WinCoDecPRO Removal Needed - Hijackthis log included

What browser are you using to download files?

Currently using FireFox. Should I try it with Internet Explorer?

Yes, try that.
If IE works, then it's a problem with Firefox.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:30 on 18/10/2009 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "mspmsnsv.dll"
C:\WINNT\system32\mspmsnsv.dll --a--c 52224 bytes [21:02 01/05/2004] [02:03 27/11/2002] 36678803A8030EE9A771935CFC1848BD

Searching for "comres.dll"
No files found.

-=End Of File=-

Still getting wincodec pro popups? I still don't see anything wrong here.

Belahzur - Unfortunately yes. I still have the red icon on my lower right-hand system bar/task tray saying "Fatal Error", "Media System Corrupt" etc.
And my sound still does not work

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %systemroot%\system32\eventlog.dll
  %systemroot%\system32\scecli.dll
  %systemroot%\netlogon.dll
  %systemroot%\system32\cngaudit.dll
  %systemroot%\system32\sceclt.dll
  %systemroot%\ntelogon.dll
  %systemroot%\system32\logevent.dll
  %systemroot%\system32\drivers\iaStor.sys
  %systemroot%\System32\drivers\nvstor.sys
  %systemroot%\system32\drivers\atapi.sys
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    
  
  

Extras.Txt:

OTL Extras logfile created on: 10/19/2009 7:48:32 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 421.64 Mb Available Physical Memory | 57.33% Memory free
1.76 Gb Paging File | 1.42 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): C:\pagefile.sys 1102 1102 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 63.57 Gb Free Space | 85.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS24
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- C:\WINNT\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1 File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F4F0A-CC46-4C8F-A2AE-26E802625BF3}" = Microsoft Office Live Meeting 2005
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX8400 Series Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3F262ADC-5AD2-48E5-A586-44315E04A9E9}" = Microsoft Digital Image Library 10
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Digital Image Pro 10
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5FF4A578-4588-4ACF-8317-7191FC45F3E1}" = TaxCut California 2007
"{60B9A48D-559E-43FA-8F28-D657190E4E52}" = Remote Desktop Connection
"{6D63A7D5-ACD1-4322-B1A6-52C9E530040D}" = Canon Camera TWAIN Driver
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"HijackThis" = HijackThis 2.0.2
"InstallShield_{6D63A7D5-ACD1-4322-B1A6-52C9E530040D}" = Canon Camera TWAIN Driver 6.7
"LimeWire" = LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Office Live Meeting" = Microsoft Office Live Meeting
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Pdf995" = Pdf995
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItSuite_v10" = Microsoft Digital Image Suite 10
"Q818043" = Windows 2000 Hotfix (SP5) Q818043
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"S3Display" = S3Display
"Silent Package Run-Time Sample" = EPSON CX8400 User's Guide
"SopCast" = SopCast 3.0.3
"Spyware Terminator_is1" = Spyware Terminator
"TVUPlayer" = TVUPlayer 2.3.0.0
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"WMP7" = Windows Media Player system update (9 Series)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2009 12:53:09 AM | Computer Name = WS24 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 10/15/2009 1:35:10 AM | Computer Name = WS24 | Source = MsiInstaller | ID = 11706
Description = Product: Symantec AntiVirus -- Error 1706.No valid source could be
found for product Symantec AntiVirus. The Windows Installer cannot continue.

Error - 10/15/2009 8:41:41 PM | Computer Name = WS24 | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).

Error - 10/15/2009 8:43:00 PM | Computer Name = WS24 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 10/15/2009 10:27:44 PM | Computer Name = WS24 | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).

Error - 10/15/2009 10:29:47 PM | Computer Name = WS24 | Source = PerfDisk | ID = 1000
Description = Unable to open the Disk performance object. Status code returned is
data
DWORD 0.

Error - 10/15/2009 10:29:47 PM | Computer Name = WS24 | Source = rasctrs | ID = 2001
Description =

Error - 10/15/2009 10:43:27 PM | Computer Name = WS24 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 10/19/2009 6:47:20 PM | Computer Name = WS24 | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).

Error - 10/19/2009 6:48:36 PM | Computer Name = WS24 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

[ System Events ]
Error - 10/15/2009 10:34:01 PM | Computer Name = WS24 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1077

Error - 10/15/2009 10:34:32 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {0C0A3666-30C9-11D0-8F20-00805F2CD064} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:35:16 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:35:48 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:36:18 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:36:51 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:37:21 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:42:28 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:44:05 PM | Computer Name = WS24 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SONYPVM1

Error - 10/19/2009 6:49:07 PM | Computer Name = WS24 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SONYPVM1


< End of report >

OTL.Txt:

OTL logfile created on: 10/19/2009 7:48:32 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 421.64 Mb Available Physical Memory | 57.33% Memory free
1.76 Gb Paging File | 1.42 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): C:\pagefile.sys 1102 1102 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 63.57 Gb Free Space | 85.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS24
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/19 19:47:01 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/10/14 01:54:15 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/14 01:54:15 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/13 16:43:40 | 00,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/10/12 18:13:33 | 00,084,480 | -H-- | M] () -- C:\Program Files\Java\jre6\bin\dejusched.exe
PRC - [2009/06/25 12:10:00 | 00,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/11/06 04:42:59 | 00,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 04:42:59 | 00,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/04/05 22:51:45 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/05/25 10:16:08 | 00,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1255452910\ee\AOLSoftware.exe
PRC - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2005/05/19 16:48:34 | 00,053,248 | ---- | M] () -- C:\WINNT\System32\LxrSII1s.exe
PRC - [2004/09/07 08:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MSTask.exe
PRC - [2004/08/02 20:36:40 | 00,124,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/08/02 20:36:32 | 01,267,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/08/02 20:36:26 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/06/09 21:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/06/09 21:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/06/09 21:31:06 | 00,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/07/14 05:00:00 | 00,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Explorer.EXE
PRC - [2003/07/14 05:00:00 | 00,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\WBEM\WinMgmt.exe
PRC - [2003/07/14 05:00:00 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\regsvc.exe
PRC - [2003/07/14 05:00:00 | 00,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\stisvc.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/06/19 13:05:04 | 00,019,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\hidserv.exe
PRC - [2002/07/30 16:16:20 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINNT\wanmpsvc.exe
PRC - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 01:54:15 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/10/13 16:43:40 | 00,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv [Auto | Running])
SRV - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/05/19 16:48:34 | 00,053,248 | ---- | M] () -- C:\WINNT\System32\LxrSII1s.exe -- (LxrSII1s [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/09/07 08:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MSTask.exe -- (Schedule [Auto | Running])
SRV - [2004/08/02 20:36:36 | 00,173,392 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2004/08/02 20:36:32 | 01,267,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2004/08/02 20:36:26 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2004/06/11 19:28:30 | 00,201,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2004/06/09 21:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2004/06/09 21:31:12 | 00,087,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004/06/09 21:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/07/14 05:00:00 | 00,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\WBEM\WinMgmt.exe -- (WinMgmt [Auto | Running])
SRV - [2003/07/14 05:00:00 | 00,147,728 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
SRV - [2003/07/14 05:00:00 | 00,094,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\faxsvc.exe -- (Fax [On_Demand | Stopped])
SRV - [2003/07/14 05:00:00 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\regsvc.exe -- (RemoteRegistry [Auto | Running])
SRV - [2003/07/14 05:00:00 | 00,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\stisvc.exe -- (StiSvc [Auto | Running])
SRV - [2003/07/14 05:00:00 | 00,022,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\UtilMan.exe -- (UtilMan [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/06/19 13:05:04 | 00,019,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\hidserv.exe -- (HidServ [Auto | Running])
SRV - [2002/07/30 16:16:20 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINNT\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = r1:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/14 01:54:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/03 20:08:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/14 15:45:42 | 00,000,000 | ---D | M]

[2009/01/28 15:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/01/28 15:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/18 20:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\33k9j29p.default\extensions
[2009/10/01 03:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\33k9j29p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/29 19:29:39 | 00,001,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\33k9j29p.default\searchplugins\crawlersrch.xml
[2009/10/18 20:01:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/03 20:08:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/16 17:30:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/05/10 01:21:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/10/14 01:54:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/10/03 20:08:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/12/17 14:59:30 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/17 14:59:31 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/17 14:59:32 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/17 14:59:33 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/17 14:59:35 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/02/24 12:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/06/10 17:03:52 | 00,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/06/10 17:03:52 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/06/10 17:03:52 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2009/10/14 01:54:16 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/24 12:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008/12/17 14:59:36 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/05 22:51:53 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/04/05 22:51:58 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/04/05 22:51:49 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/17 20:21:00 | 03,883,424 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2007/08/21 17:42:32 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/02/24 12:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/12/17 11:24:41 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/17 11:24:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/06 04:42:54 | 00,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\aolsearch.xml
[2008/12/17 11:24:41 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/17 11:24:41 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/17 11:24:41 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/17 11:24:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dejusched] C:\Program Files\Java\jre6\bin\dejusched.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1255452910\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VTPreset] C:\WINNT\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKLM..\RunOnce: [MigrateMMDrivers] C:\WINNT\System32\mmsys.CPL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\System32\rnr20.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} http://scpwic.ops.placeware.com/etc/place/INDIA/SCIpws-c2/5.1.7.413/lib/quicksilver.cab (Quicksilver Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: MIW Deployment https://wil.radnetonline.com/downloads/MIWDeploy.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RobertsonDX.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\System32\msdxm.ocx ()
O18 - Protocol\Filter: - application/octet-stream - No CLSID value found
O18 - Protocol\Filter: - application/x-complus - No CLSID value found
O18 - Protocol\Filter: - application/x-msdownload - No CLSID value found
O18 - Protocol\Filter: - Class Install Handler - No CLSID value found
O18 - Protocol\Filter: - deflate - No CLSID value found
O18 - Protocol\Filter: - gzip - No CLSID value found
O18 - Protocol\Filter: - lzdhtml - No CLSID value found
O18 - Protocol\Filter: - text/webviewhtml - No CLSID value found
O18 - Protocol\Filter: - text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\System32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\System32\NETSHELL.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/02 09:51:53 | 00,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: Ias - C:\WINNT\System32\ias [2004/05/01 05:55:15 | 00,000,000 | ---D | M]
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootMin: dmboot.sys - C:\WINNT\System32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootMin: dmio.sys - C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
SafeBootMin: dmload.sys - C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootNet: dmboot.sys - C:\WINNT\System32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootNet: dmio.sys - C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
SafeBootNet: dmload.sys - C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NBF - Service
SafeBootNet: nbf.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sglfb.sys - File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tga.sys - File not found
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3c0d61fe-1db3-4d0b-8477-3cb53eab9469} - KB951066
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {80b81c71-14cd-41c3-9e8c-08b9e06d02ef} - KB960714
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dc0d5f50-5f0b-46bf-8683-93ac61c67001} - Q833989
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {e41091c0-06d5-474f-836e-dd190348ea18} - KB958215
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f156e5b2-f52e-4094-800c-e7392fe62314} - KB938464
ActiveX: {f3d9c2d1-579f-4d41-95ba-5354eeb398d0} - KB972260
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer1 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.l3acm - C:\WINNT\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - File not found
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found

========== Files/Folders - Created Within 14 Days ==========

[4 C:\WINNT\*.tmp files]
[2009/10/12 09:20:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009/10/13 09:55:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/10/14 21:40:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/10/13 09:57:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/10/19 19:29:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/13 16:43:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/10/14 15:37:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2009/10/13 16:34:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Antispyware
[2009/10/13 09:57:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AOL
[2009/10/06 13:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Participatory Culture Foundation
[2009/10/13 16:43:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
[2009/10/15 14:50:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2009/10/13 09:57:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2009/10/19 19:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters
[2009/10/14 02:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WinZip
[2009/10/13 09:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2009/10/13 09:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\AOL
[2009/10/13 09:55:07 | 00,000,000 | ---D | C] -- C:\Program Files\AOL 9.1
[2009/10/13 17:47:01 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/10/14 21:40:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Easy Assist
[2009/10/08 21:43:08 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/10/06 13:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2009/10/19 19:29:30 | 00,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2009/10/10 16:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\SopCast
[2009/10/13 16:43:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009/10/13 22:44:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/14 00:58:31 | 00,000,000 | ---D | C] -- C:\Program Files\TVUPlayer
[2009/10/15 14:49:27 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/13 20:24:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/19 19:46:59 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/19 19:25:24 | 00,000,000 | R-SD | C] -- C:\WINNT\assembly
[2009/10/19 19:24:25 | 00,000,000 | ---D | C] -- C:\WINNT\Microsoft.NET
[2009/10/19 19:22:03 | 01,045,536 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Administrator\Desktop\DriverDetective.exe
[2009/10/19 16:36:58 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2009/10/15 15:06:39 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/14 22:02:40 | 00,661,352 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrator\Desktop\autoruns.exe
[2009/10/14 22:02:03 | 03,589,160 | ---- | C] (Sysinternals) -- C:\Documents and Settings\Administrator\Desktop\processexplorer.exe
[2009/10/14 20:53:46 | 00,000,000 | ---D | C] -- C:\WINNT\temp
[2009/10/14 20:42:44 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/14 20:35:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2009/10/14 20:35:07 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2009/10/14 20:35:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2009/10/14 20:35:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2009/10/14 19:52:01 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/10/14 19:51:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/14 15:41:23 | 27,386,280 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\AdbeRdr920_en_US.exe
[2009/10/14 02:05:58 | 00,000,000 | ---D | C] -- C:\unzipped
[2009/10/13 22:44:11 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/10/13 21:58:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\BOARD_OP_SCHEDULE_Oct_11_2009R1
[2009/10/13 16:39:28 | 00,646,840 | ---- | C] (Crawler Inc. ) -- C:\Documents and Settings\Administrator\Desktop\SpywareTerminatorSetup(2).exe
[2009/10/13 09:55:08 | 00,000,000 | ---D | C] -- C:\WINNT\aolshare
[2004/09/21 13:34:49 | 00,025,876 | R--- | C] (MicroStaff Co.,Ltd.) -- C:\Program Files\OLPUBKCR.SYS

========== Files - Modified Within 14 Days ==========

[8 C:\WINNT\System32\*.tmp files]
[4 C:\WINNT\*.tmp files]
[2009/10/19 19:47:01 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/19 19:31:22 | 00,071,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/19 19:29:37 | 00,002,010 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2009/10/19 19:28:51 | 00,394,054 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2009/10/19 19:28:51 | 00,383,534 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2009/10/19 19:28:51 | 00,057,148 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2009/10/19 19:21:57 | 01,045,536 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Administrator\Desktop\DriverDetective.exe
[2009/10/19 16:58:22 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2009/10/19 16:35:40 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2009/10/19 15:51:17 | 00,000,588 | ---- | M] () -- C:\WINNT\win.ini
[2009/10/19 15:48:40 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/10/19 15:48:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_25c.dat
[2009/10/19 15:46:10 | 00,642,880 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2009/10/18 19:25:30 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2009/10/14 22:02:43 | 00,661,352 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrator\Desktop\autoruns.exe
[2009/10/14 22:02:18 | 03,589,160 | ---- | M] (Sysinternals) -- C:\Documents and Settings\Administrator\Desktop\processexplorer.exe
[2009/10/14 20:52:20 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2009/10/14 19:52:27 | 03,339,061 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/10/14 15:45:42 | 00,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/14 15:44:10 | 27,386,280 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\AdbeRdr920_en_US.exe
[2009/10/14 06:49:34 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003 (2).lnk
[2009/10/14 02:03:00 | 00,071,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2009/10/14 02:00:47 | 00,001,535 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/10/14 01:58:58 | 13,722,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\winzip121.exe
[2009/10/14 00:58:33 | 00,000,587 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TVUPlayer.lnk
[2009/10/13 22:44:57 | 00,001,590 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/10/13 22:44:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/10/13 22:10:14 | 04,497,408 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Storm-op-zee.pps
[2009/10/13 21:58:13 | 00,118,910 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BOARD_OP_SCHEDULE_Oct_11_2009R1.zip
[2009/10/13 21:55:56 | 00,011,044 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\personal file request.docx
[2009/10/13 16:43:40 | 00,142,592 | ---- | M] () -- C:\WINNT\System32\drivers\sp_rsdrv2.sys
[2009/10/13 16:39:30 | 00,646,840 | ---- | M] (Crawler Inc. ) -- C:\Documents and Settings\Administrator\Desktop\SpywareTerminatorSetup(2).exe
[2009/10/13 10:15:57 | 00,000,040 | ---- | M] () -- C:\WINNT\A
[2009/10/13 09:57:03 | 00,000,560 | ---- | M] () -- C:\WINNT\aolback.exe.lnk
[2009/10/13 09:57:02 | 00,000,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.1.lnk
[2009/10/13 09:57:00 | 00,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx
[2009/10/12 09:10:37 | 00,001,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINNT\PEV.exe
[2009/10/10 16:01:31 | 00,000,547 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SopCast.lnk
[2009/10/09 12:04:38 | 00,276,560 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2009/10/08 11:06:07 | 05,087,188 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\jdbook.pdf
[2009/10/07 12:08:46 | 00,004,489 | ---- | M] () -- C:\WINNT\mozver.dat
[2009/10/06 02:41:27 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\phone numbers.xls

========== Files - No Company Name ==========
[2009/10/19 19:29:37 | 00,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2009/10/19 16:58:22 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2009/10/19 15:48:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_25c.dat
[2009/10/19 15:46:10 | 00,642,880 | -H-- | C] () -- C:\WINNT\ShellIconCache
[2009/10/18 19:25:29 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2009/10/14 20:35:07 | 00,236,544 | ---- | C] () -- C:\WINNT\PEV.exe
[2009/10/14 20:35:07 | 00,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2009/10/14 20:35:06 | 00,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2009/10/14 20:35:06 | 00,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2009/10/14 15:45:42 | 00,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/14 02:03:06 | 00,071,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2009/10/14 01:58:36 | 13,722,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\winzip121.exe
[2009/10/14 00:58:33 | 00,000,587 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TVUPlayer.lnk
[2009/10/13 22:44:57 | 00,001,590 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/10/13 22:37:30 | 03,339,061 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/10/13 22:09:40 | 04,497,408 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Storm-op-zee.pps
[2009/10/13 21:58:11 | 00,118,910 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BOARD_OP_SCHEDULE_Oct_11_2009R1.zip
[2009/10/13 21:55:55 | 00,011,044 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\personal file request.docx
[2009/10/13 16:43:40 | 00,142,592 | ---- | C] () -- C:\WINNT\System32\drivers\sp_rsdrv2.sys
[2009/10/13 10:15:57 | 00,000,040 | ---- | C] () -- C:\WINNT\A
[2009/10/13 09:57:02 | 00,000,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.1.lnk
[2009/10/10 16:01:31 | 00,000,547 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SopCast.lnk
[2009/10/08 11:05:55 | 05,087,188 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\jdbook.pdf
[2009/02/14 17:24:03 | 00,000,336 | ---- | C] () -- C:\Program Files\temp995.bat
[2008/10/21 15:14:01 | 00,074,703 | ---- | C] () -- C:\WINNT\System32\mfc45.dll
[2008/06/28 15:41:21 | 00,071,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/06 17:56:16 | 00,000,028 | ---- | C] () -- C:\WINNT\pdf995.ini
[2008/06/05 20:46:33 | 00,000,000 | ---- | C] () -- C:\WINNT\OPPRIN~1.INI
[2008/06/05 20:43:37 | 00,005,632 | ---- | C] () -- C:\WINNT\System32\CNMVS43.DLL
[2008/04/14 19:13:05 | 00,051,716 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll
[2008/04/06 17:50:03 | 00,000,097 | ---- | C] () -- C:\WINNT\System32\PICSDK.ini
[2008/04/06 17:48:39 | 00,000,044 | ---- | C] () -- C:\WINNT\EPCX8400.ini
[2008/03/28 21:39:54 | 00,000,142 | ---- | C] () -- C:\WINNT\wpd99.drv
[2007/03/16 11:33:35 | 00,442,368 | R--- | C] () -- C:\WINNT\System32\softcoin.dll
[2007/03/16 11:33:35 | 00,319,488 | R--- | C] () -- C:\WINNT\System32\gencoin.dll
[2007/01/31 12:02:32 | 00,070,016 | ---- | C] () -- C:\WINNT\System32\drivers\LxrSII1d.sys
[2006/07/27 14:43:04 | 00,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/01/04 09:45:39 | 00,000,978 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/02 09:50:50 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2005/05/02 11:23:19 | 00,000,072 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2005/03/30 12:04:21 | 00,000,037 | ---- | C] () -- C:\WINNT\ipixActivex.ini
[2005/01/10 09:21:20 | 00,000,000 | ---- | C] () -- C:\WINNT\JDSecure31.INI
[2004/11/09 13:15:23 | 00,000,080 | ---- | C] () -- C:\WINNT\encore_launcher.ini
[2004/11/04 15:40:50 | 00,000,023 | ---- | C] () -- C:\WINNT\PureEdgeAPI.ini
[2004/09/21 13:34:49 | 00,083,968 | R--- | C] () -- C:\Program Files\UNINSTAL.EXE
[2004/09/21 13:34:49 | 00,071,168 | R--- | C] () -- C:\Program Files\INSTALL.EXE
[2004/09/21 13:34:49 | 00,025,431 | ---- | C] () -- C:\Program Files\AutoConnectDriverforWin98SEInstructions.PDF
[2004/09/21 13:34:49 | 00,011,052 | R--- | C] () -- C:\Program Files\MUSBPORT.PDR
[2004/09/21 13:34:49 | 00,009,504 | R--- | C] () -- C:\Program Files\Install.ini
[2004/09/21 13:34:49 | 00,001,198 | R--- | C] () -- C:\Program Files\OLPUBKCR.INF
[2004/09/21 13:34:49 | 00,000,917 | R--- | C] () -- C:\Program Files\UNINSTAL.INI
[2004/09/21 13:34:49 | 00,000,822 | R--- | C] () -- C:\Program Files\OLPUSBCR.INF
[2004/09/21 13:34:06 | 00,104,595 | ---- | C] () -- C:\Program Files\AutoConnDriv_Win98SE.exe
[2004/05/25 14:56:56 | 00,001,366 | ---- | C] () -- C:\WINNT\CPWIN.INI
[2004/05/07 10:32:11 | 00,036,864 | R--- | C] () -- C:\WINNT\System32\RunSetup.dll
[2004/05/06 12:52:45 | 00,000,064 | ---- | C] () -- C:\WINNT\qwimp.ini
[2004/05/06 12:51:27 | 00,000,076 | ---- | C] () -- C:\WINNT\Quicken.ini
[2004/05/05 19:55:36 | 00,000,479 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/05/05 19:55:32 | 00,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2004/05/01 13:25:45 | 00,000,000 | ---- | C] () -- C:\WINNT\VPC32.INI
[2004/05/01 13:23:48 | 00,000,730 | ---- | C] () -- C:\WINNT\ODBC.INI
[2004/05/01 13:18:24 | 00,032,768 | ---- | C] () -- C:\WINNT\System32\UnAudioNT.dll
[2004/05/01 13:16:45 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\vusetup.dll
[2004/05/01 13:13:39 | 00,003,000 | R--- | C] () -- C:\WINNT\System32\SetupNT.sys
[2004/05/01 13:06:39 | 00,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2004/05/01 13:06:39 | 00,000,271 | -H-- | C] () -- C:\Program Files\desktop.ini
[2003/07/14 05:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2003/07/14 05:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2003/07/14 05:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2003/07/14 05:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2003/07/14 05:00:00 | 00,000,588 | ---- | C] () -- C:\WINNT\win.ini
[2003/07/14 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINNT\system.ini
[2003/07/14 05:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[1999/09/25 03:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

========== LOP Check ==========

[2009/10/15 14:50:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/10/16 20:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2009/10/13 16:35:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Antispyware
[2009/05/04 11:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Any Video Converter
[2009/09/24 11:50:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
[2008/03/21 01:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
[2009/10/01 01:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo
[2005/09/11 21:05:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ipswitch
[2009/03/26 22:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/10/15 14:59:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2009/10/06 13:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Participatory Culture Foundation
[2008/06/06 17:56:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2009/10/13 17:58:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
[2009/02/14 17:27:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2008/03/28 23:08:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2009/09/30 15:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
[2009/10/19 19:29:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/14 21:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/03/26 22:48:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2005/11/23 09:03:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2004/11/09 15:07:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/10/21 15:13:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/10/19 19:29:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/02/14 17:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/10/13 18:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2008/03/28 19:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/10/23 11:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/14 02:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/07 18:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2003/07/14 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2009/10/19 15:48:40 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2003/07/14 05:00:00 | 00,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/07/14 05:00:00 | 00,163,840 | RHS- | M] () -- C:\arcsetup.exe

< %systemroot%\system32\eventlog.dll >
[2005/04/08 04:54:32 | 00,049,424 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\EVENTLOG.DLL
[8 C:\WINNT\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2005/01/12 12:39:44 | 00,114,448 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scecli.dll
[8 C:\WINNT\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< %systemroot%\system32\drivers\iaStor.sys >

< %systemroot%\System32\drivers\nvstor.sys >

< %systemroot%\system32\drivers\atapi.sys >
[2003/07/14 05:00:00 | 00,086,672 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\atapi.sys

========== Files - Unicode (All) ==========
[2009/10/13 09:56:13 | 00,000,016 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\€
[2009/10/13 09:56:13 | 00,000,016 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\€
< End of report >

Please open SystemLook

• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
netlogon.dll
iastor.sys
nvstor.sys
winlogon.exe
comres.dll
crypt32.dll
rundll32.exe
sfc.dll
svchost.exe
beep.sys
wscntfy.exe
logevent.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:12 on 20/10/2009 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "netlogon.dll"
C:\WINNT\$NtUpdateRollupPackUninstall$\netlogon.dll -----c 366864 bytes [02:11 18/03/2009] [23:24 07/04/2005] BE8FC3C74AB5212CD4067E8973764AD6
C:\WINNT\ERDNT\cache\NETLOGON.DLL --a--- 366864 bytes [03:52 15/10/2009] [11:54 08/04/2005] BE8FC3C74AB5212CD4067E8973764AD6
C:\WINNT\SoftwareDistribution\Download\546f42fcd512bfd684ff80fc83ac2033\generic\netlogon.dll --a--- 366864 bytes [22:24 07/04/2005] [22:24 07/04/2005] BE8FC3C74AB5212CD4067E8973764AD6
C:\WINNT\system32\dllcache\NETLOGON.DLL --a--c 366864 bytes [23:24 07/04/2005] [23:24 07/04/2005] BE8FC3C74AB5212CD4067E8973764AD6
C:\WINNT\system32\NETLOGON.DLL ------ 366864 bytes [11:54 08/04/2005] [11:54 08/04/2005] BE8FC3C74AB5212CD4067E8973764AD6

Searching for "iastor.sys"
No files found.

Searching for "nvstor.sys"
No files found.

Searching for "winlogon.exe"
C:\WINNT\$NtUpdateRollupPackUninstall$\winlogon.exe -----c 182544 bytes [02:11 18/03/2009] [22:59 24/08/2004] 5922E8055EB439A58EF29530D8567A40
C:\WINNT\ERDNT\cache\WINLOGON.EXE --a--- 186640 bytes [03:52 15/10/2009] [11:51 08/04/2005] BB1DAF6A5737652646D52665251A0265
C:\WINNT\system32\dllcache\WINLOGON.EXE --a--c 186640 bytes [22:25 14/03/2005] [11:51 08/04/2005] BB1DAF6A5737652646D52665251A0265
C:\WINNT\system32\WINLOGON.EXE ------ 186640 bytes [11:51 08/04/2005] [11:51 08/04/2005] BB1DAF6A5737652646D52665251A0265

Searching for "comres.dll"
No files found.

Searching for "crypt32.dll"
C:\WINNT\$NtUpdateRollupPackUninstall$\crypt32.dll -----c 543504 bytes [02:11 18/03/2009] [02:17 24/03/2004] 5A8A54892CFC110596EB34953B455D7D
C:\WINNT\system32\CRYPT32.DLL --a--- 563984 bytes [11:54 08/04/2005] [11:54 08/04/2005] 9726A08C3E529C5E6A48FFF274A32932
C:\WINNT\system32\dllcache\CRYPT32.DLL --a--c 563984 bytes [20:52 01/05/2004] [11:54 08/04/2005] 9726A08C3E529C5E6A48FFF274A32932

Searching for "rundll32.exe"
C:\WINNT\system32\dllcache\rundll32.exe --a--c 10000 bytes [12:00 14/07/2003] [12:00 14/07/2003] 1ED5274825CD1EEBBE102B9FF7C9EC31
C:\WINNT\system32\rundll32.exe --a--- 10000 bytes [12:00 14/07/2003] [12:00 14/07/2003] 1ED5274825CD1EEBBE102B9FF7C9EC31

Searching for "sfc.dll"
C:\WINNT\ERDNT\cache\sfc.dll --a--- 95024 bytes [03:52 15/10/2009] [12:00 14/07/2003] 0E1F5E9B2D00611DC9FE59EEF9487C76
C:\WINNT\system32\dllcache\sfc.dll --a--c 95024 bytes [12:00 14/07/2003] [12:00 14/07/2003] 0E1F5E9B2D00611DC9FE59EEF9487C76
C:\WINNT\system32\sfc.dll ------ 95024 bytes [12:00 14/07/2003] [12:00 14/07/2003] 0E1F5E9B2D00611DC9FE59EEF9487C76

Searching for "svchost.exe"
C:\WINNT\ERDNT\cache\svchost.exe --a--- 7952 bytes [03:52 15/10/2009] [12:00 14/07/2003] 9E64AD53CFD9DA2D22E8A924F8C6E62C
C:\WINNT\system32\dllcache\svchost.exe --a--c 7952 bytes [12:00 14/07/2003] [12:00 14/07/2003] 9E64AD53CFD9DA2D22E8A924F8C6E62C
C:\WINNT\system32\svchost.exe ------ 7952 bytes [12:00 14/07/2003] [12:00 14/07/2003] 9E64AD53CFD9DA2D22E8A924F8C6E62C

Searching for "beep.sys"
C:\WINNT\ERDNT\cache\beep.sys --a--- 4080 bytes [03:52 15/10/2009] [12:00 14/07/2003] DF012C2853281CE2BF536E8DE871C8C1
C:\WINNT\system32\dllcache\beep.sys --a--c 4080 bytes [12:00 14/07/2003] [12:00 14/07/2003] DF012C2853281CE2BF536E8DE871C8C1
C:\WINNT\system32\drivers\beep.sys ------ 4080 bytes [12:00 14/07/2003] [12:00 14/07/2003] DF012C2853281CE2BF536E8DE871C8C1

Searching for "wscntfy.exe"
No files found.

Searching for "logevent.dll"
No files found.

-=End Of File=-

Please navigate to this webpage: http://support.microsoft.com/kb/313222 and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

Try the following:

1. Please download Restore Sound by right-clicking on the link and click Save Target as (Save link as in Firefox), and save it to your desktop. Be sure to double click on it to install. Confirm the install, if necessary.
   
2. Restart your computer.
   
3. Test sound.

Did this work?

I am in trouble now.

As far as the Microsoft link, when I tried to install it it told me it only works on Vista and XP. I have 2000 Pro.
I tried to look for something similar for 2000 but I couldn't find anything.


As for the 'Restore Sound' link, when I tried to install it, it said "Are you sure you want to add the information in C:\DOCUME~1\ADMINI~1\Desktop\audiosvr.reg to the registry?"
I clicked yes and a similar window popped up and I clicked yes again, then restarted my PC.

When I restarted, before my desktop opened, I had a blue screen for like 30 seconds. This has never happened before.

Now I can't open Malware Bytes, and when I go to Add/Remove Programs the window comes up but there are no icons.

Add to that, I still have no sound either

To start the computer by using last known good configuration, follow these steps:

1. Restart the computer.
   
2. Press F8 when you receive the following message:
   Please select the operating system to start
   
   
3. In Windows Advanced Option Menu, use the arrow keys to select Last Known Good Configuration, and then press ENTER.
   
4. If you are running other operating systems on the computer, click Microsoft Windows 2000 from the list that is displayed, and then press ENTER.
   
   
   WARNING: After you start your computer by using the last
   known good configuration, changes that you made since the last
   successful startup are lost.
   

Article: http://support.microsoft.com/kb/315396

DMJ - I tried everything and did what you just posted.

I still have a 30 second blue screen before desktop loads, I still can't open Malware Bytes, I still have the WinCodecPRO icon and still no sound among other things.

I really need the sound to work the most at this point.

Let me know what you think my man, and thanks for taking your time with me.
Thank you Belahzur as well.

Do you have any recovery discs or the Windows 2000 pro cd?

I am thinking a system repair is necessary, since 2000 does not have a built-in restore feature, except for the Last Known Good Configuration you just tried.

DJM - Unfortunately I was given this computer and it had the operating system already on it, so I don't have the CD or recovery disks.

Is there anything else I can do?

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Please reply back here when you have done this, or if you had any problems.

==

The trojan has caused the blue screen, by the way. The wincodecpro trojan shoots a blue screen when you try to fix the audio.

That makes sense to me in regards to the trojan and trying to fix the audio.

I actually read on another site that it is located in the processes tab under "dejusched.exe". When I end the process the pop-ups go away, however upon restart it comes right back.


On a side note, I rebooted to Safe Mode with Networking but unfortunately I could not establish an internet connection.

Ok.

Please transfer this download from a clean computer to the infected one:

Make sure to stay in Safe Mode with Networking.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

This is my only computer. Do I have to use a different one?

It is recommended to, so you can get the download. If you are not able to access the internet, that is.

Will it work if I saved it to my desktop, and then installed it after restarting in Safe Mode?

Otherwise I will try to get online in Safe Mode again. The problem is when I open IE, it just freezes and the mouse pointer turns into the hour-glass. I didn't try FireFox though. What do you think?

DMJ - I got it to work using FireFox:

SmitFraudFix v2.424

Scan done at 22:38:46.51, Tue 10/20/2009
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINNT\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Still in Safe Mode, open the SmitfraudFix folder and double click "SmitfraudFix.cmd".
Select option #2 - Clean by typing 2 and press "Enter".
You will be prompted : "Registry cleaning - Do you want to clean the registry?", answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found), answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. If it doesn't, please restart anyway into Normal Mode. A text file will appear, with results from the cleaning process.

Please copy/paste its content into your next reply with a new HijackThis log.

(The report can also be found at the root of the system drive, usually at C:\rapport.txt)

(Warning: running option #2 on a non infected computer will remove your Desktop background.)

SmitFraudFix v2.424

Scan done at 11:53:15.48, Wed 10/21/2009
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

DMJ - On a side note I have sound now. I clicked on the speaker icon and went to properties. Under the audio tab, I clicked volume and saw that 'Wave' was turned down all the way so I turned it up. And 'Line In' was muted.

I hope it stays now.


I think i still have the trojan though.


one last thing, I cannot paste using the mouse.
Any help is greatly appreciated.

Please download comres.dll and save it to the following folder: C:\windows\system32

Note: do not open the file, just save.

NEXT


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
  
• Accept the License Agreement.
  
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
  
• The scan will take some time to finish,so please be patient.
  
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.
  

DMJ - I was able to save comres.dll to System32.


When I tried to open the link with IE it wouldn't let me. So I opened with FireFox but for some reason I am not able to copy and paste the URL over to IE. And I actually can't copy/paste anything right now.

This should let you download a separate scanner, so download the scanner from Firefox:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

I still can't open it with IE nor can I copy or paste anything at all.

What should I do?

You did not try it with Firefox? It should allow you to download a separate scanner.

DMJ - There is no 'Scan Unwanted Applications' option, however there is a scan archives option. Should I click that?

Also, what if I can't copy/paste the log here for you after completion?

Hi

Go ahead with the scan archives option.

When done, you don't have to copy and paste, but rather just type out the results you see:

Total files scanned: XXXXXX
Infected: XXXXXX

When I went to My Computer - C drive - I could not find the EsetOnlineScanner folder. And when I try to open any folder it comes up blank, no icons. However at the bottom, it says there "xx" amount of objects.
What do I do about this?


Scan results-

Scanned Files: 59765
Infected Files: 1
Cleaned Files: 1
Found = C:\Program Files\Java\jre6\bin\dejusched.exe a variant of Win32/Kryptik.AVG trojan cleaned by deleting - quarantined

How is your computer running? Are you still getting the bluescreen?

DMJ - Yes, I still get the long blue screen upon start-up. I have also noticed that if I go to Task Manger and close a program, the blue screen comes up again.

Th red icon is gone however, the sound is working and the dejusched.exe no longer comes up after restarting.
How do I know the trojan is completely gone for good?

Also, I noticed the computer is running a little slower overall and when I open important things like 'Add/Remove Programs' no icons appear on the screen, however there is plain text at the top of the screen that says "Change or Remove ProgramsAdd New ProgramsAdd/Remove Windows ComponentsSet Program Access and Defaults" exactly as I typed it. The text is not clickable however.

I am also still unable to use copy/paste.

DMJ - I ran a Spyware Termintor scan and this is the scan report:

Logfile of Spyware Terminator v2.6.1.239 (db:3.010.013.000)
Scan Time: 10/22/2009 3:03:52 PM length: 160 s
Platform: W2K (5.0.0.2195)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 46697 (Critical:6)
Filter: No System items, No Safe items, No Invalid items

Running Processes
csrss.exe [Microsoft Corporation] : C:\WINNT\system32\csrss.exe
lsass.exe [Microsoft Corporation] : C:\WINNT\system32\lsass.exe
AOLAcsd.exe [AOL LLC] : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
DefWatch.exe [Symantec Corporation] : C:\Program Files\Symantec AntiVirus\DefWatch.exe
LxrSII1s.exe : C:\WINNT\system32\LxrSII1s.exe
rtvscan.exe [Symantec Corporation] : C:\Program Files\NavNT\rtvscan.exe
stisvc.exe [Microsoft Corporation] : C:\WINNT\system32\stisvc.exe
Rtvscan.exe [Symantec Corporation] : C:\Program Files\Symantec AntiVirus\Rtvscan.exe
wanmpsvc.exe [America Online, Inc.] : C:\WINNT\wanmpsvc.exe
WZQKPICK.EXE [WinZip Computing, S.L.] : C:\Program Files\WinZip\WZQKPICK.EXE

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain = RobertsonDX.com

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AIM : [America Online, Inc.] : C:\Program Files\AIM95\aim.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, VTPreset : [S3 Graphics, Inc.] : C:\WINNT\system32\VTPreset.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HostManager : [AOL LLC] : C:\Program Files\Common Files\AOL\1255452910\ee\AOLSoftware.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe ARM : [Adobe Systems Incorporated] : C:\Program Files\Common Files\ADOBE\ARM\1.0\ADOBEARM.EXE
04 - Startup: %STARTUPALL%\WinZip Quick Pick.lnk [WinZip Computing, S.L.] : C:\Program Files\WinZip\WZQKPICK.EXE

Shell Extensions
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\WINNT\system32\mmsys.cpl
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - [Microsoft Corporation] : C:\WINNT\system32\shscrap.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - [Hilgraeve, Inc.] : C:\WINNT\system32\hticons.dll
Scheduling UI icon handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - [Microsoft Corporation] : C:\WINNT\system32\mstask.dll
Scheduling UI property sheet handler - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - [Microsoft Corporation] : C:\WINNT\system32\mstask.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - [Microsoft Corporation] : C:\WINNT\system32\mstask.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll
VpshellEx Class - {BDA77241-42F6-11d0-85E2-00AA001FE28C} - [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
Channel - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - [Microsoft Corporation] : C:\WINNT\system32\cdfview.dll
Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - [Microsoft Corporation] : C:\WINNT\system32\cdfview.dll
Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - [Microsoft Corporation] : C:\WINNT\system32\cdfview.dll
Channel Menu Handler Object - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - [Microsoft Corporation] : C:\WINNT\system32\cdfview.dll
Channel Shortcut Property Pages - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - [Microsoft Corporation] : C:\WINNT\system32\cdfview.dll
Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\wzshlstb.dll
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\wzshlstb.dll
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\wzshlstb.dll
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\wzshlstb.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll

Shell Service Objects
- {WebCheck} - [Microsoft Corporation] : C:\WINNT\system32\webcheck.dll

Protocol Handler
Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

Services
23 - [Arcsoft, Inc.] : C:\WINNT\system32\drivers\Afc.sys
23 - [AOL LLC] : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
23 - [Microsoft Corporation] : C:\WINNT\system32\DRIVERS\cdrom.sys
23 - [Symantec Corporation] : C:\Program Files\Symantec AntiVirus\DefWatch.exe
23 - [Microsoft Corporation] : C:\WINNT\system32\DRIVERS\disk.sys
23 - [VERITAS Software Corp.] : C:\WINNT\system32\drivers\dmio.sys
23 - [VERITAS Software Corp.] : C:\WINNT\system32\drivers\dmload.sys
23 - [VIA Technologies, Inc.] : C:\WINNT\system32\DRIVERS\fetnd5b.sys
23 - [Microsoft Corporation] : C:\WINNT\system32\DRIVERS\flpydisk.sys
23 - : C:\WINNT\system32\Drivers\LxrSII1d.sys
23 - : C:\WINNT\system32\LxrSII1s.exe
23 - [Symantec Corporation] : C:\Program Files\NavNT\rtvscan.exe
23 - [Parallel Technologies, Inc.] : C:\WINNT\system32\DRIVERS\ptilink.sys
23 - [S3 Graphics, Inc.] : C:\WINNT\system32\DRIVERS\s3gnbm.sys
23 - [Symantec Corporation] : C:\Program Files\Symantec AntiVirus\savrt.sys
23 - [Symantec Corporation] : C:\Program Files\Symantec AntiVirus\Savrtpel.sys
23 - : C:\WINNT\system32\SetupNT.sys
23 - [Symantec Corporation] : C:\Program Files\Symantec AntiVirus\Rtvscan.exe
23 - [Symantec Corporation] : C:\WINNT\system32\Drivers\SYMTDI.SYS
23 - [VIA Technologies, Inc.] : C:\WINNT\system32\DRIVERS\viaagp1.sys
23 - [VIA Technologies, Inc.] : C:\WINNT\system32\DRIVERS\viaide.sys
23 - [VIA Technologies, Inc.] : C:\WINNT\system32\drivers\vinyl97.sys
23 - [VIA Technologies, Inc.] : C:\WINNT\system32\DRIVERS\videX32.sys
23 - [VIA Technologies, Inc.] : C:\WINNT\system32\Drivers\vulfnth.sys
23 - [VIA Technologies, Inc.] : C:\WINNT\system32\Drivers\vulfntr.sys
23 - [America Online, Inc.] : C:\WINNT\system32\DRIVERS\wanatw4.sys
23 - [America Online, Inc.] : C:\WINNT\wanmpsvc.exe

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon, DLLName : [Symantec Corporation] : C:\WINNT\system32\NavLogon.dll

Threat Files
: C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe
: C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
: C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe
: C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\restart.exe
: C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe

Advanced Files Report
%SYSDIR%\csrss.exe [Microsoft Corporation] [Microsoft(R) Windows (R) 2000 Operating System] MD5=6533392C5AF4BF5C7FF12E453DD59AE5 SIZE=5392
%SYSDIR%\NavLogon.dll [Symantec Corporation] [Symantec AntiVirus] MD5=0C08E4D83ED6DDF9DB4D683ADC03AE35 SIZE=83272
%SYSDIR%\lsass.exe [Microsoft Corporation] [Microsoft(R) Windows (R) 2000 Operating System] MD5=F19D0A319AB4BF5496F08807CB9B8651 SIZE=33552
%COMMONFILES%\AOL\ACS\AOLAcsd.exe [AOL LLC] [AOL Connectivity Service] MD5=85180CF88C5EBAD73B452A43A004CA51 SIZE=46640
%COMMONFILES%\AOL\ACS\AOLacsd.dll [AOL LLC] [AOL Connectivity Service] MD5=386914F677F489C8AFCB1ED53092968B SIZE=1267072
%COMMONFILES%\AOL\ACS\xpat.dll [AOL LLC] [AOL Connectivity Service] MD5=4B8FF89DCC1AB4ACA9B6B2A0B3814131 SIZE=124288
%COMMONFILES%\AOL\ACS\ACSMDiag.dll [AOL LLC] [AOL Connectivity Service] MD5=A9FFC3CDCD2785D11B9460509B056413 SIZE=87424
%COMMONFILES%\AOL\AOLDiag\tbdiag.dll [AOL LLC] [AOL Diagnostics] MD5=15B9CC21717F3CD0F660AF315521E3C0 SIZE=106496
%COMMONFILES%\AOL\ACS\AcsCmn.dll [AOL LLC] [AOL Connectivity Service] MD5=A78F8B9BDD0027D17FB5BA5179944122 SIZE=206208
%PROGRAMFILES%\Symantec AntiVirus\DefWatch.exe [Symantec Corporation] [Symantec AntiVirus] MD5=626534AD71DAB174C4524214A9E8BB89 SIZE=30024
%SYSDIR%\LxrSII1s.exe MD5=5BEF7E9D23F65C50C63E31DD3D154D0F SIZE=53248
%PROGRAMFILES%\NavNT\rtvscan.exe [Symantec Corporation] [Norton AntiVirus] MD5=4739C7C6BD87EFFF6F033DD7DB3A4DBD SIZE=454656
%PROGRAMFILES%\NavNT\Dec2.dll [Symantec Corporation] [File Decomposer] MD5=98832FAEBAC2DD075A5BEE10A40C7996 SIZE=28672
%PROGRAMFILES%\NavNT\Dec2ARJ.dll [Symantec Corporation] [File Decomposer] MD5=1B057D4B77C531E9365432BE12183518 SIZE=36864
%PROGRAMFILES%\NavNT\Dec2ID.dll [Symantec Corporation] [File Decomposer] MD5=0A01D73DC5B01C2ECED669AB6EA9FF03 SIZE=32768
%PROGRAMFILES%\NavNT\Dec2LHA.dll [Symantec Corporation] [File Decomposer] MD5=03D76A7AF332CF5CB5D46D9D9B1C5712 SIZE=32768
%PROGRAMFILES%\NavNT\SymLHA.dll [Symantec Corporation] [File Decomposer] MD5=DF43252DA73119EB89445FD97968CDAF SIZE=65536
%PROGRAMFILES%\NavNT\Dec2LZ.dll [Symantec Corporation] [File Decomposer] MD5=DEEC530F1CAECB18CDE0A07F2E79740A SIZE=28672
%PROGRAMFILES%\NavNT\Dec2MIME.dll [Symantec Corporation] [File Decomposer] MD5=F3825A0C65CDEA115C67213C34065F3B SIZE=69632
%PROGRAMFILES%\NavNT\Dec2Zip.dll [Symantec Corporation] [File Decomposer] MD5=9FBCDB58DE1F49D19DED54934299973F SIZE=159744
%PROGRAMFILES%\NavNT\Dec2AMG.dll [Symantec Corporation] [File Decomposer] MD5=5A021E190AB14F3D334883CD6325CB8F SIZE=32768
%PROGRAMFILES%\NavNT\SYMAMG32.DLL [Symantec Corporation with portions by FUJITSU DEVICES INC.] [File Decomposer] MD5=CA3BBE4BCA1DD3337EADC749D5AA2875 SIZE=86016
%PROGRAMFILES%\NavNT\Dec2UUE.dll [Symantec Corporation] [File Decomposer] MD5=C9AFB092BF8CE173D6437A287CEDDFAE SIZE=36864
%PROGRAMFILES%\NavNT\Dec2SS.dll [Symantec Corporation] [File Decomposer] MD5=686B0036E2FA05B83BF3FB6EB2BFCBD6 SIZE=36864
%PROGRAMFILES%\NavNT\Dec2RTF.dll [Symantec Corporation] [File Decomposer] MD5=E0B6A5743555C95DECA6654FB326728C SIZE=53248
%SYSDIR%\CBA.DLL [Intel Corporation] [Intel Common Base Agent] MD5=9494FB92DD9687E00EDFF2877B39C44F SIZE=28723
%SYSDIR%\MsgSys.dll [Intel Corporation] [Intel Common Base Agent] MD5=E57541455E4900F58F9A8F063FFAF7A8 SIZE=41017
%SYSDIR%\NTS.dll [Intel Corporation] [Intel Common Base Agent] MD5=094AA945FABE34A4479AB3F59FB93FD6 SIZE=77875
%SYSDIR%\PDS.DLL [Intel Corporation] [Intel Common Base Agent] MD5=8B3D49D23FFD30609433DFD0790FA1AB SIZE=65590
%PROGRAMFILES%\NavNT\NAVLU.dll [Symantec Corporation] [Norton AntiVirus] MD5=EFD65F824C5793D8866899EC18908FEC SIZE=61440
%PROGRAMFILES%\NavNT\NAVNTUTL.DLL [Symantec/Peter Norton Group] [Norton AntiVirus] MD5=4005D24EA0CC89426F997A406EA359D0 SIZE=49152
%PROGRAMFILES%\NavNT\I2ldvp3.dll [Symantec Corporation] [Norton AntiVirus] MD5=06A5A7C481B20634BB652123000FFD44 SIZE=262144
%PROGRAMFILES%\NavNT\NAVAPI32.DLL [Symantec Corp.] [NAVAPI] MD5=46C0727A12254A74AF062E09A581A686 SIZE=196608
%PROGRAMFILES%\Symantec AntiVirus\NotesExt.dll [Symantec Corporation] [Symantec AntiVirus] MD5=2B158263F632D040E297CB1B0C3B7FEC SIZE=103776
%PROGRAMFILES%\Symantec AntiVirus\vpmsece2.dll [Symantec Corporation] [Symantec AntiVirus] MD5=CA88FAB57915678410B51CAD917987D0 SIZE=79200
%PROGRAMFILES%\Symantec AntiVirus\SAVRT32.DLL [Symantec Corporation] [Symantec AntiVirus AutoProtect] MD5=643A1C8AD3938D8855F507FBCD82192C SIZE=218344
%SYSDIR%\stisvc.exe [Microsoft Corporation] [Microsoft(R) Windows (R) 2000 Operating System] MD5=B75235626B950FF821146555C612F814 SIZE=61712
%SYSDIR%\essiscnb.dll [SEIKO EPSON CORP.] [User mode Mini Drv.] MD5=A87596C7BB6AEFBC1D2F18E5B0B121F2 SIZE=53248
%SYSDIR%\JSCPL32.CPL [JetFax, Inc.] [JetSuite] MD5=C9EA673C226F6525383526C8BFBE831E SIZE=20480
%PROGRAMFILES%\Symantec AntiVirus\Rtvscan.exe [Symantec Corporation] [Symantec AntiVirus] MD5=825349E7566B49E583399CA821D3436A SIZE=1267024
%PROGRAMFILES%\Symantec AntiVirus\NAVLU.dll [Symantec Corporation] [Symantec AntiVirus] MD5=667D0CF09C8601670F55214C11902CFC SIZE=58688
%PROGRAMFILES%\Symantec AntiVirus\I2ldvp3.dll [Symantec Corporation] [Symantec AntiVirus] MD5=F370FFC0566F590661BE9AD347950689 SIZE=243024
%PROGRAMFILES%\Symantec AntiVirus\ecmldr32.DLL [Symantec Corp.] [ECOM Loader] MD5=E8753779E5996465C7C50C8E988CED7B SIZE=42160
%PROGRAMFILES%\Symantec AntiVirus\NAVNTUTL.DLL [Symantec Corporation] [Symantec AntiVirus] MD5=26902C9A91BD545E75CFEC121B463AD0 SIZE=83280
%COMMONFILES%\Symantec Shared\VirusDefs\20090927.002\ECMSVR32.DLL [Symantec Corporation] [ECOM Server] MD5=605B554657988C0FDD77B9F226F4D8B3 SIZE=259440
%PROGRAMFILES%\Symantec AntiVirus\IMail.dll [Symantec Corporation] [Symantec AntiVirus] MD5=7D7866CD8D8F4F00055440FE76829FAD SIZE=54624
%PROGRAMFILES%\Symantec AntiVirus\DecSDK.dll [Symantec Corporation] [File Decomposer] MD5=27D41D4C58773720A9DE6B33CCA49459 SIZE=62576
%PROGRAMFILES%\Symantec AntiVirus\Dec2.dll [Symantec Corporation] [File Decomposer] MD5=101034E60AC4261D62EB0A4D5529D789 SIZE=91248
%COMMONFILES%\Symantec Shared\SSC\scandlgs.dll [Symantec Corporation] [Symantec AntiVirus] MD5=FA901A32534493312A5D2356AA1619A8 SIZE=238920
%PROGRAMFILES%\Symantec AntiVirus\Dec2ID.dll [Symantec Corporation] [File Decomposer] MD5=52861AA69224759B7FFEC70ABE4EBFD1 SIZE=54384
%PROGRAMFILES%\Symantec AntiVirus\Dec2ZIP.dll [Symantec Corporation] [File Decomposer] MD5=BEF9C387487B1E98BFB9FD85F7CABC09 SIZE=242800
%PROGRAMFILES%\Symantec AntiVirus\Dec2SS.dll [Symantec Corporation] [File Decomposer] MD5=87749B38351738BEAA3F28EA8B562EB6 SIZE=91248
%PROGRAMFILES%\Symantec AntiVirus\Dec2GZIP.dll [Symantec Corporation] [File Decomposer] MD5=B8155ECFDC90FB82780E1ED85396730C SIZE=99440
%PROGRAMFILES%\Symantec AntiVirus\Dec2CAB.dll [Symantec Corporation] [File Decomposer] MD5=78B86C519F4741840945726E67D4D810 SIZE=78960
%PROGRAMFILES%\Symantec AntiVirus\Dec2LHA.dll [Symantec Corporation] [File Decomposer] MD5=46E2BC1188B472B7D649DBC6E8D438BD SIZE=103536
%PROGRAMFILES%\Symantec AntiVirus\Dec2ARJ.dll [Symantec Corporation] [File Decomposer] MD5=1D91F58C5656263485517D95E3E5F5AE SIZE=66672
%PROGRAMFILES%\Symantec AntiVirus\Dec2TNEF.dll [Symantec Corporation] [File Decomposer] MD5=107DE2F99574CEEF274272FAC9D6059B SIZE=91248
%PROGRAMFILES%\Symantec AntiVirus\Dec2LZ.dll [Symantec Corporation] [File Decomposer] MD5=D169C16197CBA60D818E6C1EFE3F13AA SIZE=58480
%PROGRAMFILES%\Symantec AntiVirus\Dec2AMG.dll [Symantec Corporation] [File Decomposer] MD5=34602AB003647BD5B9F9D15FE64D38E2 SIZE=119920
%PROGRAMFILES%\Symantec AntiVirus\Dec2TAR.dll [Symantec Corporation] [File Decomposer] MD5=8127C7FA19F08ACD02D5B7DAAFBD29E7 SIZE=66672
%PROGRAMFILES%\Symantec AntiVirus\Dec2RTF.dll [Symantec Corporation] [File Decomposer] MD5=E9E9CADD178BCA45B0C9F9C1BE25D601 SIZE=83056
%PROGRAMFILES%\Symantec AntiVirus\Dec2Text.dll [Symantec Corporation] [File Decomposer] MD5=10E519278FCDD2B6F0DF4AC691EF00AA SIZE=234608
%WINDIR%\wanmpsvc.exe [America Online, Inc.] [America Online] MD5=909F2DC0DA7F57D229A05EE90647B2C3 SIZE=65536
%PROGRAMFILES%\Symantec AntiVirus\Cliproxy.dll [Symantec Corporation] [Symantec AntiVirus] MD5=B2F2D28775B2EDD411820BCCE427CFA9 SIZE=267600
%COMMONFILES%\Symantec Shared\ccVrTrst.dll [Symantec Corporation] [Common Client] MD5=F46E041719DAB3A776CBD98D15B3BDBD SIZE=115832
%PROGRAMFILES%\WinZip\WZQKPICK.EXE [WinZip Computing, S.L.] [WinZip] MD5=C4C3DB5E3310AC76A8591EF04B765722 SIZE=525640
%SYSDIR%\mmsys.cpl [Microsoft Corporation] [Microsoft(R) Windows (R) 2000 Operating System] MD5=5DEE527242825EF0D7E10B437FD8D843 SIZE=303888
%SYSDIR%\shscrap.dll [Microsoft Corporation] [Microsoft(R) Windows (R) 2000 Operating System] MD5=E5FB42346CCD9B9E7E45ADD3907617BF SIZE=23312
%SYSDIR%\hticons.dll [Hilgraeve, Inc.] [Microsoft(R) Windows (R) 2000 Operating System] MD5=7F985035801423B97250F694961C5A36 SIZE=21776
%SYSDIR%\mstask.dll [Microsoft Corporation] [Microsoft Windows Task Scheduler] MD5=C4B3D1C42EEFE4EE910AD72149FEE516 SIZE=218896
%SYSDIR%\webcheck.dll [Microsoft Corporation] [Microsoft Windows Operating System] MD5=F2786DC35401FCEB401A0F5810E22AB6 SIZE=258048
%COMMONFILES%\Symantec Shared\SSC\vpshell2.dll [Symantec Corporation] [Symantec AntiVirus] MD5=E13F3B595F537B4E71777A3EB236FB18 SIZE=46288
%SYSDIR%\cdfview.dll [Microsoft Corporation] [Microsoft Windows Operating System] MD5=F2556683EBB530F12AC504750102912F SIZE=143360
%COMMONFILES%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Microsoft Corporation] [SharePoint Portal Server] MD5=32E82A0C6D4272407DC8547354EFA42B SIZE=1293008
%PROGRAMFILES%\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=283926C9F1D6C0EC263962F684F502A1 SIZE=33120
%PROGRAMFILES%\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=EEFF9EB53DE2111DEC77E7C9E8D090F0 SIZE=236384
%PROGRAMFILES%\WinZip\wzshlstb.dll [WinZip Computing LP] [WinZip] MD5=E819E2D346B943F9562436E1ABB50EAE SIZE=5120
%PROGRAMFILES%\WinRAR\rarext.dll MD5=023707D932BA31314210E6844D33D500 SIZE=129024
%SYSDIR%\drivers\Afc.sys [Arcsoft, Inc.] [Arcsoft(R) ASPI Shell] MD5=A7B8A3A79D35215D798A300DF49ED23F SIZE=11776
%SYSDIR%\DRIVERS\cdrom.sys [Microsoft Corporation] [Microsoft(R) Windows (R) 2000 Operating System] MD5=4B86A90A7F0095D514D22A9083826488 SIZE=27984
%SYSDIR%\DRIVERS\disk.sys [Microsoft Corporation] [Microsoft(R) Windows (R) 2000 Operating System] MD5=322B9A3774DBF119F6635A476B0EB058 SIZE=30768
%SYSDIR%\drivers\dmio.sys [VERITAS Software Corp.] [VERITAS NT Disk Manager] MD5=6B35BFDBDBC247113852F18BF0F10E3C SIZE=137936
%SYSDIR%\drivers\dmload.sys [VERITAS Software Corp.] [Logical Disk Manager for Windows NT] MD5=3F1701FFA97AB012685ABC8A2D6FCE22 SIZE=7312
%SYSDIR%\DRIVERS\fetnd5b.sys [VIA Technologies, Inc.] [VIA Rhine Family Fast Ethernet Adapter] MD5=A306E75D699DA98D0F9286B4E268661D SIZE=41984
%SYSDIR%\DRIVERS\flpydisk.sys [Microsoft Corporation] [Microsoft(R) Windows (R) 2000 Operating System] MD5=6CA845333DA54F27A8657BE7EE0B600D SIZE=19312
%SYSDIR%\Drivers\LxrSII1d.sys MD5=DB7F488269290A8C1907602B7F4C213D SIZE=70016
%SYSDIR%\DRIVERS\ptilink.sys [Parallel Technologies, Inc.] [Microsoft(R) Windows (R) 2000 Operating System] MD5=B78775F217255F786C2E8DBE4334E413 SIZE=17680
%SYSDIR%\DRIVERS\s3gnbm.sys [S3 Graphics, Inc.] [S3 ProSavage(DDR) & Twister Miniport Driver] MD5=5CF6EA833EBD3CF79573E6960F4B9E0B SIZE=167168
%PROGRAMFILES%\Symantec AntiVirus\savrt.sys [Symantec Corporation] [Symantec AntiVirus AutoProtect] MD5=C8023BE4DDA22A52CD2F60D9CB9B3985 SIZE=301200
%PROGRAMFILES%\Symantec AntiVirus\Savrtpel.sys [Symantec Corporation] [Symantec AntiVirus AutoProtect] MD5=30547FD7692DC799A0B397B2B918A158 SIZE=37008
%SYSDIR%\SetupNT.sys MD5=549EA830A5D9EDD9CD14311126C2849B SIZE=3000
%SYSDIR%\Drivers\SYMTDI.SYS [Symantec Corporation] [Symantec Security Drivers] MD5=EC1A39493FB104D317E8271162A74B94 SIZE=263736
%SYSDIR%\DRIVERS\viaagp1.sys [VIA Technologies, Inc.] [VIA CPU to AGP2.0/AGP3.0 Controller] MD5=3369521138FB8980530DA72078DA1368 SIZE=27904
%SYSDIR%\DRIVERS\viaide.sys [VIA Technologies, Inc.] [Microsoft(R) Windows NT(R) Operating System] MD5=B2B04630FE75EF32684E854828B1F764 SIZE=6234
%SYSDIR%\drivers\vinyl97.sys [VIA Technologies, Inc.] [Vinyl AC'97 Codec Combo WDM Driver] MD5=6E6C12D1544E22D36DA77F994FD1F306 SIZE=176128
%SYSDIR%\DRIVERS\videX32.sys [VIA Technologies, Inc.] [VIA PCI IDE MINI Driver] MD5=4CC623591204ACD5FC89BD0DAD70E838 SIZE=13976
%SYSDIR%\Drivers\vulfnth.sys [VIA Technologies, Inc.] [VIA USB Host Controller Lower Filter Driver] MD5=C9A8BA443F809B70BCCCCD60CC73FA5C SIZE=6912
%SYSDIR%\Drivers\vulfntr.sys [VIA Technologies, Inc.] [VIA USB Roothub Lower Filter Driver] MD5=2D8C55889616F7767E9FB8ADEE37A02A SIZE=11392
%SYSDIR%\DRIVERS\wanatw4.sys [America Online, Inc.] [Wan Miniport (ATW)] MD5=0A716C08CB13C3A8F4F51E882DBF7416 SIZE=33588
%SYSDIR%\mscoree.dll [Microsoft Corporation] [Microsoft .NET Framework] MD5=5AB91FA45D16CF20E420C6E6F7B9FE4F SIZE=270848
%COMMONFILES%\Microsoft Shared\Web Components\10\OWC10.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=AA2204BD7F9FBFAA09EF15C212A67D69 SIZE=7255384

End of Report



What should I do about the threats?

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky.fr and save it to your Desktop.

• Please close all other applications running on your system.
  
• Please double click GetSystemInfo.exe to open it.
  
• Click the Settings button.
  
• Set it to Maximum
  
• IMPORTANT! Then please click Customize - choose Driver / Ports tab and
• Uncheck Scan Ports.
  
• Click Create Report to run it.
  
• It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.
  

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

I saved kapersky.fr to my Desktop but when I tried to open it, it said "This operating system is not supported. Please use GetSystemInfo 3.0.0.5". Then it asks "Do you want to install anyway?" So I clicked yes and it downloaded again as Zip file. However when I tried to open the Zip file, a WinZip window comes up asking me to register in order to use it.

Download and install EVEREST
Open it.
1: In left pane expand Computer folder.
2: Click once on Summary
3: In upper menu, go Report
4: And then to Quick Report-Summary
5: Save it in text file, and paste it in your next post.


DO NOT INCLUDE ANYTHING UNDER THE LINE THAT SAYS "DEBUG- PCI"

--------[ EVEREST Home Edition (c) 2003-2005 Lavalys, Inc. ]------------------------------------------------------------

Version EVEREST v2.20.405
Homepage http://www.lavalys.com/
Report Type Quick Report
Computer WS24
Generator Administrator
Operating System Microsoft Windows 2000 Professional 5.0.2195 (Win2000 Retail)
Date 2009-10-23
Time 12:35


--------[ Summary ]-----------------------------------------------------------------------------------------------------

Computer:
Operating System Microsoft Windows 2000 Professional
OS Service Pack Service Pack 4
DirectX 4.09.00.0904 (DirectX 9.0c)
Computer Name WS24
User Name Administrator

Motherboard:
CPU Type Intel Pentium 4, 2400 MHz (18 x 133)
Motherboard Name VIARAMA U8668 (Pro) (3 PCI, 1 AGP, 1 CNR, 2 SDR DIMM, 2 DDR DIMM, Audio, Video, LAN)
Motherboard Chipset VIA VT8751 Apollo P4M266
System Memory 736 MB (PC2700 DDR SDRAM)
BIOS Type Award (04/09/04)
Communication Port Communications Port (COM1)
Communication Port Printer Port (LPT1)

Display:
Video Adapter S3 Graphics ProSavageDDR (32 MB)
3D Accelerator S3 ProSavageDDR
Monitor LG L1511SK [15" LCD] (140372473)

Multimedia:
Audio Adapter VIA AC'97 Enhanced Audio Controller

Storage:
IDE Controller VIA Bus Master IDE Controller - 0571
Floppy Drive Floppy disk drive
Disk Drive WDC WD800BB-00FJA0 (74 GB, IDE)
Disk Drive EPSON Stylus Storage USB Device
Optical Drive SONY CD-ROM CDU5211 (52x CD-ROM)
SMART Hard Disks Status OK

Partitions:
C: (NTFS) 76316 MB (64823 MB free)

Input:
Keyboard Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Mouse PS/2 Compatible Mouse

Network:
Network Adapter VIA Rhine II Fast Ethernet Adapter (76.171.37.85)

Peripherals:
USB1 Controller VIA VT83C572 PCI-USB Controller
USB1 Controller VIA VT83C572 PCI-USB Controller
USB1 Controller VIA VT83C572 PCI-USB Controller
USB2 Controller VIA USB 2.0 Enhanced Host Controller
USB Device EPSON CX8300/CX8400/DX8400
USB Device USB Composite Device
USB Device USB Mass Storage Device
USB Device USB Printing Support

Please download WhoCrashed

Install program.

WHEN opened, CLICK analyze. THEN SCROLL down to Analysis, and post THE results.

rash dump directory: C:\WINNT\Minidump

Crash dumps are enabled on your computer.


No crash dumps have been found on your computer.

DMJ - I was able to find GetSystemInfo 3.0.0.5 online and I saved it to my desktop. However when I tried it open it, it just gave me an option to save it, so I saved it. When I went to the C: drive and tried to open it, it came up as a Notepad document. I tried to post it but it says the message was too big. If you want I can break it down into parts and post what came up if you think that would help.

Let me know.

Here it is just in case:

GetSystemInfo version 3.0.0.5:
------------------------------
HARDWARE Information:
---------------------
Processor:
Intel(R) Pentium(R) 4 CPU 2.40GHz 2405 MHz

Processors number:
1

BIOS:
Phoenix - AwardBIOS v6.00PG Phoenix-Award BIOS v6.00PG BIOS Date: 04/09/04

System Date:
23/10/2009 (dd/mm/yyyy)

Total phisical memory:
735,496 Mb

Total virtual memory:
2047,896 Mb

Available phisical memory:
735,496 Mb

Available virtual memory:
2016,064 Mb

Hard drives:
WDC WD800BB-00FJA0

Logical disks structure:
a:\ REMOVABLE Full size - 0 Mb, Free size - 0 Mb, File system -
c:\ fȋxed SYSTEM Full size - 76316 Mb, Free size - 64816 Mb, File system - NTFS
d:\ CDROM Full size - 76316 Mb, Free size - 64816 Mb, File system -
e:\ REMOVABLE Full size - 76316 Mb, Free size - 64816 Mb, File system -

Video adapters:
S3 Graphics ProSavageDDR
DRIVER - system32\DRIVERS\s3gnbm.sys ("c:\winnt\system32\drivers\s3gnbm.sys") File version = 6.14.10.0033-13.94.33, File size = 167168, File modification date = 13/08/2004 20:42, File description = S3 ProSavage(DDR) & Twister Miniport Driver, Product Name = S3 ProSavage(DDR) & Twister Miniport Driver, Product version = 6.14.10.0033-13.94.33, Company name = S3 Graphics, Inc. (Copyright (c) 2004 by S3 Graphics, Inc.) |-208207382|0x5cf6ea833ebd3cf79573e6960f4b9e0b|
S3 Graphics ProSavageDDR
DRIVER - system32\DRIVERS\s3gnbm.sys ("c:\winnt\system32\drivers\s3gnbm.sys") File version = 6.14.10.0033-13.94.33, File size = 167168, File modification date = 13/08/2004 20:42, File description = S3 ProSavage(DDR) & Twister Miniport Driver, Product Name = S3 ProSavage(DDR) & Twister Miniport Driver, Product version = 6.14.10.0033-13.94.33, Company name = S3 Graphics, Inc. (Copyright (c) 2004 by S3 Graphics, Inc.) |-208207382|0x5cf6ea833ebd3cf79573e6960f4b9e0b|

NetWork adapters:
VIA Rhine II Fast Ethernet Adapter
DRIVER - system32\DRIVERS\fetnd5b.sys ("c:\winnt\system32\drivers\fetnd5b.sys") File version = 3.22.00.0407, File size = 41984, File modification date = 29/07/2003 03:31, File description = NDIS 5.0 miniport driver, Product Name = VIA Rhine Family Fast Ethernet Adapter , Product version = 3.22.00.0407, Company name = VIA Technologies, Inc. (VIA Technologies, Inc. ) |1685419942|0xa306e75d699da98d0f9286b4e268661d|

Modems:

Multimedia:
Microsoft Kernel GS Wavetable Synthesizer
DRIVER - system32\drivers\swmidi.sys ("c:\winnt\system32\drivers\swmidi.sys") File version = 5.00.2195.6655, File size = 53552, File modification date = 19/06/2003 12:05, File description = Microsoft GS Wavetable Synthesizer, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |586389250|0x8c7cd06d097a59391d94b59715fca67c|
Microsoft DirectMusic SW Synth (WDM)
DRIVER - system32\drivers\DMusic.sys ("c:\winnt\system32\drivers\dmusic.sys") File version = 5.00.2166.1, File size = 51152, File modification date = 28/10/1999 15:24, File description = Microsoft DirectMusic Software Synthesizer (WDM), Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2166.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |838142286|0x3431984234b5988d4c09f043cf4cd779|
Microsoft Streaming Service Proxy
DRIVER - system32\drivers\MSKSSRV.sys ("c:\winnt\system32\drivers\mskssrv.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 7424, File modification date = 12/12/2002 08:14, File description = MS KS Server, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |369150494|0x85736f804191cb420a31aca2a7f0674f|
Microsoft Streaming Clock Proxy
DRIVER - system32\drivers\MSPCLOCK.sys ("c:\winnt\system32\drivers\mspclock.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 5248, File modification date = 12/12/2002 08:14, File description = MS Proxy Clock, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1959050085|0xe943adb93d83c5cbc0ca3f53f53b48cc|
Microsoft Kernel System Renderer
DRIVER - system32\drivers\sysaudio.sys ("c:\winnt\system32\drivers\sysaudio.sys") File version = 5.00.2195.6655, File size = 47568, File modification date = 19/06/2003 12:05, File description = System Audio WDM Filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-56662383|0x6c14d96f8c1ba929fad4ba40a29217fa|
Microsoft Kernel Audio Mixer
DRIVER - system32\drivers\kmixer.sys ("c:\winnt\system32\drivers\kmixer.sys") File version = 5.00.2195.6655, File size = 148304, File modification date = 19/06/2003 12:05, File description = Kernel Mode Audio Mixer, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1778557455|0x8e198ec9e823aa42edf45b07efe395ac|
Microsoft WINMM WDM Audio Compatibility Driver
DRIVER - system32\drivers\wdmaud.sys ("c:\winnt\system32\drivers\wdmaud.sys") File version = 5.00.2195.6655, File size = 73872, File modification date = 19/06/2003 12:05, File description = MMSYSTEM Wave/Midi API mapper, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |169788773|0x997d25513bc89614417829b5bec7c75c|
Microsoft Streaming Quality Manager Proxy
DRIVER - system32\drivers\MSPQM.sys ("c:\winnt\system32\drivers\mspqm.sys") File version = 5.00.2134.1, File size = 4816, File modification date = 25/09/1999 10:36, File description = MS Proxy Quality Manager, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |732880338|0xbb041315c9930063e5eab0bee90acff6|
Microsoft Streaming Network Raw Channel Access
DRIVER - system32\drivers\RCA.sys ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
Microsoft Streaming Network Raw Channel Access
DRIVER - system32\drivers\RCA.sys ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
Microsoft Streaming Network Raw Channel Access
DRIVER - system32\drivers\RCA.sys ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
Microsoft Streaming Network Raw Channel Access
DRIVER - system32\drivers\RCA.sys ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
Microsoft Streaming Network Raw Channel Access
DRIVER - system32\drivers\RCA.sys ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
Microsoft Streaming Network Raw Channel Access
DRIVER - system32\drivers\RCA.sys ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
Microsoft Streaming Network Raw Channel Access
DRIVER - system32\drivers\RCA.sys ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
Microsoft Streaming Network Raw Channel Access
DRIVER - system32\drivers\RCA.sys ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
Microsoft Streaming Network Raw Channel Access
DRIVER - system32\drivers\RCA.sys ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
Vinyl AC'97 Codec Combo Driver (WDM)
DRIVER - system32\drivers\vinyl97.sys ("c:\winnt\system32\drivers\vinyl97.sys") File version = 6.14.01.4090 built by: WinDDK, File size = 176128, File modification date = 01/02/2005 23:39, File description = Vinyl AC'97 Codec Combo WDM Driver, Product Name = Vinyl AC'97 Codec Combo WDM Driver, Product version = 6.14.01.4090, Company name = VIA Technologies, Inc. (Copyright (C) VIA Technologies, Inc. 1999-2004) |837740645|0x6e6c12d1544e22d36da77f994fd1f306|
BDA MPE Filter
DRIVER - system32\DRIVERS\MPE.sys ("c:\winnt\system32\drivers\mpe.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 15104, File modification date = 09/07/2004 10:58, File description = Microsoft MPE to IP Filter, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-1601554581|0x83eff7b976ae24f1a496ca94a8a19919|
BDA IPSink
DRIVER - system32\DRIVERS\StreamIP.sys ("c:\winnt\system32\drivers\streamip.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 14976, File modification date = 09/07/2004 10:58, File description = Microsoft IP Driver, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1913412072|0x4544fd0db39cb7b385a5392c068162cd|
BDA Slip De-Framer
DRIVER - system32\DRIVERS\SLIP.sys ("c:\winnt\system32\drivers\slip.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 10880, File modification date = 09/07/2004 10:58, File description = Microsoft Slip Deframing Filter Minidriver, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-6628536|0x92723fbdd30771c293fe5ed266a31ca6|
Closed Caption Decoder
DRIVER - system32\drivers\ccdecode.sys ("c:\winnt\system32\drivers\ccdecode.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 16384, File modification date = 09/07/2004 10:58, File description = WDM Closed Caption VBI Codec, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |891040427|0x1478e6a09512235b9e119d2920477021|
NABTS/FEC VBI Codec
DRIVER - system32\DRIVERS\NABTSFEC.sys ("c:\winnt\system32\drivers\nabtsfec.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 83968, File modification date = 09/07/2004 10:58, File description = WDM NABTS/FEC VBI Codec, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-41937467|0xbb1c45d114b6dab0babf6b2fb0336db2|
World Standard Teletext Codec
DRIVER - system32\DRIVERS\WSTCODEC.SYS ("c:\winnt\system32\drivers\wstcodec.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 18688, File modification date = 09/07/2004 10:58, File description = WDM WST Codec Driver, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation (Copyright (C) Philips Semiconductors. 1981-1999) |-1635136304|0x04aca6442e639a794293828e8dda7a44|
Microsoft Streaming Tee/Sink-to-Sink Converter
DRIVER - system32\drivers\MSTEE.sys ("c:\winnt\system32\drivers\mstee.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 5504, File modification date = 12/12/2002 08:14, File description = WDM Tee/Communication Transform Filter , Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1743084846|0xd5059366b361f0e1124753447af08aa2|
Microsoft Streaming Tee/Sink-to-Sink Converter
DRIVER - system32\drivers\MSTEE.sys ("c:\winnt\system32\drivers\mstee.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 5504, File modification date = 12/12/2002 08:14, File description = WDM Tee/Communication Transform Filter , Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1743084846|0xd5059366b361f0e1124753447af08aa2|
Microsoft Streaming Tee/Sink-to-Sink Converter
DRIVER - system32\drivers\MSTEE.sys ("c:\winnt\system32\drivers\mstee.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 5504, File modification date = 12/12/2002 08:14, File description = WDM Tee/Communication Transform Filter , Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1743084846|0xd5059366b361f0e1124753447af08aa2|
Microsoft Streaming Tee/Sink-to-Sink Converter
DRIVER - system32\drivers\MSTEE.sys ("c:\winnt\system32\drivers\mstee.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 5504, File modification date = 12/12/2002 08:14, File description = WDM Tee/Communication Transform Filter , Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1743084846|0xd5059366b361f0e1124753447af08aa2|

Printers:

Removable devices:
Floppy disk drive
DRIVER - system32\DRIVERS\flpydisk.sys ("c:\winnt\system32\drivers\flpydisk.sys") File version = 5.00.2195.6655, File size = 19312, File modification date = 14/07/2003 12:00, File description = Floppy Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1787644983|0x6ca845333da54f27a8657be7ee0b600d|
SONY CD-ROM CDU5211
DRIVER - system32\DRIVERS\cdrom.sys ("c:\winnt\system32\drivers\cdrom.sys") File version = 5.00.2195.6655, File size = 27984, File modification date = 14/07/2003 12:00, File description = SCSI CD-ROM Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-637534207|0x4b86a90a7f0095d514d22a9083826488|

SOFTWARE Information:
---------------------
Operation system:
Microsoft Windows 2000 Professional, 5.0.2195 Service Pack 4

Environment variables:
=::=::\
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WS24
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\WS24
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\Program Files\Mozilla Firefox;C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\Program Files\Integrad.3\MIV;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=WS24
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT

Installed network protocols:
---------clients---------
Client for Microsoft Networks
DRIVER - %SystemRoot%\system32\services.exe ("C:\WINNT\system32\services.exe") File version = 5.00.2195.7035, File size = 92944, File modification date = 08/04/2005 11:51, File description = Services and Controller app, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7035, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |2029553772|0xb861b4e6e9637eb76a40c10c552e0229|
--------protocol---------
Message-oriented TCP/IP Protocol (SMB session)
Remote Access NDIS WAN Driver
DRIVER - system32\DRIVERS\ndiswan.sys ("c:\winnt\system32\drivers\ndiswan.sys") File version = 5.00.2195.6699, File size = 93360, File modification date = 14/07/2003 12:00, File description = MS WAN Wrapper Network Driver (US/Canada Only, Not for Export), Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6699, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |649307845|0xb86a37aa73868343a9eee148fdfce1e0|
Layer 2 Tunneling Protocol
NDIS Usermode I/O Protocol
DRIVER - system32\DRIVERS\ndisuio.sys ("c:\winnt\system32\drivers\ndisuio.sys") File version = 5.00.2195.6655, File size = 11984, File modification date = 14/07/2003 12:00, File description = NDIS User mode I/O Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1892882990|0x69ecae880bdac3c288f0508df9cdeef0|
WINS Client(TCP/IP) Protocol
DRIVER - system32\DRIVERS\netbt.sys ("c:\winnt\system32\drivers\netbt.sys") File version = 5.00.2195.7006, File size = 175632, File modification date = 08/04/2005 11:51, File description = MBT Transport driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1487587570|0xa7ca87628217bbf4a6f501db65b19e9d|
Internet Protocol (TCP/IP)
DRIVER - system32\DRIVERS\tcpip.sys ("c:\winnt\system32\drivers\tcpip.sys") File version = 5.00.2195.7162, File size = 320528, File modification date = 18/06/2008 10:05, File description = TCP/IP driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7162, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1242875359|0x02fae418bd28e185a4909e5869497de5|
Point to Point Tunneling Protocol
--------services---------
Generic Packet Classifier
DRIVER - system32\DRIVERS\msgpc.sys ("c:\winnt\system32\drivers\msgpc.sys") File version = 5.00.2195.6655, File size = 34704, File modification date = 14/07/2003 12:00, File description = MS General Packet Classifier, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2116352398|0x6667d07854a3ae7715d22b82761cf0e7|
Steelhead
DRIVER - %SystemRoot%\system32\svchost.exe -k netsvcs ("C:\WINNT\system32\svchost.exe") File version = 5.00.2134.1, File size = 7952, File modification date = 14/07/2003 12:00, File description = Generic Host Process for Win32 Services, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |908098879|0x9e64ad53cfd9da2d22e8a924f8c6e62c|
QoS RSVP
DRIVER - %SystemRoot%\system32\rsvp.exe -s ("C:\WINNT\system32\rsvp.exe") File version = 5.00.2195.6663, File size = 176912, File modification date = 14/07/2003 12:00, File description = Microsoft RSVP 1.0, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6663, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |127861658|0x2a21bddb1ba9b5cd776949380ab46a76|
File and Printer Sharing for Microsoft Networks
DRIVER - %SystemRoot%\system32\services.exe ("C:\WINNT\system32\services.exe") File version = 5.00.2195.7035, File size = 92944, File modification date = 08/04/2005 11:51, File description = Services and Controller app, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7035, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |2029553772|0xb861b4e6e9637eb76a40c10c552e0229|
Dial-Up Client
Remote Access Connection Manager
DRIVER - %SystemRoot%\system32\svchost.exe -k netsvcs ("C:\WINNT\system32\svchost.exe") File version = 5.00.2134.1, File size = 7952, File modification date = 14/07/2003 12:00, File description = Generic Host Process for Win32 Services, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |908098879|0x9e64ad53cfd9da2d22e8a924f8c6e62c|
NetBIOS Interface
DRIVER - system32\DRIVERS\netbios.sys ("c:\winnt\system32\drivers\netbios.sys") File version = 5.00.2149.1, File size = 33456, File modification date = 14/07/2003 12:00, File description = NetBIOS interface driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2149.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |66866062|0x5151e6020a26bf7bc21c18fd612506bd|
Dial-Up Server
Wireless Configuration
DRIVER - %SystemRoot%\System32\svchost.exe -k netsvcs ("C:\WINNT\system32\svchost.exe") File version = 5.00.2134.1, File size = 7952, File modification date = 14/07/2003 12:00, File description = Generic Host Process for Win32 Services, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |908098879|0x9e64ad53cfd9da2d22e8a924f8c6e62c|
-----------by type----------
MSAFD Tcpip [TCP/IP]
MSAFD Tcpip [UDP/IP]
MSAFD Tcpip [RAW/IP]
RSVP UDP Service Provider
RSVP TCP Service Provider
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D6F1763D-3CAB-4C6D-BB0B-F974E2E9DC65}] SEQPACKET 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D6F1763D-3CAB-4C6D-BB0B-F974E2E9DC65}] DATAGRAM 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{51EFD6FA-542B-4EAF-B67E-08A1DB246B8E}] SEQPACKET 1
MSAFD NetBIOS [\Device\NetBT_Tcpip_{51EFD6FA-542B-4EAF-B67E-08A1DB246B8E}] DATAGRAM 1
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A124E8B-C980-4AF4-8CD2-C373C9CAD213}] SEQPACKET 2
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A124E8B-C980-4AF4-8CD2-C373C9CAD213}] DATAGRAM 2
MSAFD NetBIOS [\Device\NetBT_Tcpip_{36234031-18A0-4BCC-933F-5018269884B4}] SEQPACKET 3
MSAFD NetBIOS [\Device\NetBT_Tcpip_{36234031-18A0-4BCC-933F-5018269884B4}] DATAGRAM 3
MSAFD NetBIOS [\Device\NetBT_Tcpip_{481F1465-BFBD-4C77-A67E-2A1215BB5C42}] SEQPACKET 4
MSAFD NetBIOS [\Device\NetBT_Tcpip_{481F1465-BFBD-4C77-A67E-2A1215BB5C42}] DATAGRAM 4

Installed applications/hotfixes:
Adobe Flash Player 10 ActiveX 10.0.32.18 (Adobe Systems Incorporated)
DEINSTALLATION: C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Uninstall AOL Emergency Connect Utility 1.0
DEINSTALLATION: C:\Program Files\Common Files\AOL\ECU\uninst.exe
AOL Instant Messenger (SM)
DEINSTALLATION: C:\PROGRA~1\AIM95\uninstll.exe -LOG= C:\PROGRA~1\AIM95\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove)
DEINSTALLATION: C:\Program Files\Common Files\AOL\uninstaller.exe
Canon Camera Window DC_DV 5 for ZoomBrowser EX 5.4.5.17
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX 6.4.0.9
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX 6.3.0.8
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder 1.1.0.4
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CCleaner (remove only) (Piriform)
DEINSTALLATION: "C:\Program Files\CCleaner\uninst.exe"
Canon Camera Support Core Library 7.3.1.6
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Utilities EOS Utility 1.1.0.8
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
EPSON Printer Software (SEIKO EPSON Corporation)
DEINSTALLATION: C:\WINNT\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan
DEINSTALLATION: C:\Program Files\epson\escndv\setup\setup.exe /r
ESET Online Scanner v3
DEINSTALLATION: C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
EVEREST Home Edition v2.20 2.20 (Lavalys Inc)
DEINSTALLATION: "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Internet Explorer Exception pack
DEINSTALLATION: "C:\Program Files\Internet Explorer\W2K\expinst.exe" /EU ieexinst.inf
Free Window Registry Repair
DEINSTALLATION: C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG
HijackThis 2.0.2 2.0.2 (TrendMicro)
DEINSTALLATION: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Explorer ReadMe
DEINSTALLATION: rundll32 advpack.dll,LaunchINFSectionEx C:\WINNT\INF\iereadme.inf,,,256
VIA Platform Device Manager (English) 1.34, installation data=20091019 (VIA Technologies, Inc.)
DEINSTALLATION: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Canon Camera TWAIN Driver 6.7 (English) 6.7.1, installation data=20080605 (Canon)
DEINSTALLATION: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6D63A7D5-ACD1-4322-B1A6-52C9E530040D} /l1033
Hotfix for MDAC 2.53 (KB927779) 1, installation data=20090318 (Microsoft Corporation)
DEINSTALLATION: "C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe"
LimeWire 4.16.6 4.16.6 (Lime Wire, LLC)
DEINSTALLATION: "C:\Program Files\LimeWire\uninstall.exe"
Microsoft .NET Framework 2.0 (Microsoft Corporation)
DEINSTALLATION: C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Live Meeting (Microsoft)
DEINSTALLATION: C:\Program Files\Microsoft Office\Live Meeting\Quicksilver\quicksilver.exe -UALL
Canon MovieEdit Task for ZoomBrowser EX 2.4.0.14
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Mozilla Firefox (2.0.0.20) 2.0.0.20 (en-US) (Mozilla)
DEINSTALLATION: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Windows Installer 3.0 (KB884016) 3.0 (Microsoft Corporation)
DEINSTALLATION: C:\WINNT\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
ProSavageDDR and Utilities
DEINSTALLATION: C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
Pdf995
DEINSTALLATION: C:\Program Files\pdf995\setup.exe uninstall
Canon Utilities PhotoStitch 3.1.19.43
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Microsoft Digital Image Suite 10 (English) 10.0.0612 (Microsoft Corporation)
DEINSTALLATION: "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE
Windows 2000 Hotfix (SP5) Q818043 20030501.174006 (Microsoft Corporation)
DEINSTALLATION: C:\WINNT\$NtUninstallQ818043$\spuninst\spuninst.exe
Windows Media Player Hotfix [See Q828026 for more information] (Microsoft Corporation)
DEINSTALLATION: C:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
Canon RAW Image Task for ZoomBrowser EX 2.6.0.13
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
RealPlayer (RealNetworks)
DEINSTALLATION: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Canon RemoteCapture Task for ZoomBrowser EX 1.7.0.8
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
S3Display
DEINSTALLATION: s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2
DEINSTALLATION: s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2
DEINSTALLATION: s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay
DEINSTALLATION: s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
EPSON CX8400 User's Guide
DEINSTALLATION: C:\Program Files\epson\guide\cx8400_e\uninstall.exe
SopCast 3.0.3 3.0.3 (SopCast.com)
DEINSTALLATION: C:\Program Files\SopCast\uninst.exe
Spyware Terminator 2.6.1.239, installation data=20091013 (Crawler Inc.)
DEINSTALLATION: "C:\Program Files\Spyware Terminator\unins000.exe"
TeamViewer 4 4.1.6911 (TeamViewer GmbH)
DEINSTALLATION: C:\Program Files\TeamViewer\Version4\uninstall.exe
TVUPlayer 2.3.0.0 2.3.0.0 (TVU networks, Inc.)
DEINSTALLATION: C:\Program Files\TVUPlayer\uninst.exe
Update Rollup 1 for Windows 2000 SP4 20050809.32623 (Microsoft Corporation)
DEINSTALLATION: "C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
VIA Audio Driver Setup Program
DEINSTALLATION: RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINNT\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
Viewpoint Media Player (Remove Only)
DEINSTALLATION: C:\Program Files\Viewpoint\Viewpoint Experience Technology\\mtsAxInstaller.exe /u
WhoCrashed 1.01, installation data=20091023 (Resplendence Software Projects Sp.)
DEINSTALLATION: "C:\Program Files\WhoCrashed\unins000.exe"
Windows Live OneCare safety scanner
DEINSTALLATION: RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
WinRAR archiver
DEINSTALLATION: C:\Program Files\WinRAR\uninstall.exe
Windows Media Player system update (9 Series)
DEINSTALLATION: C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
Canon Utilities ZoomBrowser EX 5.8.0.74
DEINSTALLATION: "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Microsoft Office Live Meeting 2005 (English) 7.4.2121.3, installation data=20051213 (Microsoft Corporation)
DEINSTALLATION: MsiExec.exe /I{007F4F0A-CC46-4C8F-A2AE-26E802625BF3}
Macromedia Flash Player (English) 7.0.19.0, installation data=20051102 (Macromedia, Inc.)
DEINSTALLATION: MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
ArcSoft Print Creations (ArcSoft)
DEINSTALLATION: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
Platform (English) 1.34, installation data=20091019 (VIA Technologies, Inc.)
EPSON Stylus CX8400 Series Scanner Driver Update
DEINSTALLATION: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
Java(TM) 6 Update 16 (English) 6.0.160, installation data=20091014 (Sun Microsystems, Inc.)
DEINSTALLATION: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
QuickBooks Pro Edition 2004
DEINSTALLATION: C:\Program Files\Installshield Installation Information\{2b02f822-a9b9-458c-80e5-3ea8c0de8471}\QBReplace.exe {2b02f822-a9b9-458c-80e5-3ea8c0de8471}#{2B02F82E-A9B9-458C-80E5-3EA8C0DE8471}
Microsoft Easy Assist v2 (English) 8.1.6416.0, installation data=20091014 (Microsoft Corporation)
DEINSTALLATION: MsiExec.exe /I{326957C7-83FD-4550-A59A-849B7B4297DE}
Microsoft Digital Image Library 10 (English) 10.0.0612, installation data=20040922 (Microsoft Corporation)
Microsoft Digital Image Pro 10 (English) 10.0.0612, installation data=20040922 (Microsoft Corporation)
TaxCut California 2007 (English) 1.07.6601, installation data=20080414 (H&R Block Digital Tax Solutions LLC.)
DEINSTALLATION: MsiExec.exe /X{5FF4A578-4588-4ACF-8317-7191FC45F3E1}
Remote Desktop Connection (English) 5.1.2600.0, installation data=20040501 (Microsoft)
DEINSTALLATION: MsiExec.exe /X{60B9A48D-559E-43FA-8F28-D657190E4E52}
Canon Camera TWAIN Driver (English) 6.7.1, installation data=20080605 (Canon)
WebFldrs (English) 9.50.7522, installation data=20040501 (Microsoft Corporation)
Microsoft .NET Framework 2.0 (English) 2.0.50727, installation data=20091019 (Microsoft Corporation)
VC80CRTRedist - 8.0.50727.762 (English) 1.0.0, installation data=20090513 (DivX, Inc)
DEINSTALLATION: MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Symantec AntiVirus (English) 9.0.110, installation data=20080211 (Symantec Corporation)
DEINSTALLATION: MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
QFolder (English) 1.00.0000, installation data=20060727 (Hewlett-Packard)
Microsoft Silverlight (English) 2.0.40115.0, installation data=20090612 (Microsoft Corporation)
DEINSTALLATION: MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Compatibility Pack for the 2007 Office system (English) 12.0.6021.5000, installation data=20091008 (Microsoft Corporation)
DEINSTALLATION: MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 (English) 11.0.8173.0, installation data=20091008 (Microsoft Corporation)
DEINSTALLATION: MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Digital Image Library 9 - Blocker 9.00.0000 (Microsoft Corporation)
Adobe Reader 9.2 (English) 9.2.0, installation data=20091014 (Adobe Systems Incorporated)
DEINSTALLATION: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Palm (English) 4.1.0420, installation data=20051123 (Palm, Inc.)
DEINSTALLATION: MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
DivX Web Player 1.4.3 (DivX,Inc.)
DEINSTALLATION: C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Norton AntiVirus Corporate Edition (English) 7.6.0.0000, installation data=20040501 (Symantec Corporation)
DEINSTALLATION: MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
WinZip 12.1 (English) 12.1.8519, installation data=20091014 (WinZip Computing, S.L. )
DEINSTALLATION: MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
ArcSoft PhotoImpression 6 (English) 6, installation data=20090326 (ArcSoft)
DEINSTALLATION: C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly

Runned drivers:
system32\DRIVERS\asyncmac.sys - stopped (demand) ("c:\winnt\system32\drivers\asyncmac.sys") File version = 5.00.2195.6655, File size = 17840, File modification date = 14/07/2003 12:00, File description = MS Remote Access serial network driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1399398665|0x5d3d77c9eb3a8e6a14cc8e1252b6cc5c|
system32\DRIVERS\atmarpc.sys - stopped (demand) ("c:\winnt\system32\drivers\atmarpc.sys") File version = 5.00.2166.1, File size = 57904, File modification date = 14/07/2003 12:00, File description = IP/ATM Arp Client, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2166.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |418487622|0x3e348b3313ea633d45caf59da0d631ba|
\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys - stopped (demand)
system32\drivers\ccdecode.sys - stopped (demand) ("c:\winnt\system32\drivers\ccdecode.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 16384, File modification date = 09/07/2004 10:58, File description = WDM Closed Caption VBI Codec, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |891040427|0x1478e6a09512235b9e119d2920477021|
System32\drivers\dmboot.sys - stopped (disabled) ("c:\winnt\system32\drivers\dmboot.sys") File version = 2195.6655.297.3, File size = 369104, File modification date = 14/07/2003 12:00, File description = NT Disk Manager Startup Driver, Product Name = VERITAS NT Disk Manager, Product version = 1.0, Company name = VERITAS Software Corp. (Copyright 1990-1997 VERITAS Software Corporation. ALL RIGHTS RESERVED. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES. USE OF A COPYRIGHT NOTICE IS PRECAUTIONARY ONLY AND DOES NOT IMPLY PUBLICATION OR DISCLOSURE. THIS SOFTWARE CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF VERITAS SOFTWARE. USE, DISCLOSURE, OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF VERITAS SOFTWARE. RESTRICTED RIGHTS LEGEND USE, DUPLICATION, OR DISCLOSURE BY THE GOVERNMENT IS SUBJECT TO RESTRICTIONS AS SET FORTH IN SUBPARAGRAPH (C) (1) (ii) OF THE RIGHTS IN TECHNICAL DATA AND COMPUTER SOFTWARE CLAUSE AT DFARS 252.227-7013. VERITAS SOFTWARE 1600 PLYMOUTH STREET, MOUNTAIN VIEW, CA 94043 ) |1016478446|0x0b91c63540682bc3c826fc6d8b3ecb7b|
system32\drivers\DMusic.sys - stopped (demand) ("c:\winnt\system32\drivers\dmusic.sys") File version = 5.00.2166.1, File size = 51152, File modification date = 28/10/1999 15:24, File description = Microsoft DirectMusic Software Synthesizer (WDM), Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2166.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |838142286|0x3431984234b5988d4c09f043cf4cd779|
system32\DRIVERS\hidusb.sys - stopped (automatic) ("c:\winnt\system32\drivers\hidusb.sys") File version = 5.00.2142.1, File size = 13904, File modification date = 04/10/1999 23:03, File description = USB Miniport Driver for Input Devices, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2142.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1302675867|0xff2ca3c8d0193800e4fa510ffde0960e|
system32\DRIVERS\HPZid412.sys - stopped (demand) ("c:\winnt\system32\drivers\hpzid412.sys") File version = 8, 0, 0, 0, File size = 51088, File modification date = 22/03/2004 12:35, File description = IEEE-1284.4-1999 Driver (Windows 2000), Product Name = HP Dot4 Windows 2000, Product version = 8, 0, 0, 0, Company name = HP (Copyright 1998, 1999 Hewlett-Packard Company) |1320066653|0x5faba4775d4c61e55ec669d643ffc71f|
system32\DRIVERS\HPZipr12.sys - stopped (demand) ("c:\winnt\system32\drivers\hpzipr12.sys") File version = 8, 0, 0, 0, File size = 16496, File modification date = 22/03/2004 12:35, File description = IEEE-1284.4-1999 Print Class Driver, Product Name = HP Dot4Print, Product version = 8, 0, 0, 0, Company name = HP (Copyright 1998, 1999 Hewlett-Packard Company) |-1230239212|0xa3c43980ee1f1beac778b44ea65dbdd4|
system32\DRIVERS\HPZius12.sys - stopped (demand) ("c:\winnt\system32\drivers\hpzius12.sys") File version = 8, 0, 0, 0, File size = 21744, File modification date = 22/03/2004 12:35, File description = 1284.4<->Usb Datalink Driver (Windows 2000), Product Name = HP Dot4Usb Windows 2000, Product version = 8, 0, 0, 0, Company name = HP (Copyright 1998, 1999 Hewlett-Packard Company) |1784708423|0x2906949bd4e206f2bb0dd1896ce9f66f|
system32\DRIVERS\ipfltdrv.sys - stopped (demand) ("c:\winnt\system32\drivers\ipfltdrv.sys") File version = 5.00.2168.1, File size = 34416, File modification date = 14/07/2003 12:00, File description = IP FILTER DRIVER, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2168.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |371622040|0x09a604211e2b2334fc023a41337e3165|
system32\DRIVERS\ipinip.sys - stopped (demand) ("c:\winnt\system32\drivers\ipinip.sys") File version = 5.00.2168.1, File size = 19984, File modification date = 14/07/2003 12:00, File description = IP in IP Encapsulation Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2168.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |478232406|0xdbc1437b56eea1af02cd39c011904491|
system32\DRIVERS\ipnat.sys - stopped (demand) ("c:\winnt\system32\drivers\ipnat.sys") File version = 5.00.2195.6968, File size = 67344, File modification date = 11/08/2004 22:42, File description = IP Network Address Translator, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6968, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1934899153|0xadb8a3465c0fc01c3ae633adb33fcbb3|
system32\DRIVERS\ipsec.sys - stopped (demand) ("c:\winnt\system32\drivers\ipsec.sys") File version = 5.00.2195.6738, File size = 80848, File modification date = 21/04/2003 18:19, File description = IPSEC Driver (US/Canada Only, Not for Export), Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6738, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1761904118|0x9d61c8e8044bdaac6d922eb27552f93a|
System32\DRIVERS\irenum.sys - stopped (demand) ("c:\winnt\system32\drivers\irenum.sys") File version = 5.00.2195.6655, File size = 10288, File modification date = 14/07/2003 12:00, File description = Infra-Red Bus Enumerator, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |181288994|0x7f5315e32be0632f680b30e03a2ca809|
system32\DRIVERS\kbdhid.sys - stopped (system) ("c:\winnt\system32\drivers\kbdhid.sys") File version = 5.00.2142.1, File size = 13744, File modification date = 04/10/1999 23:04, File description = HID Mouse Filter Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2142.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1910056235|0x5afd9413400ffb2b57e9be900a12b160|
system32\DRIVERS\mouhid.sys - stopped (demand) ("c:\winnt\system32\drivers\mouhid.sys") File version = 5.00.2195.6655, File size = 11632, File modification date = 19/06/2003 20:05, File description = HID Mouse Filter Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2125529729|0x80d48f52414f7798432a4764beccbcec|
system32\DRIVERS\MPE.sys - stopped (demand) ("c:\winnt\system32\drivers\mpe.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 15104, File modification date = 09/07/2004 10:58, File description = Microsoft MPE to IP Filter, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-1601554581|0x83eff7b976ae24f1a496ca94a8a19919|
system32\drivers\MSKSSRV.sys - stopped (demand) ("c:\winnt\system32\drivers\mskssrv.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 7424, File modification date = 12/12/2002 08:14, File description = MS KS Server, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |369150494|0x85736f804191cb420a31aca2a7f0674f|
system32\drivers\MSPCLOCK.sys - stopped (demand) ("c:\winnt\system32\drivers\mspclock.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 5248, File modification date = 12/12/2002 08:14, File description = MS Proxy Clock, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1959050085|0xe943adb93d83c5cbc0ca3f53f53b48cc|
system32\drivers\MSPQM.sys - stopped (demand) ("c:\winnt\system32\drivers\mspqm.sys") File version = 5.00.2134.1, File size = 4816, File modification date = 25/09/1999 10:36, File description = MS Proxy Quality Manager, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |732880338|0xbb041315c9930063e5eab0bee90acff6|
system32\drivers\MSTEE.sys - stopped (demand) ("c:\winnt\system32\drivers\mstee.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 5504, File modification date = 12/12/2002 08:14, File description = WDM Tee/Communication Transform Filter , Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1743084846|0xd5059366b361f0e1124753447af08aa2|
system32\DRIVERS\NABTSFEC.sys - stopped (demand) ("c:\winnt\system32\drivers\nabtsfec.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 83968, File modification date = 09/07/2004 10:58, File description = WDM NABTS/FEC VBI Codec, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-41937467|0xbb1c45d114b6dab0babf6b2fb0336db2|
system32\DRIVERS\ndisuio.sys - stopped (demand) ("c:\winnt\system32\drivers\ndisuio.sys") File version = 5.00.2195.6655, File size = 11984, File modification date = 14/07/2003 12:00, File description = NDIS User mode I/O Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1892882990|0x69ecae880bdac3c288f0508df9cdeef0|
\SystemRoot\system32\drivers\netdtect.sys - stopped (demand) ("C:\WINNT\system32\drivers\netdtect.sys") File version = 5.00.2138.1, File size = 9680, File modification date = 14/07/2003 12:00, File description = Network Card Detection driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2138.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-207155797|0x9b2a6147a22f7e696cc7538283de6346|
\??\C:\WINNT\system32\ntsim.sys - stopped (demand) ("\\?\c:\winnt\system32\ntsim.sys") File version = 1.07.00.0007, File size = 7040, File modification date = 17/07/2003 08:10, File description = Network Device Monitor Utility, Product Name = Network Device Monitor Utility , Product version = 1.07.00.0007, Company name = VIA Networking Technologies, Inc. (VIA Networking Technologies, Inc. ) |-1272077828|0xa568b9a9ffe2d9387222a5c90f86d731|
system32\DRIVERS\nwlnkflt.sys - stopped (demand) ("c:\winnt\system32\drivers\nwlnkflt.sys") File version = 5.00.2134.1, File size = 12560, File modification date = 14/07/2003 12:00, File description = NWLINK2 Traffic Filter Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |464812079|0x9b0d6fb5c5d6a7571aedb0c1a7a9c1b6|
system32\DRIVERS\nwlnkfwd.sys - stopped (demand) ("c:\winnt\system32\drivers\nwlnkfwd.sys") File version = 5.00.2173.1, File size = 35344, File modification date = 14/07/2003 12:00, File description = NWLINK2 Forwarder Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2173.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1503856386|0x09fa39e4812fdd042834650df09675a0|
system32\drivers\PalmUSBD.sys - stopped (demand) ("c:\winnt\system32\drivers\palmusbd.sys") File version = 6, 0, 1, 0, File size = 16694, File modification date = 23/11/2005 16:02, File description = USB Driver for Palm OS Handheld Devices, Product Name = HotSync Manager, Product version = 6, 0, 1, 0, Company name = PalmSource, Inc. (Copyright 2004 PalmSource, Inc.) |594008604|0x240c0d4049a833b16b63b636acf01672|
system32\drivers\RCA.sys - stopped (demand) ("c:\winnt\system32\drivers\rca.sys") File version = 5.00.2164.1, File size = 21712, File modification date = 14/07/2003 12:00, File description = RCA filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |331263198|0xafce1f733a6aa3a90ac60794dfb26104|
system32\DRIVERS\redbook.sys - stopped (system) ("c:\winnt\system32\drivers\redbook.sys") File version = 5.00.2195.6655, File size = 35344, File modification date = 19/06/2003 12:05, File description = Redbook Audio Filter Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |769230713|0xb5120cb5081865b0c7d93c305c7da939|
System32\Drivers\RootMdm.sys - stopped (demand) ("c:\winnt\system32\drivers\rootmdm.sys") File version = 5.00.2134.1, File size = 6032, File modification date = 14/07/2003 12:00, File description = Legacy Non-Pnp Modem Device Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-465202170|0xb6756550c2f1aa4be923d0cef5a9e0a4|
system32\DRIVERS\SLIP.sys - stopped (demand) ("c:\winnt\system32\drivers\slip.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 10880, File modification date = 09/07/2004 10:58, File description = Microsoft Slip Deframing Filter Minidriver, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-6628536|0x92723fbdd30771c293fe5ed266a31ca6|
system32\DRIVERS\StreamIP.sys - stopped (demand) ("c:\winnt\system32\drivers\streamip.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 14976, File modification date = 09/07/2004 10:58, File description = Microsoft IP Driver, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1913412072|0x4544fd0db39cb7b385a5392c068162cd|
system32\drivers\swmidi.sys - stopped (demand) ("c:\winnt\system32\drivers\swmidi.sys") File version = 5.00.2195.6655, File size = 53552, File modification date = 19/06/2003 12:05, File description = Microsoft GS Wavetable Synthesizer, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |586389250|0x8c7cd06d097a59391d94b59715fca67c|
\SystemRoot\System32\Drivers\SYMREDRV.SYS - stopped (demand) ("C:\WINNT\system32\drivers\symredrv.sys") File version = 5.3.5.3, File size = 16280, File modification date = 12/06/2004 02:28, File description = Redirector Filter Driver, Product Name = Symantec Security Drivers, Product version = 5.3.5, Company name = Symantec Corporation (Copyright 2002, 2003 Symantec Corporation) |-419638862|0x8ddb430ea48468c156db872a214178fc|
\SystemRoot\System32\Drivers\viausb.sys - stopped (demand) ("C:\WINNT\system32\drivers\viausb.sys") File version = 1.08, File size = 9038, File modification date = 18/06/2003 23:48, File description = VIA USB Filter Driver, Product Name = VIA USB Filter Driver, Product version = 1.08, Company name = VIA Technologies, Inc. (Copyright (C) VIA Technologies, Inc. 1998-2000) |-1408379831|0x646eb13fd35ab93d380a6f5e31b34a4c|
system32\DRIVERS\WSTCODEC.SYS - stopped (demand) ("c:\winnt\system32\drivers\wstcodec.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 18688, File modification date = 09/07/2004 10:58, File description = WDM WST Codec Driver, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation (Copyright (C) Philips Semiconductors. 1981-1999) |-1635136304|0x04aca6442e639a794293828e8dda7a44|
\WINNT\System32\ntoskrnl.exe ("c:\winnt\system32\ntoskrnl.exe") File version = 5.00.2195.7133, File size = 1690880, File modification date = 05/03/2007 15:51, File description = NT Kernel & System, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7133, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |474223052|0xa9b95a62c4f298aadd3bec2fdf49fcbe|
\WINNT\System32\hal.dll ("c:\winnt\system32\hal.dll") File version = 5.00.2195.6691, File size = 82176, File modification date = 14/07/2003 12:00, File description = Hardware Abstraction Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6691, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1760124540|0x40459285a03be763dcd6c278a26b9a4a|
\WINNT\System32\BOOTVID.dll ("c:\winnt\system32\bootvid.dll") File version = 5.00.2172.1, File size = 10784, File modification date = 14/07/2003 12:00, File description = VGA Boot Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2172.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-169240697|0x74e26816bb81114db55d9d7b43749f05|
ACPI.sys ("c:\winnt\system32\drivers\acpi.sys") File version = 5.00.2195.6655, File size = 163120, File modification date = 14/07/2003 12:00, File description = ACPI Driver for NT, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-320509561|0x083049d5dc3f32d17c2edfb732c78a09|
\WINNT\system32\DRIVERS\WMILIB.SYS ("c:\winnt\system32\drivers\wmilib.sys") File version = 5.00.2134.1, File size = 4240, File modification date = 14/07/2003 12:00, File description = WMILIB WMI support library Dll, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |158766981|0x73a9f95b61048e0783371a4b78e4d637|
pci.sys ("c:\winnt\system32\drivers\pci.sys") File version = 5.00.2195.6655, File size = 59312, File modification date = 14/07/2003 12:00, File description = NT Plug and Play PCI Enumerator, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |970304090|0xf0791b1f424f8d84a81d9ae6cfadf089|
isapnp.sys ("c:\winnt\system32\drivers\isapnp.sys") File version = 5.00.2195.6655, File size = 46992, File modification date = 19/06/2003 19:05, File description = PNP ISA Bus Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1205986134|0xb630369ca276fd208c1b5146920b5f2e|
pciide.sys ("c:\winnt\system32\drivers\pciide.sys") File version = 5.00.2195.6655, File size = 3088, File modification date = 14/07/2003 12:00, File description = Generic PCI IDE Bus Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |463423486|0x7d0bcb325d29d15024d6a572044e410b|
\WINNT\system32\DRIVERS\PCIIDEX.SYS ("c:\winnt\system32\drivers\pciidex.sys") File version = 5.00.2195.6672, File size = 22064, File modification date = 14/07/2003 12:00, File description = PCI IDE Bus Driver Extension, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6672, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |814445561|0x2c05dd33a2993e64a246bccd36876c28|
MountMgr.sys ("c:\winnt\system32\drivers\mountmgr.sys") File version = 5.00.2195.7063, File size = 30160, File modification date = 16/08/2005 08:40, File description = Mount Manager, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7063, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |2141379088|0x75e57b9f5c36137ea79466c3b63c38cc|
ftdisk.sys ("c:\winnt\system32\drivers\ftdisk.sys") File version = 5.00.2195.7006, File size = 116400, File modification date = 02/12/2004 13:00, File description = FT Disk Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-708039490|0xc757a3eefa44ea2d562424a4060329a6|
Diskperf.sys ("c:\winnt\system32\drivers\diskperf.sys") File version = 5.00.2195.6664, File size = 7728, File modification date = 14/07/2003 12:00, File description = Disk Performance Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6664, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1211690288|0xfd94497dd145b3920f5c393eab50ee3a|
dmload.sys ("c:\winnt\system32\drivers\dmload.sys") File version = 2195.6655.297.3, File size = 7312, File modification date = 14/07/2003 12:00, File description = NT Disk Manager Startup Driver, Product Name = Logical Disk Manager for Windows NT, Product version = 1.0, Company name = VERITAS Software Corp. (Copyright 1990-1997 VERITAS Software Corporation. ALL RIGHTS RESERVED. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES. USE OF A COPYRIGHT NOTICE IS PRECAUTIONARY ONLY AND DOES NOT IMPLY PUBLICATION OR DISCLOSURE. THIS SOFTWARE CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF VERITAS SOFTWARE. USE, DISCLOSURE, OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF VERITAS SOFTWARE. RESTRICTED RIGHTS LEGEND USE, DUPLICATION, OR DISCLOSURE BY THE GOVERNMENT IS SUBJECT TO RESTRICTIONS AS SET FORTH IN SUBPARAGRAPH (C) (1) (ii) OF THE RIGHTS IN TECHNICAL DATA AND COMPUTER SOFTWARE CLAUSE AT DFARS 252.227-7013. VERITAS SOFTWARE 1600 PLYMOUTH STREET, MOUNTAIN VIEW, CA 94043 ) |-942449678|0x3f1701ffa97ab012685abc8a2d6fce22|
dmio.sys ("c:\winnt\system32\drivers\dmio.sys") File version = 2195.6655.297.3, File size = 137936, File modification date = 14/07/2003 12:00, File description = NT Disk Manager I/O Driver, Product Name = VERITAS NT Disk Manager, Product version = 1.0, Company name = VERITAS Software Corp. (Copyright 1990-1997 VERITAS Software Corporation. ALL RIGHTS RESERVED. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES. USE OF A COPYRIGHT NOTICE IS PRECAUTIONARY ONLY AND DOES NOT IMPLY PUBLICATION OR DISCLOSURE. THIS SOFTWARE CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF VERITAS SOFTWARE. USE, DISCLOSURE, OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF VERITAS SOFTWARE. RESTRICTED RIGHTS LEGEND USE, DUPLICATION, OR DISCLOSURE BY THE GOVERNMENT IS SUBJECT TO RESTRICTIONS AS SET FORTH IN SUBPARAGRAPH (C) (1) (ii) OF THE RIGHTS IN TECHNICAL DATA AND COMPUTER SOFTWARE CLAUSE AT DFARS 252.227-7013. VERITAS SOFTWARE 1600 PLYMOUTH STREET, MOUNTAIN VIEW, CA 94043 ) |1864153753|0x6b35bfdbdbc247113852f18bf0f10e3c|
PartMgr.sys ("c:\winnt\system32\drivers\partmgr.sys") File version = 5.00.2195.6655, File size = 11792, File modification date = 14/07/2003 12:00, File description = Partition Manager, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |242759426|0xf9e922dbe9f3719ce8376cc7ed18cb8d|
viaide.sys ("c:\winnt\system32\drivers\viaide.sys") File version = 5.0.2195.120, File size = 6234, File modification date = 18/10/2001 19:00, File description = VIA PCI IDE Bus Driver, Product Name = Microsoft(R) Windows NT(R) Operating System, Product version = 5.0.2195.120, Company name = VIA Technologies, Inc. (Copyright (C) Microsoft Corp. 2000-2005) |-291396412|0xb2b04630fe75ef32684e854828b1f764|
videX32.sys ("c:\winnt\system32\drivers\videx32.sys") File version = 6.0.6001.282, File size = 13976, File modification date = 05/05/2009 16:58, File description = VIA Generic PCI IDE Bus Driver, Product Name = VIA PCI IDE MINI Driver, Product version = 6.0.6001.282, Company name = VIA Technologies, Inc. (Copyright (C) VIA Technologies, Inc. 2000-2008) |1466880749|0x4cc623591204acd5fc89bd0dad70e838|
atapi.sys ("c:\winnt\system32\drivers\atapi.sys") File version = 5.00.2195.6699, File size = 86672, File modification date = 14/07/2003 12:00, File description = IDE/ATAPI Port Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6699, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1758291391|0x8c718aa8c77041b3285d55a0ce980867|
disk.sys ("c:\winnt\system32\drivers\disk.sys") File version = 5.00.2195.6655, File size = 30768, File modification date = 14/07/2003 12:00, File description = PnP Disk Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-329726145|0x322b9a3774dbf119f6635a476b0eb058|
\WINNT\system32\DRIVERS\CLASSPNP.SYS ("c:\winnt\system32\drivers\classpnp.sys") File version = 5.00.2195.6655, File size = 34832, File modification date = 14/07/2003 12:00, File description = SCSI Class System Dll, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2034216438|0x397c92e61ce4b1764d17107a7473835c|
fltmgr.sys ("c:\winnt\system32\drivers\fltmgr.sys") File version = 5.00.2195.7039, File size = 136880, File modification date = 14/04/2005 06:59, File description = Microsoft Filesystem Filter Manager, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7039, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1690802262|0xc8eb153fa65633a99163775eeaea15f3|
PxHelp20.sys ("c:\winnt\system32\drivers\pxhelp20.sys") File version = 2.02.70a, File size = 20176, File modification date = 11/05/2004 21:32, File description = Px Engine Device Driver for Windows 2000/XP, Product Name = PxHelp20, Product version = (null), Company name = Sonic Solutions (Copyright Sonic Solutions) |-1251829637|0xb5dfb86a6caeae9b2bf3dedb43be6393|
KSecDD.sys ("c:\winnt\system32\drivers\ksecdd.sys") File version = 5.00.2195.6824, File size = 71888, File modification date = 21/09/2003 00:32, File description = Kernel Security Support Provider Interface, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6824, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1845331325|0x80ffb99dcb8e6ab8a01be04fcb0b0758|
Ntfs.sys ("c:\winnt\system32\drivers\ntfs.sys") File version = 5.00.2195.7049, File size = 513424, File modification date = 10/05/2005 09:20, File description = NT File System Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7049, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1981755753|0x7dc1f0f9bf87ca5cee9a46c9a63dc1d3|
NDIS.sys ("c:\winnt\system32\drivers\ndis.sys") File version = 5.00.2195.6655, File size = 170928, File modification date = 14/07/2003 12:00, File description = NDIS 3.0 wrapper driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-79287622|0xfb4f2d0595bd3546a4dd915e4a9b4809|
viaagp.sys ("c:\winnt\system32\drivers\viaagp.sys") File version = 5.00.2195.6655, File size = 22416, File modification date = 19/06/2003 19:05, File description = VIA NT AGP Filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |665646653|0xfd9fb614c61eb068b07a7f23006012cd|
viaagp1.sys ("c:\winnt\system32\drivers\viaagp1.sys") File version = 5.0.0.3442 built by: VIA, File size = 27904, File modification date = 02/07/2003 11:42, File description = VIA NT AGP Filter, Product Name = VIA CPU to AGP2.0/AGP3.0 Controller, Product version = 5.0.0.3442, Company name = VIA Technologies, Inc. (Copyright (C) VIA Technologies., Inc. 1998-2003) |1393086445|0x3369521138fb8980530da72078da1368|
Mup.sys ("c:\winnt\system32\drivers\mup.sys") File version = 5.00.2195.7006, File size = 89328, File modification date = 02/12/2004 13:07, File description = Multiple UNC Provider driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1994092535|0x84d27503181b716a222299e59cd1259a|
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS ("C:\WINNT\system32\drivers\videoprt.sys") File version = 5.00.2195.6655, File size = 50640, File modification date = 14/07/2003 12:00, File description = Video Port Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2092750158|0xf3fd13270275ee1830e208c9fc6ad240|
\SystemRoot\system32\DRIVERS\s3gnbm.sys ("C:\WINNT\system32\drivers\s3gnbm.sys") File version = 6.14.10.0033-13.94.33, File size = 167168, File modification date = 13/08/2004 20:42, File description = S3 ProSavage(DDR) & Twister Miniport Driver, Product Name = S3 ProSavage(DDR) & Twister Miniport Driver, Product version = 6.14.10.0033-13.94.33, Company name = S3 Graphics, Inc. (Copyright (c) 2004 by S3 Graphics, Inc.) |-208207382|0x5cf6ea833ebd3cf79573e6960f4b9e0b|
\SystemRoot\System32\Drivers\vulfnth.sys ("C:\WINNT\system32\drivers\vulfnth.sys") File version = 2.57, File size = 6912, File modification date = 04/08/2003 07:29, File description = VIA USB Host Controller Lower Filter Driver, Product Name = VIA USB Host Controller Lower Filter Driver, Product version = 2.57, Company name = VIA Technologies, Inc. (Copyright (C) VIA Technologies, Inc. 2000-2004) |868435707|0xc9a8ba443f809b70bccccd60cc73fa5c|
\SystemRoot\system32\DRIVERS\USBD.SYS ("C:\WINNT\system32\drivers\usbd.sys") File version = 5.00.2195.6658, File size = 20688, File modification date = 14/07/2003 12:00, File description = Universal Serial Bus Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6658, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |834360356|0x0de8bab91b5343821e09ae3f3db5af66|
\SystemRoot\system32\DRIVERS\uhcd.sys ("C:\WINNT\system32\drivers\uhcd.sys") File version = 5.00.2195.6655, File size = 32848, File modification date = 14/07/2003 12:00, File description = Universal Host Controller Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1859043501|0x376fb5e14b9d375db3536ba563eae97a|
\SystemRoot\system32\DRIVERS\USBPORT.SYS ("C:\WINNT\system32\drivers\usbport.sys") File version = 5.00.2195.6681, File size = 138288, File modification date = 19/06/2003 12:05, File description = USB 1.1 & 2.0 Port Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6681, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-617545611|0x0cb2f063a7ce38ed4a8ff17178c1c779|
\SystemRoot\system32\DRIVERS\usbehci.sys ("C:\WINNT\system32\drivers\usbehci.sys") File version = 5.00.2195.6709, File size = 19728, File modification date = 19/06/2003 12:05, File description = EHCI eUSB Miniport Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6709, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1395663662|0x86c71ce544358d3227206a894ae04443|
\SystemRoot\system32\drivers\Afc.sys ("C:\WINNT\system32\drivers\afc.sys") File version = 1, 0, 0, 2, File size = 11776, File modification date = 23/02/2005 22:58, File description = Arcsoft(R) ASPI Shell, Product Name = Arcsoft(R) ASPI Shell, Product version = 1, 0, 0, 2, Company name = Arcsoft, Inc. ((C) Arcsoft, Inc. 1999-2005. All rights reserved.) |-1418926835|0xa7b8a3a79d35215d798a300df49ed23f|
\SystemRoot\System32\Drivers\cdrbsdrv.SYS ("C:\WINNT\system32\drivers\cdrbsdrv.sys") File version = 7. 0. 0. 5, File size = 13567, File modification date = 08/03/2004 20:55, File description = CD-ROM Filter Driver for Windows2000/xp, Product Name = B's Recorder GOLD7, Product version = 7. 5. 0. 0, Company name = B.H.A Corporation (Copyright (C) 2000-2004 B.H.A Corporation) |646861642|0x351735695e9ead93de6af85d8beb1ca8|
\SystemRoot\System32\Drivers\Cdr4_2K.SYS ("C:\WINNT\system32\drivers\cdr4_2k.sys") File version = 5.3.2.31, File size = 58000, File modification date = 01/05/2004 21:02, File description = CDR4_2k CDR Helper, Product Name = DirectCD, Product version = 5.3.2.31, Company name = Roxio (Copyright (c) 2001,2002, Roxio, Inc.) |-128455983|0x9880f86f4261699273f818ae50216b8c|
\SystemRoot\system32\DRIVERS\cdrom.sys ("C:\WINNT\system32\drivers\cdrom.sys") File version = 5.00.2195.6655, File size = 27984, File modification date = 14/07/2003 12:00, File description = SCSI CD-ROM Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-637534207|0x4b86a90a7f0095d514d22a9083826488|
\SystemRoot\System32\Drivers\Cdralw2k.SYS ("C:\WINNT\system32\drivers\cdralw2k.sys") File version = 5.3.2.31, File size = 23420, File modification date = 01/05/2004 21:02, File description = CDRAL for Windows 2000 Kernel Driver, Product Name = DirectCD, Product version = 5.3.2.31, Company name = Roxio (Copyright (c) 2001,2002, Roxio, Inc.) |1356242816|0x300500fb3ef21374f7194f9f42b130bc|
\SystemRoot\system32\drivers\KS.SYS ("C:\WINNT\system32\drivers\ks.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 130304, File modification date = 12/12/2002 08:14, File description = Kernel CSA Library, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1388781205|0xdc197a88746a55ae60d1c81d45cd1b4a|
\SystemRoot\system32\drivers\portcls.sys ("C:\WINNT\system32\drivers\portcls.sys") File version = 5.00.2195.6655, File size = 148208, File modification date = 19/06/2003 19:05, File description = Port Class (Class Driver for Port/Miniport Devices), Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1576184413|0xc735310cf5cc0282d55880fd7431ccbe|
\SystemRoot\system32\drivers\vinyl97.sys ("C:\WINNT\system32\drivers\vinyl97.sys") File version = 6.14.01.4090 built by: WinDDK, File size = 176128, File modification date = 01/02/2005 23:39, File description = Vinyl AC'97 Codec Combo WDM Driver, Product Name = Vinyl AC'97 Codec Combo WDM Driver, Product version = 6.14.01.4090, Company name = VIA Technologies, Inc. (Copyright (C) VIA Technologies, Inc. 1999-2004) |837740645|0x6e6c12d1544e22d36da77f994fd1f306|
\SystemRoot\system32\DRIVERS\fetnd5b.sys ("C:\WINNT\system32\drivers\fetnd5b.sys") File version = 3.22.00.0407, File size = 41984, File modification date = 29/07/2003 03:31, File description = NDIS 5.0 miniport driver, Product Name = VIA Rhine Family Fast Ethernet Adapter , Product version = 3.22.00.0407, Company name = VIA Technologies, Inc. (VIA Technologies, Inc. ) |1685419942|0xa306e75d699da98d0f9286b4e268661d|
\SystemRoot\system32\DRIVERS\fdc.sys ("C:\WINNT\system32\drivers\fdc.sys") File version = 5.00.2195.6655, File size = 26256, File modification date = 14/07/2003 12:00, File description = Floppy Disk Controller Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2080684082|0x233e2c4dae9c84cef241f0ea30619629|
\SystemRoot\system32\DRIVERS\serial.sys ("C:\WINNT\system32\drivers\serial.sys") File version = 5.00.2195.6655, File size = 62736, File modification date = 14/07/2003 12:00, File description = Serial Device Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |696249484|0x80f28698f48e298d278057f23206133b|
\SystemRoot\system32\DRIVERS\serenum.sys ("C:\WINNT\system32\drivers\serenum.sys") File version = 5.00.2195.6655, File size = 14160, File modification date = 14/07/2003 12:00, File description = Serial Port Enumerator, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1426636176|0x6db5fdf67486679da3149ef212374861|
\SystemRoot\system32\DRIVERS\parport.sys ("C:\WINNT\system32\drivers\parport.sys") File version = 5.00.2195.6655, File size = 25104, File modification date = 14/07/2003 12:00, File description = Parallel Port Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1341006333|0x69b713583d6e063ac487e2da30c04289|
\SystemRoot\system32\DRIVERS\i8042prt.sys ("C:\WINNT\system32\drivers\i8042prt.sys") File version = 5.00.2195.6655, File size = 46992, File modification date = 14/07/2003 12:00, File description = i8042 Port Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1560319814|0x3b538e8a6b5e078406159edfe09a5e53|
\SystemRoot\system32\DRIVERS\mouclass.sys ("C:\WINNT\system32\drivers\mouclass.sys") File version = 5.00.2195.6666, File size = 21776, File modification date = 14/07/2003 12:00, File description = Mouse Class Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6666, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-41839149|0x8d038dde3f19b88427968e99a6216766|
\SystemRoot\system32\DRIVERS\kbdclass.sys ("C:\WINNT\system32\drivers\kbdclass.sys") File version = 5.00.2195.6666, File size = 24528, File modification date = 14/07/2003 12:00, File description = Keyboard Class Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6666, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-708075733|0x399055f5c4a98f39b47d26888a72145d|
\SystemRoot\system32\drivers\msmpu401.sys ("C:\WINNT\system32\drivers\msmpu401.sys") File version = 5.00.2134.1, File size = 2832, File modification date = 25/09/1999 10:35, File description = MPU401 Adapter Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |2077023183|0x6ea98807eede628e2e6ddf3123f80279|
\SystemRoot\system32\DRIVERS\gameenum.sys ("C:\WINNT\system32\drivers\gameenum.sys") File version = 5.00.2195.6655, File size = 9808, File modification date = 19/06/2003 12:05, File description = Game Port Enumerator, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1720132692|0x1ee4975fbc708f34a6b07c8e47f6fa3a|
\SystemRoot\system32\DRIVERS\audstub.sys ("C:\WINNT\system32\drivers\audstub.sys") File version = 5.00.2134.1, File size = 2896, File modification date = 25/09/1999 10:35, File description = AudStub Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1000652672|0x39d57104a45270f0d376e9ddb484ebbd|
\SystemRoot\system32\DRIVERS\rasl2tp.sys ("C:\WINNT\system32\drivers\rasl2tp.sys") File version = 5.00.2195.6655, File size = 52112, File modification date = 14/07/2003 12:00, File description = RAS L2TP mini-port/call-manager driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1831845332|0xec6037c594f20adedea65f0d809493d2|
\SystemRoot\system32\DRIVERS\ndistapi.sys ("C:\WINNT\system32\drivers\ndistapi.sys") File version = 5.00.2195.6655, File size = 9200, File modification date = 14/07/2003 12:00, File description = NDIS 3.0 connection wrapper driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1326028805|0xe6f675c75c53887c58b98d6db356b153|
\SystemRoot\system32\DRIVERS\ndiswan.sys ("C:\WINNT\system32\drivers\ndiswan.sys") File version = 5.00.2195.6699, File size = 93360, File modification date = 14/07/2003 12:00, File description = MS WAN Wrapper Network Driver (US/Canada Only, Not for Export), Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6699, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |649307845|0xb86a37aa73868343a9eee148fdfce1e0|
\SystemRoot\system32\DRIVERS\TDI.SYS ("C:\WINNT\system32\drivers\tdi.sys") File version = 5.00.2195.6655, File size = 16240, File modification date = 14/07/2003 12:00, File description = TDI Wrapper, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1909274947|0xa4c9ada6bf0fa9fb26ab81a5190ad8a1|
\SystemRoot\system32\DRIVERS\raspptp.sys ("C:\WINNT\system32\drivers\raspptp.sys") File version = 5.00.2195.6711, File size = 48464, File modification date = 14/07/2003 12:00, File description = Peer-to-Peer Tunneling Protocol, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6711, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2106814622|0x0e0212bbbf15800f1536cbfa157dddd6|
\SystemRoot\system32\DRIVERS\ptilink.sys ("C:\WINNT\system32\drivers\ptilink.sys") File version = 1.10, File size = 17680, File modification date = 14/07/2003 12:00, File description = Parallel Technologies DirectParallel IO Library, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Parallel Technologies, Inc. (Copyright (C) Parallel Technologies 1995-1997) |484859985|0xb78775f217255f786c2e8dbe4334e413|
\SystemRoot\system32\DRIVERS\raspti.sys ("C:\WINNT\system32\drivers\raspti.sys") File version = 5.00.2146.1, File size = 16880, File modification date = 14/07/2003 12:00, File description = PTI DirectParallel(R) mini-port/call-manager driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2146.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-584540929|0xcb09a98e97e52c389ab17b1e003c9566|
\SystemRoot\system32\DRIVERS\wanatw4.sys ("C:\WINNT\system32\drivers\wanatw4.sys") File version = 8.3.0.0, File size = 33588, File modification date = 16/07/2002 23:07, File description = Wan Miniport (ATW), Product Name = Wan Miniport (ATW), Product version = 8.3.0.0, Company name = America Online, Inc. (Copyright 2001-2002 America Online, Inc.) |-186680304|0x0a716c08cb13c3a8f4f51e882dbf7416|
\SystemRoot\system32\DRIVERS\parallel.sys ("C:\WINNT\system32\drivers\parallel.sys") File version = 5.00.2195.6655, File size = 60208, File modification date = 14/07/2003 12:00, File description = Parallel Printer Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-803673213|0xea27799907eabdb66d2d56af68cd4f06|
\SystemRoot\system32\DRIVERS\swenum.sys ("C:\WINNT\system32\drivers\swenum.sys") File version = 5.3.0000000.900 built by: DIRECTX, File size = 4096, File modification date = 12/12/2002 08:14, File description = Plug and Play Software Device Enumerator, Product Name = Microsoft Windows Operating System, Product version = 5.3.0000000.900, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |1878277492|0x616a013d3ea068b6dee83d905e92ee9f|






|

\SystemRoot\system32\DRIVERS\update.sys ("C:\WINNT\system32\drivers\update.sys") File version = 5.00.2195.6655, File size = 173232, File modification date = 14/07/2003 12:00, File description = Update Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |728004254|0x7a77f319935328cf30945fe0f3c69c9a|
\SystemRoot\System32\Drivers\vulfntr.sys ("C:\WINNT\system32\drivers\vulfntr.sys") File version = 2.61, File size = 11392, File modification date = 04/08/2003 07:29, File description = VIA USB Roothub Lower Filter Driver, Product Name = VIA USB Roothub Lower Filter Driver, Product version = 2.61, Company name = VIA Technologies, Inc. (Copyright (C) VIA Technologies, Inc. 2000-2004) |293880240|0x2d8c55889616f7767e9fb8adee37a02a|
\SystemRoot\system32\DRIVERS\usbhub.sys ("C:\WINNT\system32\drivers\usbhub.sys") File version = 5.00.2195.6689, File size = 40176, File modification date = 14/07/2003 12:00, File description = Default Hub Driver for USB, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6689, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-826073580|0x5c202078f5d500786a1f3279fac3aa64|
\SystemRoot\system32\DRIVERS\usbhub20.sys ("C:\WINNT\system32\drivers\usbhub20.sys") File version = 5.00.2195.6655, File size = 49776, File modification date = 19/06/2003 12:05, File description = Default Hub Driver for USB 2.0, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1158250140|0xb0205d19ba25ca654810d0aed04496a8|
\SystemRoot\system32\DRIVERS\flpydisk.sys ("C:\WINNT\system32\drivers\flpydisk.sys") File version = 5.00.2195.6655, File size = 19312, File modification date = 14/07/2003 12:00, File description = Floppy Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1787644983|0x6ca845333da54f27a8657be7ee0b600d|
\SystemRoot\System32\Drivers\NDProxy.SYS ("C:\WINNT\system32\drivers\ndproxy.sys") File version = 5.00.2138.1, File size = 40432, File modification date = 14/07/2003 12:00, File description = NDIS Proxy, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2138.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |310590742|0x1f426863d87bdf75aec76584223cd0c7|
\SystemRoot\System32\Drivers\EFS.SYS ("C:\WINNT\system32\drivers\efs.sys") File version = 5.00.2195.6655, File size = 27440, File modification date = 14/07/2003 12:00, File description = EFS File System Filter Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2132811418|0xb2916926428c0410fc1a26da0b650e41|
\SystemRoot\system32\DRIVERS\USBSTOR.SYS ("C:\WINNT\system32\drivers\usbstor.sys") File version = 5.00.2195.6655, File size = 21552, File modification date = 19/06/2003 19:05, File description = USB Mass Storage Class Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |840092662|0x13eba8a2da3447fe7f217e34210ac554|
\SystemRoot\system32\DRIVERS\usbprint.sys ("C:\WINNT\system32\drivers\usbprint.sys") File version = 5.00.2195.6655, File size = 21872, File modification date = 19/06/2003 19:05, File description = USB Printer driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-166030101|0xe0e4367f5eff9e84fafeeba6ab937fd8|
\SystemRoot\system32\DRIVERS\usbscan.sys ("C:\WINNT\system32\drivers\usbscan.sys") File version = 5.00.2195.6655, File size = 12592, File modification date = 19/06/2003 20:05, File description = USB Scanner Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-631273689|0x6c0a98c98b84eee9e3fb1cf86b6250b8|
\SystemRoot\System32\Drivers\Fs_Rec.SYS ("C:\WINNT\system32\drivers\fs_rec.sys") File version = 5.00.2195.6655, File size = 7600, File modification date = 14/07/2003 12:00, File description = File System Recognizer Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1384811349|0x405f231ad65c03dac70992a2aba759a5|
\SystemRoot\System32\Drivers\Null.SYS ("C:\WINNT\system32\drivers\null.sys") File version = 5.00.2134.1, File size = 2800, File modification date = 14/07/2003 12:00, File description = NULL Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1636063164|0x280209cde798720a24d232bf9cfda8e9|
\SystemRoot\System32\Drivers\Beep.SYS ("C:\WINNT\system32\drivers\beep.sys") File version = 5.00.2158.1, File size = 4080, File modification date = 14/07/2003 12:00, File description = BEEP Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2158.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |2017162994|0xdf012c2853281ce2bf536e8de871c8c1|
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS ("C:\WINNT\system32\drivers\hidparse.sys") File version = 5.00.2195.6702, File size = 23056, File modification date = 14/07/2003 12:00, File description = Hid Parsing Library, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6702, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1371781180|0x87659dabc66257b861b81146c9b36671|
\SystemRoot\System32\drivers\vga.sys ("C:\WINNT\system32\drivers\vga.sys") File version = 5.00.2134.1, File size = 13968, File modification date = 14/07/2003 12:00, File description = VGA/Super VGA Video Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-645135383|0x1b0040415ba34497a8d76a553aee88aa|
\SystemRoot\System32\Drivers\mnmdd.SYS ("C:\WINNT\system32\drivers\mnmdd.sys") File version = 5.00.2134.1, File size = 4240, File modification date = 14/07/2003 12:00, File description = Frame buffer simulator, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-134395851|0xf9a1ccc84d1c8b392d67bf2e661ed334|
\SystemRoot\System32\Drivers\Msfs.SYS ("C:\WINNT\system32\drivers\msfs.sys") File version = 5.00.2164.1, File size = 21328, File modification date = 14/07/2003 12:00, File description = Mailslot driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2164.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-439356312|0x8840bc3953d2c0bbb104932cab848a27|
\SystemRoot\System32\Drivers\Npfs.SYS ("C:\WINNT\system32\drivers\npfs.sys") File version = 5.00.2147.1, File size = 37040, File modification date = 14/07/2003 12:00, File description = NPFS Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2147.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-125321614|0xe85a77dfcb8f1088f85120ca123ce191|
\SystemRoot\system32\DRIVERS\rasacd.sys ("C:\WINNT\system32\drivers\rasacd.sys") File version = 5.00.2134.1, File size = 8016, File modification date = 14/07/2003 12:00, File description = RAS Automatic Connection Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1775935085|0x63051b814e005dc62c7a0971668c52b4|
\SystemRoot\system32\DRIVERS\tcpip.sys ("C:\WINNT\system32\drivers\tcpip.sys") File version = 5.00.2195.7162, File size = 320528, File modification date = 18/06/2008 10:05, File description = TCP/IP driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7162, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1242875359|0x02fae418bd28e185a4909e5869497de5|
\SystemRoot\system32\DRIVERS\msgpc.sys ("C:\WINNT\system32\drivers\msgpc.sys") File version = 5.00.2195.6655, File size = 34704, File modification date = 14/07/2003 12:00, File description = MS General Packet Classifier, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2116352398|0x6667d07854a3ae7715d22b82761cf0e7|
\SystemRoot\system32\DRIVERS\wanarp.sys ("C:\WINNT\system32\drivers\wanarp.sys") File version = 5.00.2195.6601, File size = 32272, File modification date = 14/07/2003 12:00, File description = MS Remote Access and Routing ARP Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |413045311|0xaa8c76dfc4afa72f09fdbc6621b7d38d|
\SystemRoot\System32\Drivers\SYMTDI.SYS ("C:\WINNT\system32\drivers\symtdi.sys") File version = 5.3.5.3, File size = 263736, File modification date = 12/06/2004 02:28, File description = Network Dispatch Driver, Product Name = Symantec Security Drivers, Product version = 5.3.5, Company name = Symantec Corporation (Copyright 2002, 2003 Symantec Corporation) |2004971312|0xec1a39493fb104d317e8271162a74b94|
\??\C:\Program Files\Symantec\SYMEVENT.SYS ("\\?\c:\program files\symantec\symevent.sys") File version = 11.4.0.6, File size = 82832, File modification date = 05/03/2004 07:46, File description = Symantec Event Library, Product Name = SYMEVENT, Product version = 11.4.0.6, Company name = Symantec Corporation (Copyright (C) Symantec Corporation 1992-2003) |1823223223|0x42123611a49c33536ab29bdd852a9f5e|
\SystemRoot\system32\DRIVERS\netbt.sys ("C:\WINNT\system32\drivers\netbt.sys") File version = 5.00.2195.7006, File size = 175632, File modification date = 08/04/2005 11:51, File description = MBT Transport driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1487587570|0xa7ca87628217bbf4a6f501db65b19e9d|
\SystemRoot\system32\DRIVERS\netbios.sys ("C:\WINNT\system32\drivers\netbios.sys") File version = 5.00.2149.1, File size = 33456, File modification date = 14/07/2003 12:00, File description = NetBIOS interface driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2149.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |66866062|0x5151e6020a26bf7bc21c18fd612506bd|
\??\C:\Program Files\Symantec AntiVirus\savrt.sys ("\\?\c:\program files\symantec antivirus\savrt.sys") File version = 9.3.0.28, File size = 301200, File modification date = 09/02/2004 23:43, File description = AutoProtect, Product Name = Symantec AntiVirus AutoProtect, Product version = 9.3, Company name = Symantec Corporation (Copyright (c) 2003 Symantec Corporation) |637141988|0xc8023be4dda22a52cd2f60d9cb9b3985|
\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys ("\\?\c:\program files\symantec antivirus\savrtpel.sys") File version = 9.3.0.28, File size = 37008, File modification date = 09/02/2004 23:43, File description = SAVRTPEL, Product Name = Symantec AntiVirus AutoProtect, Product version = 9.3, Company name = Symantec Corporation (Copyright (c) 2003 Symantec Corporation) |339836605|0x30547fd7692dc799a0b397b2b918a158|
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090927.002\navex15.sys ("\\?\c:\progra~1\common~1\symant~1\virusd~1\20090927.002\navex15.sys") File version = 20091.2.0.41, File size = 1323568, File modification date = 27/09/2009 08:00, File description = AV Engine, Product Name = Symantec Antivirus Engine, Product version = 20091.2.0.41, Company name = Symantec Corporation (Copyright (C) 1991-2009 Symantec Corporation.) |-2145685123|0x6176ce576509ee71bac1b61fc8f1f138|
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090927.002\naveng.sys ("\\?\c:\progra~1\common~1\symant~1\virusd~1\20090927.002\naveng.sys") File version = 20091.2.0.41, File size = 84912, File modification date = 27/09/2009 08:00, File description = AV Engine, Product Name = Symantec Antivirus Engine, Product version = 20091.2.0.41, Company name = Symantec Corporation (Copyright (C) 1991-2009 Symantec Corporation.) |-1761490666|0x78d629767dbcdbb1ee888f4fda841acd|
\SystemRoot\system32\DRIVERS\rdbss.sys ("C:\WINNT\system32\drivers\rdbss.sys") File version = 5.00.2195.7174, File size = 170800, File modification date = 27/08/2008 16:28, File description = Redirected Drive Buffering SubSystem Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7174, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1411474530|0xd3d07ae9194f714a2867717310df9fd1|
\SystemRoot\system32\DRIVERS\mrxsmb.sys ("C:\WINNT\system32\drivers\mrxsmb.sys") File version = 5.00.2195.7174, File size = 416016, File modification date = 27/08/2008 16:29, File description = Windows NT SMB Minirdr, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7174, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1023167358|0xc16e6c7d333491a7ef376b8cbde7061b|
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys ("\\?\c:\program files\common files\symantec shared\eengine\eectrl.sys") File version = 107.4.1.2, File size = 385072, File modification date = 14/04/2008 08:00, File description = Symantec Eraser Control Driver, Product Name = ERASER ENGINE, Product version = 107.4.1.2, Company name = Symantec Corporation (Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.) |1020285442|0xe89cc1363cb7f5320ae3b41c1333d0c3|
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\??\C:\WINNT\system32\win32k.sys ("\\?\c:\winnt\system32\win32k.sys") File version = 5.00.2195.7133, File size = 1641936, File modification date = 06/03/2007 06:12, File description = Multi-User Win32 Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7133, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1042500156|0x3300f4071ba093b9a623066a37efc692|
\SystemRoot\System32\s3gnb.dll ("C:\WINNT\system32\s3gnb.dll") File version = 6.14.10.0033-13.94.33, File size = 401280, File modification date = 13/08/2004 20:42, File description = S3 ProSavage(DDR) & Twister Display Driver, Product Name = S3 ProSavage(DDR) & Twister Display Driver, Product version = 6.14.10.0033-13.94.33, Company name = S3 Graphics, Inc. (Copyright (c) 2004 by S3 Graphics, Inc.) |1431086924|0x32c321a53ed884c86b9737a40c499acb|
\SystemRoot\System32\drivers\afd.sys ("C:\WINNT\system32\drivers\afd.sys") File version = 5.00.2195.7158, File size = 119152, File modification date = 08/05/2008 08:38, File description = Ancillary Function Driver for WinSock, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7158, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |250755651|0xe333e10e840a7f1c6017c26855250b76|
\SystemRoot\system32\drivers\wdmaud.sys ("C:\WINNT\system32\drivers\wdmaud.sys") File version = 5.00.2195.6655, File size = 73872, File modification date = 19/06/2003 12:05, File description = MMSYSTEM Wave/Midi API mapper, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |169788773|0x997d25513bc89614417829b5bec7c75c|
\SystemRoot\system32\drivers\sysaudio.sys ("C:\WINNT\system32\drivers\sysaudio.sys") File version = 5.00.2195.6655, File size = 47568, File modification date = 19/06/2003 12:05, File description = System Audio WDM Filter, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-56662383|0x6c14d96f8c1ba929fad4ba40a29217fa|
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS ("C:\WINNT\system32\drivers\hidclass.sys") File version = 5.00.2195.6655, File size = 24752, File modification date = 14/07/2003 12:00, File description = Hid Class Library, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1815151107|0x12c7623b8ffddf62aaacbd02af5e59ad|
\SystemRoot\System32\Drivers\ParVdm.SYS ("C:\WINNT\system32\drivers\parvdm.sys") File version = 5.00.2135.1, File size = 6512, File modification date = 14/07/2003 12:00, File description = VDM Parallel Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2135.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1297324735|0x888f6a6ad5810f5828de594e17fe8f3b|
\SystemRoot\System32\Drivers\Fips.SYS ("C:\WINNT\system32\drivers\fips.sys") File version = 5.00.2195.1569, File size = 33616, File modification date = 14/07/2003 12:00, File description = FIPS Crypto Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.1569, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |227328266|0xb27a36d4725a362a13d0c52ad6c7175b|
\??\C:\WINNT\system32\Drivers\LxrSII1d.sys ("\\?\c:\winnt\system32\drivers\lxrsii1d.sys") File version = (null), File size = 70016, File modification date = 19/05/2005 23:48, File description = (null), Product Name = (null), Product version = (null), Company name = (null) |1519015183|0xdb7f488269290a8c1907602b7f4c213d|
\SystemRoot\system32\DRIVERS\srv.sys ("C:\WINNT\system32\drivers\srv.sys") File version = 5.00.2195.7222, File size = 239472, File modification date = 11/12/2008 12:09, File description = Server driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7222, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-612387434|0xec93828331107576c61c769f95582d58|
\SystemRoot\system32\SetupNT.sys ("C:\WINNT\system32\setupnt.sys") File version = (null), File size = 3000, File modification date = 25/10/2000 12:27, File description = (null), Product Name = (null), Product version = (null), Company name = (null) |1216739109|0x549ea830a5d9edd9cd14311126c2849b|
\??\C:\WINNT\system32\drivers\tmcomm.sys ("\\?\c:\winnt\system32\drivers\tmcomm.sys") File version = 1.6.0.1059, File size = 102664, File modification date = 19/10/2009 23:35, File description = TrendMicro Common Module, Product Name = ActiveClean, Product version = 1.6, Company name = Trend Micro Inc. (Copyright (C) 2005-2007 Trend Micro Incorporated. All rights reserved.) |573041654|0xdf8444a8fa8fd38d8848bdd40a8403b3|
\SystemRoot\System32\Drivers\Cdfs.SYS ("C:\WINNT\system32\drivers\cdfs.sys") File version = 5.00.2195.7006, File size = 63248, File modification date = 08/04/2005 11:51, File description = CD-ROM File System Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1586303086|0x66c19373d5eb657fb028133bde5d2acb|
\SystemRoot\System32\Drivers\Fastfat.SYS ("C:\WINNT\system32\drivers\fastfat.sys") File version = 5.00.2195.7061, File size = 142288, File modification date = 19/07/2005 10:44, File description = Fast FAT File System Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7061, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |244396023|0x533478c99ca81fd700bcf6a2754ce793|
\SystemRoot\system32\drivers\kmixer.sys ("C:\WINNT\system32\drivers\kmixer.sys") File version = 5.00.2195.6655, File size = 148304, File modification date = 19/06/2003 12:05, File description = Kernel Mode Audio Mixer, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1778557455|0x8e198ec9e823aa42edf45b07efe395ac|
\WINNT\system32\NTDLL.DLL ("c:\winnt\system32\ntdll.dll") File version = 5.00.2195.7006, File size = 483600, File modification date = 16/08/2005 09:39, File description = NT Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1093949723|0x4c0f0b57de8c1669aa6f49d285b3865a|

Runned processes/modules:

PROCESS System, PID = 8, USER = , Command Line =

PROCESS smss, PID = 148, USER = NT AUTHORITY\SYSTEM (Group - BUILTIN\Administrators, Everyone, NT AUTHORITY\Authenticated Users), Command Line =
\SystemRoot\System32\smss.exe, MID = 48580000, ("C:\WINNT\system32\smss.exe") File version = 5.00.2195.6601, File size = 45840, File modification date = 14/07/2003 12:00, File description = Windows NT Session Manager, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1192553804|0xf07c69367770a1c129a22f9158afaa2b|
C:\WINNT\system32\ntdll.dll, MID = 77f80000, ("c:\winnt\system32\ntdll.dll") File version = 5.00.2195.7006, File size = 483600, File modification date = 16/08/2005 09:39, File description = NT Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1093949723|0x4c0f0b57de8c1669aa6f49d285b3865a|
C:\WINNT\System32\sfcfiles.dll, MID = 68010000, ("c:\winnt\system32\sfcfiles.dll") File version = 5.00.2195.7038, File size = 973072, File modification date = 08/04/2005 10:34, File description = Windows 2000 System File Checker, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7038, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1300472552|0x7645645bb506c26b96b8f31893378c4b|

PROCESS csrss, PID = 176, USER = NT AUTHORITY\SYSTEM (Group - BUILTIN\Administrators, Everyone, NT AUTHORITY\Authenticated Users), Command Line = C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
"c:\winnt\system32\csrss.exe" File version = 5.00.2195.6601, File size = 5392, File modification date = 14/07/2003 12:00, File description = Client Server Runtime Process, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |411251858|0x6533392c5af4bf5c7ff12e453dd59ae5|
"c:\winnt\system32\basesrv.dll" File version = 5.00.2195.7011, File size = 46352, File modification date = 12/01/2005 19:39, File description = Windows NT BASE API Server DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7011, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-487791443|0x4daebd9f0f5b16fbdae8f26cd4ab7b74|
\??\C:\WINNT\system32\csrss.exe, MID = 5fff0000, ("\\?\c:\winnt\system32\csrss.exe") File version = 5.00.2195.6601, File size = 5392, File modification date = 14/07/2003 12:00, File description = Client Server Runtime Process, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |411251858|0x6533392c5af4bf5c7ff12e453dd59ae5|
C:\WINNT\system32\ntdll.dll, MID = 77f80000, ("c:\winnt\system32\ntdll.dll") File version = 5.00.2195.7006, File size = 483600, File modification date = 16/08/2005 09:39, File description = NT Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1093949723|0x4c0f0b57de8c1669aa6f49d285b3865a|
C:\WINNT\system32\CSRSRV.dll, MID = 5ff90000, ("c:\winnt\system32\csrsrv.dll") File version = 5.00.2195.6824, File size = 35088, File modification date = 13/01/2005 09:09, File description = Client Server Runtime Process, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6824, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-198044422|0xa863252332fffe4c530b5f1aa2cbb292|
C:\WINNT\system32\basesrv.dll, MID = 5ffa0000, ("c:\winnt\system32\basesrv.dll") File version = 5.00.2195.7011, File size = 46352, File modification date = 12/01/2005 19:39, File description = Windows NT BASE API Server DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7011, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-487791443|0x4daebd9f0f5b16fbdae8f26cd4ab7b74|
C:\WINNT\system32\winsrv.dll, MID = 7cc30000, ("c:\winnt\system32\winsrv.dll") File version = 5.00.2195.7135, File size = 245520, File modification date = 13/03/2007 09:44, File description = Windows Server DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7135, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1534871728|0xe3211e4884a21375f4d64a4b3986bca3|
C:\WINNT\system32\USER32.dll, MID = 77e10000, ("c:\winnt\system32\user32.dll") File version = 5.00.2195.7133, File size = 381200, File modification date = 06/03/2007 11:17, File description = Windows 2000 USER API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7133, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |428782839|0x40023a7103796b1af6ca41a6dbc54775|
C:\WINNT\system32\KERNEL32.dll, MID = 7c570000, ("c:\winnt\system32\kernel32.dll") File version = 5.00.2195.7135, File size = 712976, File modification date = 16/04/2007 12:44, File description = Windows NT BASE API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7135, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1984583957|0x0ab23b46ccaeba64d748a5cf79cb4bb6|
C:\WINNT\system32\GDI32.dll, MID = 77f40000, ("c:\winnt\system32\gdi32.dll") File version = 5.00.2195.7205, File size = 237840, File modification date = 23/10/2008 05:27, File description = GDI Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7205, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-509084252|0xddc864563d0c543cbed08f32864a87a9|
C:\WINNT\system32\MSVCRT.dll, MID = 78000000, ("c:\winnt\system32\msvcrt.dll") File version = 6.10.9844.0, File size = 286773, File modification date = 14/07/2003 12:00, File description = Microsoft (R) C Runtime Library, Product Name = Microsoft (R) Visual C++, Product version = 6.10.9844.0, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-229369582|0xba7be6f92680b28b9031170659fd222d|
C:\WINNT\system32\advapi32.dll, MID = 7c2d0000, ("c:\winnt\system32\advapi32.dll") File version = 5.00.2195.7038, File size = 401168, File modification date = 21/04/2005 08:08, File description = Advanced Windows 32 Base API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7038, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1396536984|0x67d5fc28cab4066922da01eb9c28167a|
C:\WINNT\system32\RPCRT4.dll, MID = 77d30000, ("c:\winnt\system32\rpcrt4.dll") File version = 5.00.2195.7090, File size = 439056, File modification date = 17/07/2007 06:42, File description = Remote Procedure Call Runtime, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7090, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-897039946|0xe11ad7a9e8320ad76954eab83356efbe|
C:\WINNT\system32\Secur32.dll, MID = 7c340000, ("c:\winnt\system32\secur32.dll") File version = 5.00.2195.6695, File size = 48912, File modification date = 14/07/2003 12:00, File description = Security Support Provider Interface, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6695, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1886565331|0x0d6b5a519879138244ef3f8549c02432|

PROCESS sp_rsser, PID = 648, USER = NT AUTHORITY\SYSTEM (Group - BUILTIN\Administrators, Everyone, NT AUTHORITY\Authenticated Users), Command Line = "C:\Program Files\Spyware Terminator\sp_rsser.exe"
"c:\program files\spyware terminator\sp_rsser.exe" File version = 2.5.0.511, File size = 487424, File modification date = 13/10/2009 23:43, File description = Spyware Terminator Realtime Shield Service, Product Name = Crawler Spyware Terminator, Product version = (null), Company name = Crawler.com ( Crawler.com) |-701443166|0xaa21cf891d0d8248eca1e9ba201acbef|
C:\Program Files\Spyware Terminator\sp_rsser.exe, MID = 400000, ("c:\program files\spyware terminator\sp_rsser.exe") File version = 2.5.0.511, File size = 487424, File modification date = 13/10/2009 23:43, File description = Spyware Terminator Realtime Shield Service, Product Name = Crawler Spyware Terminator, Product version = (null), Company name = Crawler.com ( Crawler.com) |-701443166|0xaa21cf891d0d8248eca1e9ba201acbef|
C:\WINNT\system32\ntdll.dll, MID = 77f80000, ("c:\winnt\system32\ntdll.dll") File version = 5.00.2195.7006, File size = 483600, File modification date = 16/08/2005 09:39, File description = NT Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1093949723|0x4c0f0b57de8c1669aa6f49d285b3865a|
C:\WINNT\system32\oleaut32.dll, MID = 779b0000, ("c:\winnt\system32\oleaut32.dll") File version = 2.40.4532, File size = 631056, File modification date = 05/12/2007 10:40, File description = (null), Product Name = (null), Product version = 2.40.4532, Company name = Microsoft Corporation (Copyright Microsoft Corp. 1993-1998.) |1026888533|0x6c81e3b6dde5b04290f4429f64b4959d|
C:\WINNT\system32\ole32.dll, MID = 7ce20000, ("c:\winnt\system32\ole32.dll") File version = 5.00.2195.7059, File size = 957712, File modification date = 05/09/2005 08:18, File description = Microsoft OLE for Windows, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7059, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1440050145|0x7f22f0fb5437b1b83bca7380385faf2d|
C:\WINNT\system32\RPCRT4.dll, MID = 77d30000, ("c:\winnt\system32\rpcrt4.dll") File version = 5.00.2195.7090, File size = 439056, File modification date = 17/07/2007 06:42, File description = Remote Procedure Call Runtime, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7090, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-897039946|0xe11ad7a9e8320ad76954eab83356efbe|
C:\WINNT\system32\KERNEL32.dll, MID = 7c570000, ("c:\winnt\system32\kernel32.dll") File version = 5.00.2195.7135, File size = 712976, File modification date = 16/04/2007 12:44, File description = Windows NT BASE API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7135, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1984583957|0x0ab23b46ccaeba64d748a5cf79cb4bb6|
C:\WINNT\system32\Secur32.dll, MID = 7c340000, ("c:\winnt\system32\secur32.dll") File version = 5.00.2195.6695, File size = 48912, File modification date = 14/07/2003 12:00, File description = Security Support Provider Interface, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6695, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1886565331|0x0d6b5a519879138244ef3f8549c02432|
C:\WINNT\system32\ADVAPI32.DLL, MID = 7c2d0000, ("c:\winnt\system32\advapi32.dll") File version = 5.00.2195.7038, File size = 401168, File modification date = 21/04/2005 08:08, File description = Advanced Windows 32 Base API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7038, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1396536984|0x67d5fc28cab4066922da01eb9c28167a|
C:\WINNT\system32\GDI32.dll, MID = 77f40000, ("c:\winnt\system32\gdi32.dll") File version = 5.00.2195.7205, File size = 237840, File modification date = 23/10/2008 05:27, File description = GDI Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7205, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-509084252|0xddc864563d0c543cbed08f32864a87a9|
C:\WINNT\system32\USER32.dll, MID = 77e10000, ("c:\winnt\system32\user32.dll") File version = 5.00.2195.7133, File size = 381200, File modification date = 06/03/2007 11:17, File description = Windows 2000 USER API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7133, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |428782839|0x40023a7103796b1af6ca41a6dbc54775|
C:\WINNT\system32\shell32.dll, MID = 7cf30000, ("c:\winnt\system32\shell32.dll") File version = 5.00.3900.7105, File size = 2362640, File modification date = 13/07/2006 07:09, File description = Windows Shell Common Dll, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.3900.7105, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |959277735|0x961cfc812107bcbd77488224c48e1a58|
C:\WINNT\system32\SHLWAPI.dll, MID = 70bd0000, ("c:\winnt\system32\shlwapi.dll") File version = 6.00.2800.1106, File size = 395264, File modification date = 29/08/2002 14:14, File description = Shell Light-weight Utility Library, Product Name = Microsoft Windows Operating System, Product version = 6.00.2800.1106, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |548690860|0x77e607bcfb09e6958fe58b0345ec48c6|
C:\WINNT\system32\msvcrt.dll, MID = 78000000, ("c:\winnt\system32\msvcrt.dll") File version = 6.10.9844.0, File size = 286773, File modification date = 14/07/2003 12:00, File description = Microsoft (R) C Runtime Library, Product Name = Microsoft (R) Visual C++, Product version = 6.10.9844.0, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-229369582|0xba7be6f92680b28b9031170659fd222d|
C:\WINNT\system32\COMCTL32.dll, MID = 71710000, ("c:\winnt\system32\comctl32.dll") File version = 5.81, File size = 529680, File modification date = 29/08/2002 14:14, File description = Common Controls Library, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.50.4916.400, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-2001) |163435159|0x9edc93cc795dff919c6cd953912838a9|
C:\WINNT\system32\SHFolder.dll, MID = 719b0000, ("c:\winnt\system32\shfolder.dll") File version = 6.00.2800.1106, File size = 22528, File modification date = 29/08/2002 14:14, File description = Shell Folder Service, Product Name = Microsoft Windows Operating System, Product version = 6.00.2800.1106, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-449221516|0xb52fe46bf6c62bc5c427c7fceaeccc18|
C:\WINNT\system32\version.dll, MID = 77820000, ("c:\winnt\system32\version.dll") File version = 5.00.2195.6623, File size = 16144, File modification date = 14/07/2003 12:00, File description = Version Checking and File Installation Libraries, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6623, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-190638979|0xca34bd29eb86bd772d59d35b959d43ee|
C:\WINNT\system32\LZ32.DLL, MID = 759b0000, ("c:\winnt\system32\lz32.dll") File version = 5.00.2195.6611, File size = 10000, File modification date = 14/07/2003 12:00, File description = LZ Expand/Compress API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6611, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1264502935|0x486298f7d8f63d3c441579783541a01b|
C:\WINNT\system32\NTMARTA.DLL, MID = 69bf0000, ("c:\winnt\system32\ntmarta.dll") File version = 5.00.2195.6666, File size = 102672, File modification date = 14/07/2003 12:00, File description = Windows NT MARTA provider, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6666, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1389764210|0x65ae65d9ee439a16f5acf10e37f41897|
C:\WINNT\system32\WINSPOOL.DRV, MID = 77800000, ("c:\winnt\system32\winspool.drv") File version = 5.00.2195.6659, File size = 113936, File modification date = 14/07/2003 12:00, File description = Windows Spooler Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6659, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |922778299|0xe58bf969aa9e4c548473474d8e9d971a|
C:\WINNT\system32\MPR.DLL, MID = 76620000, ("c:\winnt\system32\mpr.dll") File version = 5.00.2195.7134, File size = 54032, File modification date = 16/04/2007 12:44, File description = Multiple Provider Router DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7134, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1720145585|0xbbe0c0025a82681055660d91cef145ef|
C:\WINNT\system32\WLDAP32.dll, MID = 77950000, ("c:\winnt\system32\wldap32.dll") File version = 5.00.2195.7017, File size = 146192, File modification date = 08/04/2005 11:54, File description = Win32 LDAP API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7017, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1717065883|0x0da1335235dc386dab3c2329bcf2d4ee|
C:\WINNT\system32\SAMLIB.dll, MID = 75150000, ("c:\winnt\system32\samlib.dll") File version = 5.00.2195.6944, File size = 51984, File modification date = 08/04/2005 11:54, File description = SAM Library DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6944, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1155014648|0xabda35a92538d23407d3f394f5179002|
C:\WINNT\system32\NTDSAPI.dll, MID = 77bf0000, ("c:\winnt\system32\ntdsapi.dll") File version = 5.00.2195.6666, File size = 57616, File modification date = 14/07/2003 12:00, File description = NT5DS, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6666, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |792560724|0x1a9f0053b554fd71730b21e23458bc53|
C:\WINNT\system32\DNSAPI.DLL, MID = 77980000, ("c:\winnt\system32\dnsapi.dll") File version = 5.00.2195.7158, File size = 137488, File modification date = 25/06/2008 09:41, File description = DNS Client API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7158, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2059941658|0xf2ec571dbba43735147910f800059fac|
C:\WINNT\system32\WSOCK32.dll, MID = 75050000, ("c:\winnt\system32\wsock32.dll") File version = 5.00.2195.6603, File size = 21776, File modification date = 14/07/2003 12:00, File description = Windows Socket 32-Bit DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6603, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1515024278|0x183d2d8e28a0393b4798addd46ad27b0|
C:\WINNT\system32\WS2_32.DLL, MID = 75030000, ("c:\winnt\system32\ws2_32.dll") File version = 5.00.2195.6601, File size = 69904, File modification date = 14/07/2003 12:00, File description = Windows Socket 2.0 32-Bit DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2119670867|0x0190c62de42396d78db9be771cf2403e|
C:\WINNT\system32\WS2HELP.DLL, MID = 75020000, ("c:\winnt\system32\ws2help.dll") File version = 5.00.2134.1, File size = 18192, File modification date = 14/07/2003 12:00, File description = Windows Socket 2.0 Helper for Windows NT, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1302601384|0x28336b1300ec048124197091354251b6|
C:\WINNT\system32\NETAPI32.DLL, MID = 7cdc0000, ("c:\winnt\system32\netapi32.dll") File version = 5.00.2195.7203, File size = 310032, File modification date = 17/10/2008 17:41, File description = Net Win32 API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7203, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |439070768|0x7bbba94bcae7b4371254167c24972dfc|
C:\WINNT\system32\NETRAP.dll, MID = 751c0000, ("c:\winnt\system32\netrap.dll") File version = 5.00.2134.1, File size = 11536, File modification date = 14/07/2003 12:00, File description = Net Remote Admin Protocol DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1388728333|0x3de628eb3d632875b8a24bdc53e67277|
C:\WINNT\system32\psapi.dll, MID = 690a0000, ("c:\winnt\system32\psapi.dll") File version = 5.00.2134.1, File size = 28944, File modification date = 14/07/2003 12:00, File description = Process Status Helper, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1643079480|0x7f7005d2f1d9c579179807818c3ac4c7|

PROCESS stisvc, PID = 676, USER = NT AUTHORITY\SYSTEM (Group - BUILTIN\Administrators, Everyone, NT AUTHORITY\Authenticated Users), Command Line = C:\WINNT\system32\stisvc.exe
"c:\winnt\system32\stisvc.exe" File version = 5.00.2195.6656, File size = 61712, File modification date = 14/07/2003 12:00, File description = Still Image Devices Monitor, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6656, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1996-1997) |-1090273697|0xb75235626b950ff821146555c612f814|
C:\WINNT\system32\stisvc.exe, MID = 1000000, ("c:\winnt\system32\stisvc.exe") File version = 5.00.2195.6656, File size = 61712, File modification date = 14/07/2003 12:00, File description = Still Image Devices Monitor, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6656, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1996-1997) |-1090273697|0xb75235626b950ff821146555c612f814|
C:\WINNT\system32\ntdll.dll, MID = 77f80000, ("c:\winnt\system32\ntdll.dll") File version = 5.00.2195.7006, File size = 483600, File modification date = 16/08/2005 09:39, File description = NT Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1093949723|0x4c0f0b57de8c1669aa6f49d285b3865a|
C:\WINNT\system32\MSVCRT.dll, MID = 78000000, ("c:\winnt\system32\msvcrt.dll") File version = 6.10.9844.0, File size = 286773, File modification date = 14/07/2003 12:00, File description = Microsoft (R) C Runtime Library, Product Name = Microsoft (R) Visual C++, Product version = 6.10.9844.0, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-229369582|0xba7be6f92680b28b9031170659fd222d|
C:\WINNT\system32\KERNEL32.dll, MID = 7c570000, ("c:\winnt\system32\kernel32.dll") File version = 5.00.2195.7135, File size = 712976, File modification date = 16/04/2007 12:44, File description = Windows NT BASE API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7135, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1984583957|0x0ab23b46ccaeba64d748a5cf79cb4bb6|
C:\WINNT\system32\ADVAPI32.dll, MID = 7c2d0000, ("c:\winnt\system32\advapi32.dll") File version = 5.00.2195.7038, File size = 401168, File modification date = 21/04/2005 08:08, File description = Advanced Windows 32 Base API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7038, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1396536984|0x67d5fc28cab4066922da01eb9c28167a|
C:\WINNT\system32\RPCRT4.dll, MID = 77d30000, ("c:\winnt\system32\rpcrt4.dll") File version = 5.00.2195.7090, File size = 439056, File modification date = 17/07/2007 06:42, File description = Remote Procedure Call Runtime, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7090, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-897039946|0xe11ad7a9e8320ad76954eab83356efbe|
C:\WINNT\system32\Secur32.dll, MID = 7c340000, ("c:\winnt\system32\secur32.dll") File version = 5.00.2195.6695, File size = 48912, File modification date = 14/07/2003 12:00, File description = Security Support Provider Interface, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6695, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1886565331|0x0d6b5a519879138244ef3f8549c02432|
C:\WINNT\system32\USER32.dll, MID = 77e10000, ("c:\winnt\system32\user32.dll") File version = 5.00.2195.7133, File size = 381200, File modification date = 06/03/2007 11:17, File description = Windows 2000 USER API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7133, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |428782839|0x40023a7103796b1af6ca41a6dbc54775|
C:\WINNT\system32\GDI32.dll, MID = 77f40000, ("c:\winnt\system32\gdi32.dll") File version = 5.00.2195.7205, File size = 237840, File modification date = 23/10/2008 05:27, File description = GDI Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7205, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-509084252|0xddc864563d0c543cbed08f32864a87a9|
C:\WINNT\system32\SETUPAPI.dll, MID = 77880000, ("c:\winnt\system32\setupapi.dll") File version = 5.00.2195.6622, File size = 570128, File modification date = 14/07/2003 12:00, File description = Windows Setup API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6622, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-895472665|0x9726125daa47dcbf34f53cef8c677b9c|
C:\WINNT\system32\USERENV.DLL, MID = 7c0f0000, ("c:\winnt\system32\userenv.dll") File version = 5.00.2195.7002, File size = 399120, File modification date = 08/04/2005 11:54, File description = Userenv, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7002, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |2111145570|0x099cd26e9c34225002e4477c8ac8dcb0|
C:\WINNT\system32\STI.dll, MID = 67330000, ("c:\winnt\system32\sti.dll") File version = 5.00.2195.6656, File size = 41744, File modification date = 14/07/2003 12:00, File description = Still Image Devices DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6656, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1996-1997) |-2092542102|0xc0978492270070751491800d4d5cfca1|
C:\WINNT\system32\COMCTL32.dll, MID = 71710000, ("c:\winnt\system32\comctl32.dll") File version = 5.81, File size = 529680, File modification date = 29/08/2002 14:14, File description = Common Controls Library, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.50.4916.400, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-2001) |163435159|0x9edc93cc795dff919c6cd953912838a9|
C:\WINNT\system32\essiscnb.dll, MID = 10000000, ("c:\winnt\system32\essiscnb.dll") File version = 1.20, File size = 53248, File modification date = 08/02/2002 08:00, File description = User Mode Mini Drv., Product Name = User mode Mini Drv., Product version = 1.2, Company name = SEIKO EPSON CORP. (Copyright (C) SEIKO EPSON CORP. 1998) |1301691279|0xa87596c7bb6aefbc1d2f18e5b0b121f2|
C:\WINNT\system32\NTMARTA.DLL, MID = 69bf0000, ("c:\winnt\system32\ntmarta.dll") File version = 5.00.2195.6666, File size = 102672, File modification date = 14/07/2003 12:00, File description = Windows NT MARTA provider, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6666, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1389764210|0x65ae65d9ee439a16f5acf10e37f41897|
C:\WINNT\system32\WINSPOOL.DRV, MID = 77800000, ("c:\winnt\system32\winspool.drv") File version = 5.00.2195.6659, File size = 113936, File modification date = 14/07/2003 12:00, File description = Windows Spooler Driver, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6659, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |922778299|0xe58bf969aa9e4c548473474d8e9d971a|
C:\WINNT\system32\MPR.DLL, MID = 76620000, ("c:\winnt\system32\mpr.dll") File version = 5.00.2195.7134, File size = 54032, File modification date = 16/04/2007 12:44, File description = Multiple Provider Router DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7134, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1720145585|0xbbe0c0025a82681055660d91cef145ef|
C:\WINNT\system32\WLDAP32.dll, MID = 77950000, ("c:\winnt\system32\wldap32.dll") File version = 5.00.2195.7017, File size = 146192, File modification date = 08/04/2005 11:54, File description = Win32 LDAP API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7017, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1717065883|0x0da1335235dc386dab3c2329bcf2d4ee|
C:\WINNT\system32\SAMLIB.dll, MID = 75150000, ("c:\winnt\system32\samlib.dll") File version = 5.00.2195.6944, File size = 51984, File modification date = 08/04/2005 11:54, File description = SAM Library DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6944, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1155014648|0xabda35a92538d23407d3f394f5179002|
C:\WINNT\system32\NTDSAPI.dll, MID = 77bf0000, ("c:\winnt\system32\ntdsapi.dll") File version = 5.00.2195.6666, File size = 57616, File modification date = 14/07/2003 12:00, File description = NT5DS, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6666, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |792560724|0x1a9f0053b554fd71730b21e23458bc53|
C:\WINNT\system32\DNSAPI.DLL, MID = 77980000, ("c:\winnt\system32\dnsapi.dll") File version = 5.00.2195.7158, File size = 137488, File modification date = 25/06/2008 09:41, File description = DNS Client API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7158, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2059941658|0xf2ec571dbba43735147910f800059fac|
C:\WINNT\system32\WSOCK32.dll, MID = 75050000, ("c:\winnt\system32\wsock32.dll") File version = 5.00.2195.6603, File size = 21776, File modification date = 14/07/2003 12:00, File description = Windows Socket 32-Bit DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6603, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1515024278|0x183d2d8e28a0393b4798addd46ad27b0|
C:\WINNT\system32\WS2_32.DLL, MID = 75030000, ("c:\winnt\system32\ws2_32.dll") File version = 5.00.2195.6601, File size = 69904, File modification date = 14/07/2003 12:00, File description = Windows Socket 2.0 32-Bit DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2119670867|0x0190c62de42396d78db9be771cf2403e|
C:\WINNT\system32\WS2HELP.DLL, MID = 75020000, ("c:\winnt\system32\ws2help.dll") File version = 5.00.2134.1, File size = 18192, File modification date = 14/07/2003 12:00, File description = Windows Socket 2.0 Helper for Windows NT, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1302601384|0x28336b1300ec048124197091354251b6|
C:\WINNT\system32\NETAPI32.DLL, MID = 7cdc0000, ("c:\winnt\system32\netapi32.dll") File version = 5.00.2195.7203, File size = 310032, File modification date = 17/10/2008 17:41, File description = Net Win32 API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7203, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |439070768|0x7bbba94bcae7b4371254167c24972dfc|
C:\WINNT\system32\NETRAP.dll, MID = 751c0000, ("c:\winnt\system32\netrap.dll") File version = 5.00.2134.1, File size = 11536, File modification date = 14/07/2003 12:00, File description = Net Remote Admin Protocol DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1388728333|0x3de628eb3d632875b8a24bdc53e67277|
C:\WINNT\system32\ole32.dll, MID = 7ce20000, ("c:\winnt\system32\ole32.dll") File version = 5.00.2195.7059, File size = 957712, File modification date = 05/09/2005 08:18, File description = Microsoft OLE for Windows, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7059, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1440050145|0x7f22f0fb5437b1b83bca7380385faf2d|
C:\WINNT\system32\SHLWAPI.dll, MID = 70bd0000, ("c:\winnt\system32\shlwapi.dll") File version = 6.00.2800.1106, File size = 395264, File modification date = 29/08/2002 14:14, File description = Shell Light-weight Utility Library, Product Name = Microsoft Windows Operating System, Product version = 6.00.2800.1106, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |548690860|0x77e607bcfb09e6958fe58b0345ec48c6|

PROCESS Rtvscan, PID = 700, USER = NT AUTHORITY\SYSTEM (Group - BUILTIN\Administrators, Everyone, NT AUTHORITY\Authenticated Users), Command Line = "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
"c:\program files\symantec antivirus\rtvscan.exe" File version = 9.0.1.1000, File size = 1267024, File modification date = 03/08/2004 03:36, File description = Symantec AntiVirus, Product Name = Symantec AntiVirus, Product version = 9.0.1.1000, Company name = Symantec Corporation (Copyright 1991 - 2004 Symantec Corporation. All rights reserved.) |477603674|0x825349e7566b49e583399ca821d3436a|
C:\Program Files\Symantec AntiVirus\Rtvscan.exe, MID = 400000, ("c:\program files\symantec antivirus\rtvscan.exe") File version = 9.0.1.1000, File size = 1267024, File modification date = 03/08/2004 03:36, File description = Symantec AntiVirus, Product Name = Symantec AntiVirus, Product version = 9.0.1.1000, Company name = Symantec Corporation (Copyright 1991 - 2004 Symantec Corporation. All rights reserved.) |477603674|0x825349e7566b49e583399ca821d3436a|
C:\WINNT\system32\ntdll.dll, MID = 77f80000, ("c:\winnt\system32\ntdll.dll") File version = 5.00.2195.7006, File size = 483600, File modification date = 16/08/2005 09:39, File description = NT Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1093949723|0x4c0f0b57de8c1669aa6f49d285b3865a|
C:\WINNT\system32\CBA.DLL, MID = 501e0000, ("c:\winnt\system32\cba.dll") File version = 6.12.0.126 E, File size = 28723, File modification date = 17/12/2003 17:11, File description = CBA Interface Library, Product Name = Intel Common Base Agent, Product version = 6.12.0.126, Company name = Intel Corporation (Copyright 1997-2001 Intel Corporation) |741506428|0x9494fb92dd9687e00edff2877b39c44f|
C:\WINNT\system32\MsgSys.dll, MID = 50240000, ("c:\winnt\system32\msgsys.dll") File version = 6.12.0.126 E, File size = 41017, File modification date = 17/12/2003 17:11, File description = CBA -- Message System Library, Product Name = Intel Common Base Agent, Product version = 6.12.0.126, Company name = Intel Corporation (Copyright 1997-2001 Intel Corporation) |1222336727|0xe57541455e4900f58f9a8f063ffaf7a8|
C:\WINNT\system32\NTS.dll, MID = 50250000, ("c:\winnt\system32\nts.dll") File version = 6.12.0.126 E, File size = 77875, File modification date = 17/12/2003 17:11, File description = NTS, Product Name = Intel Common Base Agent, Product version = 6.12.0.126, Company name = Intel Corporation (Copyright 1997-2001 Intel Corporation) |1419395149|0x094aa945fabe34a4479ab3f59fb93fd6|
C:\WINNT\system32\WSOCK32.dll, MID = 75050000, ("c:\winnt\system32\wsock32.dll") File version = 5.00.2195.6603, File size = 21776, File modification date = 14/07/2003 12:00, File description = Windows Socket 32-Bit DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6603, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1515024278|0x183d2d8e28a0393b4798addd46ad27b0|
C:\WINNT\system32\KERNEL32.DLL, MID = 7c570000, ("c:\winnt\system32\kernel32.dll") File version = 5.00.2195.7135, File size = 712976, File modification date = 16/04/2007 12:44, File description = Windows NT BASE API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7135, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1984583957|0x0ab23b46ccaeba64d748a5cf79cb4bb6|
C:\WINNT\system32\WS2_32.DLL, MID = 75030000, ("c:\winnt\system32\ws2_32.dll") File version = 5.00.2195.6601, File size = 69904, File modification date = 14/07/2003 12:00, File description = Windows Socket 2.0 32-Bit DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2119670867|0x0190c62de42396d78db9be771cf2403e|
C:\WINNT\system32\MSVCRT.DLL, MID = 78000000, ("c:\winnt\system32\msvcrt.dll") File version = 6.10.9844.0, File size = 286773, File modification date = 14/07/2003 12:00, File description = Microsoft (R) C Runtime Library, Product Name = Microsoft (R) Visual C++, Product version = 6.10.9844.0, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-229369582|0xba7be6f92680b28b9031170659fd222d|
C:\WINNT\system32\ADVAPI32.DLL, MID = 7c2d0000, ("c:\winnt\system32\advapi32.dll") File version = 5.00.2195.7038, File size = 401168, File modification date = 21/04/2005 08:08, File description = Advanced Windows 32 Base API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7038, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1396536984|0x67d5fc28cab4066922da01eb9c28167a|
C:\WINNT\system32\RPCRT4.dll, MID = 77d30000, ("c:\winnt\system32\rpcrt4.dll") File version = 5.00.2195.7090, File size = 439056, File modification date = 17/07/2007 06:42, File description = Remote Procedure Call Runtime, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7090, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-897039946|0xe11ad7a9e8320ad76954eab83356efbe|
C:\WINNT\system32\Secur32.dll, MID = 7c340000, ("c:\winnt\system32\secur32.dll") File version = 5.00.2195.6695, File size = 48912, File modification date = 14/07/2003 12:00, File description = Security Support Provider Interface, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6695, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1886565331|0x0d6b5a519879138244ef3f8549c02432|
C:\WINNT\system32\WS2HELP.DLL, MID = 75020000, ("c:\winnt\system32\ws2help.dll") File version = 5.00.2134.1, File size = 18192, File modification date = 14/07/2003 12:00, File description = Windows Socket 2.0 Helper for Windows NT, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1302601384|0x28336b1300ec048124197091354251b6|
C:\WINNT\system32\MSWSOCK.dll, MID = 74ff0000, ("c:\winnt\system32\mswsock.dll") File version = 5.00.2195.7158, File size = 64784, File modification date = 25/06/2008 09:41, File description = Microsoft WinSock Extension APIs, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7158, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |423330694|0x01cfd70ce36df6857c1c952fc0e6e875|
C:\WINNT\system32\USER32.dll, MID = 77e10000, ("c:\winnt\system32\user32.dll") File version = 5.00.2195.7133, File size = 381200, File modification date = 06/03/2007 11:17, File description = Windows 2000 USER API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7133, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |428782839|0x40023a7103796b1af6ca41a6dbc54775|
C:\WINNT\system32\GDI32.dll, MID = 77f40000, ("c:\winnt\system32\gdi32.dll") File version = 5.00.2195.7205, File size = 237840, File modification date = 23/10/2008 05:27, File description = GDI Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7205, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-509084252|0xddc864563d0c543cbed08f32864a87a9|
C:\WINNT\system32\DNSAPI.dll, MID = 77980000, ("c:\winnt\system32\dnsapi.dll") File version = 5.00.2195.7158, File size = 137488, File modification date = 25/06/2008 09:41, File description = DNS Client API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7158, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2059941658|0xf2ec571dbba43735147910f800059fac|
C:\WINNT\system32\NETAPI32.dll, MID = 7cdc0000, ("c:\winnt\system32\netapi32.dll") File version = 5.00.2195.7203, File size = 310032, File modification date = 17/10/2008 17:41, File description = Net Win32 API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7203, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |439070768|0x7bbba94bcae7b4371254167c24972dfc|
C:\WINNT\system32\NTDSAPI.dll, MID = 77bf0000, ("c:\winnt\system32\ntdsapi.dll") File version = 5.00.2195.6666, File size = 57616, File modification date = 14/07/2003 12:00, File description = NT5DS, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6666, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |792560724|0x1a9f0053b554fd71730b21e23458bc53|
C:\WINNT\system32\WLDAP32.DLL, MID = 77950000, ("c:\winnt\system32\wldap32.dll") File version = 5.00.2195.7017, File size = 146192, File modification date = 08/04/2005 11:54, File description = Win32 LDAP API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7017, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1717065883|0x0da1335235dc386dab3c2329bcf2d4ee|
C:\WINNT\system32\NETRAP.dll, MID = 751c0000, ("c:\winnt\system32\netrap.dll") File version = 5.00.2134.1, File size = 11536, File modification date = 14/07/2003 12:00, File description = Net Remote Admin Protocol DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1388728333|0x3de628eb3d632875b8a24bdc53e67277|
C:\WINNT\system32\SAMLIB.dll, MID = 75150000, ("c:\winnt\system32\samlib.dll") File version = 5.00.2195.6944, File size = 51984, File modification date = 08/04/2005 11:54, File description = SAM Library DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6944, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1155014648|0xabda35a92538d23407d3f394f5179002|
C:\WINNT\system32\PDS.DLL, MID = 50270000, ("c:\winnt\system32\pds.dll") File version = 6.12.0.126 E, File size = 65590, File modification date = 17/12/2003 17:11, File description = PDS API, Product Name = Intel Common Base Agent, Product version = 6.12.0.126, Company name = Intel Corporation (Copyright 1997-2001 Intel Corporation) |-1228277819|0x8b3d49d23ffd30609433dfd0790fa1ab|
C:\WINNT\system32\MPR.dll, MID = 76620000, ("c:\winnt\system32\mpr.dll") File version = 5.00.2195.7134, File size = 54032, File modification date = 16/04/2007 12:44, File description = Multiple Provider Router DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7134, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1720145585|0xbbe0c0025a82681055660d91cef145ef|
C:\WINNT\system32\ole32.dll, MID = 7ce20000, ("c:\winnt\system32\ole32.dll") File version = 5.00.2195.7059, File size = 957712, File modification date = 05/09/2005 08:18, File description = Microsoft OLE for Windows, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7059, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1440050145|0x7f22f0fb5437b1b83bca7380385faf2d|
C:\WINNT\system32\OLEAUT32.dll, MID = 779b0000, ("c:\winnt\system32\oleaut32.dll") File version = 2.40.4532, File size = 631056, File modification date = 05/12/2007 10:40, File description = (null), Product Name = (null), Product version = 2.40.4532, Company name = Microsoft Corporation (Copyright Microsoft Corp. 1993-1998.) |1026888533|0x6c81e3b6dde5b04290f4429f64b4959d|
C:\WINNT\system32\CTL3D32.dll, MID = 72e90000, ("c:\winnt\system32\ctl3d32.dll") File version = 2.31.000, File size = 27136, File modification date = 14/07/2003 12:00, File description = Ctl3D 3D Windows Controls, Product Name = 3D Windows Controls, Product version = 2,31,0,0, Company name = Microsoft Corporation (Copyright Microsoft Corp. ) |-380324108|0xad63fb7d2c4a286d5ab1657ff4cd4a43|
C:\WINNT\system32\WINMM.dll, MID = 77570000, ("c:\winnt\system32\winmm.dll") File version = 5.00.2161.1, File size = 189200, File modification date = 14/07/2003 12:00, File description = MCI API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2161.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1294126543|0x89ae2927b977604d720b1680e208af47|
C:\Program Files\Symantec AntiVirus\NAVLU.dll, MID = 516a0000, ("c:\program files\symantec antivirus\navlu.dll") File version = 9.0.1.1000, File size = 58688, File modification date = 03/08/2004 03:36, File description = Symantec AntiVirus, Product Name = Symantec AntiVirus, Product version = 9.0.1.1000, Company name = Symantec Corporation (Copyright 1991 - 2004 Symantec Corporation. All rights reserved.) |2080246130|0x667d0cf09c8601670f55214c11902cfc|
C:\WINNT\system32\MFC42.DLL, MID = 6c370000, ("c:\winnt\system32\mfc42.dll") File version = 6.00.9586.0, File size = 1015859, File modification date = 14/07/2003 12:00, File description = MFCDLL Shared Library - Retail Version, Product Name = Microsoft (R) Visual C++, Product version = 6.0.400, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1993-1998) |-675354260|0x8d0dbf25d91aa1be1e4e348434fd12e4|
C:\WINNT\system32\PSAPI.DLL, MID = 690a0000, ("c:\winnt\system32\psapi.dll") File version = 5.00.2134.1, File size = 28944, File modification date = 14/07/2003 12:00, File description = Process Status Helper, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1643079480|0x7f7005d2f1d9c579179807818c3ac4c7|
C:\WINNT\system32\USERENV.dll, MID = 7c0f0000, ("c:\winnt\system32\userenv.dll") File version = 5.00.2195.7002, File size = 399120, File modification date = 08/04/2005 11:54, File description = Userenv, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7002, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |2111145570|0x099cd26e9c34225002e4477c8ac8dcb0|
C:\Program Files\Symantec AntiVirus\I2ldvp3.dll, MID = 51480000, ("c:\program files\symantec antivirus\i2ldvp3.dll") File version = 9.0.1.1000, File size = 243024, File modification date = 03/08/2004 03:36, File description = Symantec AntiVirus, Product Name = Symantec AntiVirus, Product version = 9.0.1.1000, Company name = Symantec Corporation (Copyright 1991 - 2004 Symantec Corporation. All rights reserved.) |273894993|0xf370ffc0566f590661be9ad347950689|
C:\Program Files\Symantec AntiVirus\ecmldr32.DLL, MID = 69000000, ("c:\program files\symantec antivirus\ecmldr32.dll") File version = 1.1.0.3, File size = 42160, File modification date = 27/06/2003 22:17, File description = Symantec Engine Common Object Model Loader, Product Name = ECOM Loader, Product version = 1.1.0.3, Company name = Symantec Corp. (Copyright (C) Symantec Corporation 1991-2003) |318751937|0xe8753779e5996465c7c50c8e988ced7b|
C:\WINNT\system32\SHLWAPI.dll, MID = 70bd0000, ("c:\winnt\system32\shlwapi.dll") File version = 6.00.2800.1106, File size = 395264, File modification date = 29/08/2002 14:14, File description = Shell Light-weight Utility Library, Product Name = Microsoft Windows Operating System, Product version = 6.00.2800.1106, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |548690860|0x77e607bcfb09e6958fe58b0345ec48c6|
C:\Program Files\Symantec AntiVirus\SAVRT32.DLL, MID = 6fa60000, ("c:\program files\symantec antivirus\savrt32.dll") File version = 9.3.0.28, File size = 218344, File modification date = 09/02/2004 23:43, File description = Symantec Realtime DLL, Product Name = Symantec AntiVirus AutoProtect, Product version = 9.3, Company name = Symantec Corporation (Copyright (c) 2003 Symantec Corporation) |-1530242046|0x643a1c8ad3938d8855f507fbcd82192c|
C:\WINNT\system32\VERSION.dll, MID = 77820000, ("c:\winnt\system32\version.dll") File version = 5.00.2195.6623, File size = 16144, File modification date = 14/07/2003 12:00, File description = Version Checking and File Installation Libraries, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6623, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-190638979|0xca34bd29eb86bd772d59d35b959d43ee|
C:\WINNT\system32\LZ32.DLL, MID = 759b0000, ("c:\winnt\system32\lz32.dll") File version = 5.00.2195.6611, File size = 10000, File modification date = 14/07/2003 12:00, File description = LZ Expand/Compress API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6611, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1264502935|0x486298f7d8f63d3c441579783541a01b|
C:\WINNT\system32\IMM32.dll, MID = 75e60000, ("c:\winnt\system32\imm32.dll") File version = 5.00.2195.6655, File size = 96528, File modification date = 14/07/2003 12:00, File description = Windows 2000 IMM32 API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6655, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |963357628|0x873794ce17dd72420d9c4072d4d112e5|
C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL, MID = 51810000, ("c:\program files\symantec antivirus\navntutl.dll") File version = 9.0.1.1000, File size = 83280, File modification date = 03/08/2004 03:36, File description = Symantec AntiVirus, Product Name = Symantec AntiVirus, Product version = 9.0.1.1000, Company name = Symantec Corporation (Copyright 1991 - 2004 Symantec Corporation. All rights reserved.) |804910486|0x26902c9a91bd545e75cfec121b463ad0|
C:\WINNT\system32\SFC.DLL, MID = 76980000, ("c:\winnt\system32\sfc.dll") File version = 5.00.2195.6673, File size = 95024, File modification date = 14/07/2003 12:00, File description = Windows File Protection, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6673, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1146302331|0x0e1f5e9b2d00611dc9fe59eef9487c76|
C:\WINNT\system32\sfcfiles.dll, MID = 68010000, ("c:\winnt\system32\sfcfiles.dll") File version = 5.00.2195.7038, File size = 973072, File modification date = 08/04/2005 10:34, File description = Windows 2000 System File Checker, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7038, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1300472552|0x7645645bb506c26b96b8f31893378c4b|
C:\WINNT\system32\CLBCATQ.DLL, MID = 7c950000, ("c:\winnt\system32\clbcatq.dll") File version = 2000.2.3529.0, File size = 551184, File modification date = 05/09/2005 08:18, File description = (null), Product Name = COM Services, Product version = 03.00.00.3529, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1995-1999) |191380482|0x6b8970e4791049d3ee5c3514e62797ee|
C:\WINNT\system32\wbem\wbemprox.dll, MID = 65a60000, ("c:\winnt\system32\wbem\wbemprox.dll") File version = 1.50.1085.0100, File size = 41061, File modification date = 14/07/2003 12:00, File description = Windows Management Instrumentation, Product Name = Windows Management Instrumentation, Product version = 1.50.1085.0100, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1995-1999) |-1084185829|0x17fa736b454dea3388e6e084451afcdc|
C:\WINNT\system32\wbem\wbemcomn.dll, MID = 65c20000, ("c:\winnt\system32\wbem\wbemcomn.dll") File version = 1.50.1085.0100, File size = 708696, File modification date = 14/07/2003 12:00, File description = Windows Management Instrumentation, Product Name = Windows Management Instrumentation, Product version = 1.50.1085.0100, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1995-1999) |340935955|0x1eef3ec347c1ef3437ed186946d2ee8d|
C:\WINNT\system32\shfolder.dll, MID = 719b0000, ("c:\winnt\system32\shfolder.dll") File version = 6.00.2800.1106, File size = 22528, File modification date = 29/08/2002 14:14, File description = Shell Folder Service, Product Name = Microsoft Windows Operating System, Product version = 6.00.2800.1106, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-449221516|0xb52fe46bf6c62bc5c427c7fceaeccc18|
C:\WINNT\system32\IPHLPAPI.dll, MID = 77340000, ("c:\winnt\system32\iphlpapi.dll") File version = 5.00.2195.7097, File size = 68368, File modification date = 19/05/2006 09:18, File description = IP Helper API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7097, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |979295807|0x0239d8d4b29b7664d73e16005cfefcce|
C:\WINNT\system32\ICMP.dll, MID = 77520000, ("c:\winnt\system32\icmp.dll") File version = 5.00.2134.1, File size = 7440, File modification date = 14/07/2003 12:00, File description = ICMP DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-215668467|0xeabdb948f90cc5f8e342c83ae10a71fe|
C:\WINNT\system32\MPRAPI.dll, MID = 77320000, ("c:\winnt\system32\mprapi.dll") File version = 5.00.2181.1, File size = 81168, File modification date = 14/07/2003 12:00, File description = Windows NT MP Router Administration DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2181.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1442464466|0xbb88f06f7aed4237df2a121deccb4d8a|
C:\WINNT\system32\ACTIVEDS.DLL, MID = 773b0000, ("c:\winnt\system32\activeds.dll") File version = 5.00.2195.6601, File size = 182032, File modification date = 14/07/2003 12:00, File description = ADs Router Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1899155926|0x5200155df5cd700ebe717a8d6dbdccc7|
C:\WINNT\system32\ADSLDPC.DLL, MID = 77380000, ("c:\winnt\system32\adsldpc.dll") File version = 5.00.2195.6993, File size = 134928, File modification date = 08/04/2005 11:54, File description = ADs LDAP Provider C DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6993, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1367366423|0xf898815e2a3d185df0d61214cb1768ef|
C:\WINNT\system32\RTUTILS.DLL, MID = 77830000, ("c:\winnt\system32\rtutils.dll") File version = 5.00.2168.1, File size = 44816, File modification date = 14/07/2003 12:00, File description = Routing Utilities, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2168.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1125120706|0xc1fcf708669031c78dcd68589abd9d4c|
C:\WINNT\system32\SETUPAPI.DLL, MID = 77880000, ("c:\winnt\system32\setupapi.dll") File version = 5.00.2195.6622, File size = 570128, File modification date = 14/07/2003 12:00, File description = Windows Setup API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6622, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-895472665|0x9726125daa47dcbf34f53cef8c677b9c|
C:\WINNT\system32\RASAPI32.dll, MID = 774e0000, ("c:\winnt\system32\rasapi32.dll") File version = 5.00.2195.6920, File size = 200464, File modification date = 08/04/2005 11:54, File description = Remote Access API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6920, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |871917568|0xc2d3211d940675d7d25ccd1129126337|
C:\WINNT\system32\rasman.dll, MID = 774c0000, ("c:\winnt\system32\rasman.dll") File version = 5.00.2195.6824, File size = 58128, File modification date = 08/04/2005 11:54, File description = Remote Access Connection Manager, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6824, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1127137275|0xb342275d0a3e43983f9e27367c052ef1|
C:\WINNT\system32\TAPI32.dll, MID = 77530000, ("c:\winnt\system32\tapi32.dll") File version = 5.00.2195.6664, File size = 126736, File modification date = 14/07/2003 12:00, File description = Microsoft Windows(TM) Telephony API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6664, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1996-97) |791213335|0x1345278cf4e09542f684d824ec90674d|
C:\WINNT\system32\COMCTL32.DLL, MID = 71710000, ("c:\winnt\system32\comctl32.dll") File version = 5.81, File size = 529680, File modification date = 29/08/2002 14:14, File description = Common Controls Library, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.50.4916.400, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-2001) |163435159|0x9edc93cc795dff919c6cd953912838a9|
C:\WINNT\system32\DHCPCSVC.DLL, MID = 77360000, ("c:\winnt\system32\dhcpcsvc.dll") File version = 5.00.2195.7085, File size = 89872, File modification date = 19/05/2006 09:18, File description = DHCP Client Service, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7085, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1178354831|0x4f17861b7f354f156d3e3663c426cb13|
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090927.002\ecmsvr32.dll, MID = 69040000, ("c:\program files\common files\symantec shared\virusdefs\20090927.002\ecmsvr32.dll") File version = 91.2.1.10, File size = 259440, File modification date = 27/09/2009 08:00, File description = Symantec Engine Common Object Model Server, Product Name = ECOM Server, Product version = 91.2.1.10, Company name = Symantec Corporation (Copyright (C) 1991-2009 Symantec Corporation.) |2025591219|0x605b554657988c0fdd77b9f226f4d8b3|
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090927.002\NAVEX32a.DLL, MID = 69100000, ("c:\program files\common files\symantec shared\virusdefs\20090927.002\navex32a.dll") File version = 20091.2.0.41, File size = 1647984, File modification date = 27/09/2009 08:00, File description = AV Engine, Product Name = Symantec Antivirus Engine, Product version = 20091.2.0.41, Company name = Symantec Corporation (Copyright (C) 1991-2009 Symantec Corporation.) |1131689332|0xeb4830a250d7d6af1fd73f2874d96241|
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090927.002\NAVENG32.DLL, MID = 692c0000, ("c:\program files\common files\symantec shared\virusdefs\20090927.002\naveng32.dll") File version = 20091.2.0.41, File size = 177520, File modification date = 27/09/2009 08:00, File description = AV Engine, Product Name = Symantec Antivirus Engine, Product version = 20091.2.0.41, Company name = Symantec Corporation (Copyright (C) 1991-2009 Symantec Corporation.) |529671136|0x7e6b506e93fa06bfe7148e2d526cd675|
C:\Program Files\Symantec AntiVirus\IMail.dll, MID = 10000000, ("c:\program files\symantec antivirus\imail.dll") File version = 9.0.1.1000, File size = 54624, File modification date = 03/08/2004 03:36, File description = Symantec AntiVirus, Product Name = Symantec AntiVirus, Product version = 9.0.1.1000, Company name = Symantec Corporation (Copyright 1991 - 2004 Symantec Corporation. All rights reserved.) |2102109981|0x7d7866cd8d8f4f00055440fe76829fad|
C:\Program Files\Symantec AntiVirus\NotesExt.dll, MID = 516f0000, ("c:\program files\symantec antivirus\notesext.dll") File version = 9.0.1.1000, File size = 103776, File modification date = 03/08/2004 03:36, File description = Symantec AntiVirus, Product Name = Symantec AntiVirus, Product version = 9.0.1.1000, Company name = Symantec Corporation (Copyright 1991 - 2004 Symantec Corporation. All rights reserved.) |-1951646071|0x2b158263f632d040e297cb1b0c3b7fec|
C:\Program Files\Symantec AntiVirus\vpmsece2.dll, MID = 51750000, ("c:\program files\symantec antivirus\vpmsece2.dll") File version = 9.0.1.1000, File size = 79200, File modification date = 03/08/2004 03:37, File description = Symantec AntiVirus, Product Name = Symantec AntiVirus, Product version = 9.0.1.1000, Company name = Symantec Corporation (Copyright 1991 - 2004 Symantec Corporation. All rights reserved.) |-1868573952|0xca88fab57915678410b51cad917987d0|
C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll, MID = 51710000, ("c:\program files\common files\symantec shared\ssc\scandlgs.dll") File version = 9.0.1.1000, File size = 238920, File modification date = 03/08/2004 03:36, File description = Symantec AntiVirus, Product Name = Symantec AntiVirus, Product version = 9.0.1.1000, Company name = Symantec Corporation (Copyright 1991 - 2004 Symantec Corporation. All rights reserved.) |-887911360|0xfa901a32534493312a5d2356aa1619a8|
C:\WINNT\system32\comdlg32.dll, MID = 76b30000, ("c:\winnt\system32\comdlg32.dll") File version = 5.00.3700.6693, File size = 241424, File modification date = 14/07/2003 12:00, File description = Common Dialogs DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.3700.6693, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1132175447|0x41c157ba2f205017ec26998009ccb046|
C:\WINNT\system32\SHELL32.DLL, MID = 7cf30000, ("c:\winnt\system32\shell32.dll") File version = 5.00.3900.7105, File size = 2362640, File modification date = 13/07/2006 07:09, File description = Windows Shell Common Dll, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.3900.7105, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |959277735|0x961cfc812107bcbd77488224c48e1a58|
C:\WINNT\system32\MSVCP60.dll, MID = 75ff0000, ("c:\winnt\system32\msvcp60.dll") File version = 6.02.3104.0, File size = 413696, File modification date = 04/08/2004 15:52, File description = Microsoft (R) C++ Runtime Library, Product Name = Microsoft (R) Visual C++, Product version = 6.02.3104.0, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1998) |1663906772|0x1b45ca78ec3744edf6a95768507a98a8|
C:\Program Files\Symantec AntiVirus\DecSDK.dll, MID = 698d0000, ("c:\program files\symantec antivirus\decsdk.dll") File version = 3.02.12.09, File size = 62576, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |-1108963629|0x27d41d4c58773720a9de6b33cca49459|
C:\Program Files\Symantec AntiVirus\Dec2.dll, MID = 69ae0000, ("c:\program files\symantec antivirus\dec2.dll") File version = 3.02.12.09, File size = 91248, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |-748566617|0x101034e60ac4261d62eb0a4d5529d789|
C:\WINNT\system32\WININET.dll, MID = 70200000, ("c:\winnt\system32\wininet.dll") File version = 6.00.2800.1106, File size = 585728, File modification date = 29/08/2002 14:14, File description = Internet Extensions for Win32, Product Name = Microsoft Windows Operating System, Product version = 6.00.2800.1106, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-958945156|0x8579e8474130334dfa93d4df3f0d3fa1|
C:\WINNT\system32\CRYPT32.dll, MID = 7c740000, ("c:\winnt\system32\crypt32.dll") File version = 5.131.2195.6926, File size = 563984, File modification date = 08/04/2005 11:54, File description = Crypto API32, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.131.2195.6926, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1939721043|0x9726a08c3e529c5e6a48fff274a32932|
C:\WINNT\system32\MSASN1.dll, MID = 77430000, ("c:\winnt\system32\msasn1.dll") File version = 5.00.2195.6905, File size = 56592, File modification date = 08/04/2005 11:54, File description = ASN.1 Runtime APIs, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6905, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |941742114|0x507173a20310cc8eaebb1204dc1d822d|
C:\Program Files\Symantec AntiVirus\Dec2ID.dll, MID = 69a50000, ("c:\program files\symantec antivirus\dec2id.dll") File version = 3.02.12.09, File size = 54384, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |-701533286|0x52861aa69224759b7ffec70abe4ebfd1|
C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll, MID = 698e0000, ("c:\program files\symantec antivirus\dec2zip.dll") File version = 3.02.12.09, File size = 242800, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |-1749234002|0xbef9c387487b1e98bfb9fd85f7cabc09|
C:\Program Files\Symantec AntiVirus\Dec2SS.dll, MID = 69990000, ("c:\program files\symantec antivirus\dec2ss.dll") File version = 3.02.12.09, File size = 91248, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |836517529|0x87749b38351738beaa3f28ea8b562eb6|
C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll, MID = 69a60000, ("c:\program files\symantec antivirus\dec2gzip.dll") File version = 3.02.12.09, File size = 99440, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |-232032828|0xb8155ecfdc90fb82780e1ed85396730c|
C:\Program Files\Symantec AntiVirus\Dec2CAB.dll, MID = 69a80000, ("c:\program files\symantec antivirus\dec2cab.dll") File version = 3.02.12.09, File size = 78960, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |-812641745|0x78b86c519f4741840945726e67d4d810|
C:\Program Files\Symantec AntiVirus\Dec2LHA.dll, MID = 69a30000, ("c:\program files\symantec antivirus\dec2lha.dll") File version = 3.02.12.09, File size = 103536, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |542769444|0x46e2bc1188b472b7d649dbc6e8d438bd|
C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll, MID = 69ab0000, ("c:\program files\symantec antivirus\dec2arj.dll") File version = 3.02.12.09, File size = 66672, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |-1069366188|0x1d91f58c5656263485517d95e3e5f5ae|
C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll, MID = 69920000, ("c:\program files\symantec antivirus\dec2tnef.dll") File version = 3.02.12.09, File size = 91248, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |1651114071|0x107de2f99574ceef274272fac9d6059b|
C:\Program Files\Symantec AntiVirus\Dec2LZ.dll, MID = 69a20000, ("c:\program files\symantec antivirus\dec2lz.dll") File version = 3.02.12.09, File size = 58480, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |300568328|0xd169c16197cba60d818e6c1efe3f13aa|
C:\Program Files\Symantec AntiVirus\Dec2AMG.dll, MID = 69ac0000, ("c:\program files\symantec antivirus\dec2amg.dll") File version = 3.02.12.09, File size = 119920, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |349222603|0x34602ab003647bd5b9f9d15fe64d38e2|
C:\Program Files\Symantec AntiVirus\Dec2TAR.dll, MID = 69980000, ("c:\program files\symantec antivirus\dec2tar.dll") File version = 3.02.12.09, File size = 66672, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |1848945673|0x8127c7fa19f08acd02d5b7daafbd29e7|
C:\Program Files\Symantec AntiVirus\Dec2RTF.dll, MID = 699b0000, ("c:\program files\symantec antivirus\dec2rtf.dll") File version = 3.02.12.09, File size = 83056, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |-359422516|0xe9e9cadd178bca45b0c9f9c1be25d601|
C:\Program Files\Symantec AntiVirus\Dec2Text.dll, MID = 69940000, ("c:\program files\symantec antivirus\dec2text.dll") File version = 3.02.12.09, File size = 234608, File modification date = 02/07/2004 15:53, File description = File Decomposer Component, Product Name = File Decomposer, Product version = 3.02.12.09, Company name = Symantec Corporation (Copyright 2001 Symantec Corporation.) |1605079162|0x10e519278fcdd2b6f0df4ac691ef00aa|
C:\Program Files\Symantec AntiVirus\DefUtDCS.dll, MID = 6a800000, ("c:\program files\symantec antivirus\defutdcs.dll") File version = 1.0.82.0, File size = 918760, File modification date = 03/02/2004 20:39, File description = Symantec Definition Utilities, Product Name = Symantec Definition Utilities, Product version = 1.0.82.0, Company name = Symantec Corporation (Copyright (C) 2003, Symantec Corporation) |144591873|0x22bb2283896237caad5d28ccbe7cefb4|
C:\WINNT\System32\rnr20.dll, MID = 782c0000, ("c:\winnt\system32\rnr20.dll") File version = 5.00.2195.6603, File size = 36624, File modification date = 14/07/2003 12:00, File description = Windows Socket2 NameSpace DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6603, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-435723684|0x11ff66de71088617a7ac172f33b6fda5|
C:\WINNT\System32\winrnr.dll, MID = 777e0000, ("c:\winnt\system32\winrnr.dll") File version = 5.00.2160.1, File size = 19216, File modification date = 14/07/2003 12:00, File description = LDAP RnR Provider DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2160.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |171900358|0x71325b58bc6a78b951cfe71b7514f91e|
C:\WINNT\system32\rasadhlp.dll, MID = 777f0000, ("c:\winnt\system32\rasadhlp.dll") File version = 5.00.2195.7098, File size = 7440, File modification date = 06/07/2006 11:45, File description = Remote Access AutoDial Helper, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7098, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-830196155|0x15c7fe3ef6c5f43a10a8c3eb3b993dd6|

PROCESS wanmpsvc, PID = 744, USER = NT AUTHORITY\SYSTEM (Group - BUILTIN\Administrators, Everyone, NT AUTHORITY\Authenticated Users), Command Line = "C:\WINNT\wanmpsvc.exe"
"c:\winnt\wanmpsvc.exe" File version = 7, 0, 0, 2, File size = 65536, File modification date = 30/07/2002 23:16, File description = Wan Miniport (ATW) Service, Product Name = America Online, Product version = 7, 0, 0, 2, Company name = America Online, Inc. (Copyright 2001 America Online, Inc.) |-994280280|0x909f2dc0da7f57d229a05ee90647b2c3|
C:\WINNT\wanmpsvc.exe, MID = 400000, ("c:\winnt\wanmpsvc.exe") File version = 7, 0, 0, 2, File size = 65536, File modification date = 30/07/2002 23:16, File description = Wan Miniport (ATW) Service, Product Name = America Online, Product version = 7, 0, 0, 2, Company name = America Online, Inc. (Copyright 2001 America Online, Inc.) |-994280280|0x909f2dc0da7f57d229a05ee90647b2c3|
C:\WINNT\system32\ntdll.dll, MID = 77f80000, ("c:\winnt\system32\ntdll.dll") File version = 5.00.2195.7006, File size = 483600, File modification date = 16/08/2005 09:39, File description = NT Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7006, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1093949723|0x4c0f0b57de8c1669aa6f49d285b3865a|
C:\WINNT\system32\KERNEL32.dll, MID = 7c570000, ("c:\winnt\system32\kernel32.dll") File version = 5.00.2195.7135, File size = 712976, File modification date = 16/04/2007 12:44, File description = Windows NT BASE API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7135, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1984583957|0x0ab23b46ccaeba64d748a5cf79cb4bb6|
C:\WINNT\system32\USER32.dll, MID = 77e10000, ("c:\winnt\system32\user32.dll") File version = 5.00.2195.7133, File size = 381200, File modification date = 06/03/2007 11:17, File description = Windows 2000 USER API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7133, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |428782839|0x40023a7103796b1af6ca41a6dbc54775|
C:\WINNT\system32\GDI32.dll, MID = 77f40000, ("c:\winnt\system32\gdi32.dll") File version = 5.00.2195.7205, File size = 237840, File modification date = 23/10/2008 05:27, File description = GDI Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7205, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-509084252|0xddc864563d0c543cbed08f32864a87a9|
C:\WINNT\system32\ADVAPI32.dll, MID = 7c2d0000, ("c:\winnt\system32\advapi32.dll") File version = 5.00.2195.7038, File size = 401168, File modification date = 21/04/2005 08:08, File description = Advanced Windows 32 Base API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7038, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1396536984|0x67d5fc28cab4066922da01eb9c28167a|
C:\WINNT\system32\RPCRT4.dll, MID = 77d30000, ("c:\winnt\system32\rpcrt4.dll") File version = 5.00.2195.7090, File size = 439056, File modification date = 17/07/2007 06:42, File description = Remote Procedure Call Runtime, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7090, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-897039946|0xe11ad7a9e8320ad76954eab83356efbe|
C:\WINNT\system32\Secur32.dll, MID = 7c340000, ("c:\winnt\system32\secur32.dll") File version = 5.00.2195.6695, File size = 48912, File modification date = 14/07/2003 12:00, File description = Security Support Provider Interface, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6695, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1886565331|0x0d6b5a519879138244ef3f8549c02432|
C:\WINNT\system32\iphlpapi.dll, MID = 77340000, ("c:\winnt\system32\iphlpapi.dll") File version = 5.00.2195.7097, File size = 68368, File modification date = 19/05/2006 09:18, File description = IP Helper API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7097, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |979295807|0x0239d8d4b29b7664d73e16005cfefcce|
C:\WINNT\system32\MSVCRT.dll, MID = 78000000, ("c:\winnt\system32\msvcrt.dll") File version = 6.10.9844.0, File size = 286773, File modification date = 14/07/2003 12:00, File description = Microsoft (R) C Runtime Library, Product Name = Microsoft (R) Visual C++, Product version = 6.10.9844.0, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-229369582|0xba7be6f92680b28b9031170659fd222d|
C:\WINNT\system32\WS2_32.dll, MID = 75030000, ("c:\winnt\system32\ws2_32.dll") File version = 5.00.2195.6601, File size = 69904, File modification date = 14/07/2003 12:00, File description = Windows Socket 2.0 32-Bit DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2119670867|0x0190c62de42396d78db9be771cf2403e|
C:\WINNT\system32\WS2HELP.DLL, MID = 75020000, ("c:\winnt\system32\ws2help.dll") File version = 5.00.2134.1, File size = 18192, File modification date = 14/07/2003 12:00, File description = Windows Socket 2.0 Helper for Windows NT, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1302601384|0x28336b1300ec048124197091354251b6|
C:\WINNT\system32\ICMP.dll, MID = 77520000, ("c:\winnt\system32\icmp.dll") File version = 5.00.2134.1, File size = 7440, File modification date = 14/07/2003 12:00, File description = ICMP DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-215668467|0xeabdb948f90cc5f8e342c83ae10a71fe|
C:\WINNT\system32\MPRAPI.dll, MID = 77320000, ("c:\winnt\system32\mprapi.dll") File version = 5.00.2181.1, File size = 81168, File modification date = 14/07/2003 12:00, File description = Windows NT MP Router Administration DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2181.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1442464466|0xbb88f06f7aed4237df2a121deccb4d8a|
C:\WINNT\system32\SAMLIB.DLL, MID = 75150000, ("c:\winnt\system32\samlib.dll") File version = 5.00.2195.6944, File size = 51984, File modification date = 08/04/2005 11:54, File description = SAM Library DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6944, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1155014648|0xabda35a92538d23407d3f394f5179002|
C:\WINNT\system32\NETAPI32.DLL, MID = 7cdc0000, ("c:\winnt\system32\netapi32.dll") File version = 5.00.2195.7203, File size = 310032, File modification date = 17/10/2008 17:41, File description = Net Win32 API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7203, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |439070768|0x7bbba94bcae7b4371254167c24972dfc|
C:\WINNT\system32\NTDSAPI.dll, MID = 77bf0000, ("c:\winnt\system32\ntdsapi.dll") File version = 5.00.2195.6666, File size = 57616, File modification date = 14/07/2003 12:00, File description = NT5DS, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6666, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |792560724|0x1a9f0053b554fd71730b21e23458bc53|
C:\WINNT\system32\DNSAPI.DLL, MID = 77980000, ("c:\winnt\system32\dnsapi.dll") File version = 5.00.2195.7158, File size = 137488, File modification date = 25/06/2008 09:41, File description = DNS Client API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7158, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-2059941658|0xf2ec571dbba43735147910f800059fac|
C:\WINNT\system32\WSOCK32.dll, MID = 75050000, ("c:\winnt\system32\wsock32.dll") File version = 5.00.2195.6603, File size = 21776, File modification date = 14/07/2003 12:00, File description = Windows Socket 32-Bit DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6603, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1515024278|0x183d2d8e28a0393b4798addd46ad27b0|
C:\WINNT\system32\WLDAP32.DLL, MID = 77950000, ("c:\winnt\system32\wldap32.dll") File version = 5.00.2195.7017, File size = 146192, File modification date = 08/04/2005 11:54, File description = Win32 LDAP API DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7017, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1717065883|0x0da1335235dc386dab3c2329bcf2d4ee|
C:\WINNT\system32\NETRAP.dll, MID = 751c0000, ("c:\winnt\system32\netrap.dll") File version = 5.00.2134.1, File size = 11536, File modification date = 14/07/2003 12:00, File description = Net Remote Admin Protocol DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2134.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1388728333|0x3de628eb3d632875b8a24bdc53e67277|
C:\WINNT\system32\OLE32.DLL, MID = 7ce20000, ("c:\winnt\system32\ole32.dll") File version = 5.00.2195.7059, File size = 957712, File modification date = 05/09/2005 08:18, File description = Microsoft OLE for Windows, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7059, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1440050145|0x7f22f0fb5437b1b83bca7380385faf2d|
C:\WINNT\system32\OLEAUT32.DLL, MID = 779b0000, ("c:\winnt\system32\oleaut32.dll") File version = 2.40.4532, File size = 631056, File modification date = 05/12/2007 10:40, File description = (null), Product Name = (null), Product version = 2.40.4532, Company name = Microsoft Corporation (Copyright Microsoft Corp. 1993-1998.) |1026888533|0x6c81e3b6dde5b04290f4429f64b4959d|
C:\WINNT\system32\ACTIVEDS.DLL, MID = 773b0000, ("c:\winnt\system32\activeds.dll") File version = 5.00.2195.6601, File size = 182032, File modification date = 14/07/2003 12:00, File description = ADs Router Layer DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6601, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1899155926|0x5200155df5cd700ebe717a8d6dbdccc7|
C:\WINNT\system32\ADSLDPC.DLL, MID = 77380000, ("c:\winnt\system32\adsldpc.dll") File version = 5.00.2195.6993, File size = 134928, File modification date = 08/04/2005 11:54, File description = ADs LDAP Provider C DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6993, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1367366423|0xf898815e2a3d185df0d61214cb1768ef|
C:\WINNT\system32\RTUTILS.DLL, MID = 77830000, ("c:\winnt\system32\rtutils.dll") File version = 5.00.2168.1, File size = 44816, File modification date = 14/07/2003 12:00, File description = Routing Utilities, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2168.1, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1125120706|0xc1fcf708669031c78dcd68589abd9d4c|
C:\WINNT\system32\SETUPAPI.DLL, MID = 77880000, ("c:\winnt\system32\setupapi.dll") File version = 5.00.2195.6622, File size = 570128, File modification date = 14/07/2003 12:00, File description = Windows Setup API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6622, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-895472665|0x9726125daa47dcbf34f53cef8c677b9c|
C:\WINNT\system32\USERENV.DLL, MID = 7c0f0000, ("c:\winnt\system32\userenv.dll") File version = 5.00.2195.7002, File size = 399120, File modification date = 08/04/2005 11:54, File description = Userenv, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7002, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |2111145570|0x099cd26e9c34225002e4477c8ac8dcb0|
C:\WINNT\system32\RASAPI32.dll, MID = 774e0000, ("c:\winnt\system32\rasapi32.dll") File version = 5.00.2195.6920, File size = 200464, File modification date = 08/04/2005 11:54, File description = Remote Access API, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6920, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |871917568|0xc2d3211d940675d7d25ccd1129126337|
C:\WINNT\system32\rasman.dll, MID = 774c0000, ("c:\winnt\system32\rasman.dll") File version = 5.00.2195.6824, File size = 58128, File modification date = 08/04/2005 11:54, File description = Remote Access Connection Manager, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6824, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |1127137275|0xb342275d0a3e43983f9e27367c052ef1|
C:\WINNT\system32\TAPI32.dll, MID = 77530000, ("c:\winnt\system32\tapi32.dll") File version = 5.00.2195.6664, File size = 126736, File modification date = 14/07/2003 12:00, File description = Microsoft Windows(TM) Telephony API Client DLL, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.6664, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1996-97) |791213335|0x1345278cf4e09542f684d824ec90674d|
C:\WINNT\system32\COMCTL32.DLL, MID = 71710000, ("c:\winnt\system32\comctl32.dll") File version = 5.81, File size = 529680, File modification date = 29/08/2002 14:14, File description = Common Controls Library, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.50.4916.400, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-2001) |163435159|0x9edc93cc795dff919c6cd953912838a9|
C:\WINNT\system32\SHLWAPI.DLL, MID = 70bd0000, ("c:\winnt\system32\shlwapi.dll") File version = 6.00.2800.1106, File size = 395264, File modification date = 29/08/2002 14:14, File description = Shell Light-weight Utility Library, Product Name = Microsoft Windows Operating System, Product version = 6.00.2800.1106, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |548690860|0x77e607bcfb09e6958fe58b0345ec48c6|
C:\WINNT\system32\DHCPCSVC.DLL, MID = 77360000, ("c:\winnt\system32\dhcpcsvc.dll") File version = 5.00.2195.7085, File size = 89872, File modification date = 19/05/2006 09:18, File description = DHCP Client Service, Product Name = Microsoft(R) Windows (R) 2000 Operating System, Product version = 5.00.2195.7085, Company name = Microsoft Corporation (Copyright (C) Microsoft Corp. 1981-1999) |-1178354831|0x4f17861b7f354f156d3e3663c426cb13|
C:\WINNT\system32\SHFOLDER.dll, MID = 719b0000, ("c:\winnt\system32\shfolder.dll") File version = 6.00.2800.1106, File size = 22528, File modification date = 29/08/2002 14:14, File description = Shell Folder Service, Product Name = Microsoft Windows Operating System, Product version = 6.00.2800.1106, Company name = Microsoft Corporation ( Microsoft Corporation. All rights reserved.) |-449221516|0xb52fe46bf6c62bc5c427c7fceaeccc18|