 bytes | Created Date = 2/22/2008 11:57:36 AM | Attr = ]
100_7237.JPG -> %UserProfile%\My Documents\100_7237.JPG -> MD5 = 173B9E6B3F019FB1BD1123EB0A33EA44 | [Ver = | Size = 929613 bytes | Created Date = 2/22/2008 11:57:23 AM | Attr = ]
100_7238.JPG -> %UserProfile%\My Documents\100_7238.JPG -> MD5 = 6ADF3E23DF179989D347A3D1B2D4F12C | [Ver = | Size = 996586 bytes | Created Date = 2/22/2008 11:57:23 AM | Attr = ]
brett.gif -> %UserProfile%\My Documents\brett.gif -> MD5 = 97F845EF603D35BAB64AB412D08858ED | [Ver = | Size = 73603 bytes | Created Date = 3/7/2008 5:00:18 PM | Attr = ]
I am supporting Town of Merton resident William.doc -> %UserProfile%\My Documents\I am supporting Town of Merton resident William.doc -> MD5 = AE614611B66EF26DA13CDCCCB2560189 | [Ver = | Size = 25600 bytes | Created Date = 3/15/2008 6:46:58 PM | Attr = ]
My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Created Date = 2/1/2008 8:17:44 AM | Attr = ]
New Folder -> %UserProfile%\My Documents\New Folder -> [Folder | Created Date = 4/1/2008 4:17:52 PM | Attr = ]
Picture1.jpg -> %UserProfile%\My Documents\Picture1.jpg -> MD5 = C2EC4BF1C791DC44CB66DAD02A9A5B67 | [Ver = | Size = 101098 bytes | Created Date = 2/12/2008 6:43:25 PM | Attr = ]
stephh.gif -> %UserProfile%\My Documents\stephh.gif -> MD5 = 19B0533389BC0BD6542C779C2D029288 | [Ver = | Size = 41270 bytes | Created Date = 2/22/2008 8:26:21 PM | Attr = ]
stephsean -> %UserProfile%\My Documents\stephsean -> [Folder | Created Date = 1/10/2008 11:14:10 PM | Attr = ]
supporting waukesha county resident.....doc -> %UserProfile%\My Documents\supporting waukesha county resident.....doc -> MD5 = 4F9163ED36839F5AF251E7742DBFCCBF | [Ver = | Size = 24064 bytes | Created Date = 3/19/2008 8:09:31 AM | Attr = ]
topic 4 huckleberryfinn.doc -> %UserProfile%\My Documents\topic 4 huckleberryfinn.doc -> MD5 = 66C7C33C279EA0DF6172F9988FDF09BF | [Ver = | Size = 22016 bytes | Created Date = 1/17/2008 7:57:22 PM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 401EC2B9376BB3CF4412671FF830655D | [Ver = | Size = 696 bytes | Created Date = 4/1/2008 6:32:48 PM | Attr = ]
backups -> %UserProfile%\Desktop\backups -> [Folder | Created Date = 4/2/2008 2:34:50 PM | Attr = ]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> MD5 = E8269245566BE948F6A219135B434160 | Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 4/2/2008 2:30:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HiJackThis.exe:Zone.Identifier
HostsXpert.zip -> %UserProfile%\Desktop\HostsXpert.zip -> MD5 = EE05DBF84F0EC7BFE5760F10B0AAF2C6 | [Ver = | Size = 353386 bytes | Created Date = 4/2/2008 7:16:59 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HostsXpert.zip:Zone.Identifier
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/2/2008 8:35:00 PM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> MD5 = 84C384E24012FF4AE839EFD5ABAADA51 | [Ver = | Size = 539905 bytes | Created Date = 4/2/2008 8:24:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
roomate.gif -> %UserProfile%\Desktop\roomate.gif -> MD5 = EDF0EA124D91DED35230D3B808AF1701 | [Ver = | Size = 45153 bytes | Created Date = 2/23/2008 12:18:35 PM | Attr = ]
step1.gif -> %UserProfile%\Desktop\step1.gif -> MD5 = B1EA6737D150676379F5727AAE9018EB | [Ver = | Size = 59203 bytes | Created Date = 2/23/2008 12:18:08 PM | Attr = ]
[Files/Folders - Modified Within 90 days]
42ab0e5816cba25f514ee3 -> %SystemDrive%\42ab0e5816cba25f514ee3 -> [Folder | Modified Date = 2/4/2008 11:42:19 PM | Attr = ]
BFU -> %SystemDrive%\BFU -> [Folder | Modified Date = 4/1/2008 8:48:40 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 4/1/2008 12:50:28 PM | Attr = ]
HostsXpert 4.2 - Hosts File Manager -> %SystemDrive%\HostsXpert 4.2 - Hosts File Manager -> [Folder | Modified Date = 4/2/2008 7:35:46 PM | Attr = ]
install.dat -> %SystemDrive%\install.dat -> MD5 = 09758ACC76A5C1765C99F9DE8A11544A | [Ver = | Size = 164 bytes | Modified Date = 2/5/2008 8:41:18 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/1/2008 7:25:30 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 4/2/2008 1:30:45 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2/6/2008 11:05:06 AM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/2/2008 2:52:45 PM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 4/1/2008 7:19:33 PM | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> MD5 = 33C65D7F2D94CD111BC9AC1403EF3132 | [Ver = | Size = 209285 bytes | Modified Date = 4/2/2008 8:15:11 PM | Attr = R ]
SSFS0BB9.sys -> %SystemRoot%\System32\drivers\SSFS0BB9.sys -> MD5 = D3AD8D2E550B262694B024D1EB1EFFFC | Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Modified Date = 1/4/2008 9:34:34 PM | Attr = ]
sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> MD5 = 4D0E7A4BEFAD963D3AECFAC12FDEFF16 | Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 21872 bytes | Modified Date = 1/4/2008 9:34:34 PM | Attr = ]
ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> MD5 = 43EEDDC9B9B8ACCDB4A914BA893C73DE | Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 163696 bytes | Modified Date = 1/4/2008 9:34:34 PM | Attr = ]
sskbfd.sys -> %SystemRoot%\System32\drivers\sskbfd.sys -> MD5 = 8564BC9598BE1705477B7FA61D657C2B | Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 23920 bytes | Modified Date = 1/4/2008 9:34:36 PM | Attr = ]
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 2/23/2008 10:11:16 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Modified Date = 2/23/2008 10:10:15 PM | Attr = H ]
ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 2/5/2008 1:39:21 AM | Attr = ]
7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> MD5 = 6D6F4B1886E91EB37ABCCAD19C561EE0 | [Ver = | Size = 16832 bytes | Modified Date = 2/24/2008 9:08:48 AM | Attr = ]
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2/24/2008 9:31:00 AM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/2/2008 1:37:12 PM | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2/5/2008 1:39:42 AM | Attr = ]
cpnprt2.cid -> %SystemRoot%\System32\cpnprt2.cid -> MD5 = 704EBC33555A645E0340694EF905B2EF | Coupons, Inc. [Ver = 4, 3, 2, 1 | Size = 193880 bytes | Modified Date = 2/9/2008 3:00:43 PM | Attr = ]
dcbeg.ini -> %SystemRoot%\System32\dcbeg.ini -> MD5 = CF4C2555273BEED031DDA89397EE861E | [Ver = | Size = 15633 bytes | Modified Date = 2/4/2008 5:20:40 PM | Attr = HS]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/24/2008 9:30:52 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 4/2/2008 1:29:21 PM | Attr = ]
Help.ico -> %SystemRoot%\System32\Help.ico -> MD5 = 94DEACD6A0C37D631C137A0E49A2F6DC | [Ver = | Size = 1406 bytes | Modified Date = 2/4/2008 11:29:41 PM | Attr = ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 4/2/2008 2:52:47 PM | Attr = ]
LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 2/23/2008 10:10:09 PM | Attr = ]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> MD5 = A32B14BE5EDAE794FCE1A9E970827509 | [Ver = | Size = 23392 bytes | Modified Date = 2/24/2008 9:08:48 AM | Attr = ]
pavas.ico -> %SystemRoot%\System32\pavas.ico -> MD5 = E429EF56CECD2F69510CC0AFC19D8B8E | [Ver = | Size = 30590 bytes | Modified Date = 2/4/2008 11:29:41 PM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> MD5 = 30E96DDCA27EDECAD855EEDABD610C71 | [Ver = | Size = 63188 bytes | Modified Date = 3/9/2008 1:40:19 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> MD5 = C39CB64B6C42A1ECE1C66640B1B2B14D | [Ver = | Size = 403968 bytes | Modified Date = 3/9/2008 1:40:19 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> MD5 = 090DC65C9FF178CC67BD3DC1FCC40D47 | [Ver = | Size = 475330 bytes | Modified Date = 3/9/2008 1:40:19 PM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2/6/2008 11:05:06 AM | Attr = ]
ssiefr.EXE -> %SystemRoot%\System32\ssiefr.EXE -> MD5 = 0AC2D082F667BB9340231CC90D41D60A | Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 16240 bytes | Modified Date = 1/4/2008 9:34:34 PM | Attr = ]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> MD5 = D1294B3A9BE1E491FA9F534B4C4E59A9 | [Ver = | Size = 2550 bytes | Modified Date = 2/4/2008 11:29:41 PM | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2/5/2008 1:44:14 AM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> MD5 = 85E8A51154B3DC7E30CC06940CBD39C4 | [Ver = | Size = 2206 bytes | Modified Date = 4/2/2008 6:07:10 PM | Attr = ]
WRLogonNtf.dll -> %SystemRoot%\System32\WRLogonNtf.dll -> MD5 = 9BA2293EFC229743D76BF7637E07DF44 | Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Modified Date = 1/4/2008 9:34:36 PM | Attr = ]
wrlzma.dll -> %SystemRoot%\System32\wrlzma.dll -> MD5 = AD701873F240FF13C877038BE7D2C6EA | [Ver = | Size = 26480 bytes | Modified Date = 1/4/2008 9:34:36 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/12/2008 5:32:49 PM | Attr = H ]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2/24/2008 9:07:20 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> MD5 = 6A2CB42966136854F4464516FBB4AE72 | [Ver = | Size = 2048 bytes | Modified Date = 4/2/2008 1:36:18 PM | Attr = S]
Cache -> %SystemRoot%\Cache -> [Folder | Modified Date = 2/9/2008 3:00:42 PM | Attr = ]
cpnprt2.cid -> %SystemRoot%\cpnprt2.cid -> MD5 = 704EBC33555A645E0340694EF905B2EF | Coupons, Inc. [Ver = 4, 3, 2, 1 | Size = 193880 bytes | Modified Date = 2/9/2008 3:00:44 PM | Attr = RH ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/2/2008 2:52:48 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 4/2/2008 1:26:31 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/23/2008 10:12:56 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> MD5 = 8F94401BB6BB8EEFEBD93C4CBC6283D7 | [Ver = | Size = 1374 bytes | Modified Date = 2/24/2008 9:30:17 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/2/2008 2:52:46 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/27/2008 8:17:50 PM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 4/2/2008 2:52:45 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/2/2008 8:52:10 PM | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> MD5 = 34567437E1881533D582028E95456FBC | Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 4/2/2008 1:30:52 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2/5/2008 1:39:13 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> MD5 = F4D021E764F6FA554606F4A735A3151B | [Ver = | Size = 227 bytes | Modified Date = 4/2/2008 1:30:15 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/2/2008 6:51:06 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 4/2/2008 6:07:15 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> MD5 = 704A355AFAAC99241EA3F3FF891D1C08 | [Ver = | Size = 12800 bytes | Modified Date = 1/24/2008 11:33:13 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
wallpaper.bmp -> %SystemRoot%\wallpaper.bmp -> MD5 = 755230FAA4F9BE0036661833589FD063 | [Ver = | Size = 2986038 bytes | Modified Date = 3/6/2008 2:32:14 PM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 3/28/2008 3:51:20 PM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> MD5 = C3E8C814D73BE921C73D23079EAAC8A9 | [Ver = | Size = 872 bytes | Modified Date = 2/23/2008 10:13:21 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> MD5 = DC17DD0189B0C36D863B4DD0A036C10F | [Ver = | Size = 316640 bytes | Modified Date = 2/23/2008 10:11:34 PM | Attr = ]
WRSetup.dll -> %SystemRoot%\WRSetup.dll -> MD5 = C6CB3DF1220A239FB69FC9CD0AFB412D | Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 1526640 bytes | Modified Date = 1/4/2008 9:56:58 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> MD5 = 67BC6ABD0217541DAD77278B8557E025 | [Ver = | Size = 284 bytes | Modified Date = 1/27/2008 9:52:00 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 | [Ver = | Size = 6 bytes | Modified Date = 4/2/2008 1:36:20 PM | Attr = H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> Unable to obtain MD5 | [Ver = | Size = 7820 bytes | Modified Date = 4/2/2008 1:37:52 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> Unable to obtain MD5 | [Ver = | Size = 7820 bytes | Modified Date = 4/2/2008 1:37:52 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> MD5 = 3FCF7BB720C2E137F3D40068F7E9CF53 | [Ver = | Size = 11068 bytes | Modified Date = 12/10/2005 5:31:53 PM | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> MD5 = ECB539C80E90AB8C7CD832E89B630B54 | [Ver = | Size = 8384 bytes | Modified Date = 10/23/2007 7:14:12 PM | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> MD5 = DE2630981245E15BB1698432E204E8DD | [Ver = | Size = 16384 bytes | Modified Date = 2/22/2007 11:02:45 AM | Attr = ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> MD5 = DEA0AD6B07D97BDA6CBE440A7715F1E3 | [Ver = | Size = 162451 bytes | Modified Date = 2/22/2007 11:12:56 AM | Attr = ]
MFPL7014.DLL -> C:\Documents and Settings\mommy\Local Settings\Temp\MFPL7014.DLL -> Unable to obtain MD5 | Macromedia, Inc. [Ver = 7,0,14,0 | Size = 917504 bytes | Modified Date = 4/2/2008 8:52:11 PM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
2ACA5CC3-0F83-453D-A079-1076FE1A8B65 -> %AllUsersProfile%\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 -> [Folder | Modified Date = 1/31/2008 3:33:05 PM | Attr = ]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 4/2/2008 2:52:48 PM | Attr = ]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 4/1/2008 6:32:48 PM | Attr = ]
QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> MD5 = F69AFC4CB65B364910BBC3574969C92D | [Ver = | Size = 3742 bytes | Modified Date = 3/19/2008 8:17:44 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/4/2008 6:38:32 PM | Attr = ]
Google -> %AppData%\Google -> [Folder | Modified Date = 2/8/2008 11:24:32 AM | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 4/1/2008 6:33:06 PM | Attr = ]
wklnhst.dat -> %AppData%\wklnhst.dat -> MD5 = E44A8387E387C72D8298B86938B25DEC | [Ver = | Size = 1618 bytes | Modified Date = 2/26/2008 3:40:32 PM | Attr = ]
Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 2/8/2008 11:24:32 AM | Attr = ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> MD5 = 23CA8EB5BC508EE51DC4B2E2A5E5EA54 | [Ver = | Size = 8040374 bytes | Modified Date = 4/1/2008 10:15:12 PM | Attr = H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 3/9/2008 6:01:29 PM | Attr = ]
100_7190.JPG -> %UserProfile%\My Documents\100_7190.JPG -> MD5 = A5CA741FEE2820AA9F00F9F7E6CF9CC4 | [Ver = | Size = 1471205 bytes | Modified Date = 2/22/2008 11:19:02 AM | Attr = ]
100_7193.JPG -> %UserProfile%\My Documents\100_7193.JPG -> MD5 = CDFF7B97BFDFCC5741E2833D0499D887 | [Ver = | Size = 1476128 bytes | Modified Date = 2/22/2008 11:34:55 AM | Attr = ]
100_7203.JPG -> %UserProfile%\My Documents\100_7203.JPG -> MD5 = 5AF14A9C32EA708B836F93051B564AE7 | [Ver = | Size = 918139 bytes | Modified Date = 2/22/2008 11:34:54 AM | Attr = ]
100_7204.JPG -> %UserProfile%\My Documents\100_7204.JPG -> MD5 = C1865BFDE537BF0C4801134F2FFC6005 | [Ver = | Size = 1239311 bytes | Modified Date = 2/22/2008 11:19:02 AM | Attr = ]
100_7211.JPG -> %UserProfile%\My Documents\100_7211.JPG -> MD5 = F5AB1B109D87EBD984D033C98F10C526 | [Ver = | Size = 952911 bytes | Modified Date = 2/22/2008 11:19:03 AM | Attr = ]
100_7215.JPG -> %UserProfile%\My Documents\100_7215.JPG -> MD5 = 8A1D5446F203949F685374DA8FBA1A67 | [Ver = | Size = 659561 bytes | Modified Date = 2/22/2008 11:19:03 AM | Attr = ]
100_7220.JPG -> %UserProfile%\My Documents\100_7220.JPG -> MD5 = 5CA09D215EBAC54F386F5D58AB7A4534 | [Ver = | Size = 1472546 bytes | Modified Date = 2/22/2008 11:19:04 AM | Attr = ]
100_7222.JPG -> %UserProfile%\My Documents\100_7222.JPG -> MD5 = 308F3A4AAD01199CB1CDFF59D9D480A0 | [Ver = | Size = 598534 bytes | Modified Date = 2/22/2008 11:19:01 AM | Attr = ]
100_7237.JPG -> %UserProfile%\My Documents\100_7237.JPG -> MD5 = 173B9E6B3F019FB1BD1123EB0A33EA44 | [Ver = | Size = 929613 bytes | Modified Date = 2/22/2008 11:34:55 AM | Attr = ]
100_7238.JPG -> %UserProfile%\My Documents\100_7238.JPG -> MD5 = 6ADF3E23DF179989D347A3D1B2D4F12C | [Ver = | Size = 996586 bytes | Modified Date = 2/22/2008 11:34:56 AM | Attr = ]
brett.gif -> %UserProfile%\My Documents\brett.gif -> MD5 = 97F845EF603D35BAB64AB412D08858ED | [Ver = | Size = 73603 bytes | Modified Date = 3/7/2008 4:59:49 PM | Attr = ]
I am supporting Town of Merton resident William.doc -> %UserProfile%\My Documents\I am supporting Town of Merton resident William.doc -> MD5 = AE614611B66EF26DA13CDCCCB2560189 | [Ver = | Size = 25600 bytes | Modified Date = 3/24/2008 4:04:38 PM | Attr = ]
My Projects -> %UserProfile%\My Documents\My Projects -> [Folder | Modified Date = 2/26/2008 3:42:26 PM | Attr = ]
My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 2/1/2008 8:17:44 AM | Attr = ]
New Folder -> %UserProfile%\My Documents\New Folder -> [Folder | Modified Date = 4/1/2008 4:17:52 PM | Attr = ]
stephh.gif -> %UserProfile%\My Documents\stephh.gif -> MD5 = 19B0533389BC0BD6542C779C2D029288 | [Ver = | Size = 41270 bytes | Modified Date = 2/22/2008 8:10:43 PM | Attr = ]
stephsean -> %UserProfile%\My Documents\stephsean -> [Folder | Modified Date = 1/10/2008 11:14:10 PM | Attr = ]
supporting waukesha county resident.....doc -> %UserProfile%\My Documents\supporting waukesha county resident.....doc -> MD5 = 4F9163ED36839F5AF251E7742DBFCCBF | [Ver = | Size = 24064 bytes | Modified Date = 3/19/2008 5:08:45 PM | Attr = ]
topic 4 huckleberryfinn.doc -> %UserProfile%\My Documents\topic 4 huckleberryfinn.doc -> MD5 = 66C7C33C279EA0DF6172F9988FDF09BF | [Ver = | Size = 22016 bytes | Modified Date = 1/17/2008 7:57:22 PM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 401EC2B9376BB3CF4412671FF830655D | [Ver = | Size = 696 bytes | Modified Date = 4/1/2008 6:32:48 PM | Attr = ]
Spy Sweeper.lnk -> %AllUsersProfile%\Desktop\Spy Sweeper.lnk -> MD5 = 7946EA15A2C9F653F387260BD274DEDA | [Ver = | Size = 1641 bytes | Modified Date = 2/5/2008 9:12:22 PM | Attr = ]
backups -> %UserProfile%\Desktop\backups -> [Folder | Modified Date = 4/2/2008 2:34:50 PM | Attr = ]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> MD5 = E8269245566BE948F6A219135B434160 | Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 4/2/2008 2:31:39 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HiJackThis.exe:Zone.Identifier
HostsXpert.zip -> %UserProfile%\Desktop\HostsXpert.zip -> MD5 = EE05DBF84F0EC7BFE5760F10B0AAF2C6 | [Ver = | Size = 353386 bytes | Modified Date = 4/2/2008 7:16:59 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HostsXpert.zip:Zone.Identifier
New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Modified Date = 2/17/2008 1:20:39 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/2/2008 8:52:04 PM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> MD5 = 84C384E24012FF4AE839EFD5ABAADA51 | [Ver = | Size = 539905 bytes | Modified Date = 4/2/2008 8:24:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
roomate.gif -> %UserProfile%\Desktop\roomate.gif -> MD5 = EDF0EA124D91DED35230D3B808AF1701 | [Ver = | Size = 45153 bytes | Modified Date = 2/23/2008 12:07:53 PM | Attr = ]
step1.gif -> %UserProfile%\Desktop\step1.gif -> MD5 = B1EA6737D150676379F5727AAE9018EB | [Ver = | Size = 59203 bytes | Modified Date = 2/23/2008 12:07:52 PM | Attr = ]
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\XP\23]
"DisplayName"="\x3e98\23\x40d0\23"
"DeviceDesc"="\x3e98\23\x40d0\23"
"ProviderName"=""
"MFG"="\x435c\x616c\x7373\"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\x5058\23\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"xp_inf\cx_08623.inf"
scanning hidden files ...
C:\WINDOWS\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60 122 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\Desktop\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\Local Settings\Temporary Internet Files\OLK3\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\prom 06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\2007-05-01, prom stuff\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\2007-05-04, springconcert07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\6.28.06 photoshoot\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-08-12-1033-27\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-08-14-0915-52\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-08-21-1121-41\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-08-21-1127-40\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-08-21-1134-29\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-08-29-2211-32\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-09-02-2203-16\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-09-03-2240-08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-09-05-1557-10\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-09-07-1958-58\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-09-19-1818-31\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-03-1705-49\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-07-2151-43\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-04-25-1654-18\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-05-01-1924-47\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-05-01-2026-01\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\again more prom\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\cats\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\doug\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\more prom2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\priceless\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\prom2007 party\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\SAMSON\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\steph\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\winter2006-07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\xmas2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\YARD\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\yard and step and skimper\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-05-30-1241-11\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-05-30-1255-43\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-05-30-1420-07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-06-09-2126-47\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-06-10-1411-33\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-06-16-1806-28\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-07-16-1022-04\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-08-08-1314-48\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-08-08-1324-11\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-08-28-1008-43\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-08-28-2112-37\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-01-0852-20\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-05-12-2107-53\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-09-03-2053-46\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Other Photos\3836770641\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Other Photos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Outgoing E-mail Attachments\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Photos from Removable Media\Jan 27 2008 - 2241343144\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Photos from Removable Media\Jul 20 2007 - 974104167\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Photos from Removable Media\oshkosh08 - 3236018546\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Photos from Removable Media\Prom May 12 2007 - 2142495358\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Adobe\Scanned Photos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\contest\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\dec07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\PROM007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\prom05\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\seniorphotoshoot\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\snowfall\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\togail\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\tom\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\trip\school\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\trip\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\tyler\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\miscjune07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Pictures\New Folder (2)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\My Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\mommy\My Documents\stephsean\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\.viv
C:\Documents and Settings\Owner\.viv\1160845567234playershim1186.dll 24576 bytes executable
C:\Documents and Settings\Owner\.viv\httpwww.canam.brp.combrphtmlcanamrebornsplash.jpeg 7476 bytes
C:\Documents and Settings\Owner\.viv\lib1186 404596 bytes
C:\Documents and Settings\Owner\.viv\props.txt 58 bytes
C:\Documents and Settings\Owner\Application Data
C:\Documents and Settings\Owner\Application Data\acccore
C:\Documents and Settings\Owner\Application Data\acccore\caches
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00002830 61 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D20472 55 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D205A1 968 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D21A94 589 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D21A9A 186 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D2243F 336 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D248E0 1049 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D25E7C 350 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D26F35 55 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D29F06 236 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D29F6C 1021 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D29F75 582 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201D29FD6 1037 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201E05D15 551 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201E060E2 386 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201E0642B 1071 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201E068C0 55 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201E07D80 588 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\0201E08FBA 1062 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00000139 336 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00000576 236 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00000587 186 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B0000058F 589 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00001154 1037 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B000013C5 582 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B000013C6 1021 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B000013C9 375 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B000016C4 551 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00001769 386 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B000017BC 1071 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B0000196C 55 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B000019A5 55 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00001D15 55 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00001E43 588 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00001F79 55 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00001FB3 338 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B00001FB4 338 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B000020ED 241 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B0000259C 1062 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\0\2B0000269B 61 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D20472 90 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D21A94 1603 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D21C36 6636 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D21F46 1145 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D2243F 1441 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D248E0 6740 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D26653 7110 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D2837A 6102 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D29F06 6068 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D2A220 1732 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201D2A278 6100 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201E0572E 1989 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201E05D15 1791 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201E06481 1820 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201E068C0 4724 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201E09108 1714 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\0201E091D1 3118 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\5704EC75CD67A9580828242FEBB4CCA5 2535 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\5BAC8484745253F6A893B8B9ACD6DFD4 3851 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\5C06B31388768EDBC4E7B51C9E56D825 1078 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\61056CDD762A7D1FD0795C8D2D3688F8 2817 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\64E54CF9A22E0DFC5196E75183D3A0C6 2972 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\6A8B8E63F4DAA49F18807882CB186D03 6987 bytes
C:\Documents and Settings\Owner\Application Data\acccore\caches\bart\1\6BE7F15006CD2ABA1CCA6E421D973B87 1656 bytes
end break two
Edited by jillsusan, 03 April 2008 - 07:06 AM.