Main Page 
PC Review
Forums
Newsgroups
Microsoft AntiSpyware
Spyware Discussion
MAS Scan Log
Forums
Newsgroups
Microsoft AntiSpyware
Spyware Discussion
MAS Scan Log
 |
MAS Scan Log |
|
|
Thread Tools | Rate Thread |
09-10-2005, 04:21 PM
|
#1 |
|
Guest
Posts: n/a
|
MAS Scan Log
Hi -
MAS doesn't send reports to Microsoft - it keeps erroring out. I'm plaged by Winfixer popups and nothing stops them - NOTHING. <MSSSRT version="1.0.615" createdate="10/9/2005 7:19:19 AM" os="XP.2600" user=""><Audit><AutoRunAudit> <StartupFiles> <StartupFile path="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk" nam="Adobe Gamma Loader (adobe gamma loader.exe)" pub="Adobe Systems, Inc." md5="c2ff17734176cd15221c10044ef0ba1a" ver="1, 0, 0, 1" sz="113664" is="0" gfp="">c:\program files\common files\adobe\calibration\adobe gamma loader.exe</StartupFile> </StartupFiles> <StartupFilesRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Sunkist2k" dat="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" nam="Sunkist (shwicon2k.exe)" pub="Alcor Micro, Corp." md5="334e242417b1e66ecaf45d9dc62b288a" ver="1, 0, 0, 7" sz="139264" is="0" gfp="">c:\program files\multimedia card reader\shwicon2k.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Recguard" dat="C:\WINDOWS\SMINST\RECGUARD.EXE" nam="Recguard MFC Application (recguard.exe)" pub="None" md5="d3cc7a3813123e955b3a497c04b404e2" ver="1, 0, 0, 1" sz="212992" is="0" gfp="">c:\windows\sminst\recguard.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NeroFilterCheck" dat="C:\WINDOWS\system32\NeroCheck.exe" nam="NeroCheck (nerocheck.exe)" pub="Ahead Software Gmbh" md5="3e4c03cefad8de135263236b61a49c90" ver="1, 0, 0, 2" sz="155648" is="0" gfp="">c:\windows\system32\nerocheck.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="MediaFace Integration" dat="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" nam="MediaFACE Hook Application (sethook.exe)" pub="Fellowes, Inc." md5="c108e71530073dda128b9998be00acf9" ver="4,0,1,27" sz="53248" is="0" gfp="">c:\program files\fellowes\mediaface 4.0\sethook.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="LTMSG" dat="LTMSG.exe 7" nam="ltmsg (ltmsg.exe)" pub="Agere Systems" md5="4d3f3641aa76a48964102856fd7b955f" ver="3, 0, 0, 4" sz="40960" is="0" gfp="">c:\windows\ltmsg.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="IgfxTray" dat="C:\WINDOWS\system32\igfxtray.exe" nam="igfxTray Module (igfxtray.exe)" pub="Intel Corporation" md5="8bbbada96ffe1449edd39256eda99cd8" ver="3.0.0.3889" sz="155648" is="0" gfp="">c:\windows\system32\igfxtray.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="hpsysdrv" dat="c:\windows\system\hpsysdrv.exe" nam="hpsysdrv (hpsysdrv.exe)" pub="Hewlett-Packard Company" md5="06a1ecb63df139ec639e084d4ab3c9d7" ver="1, 7, 0, 0" sz="52736" is="0" gfp="">c:\windows\system\hpsysdrv.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="HotKeysCmds" dat="C:\WINDOWS\system32\hkcmd.exe" nam="hkcmd Module (hkcmd.exe)" pub="Intel Corporation" md5="ea5dd164296f66241bead39e12fa69f2" ver="3.0.0.3889" sz="118784" is="0" gfp="">c:\windows\system32\hkcmd.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AutoTKit" dat="C:\hp\bin\AUTOTKIT.EXE" nam=" (autotkit.exe)" pub="" md5="6d013ba4120ab87d8694aaf12bd5d1c1" ver="" sz="53248" is="0" gfp="">c:\hp\bin\autotkit.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="QuickTime Task" dat=""C:\Program Files\QuickTime\qttask.exe" -atboottime" nam="qttask.exe" pub="Apple Computer, Inc." md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1" sz="98304" is="0" gfp="">c:\program files\quicktime\qttask.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="HP Component Manager" dat=""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" nam="HP Framework Component Manager Service (hpcmpmgr.exe)" pub="Hewlett-Packard Company" md5="b75b654ee1da99876461b24597ae3ff3" ver="2.1.1.0" sz="241664" is="0" gfp="">c:\program files\hp\hpcoretech\hpcmpmgr.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="HPDJ Taskbar Utility" dat="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" nam="None (hpztsb10.exe)" pub="HP" md5="fd32127449af0b96ebeca3caab74e423" ver="2.323.0.0" sz="172032" is="0" gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AVG7_CC" dat="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" nam="AVG Control Center (avgcc.exe)" pub="GRISOFT, s.r.o." md5="6e74941e3e14cb67fb1648b45a041f0d" ver="7,1,0,338" sz="352256" is="0" gfp="">c:\progra~1\grisoft\avgfre~1\avgcc.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="gcasServ" dat=""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware Service (gcasserv.exe)" pub="Microsoft Corporation" md5="263740ede788a60a6c0a47249fc410bf" ver="1.00.0615" sz="473928" is="0" gfp="">c:\program files\microsoft antispyware\gcasserv.exe</StartupFileRegistry> <StartupFileRegistry ex="1" path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NVIEW" dat="rundll32.exe nview.dll,nViewLoadHook" nam="NVIDIA nView Desktop and Window Manager 45.28 (nview.dll)" pub="NVIDIA Corporation" md5="26b3de625fe075f43a61be19155220e6" ver="6.14.10.4528" sz="852038" is="0" gfp="">c:\windows\system32\nview.dll</StartupFileRegistry> <StartupFileRegistry ex="0" path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="SpySweeper" dat="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></StartupFileRegistry> </StartupFilesRegistry> <WinlogonUserinitFiles> <WinlogonUserinitFile ex="1" nam="Userinit Logon Application (userinit.exe)" pub="Microsoft Corporation" md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="24576" is="0" gfp="">c:\windows\system32\userinit.exe</WinlogonUserinitFile> </WinlogonUserinitFiles> <StartupWinIniFiles> </StartupWinIniFiles> <StartupSysIniFiles> </StartupSysIniFiles> </AutoRunAudit> <InternetExplorerAudit version="6.0.2900.2180"> <BrowserHelperObjects> <BHO ex="1" clsid="{15F4D456-5BAA-4076-8486-EECB38CD3E57}" prog="ElnkScamBlocker.ElnkScamBHO.1" val="ElnkScamBHO Class" nam="Earthlink ScamBlocker (escamblk.dll)" pub="EarthLink, Inc." md5="545c561abbea44f88e7fe028d82d7b17" ver="2.2.59.0" sz="181328" is="0" gfp="">c:\program files\earthlink totalaccess\toolbar\escamblk.dll</BHO> <BHO ex="1" clsid="{512ACF1B-64D9-4928-B382-A80556F28DB4}" prog="ELNK.ElnkPubBHO.1" val="ElnkPubBHO Class" nam="Earthlink PopupBlocker (elnkpub.dll)" pub="EarthLink, Inc." md5="5d05e2c28d677e45bdb7105f4331b3dd" ver="2.2.59.0" sz="197712" is="0" gfp="">c:\program files\earthlink totalaccess\toolbar\elnkpub.dll</BHO> <BHO ex="1" clsid="{656EC4B7-072B-4698-B504-2A414C1F0037}" prog="Prpl_IePopupBlocker.IE_PopupBlocker.1" val="IE_PopupBlocker Class" nam="prpl_IePopupBlocker Module (prpl_iepopupblocker.dll)" pub="Propel Software Corporation" md5="7d4dce216a71d935fad9fbe4b29be00a" ver="5.0.1.1054" sz="49152" is="0" gfp="">c:\program files\earthlink totalaccess\accelerator\prpl_iepopupblocker.dll</BHO> <BHO ex="1" clsid="{827DC836-DD9F-4A68-A602-5812EB50A834}" prog="MSEvents.MSEvents.1" val="MSEvents Object" nam=" (wincr.dll)" pub="" md5="02f0b37ab98887ab3600af69507cfad8" ver="" sz="516116" is="0" gfp="">c:\windows\servicepackfiles\i386\wincr.dll</BHO> <BHO ex="1" clsid="{9579D574-D4D8-4335-9560-FE8641A013BD}" prog="ProtctIE.ElnkProtectionBHO.1" val="ElnkProtectionBHO Class" nam="ProtcIE (protctie.dll)" pub="EarthLink, Inc." md5="a91009a20d29895537c338ba5966511a" ver="2.2.59.0" sz="238672" is="0" gfp="">c:\program files\earthlink totalaccess\toolbar\protctie.dll</BHO> <BHO ex="1" clsid="{E713904C-DF05-4C79-BBAD-02DB923253BE}" prog="uninsttb.ElnkLegacyUninstBHO.1" val="ElnkLegacyUninstBHO Class" nam="uninsttb (uninsttb.dll)" pub="EarthLink, Inc." md5="c02180535889c6de2a85b8570d79beb2" ver="2.2.59.0" sz="95312" is="0" gfp="">c:\program files\earthlink totalaccess\toolbar\uninsttb.dll</BHO> </BrowserHelperObjects> <IEToolbars> <IEToolbar ex="1" clsid="{C7768536-96F8-4001-B1A2-90EE21279187}" prog="Toolbar.ElnkToolbar.1" val="EarthLink Toolbar" nam="Toolbar (toolbar.dll)" pub="EarthLink, Inc." md5="d18c931184da46e5ac31022a755f635a" ver="2.2.60.0" sz="173136" is="0" gfp="">c:\program files\earthlink totalaccess\toolbar\toolbar.dll</IEToolbar> </IEToolbars> <IEExtensions> </IEExtensions> <IEExplorerBars> <IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell Doc Object and Control Library (shdocvw.dll)" pub="Microsoft Corporation" md5="47a418daae87e73814fa449ef32d0e0e" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="1483776" is="0" gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar> <IEExplorerBar ex="0" clsid="{8F4902B6-6C04-4ade-8052-AA58578A21BD}" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEExplorerBar> </IEExplorerBars> <IEShellBrowsers> <IEShellBrowser ex="0" clsid="{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEShellBrowser> <IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)" pub="Microsoft Corporation" md5="33e419191b4b92face6d6d3cf17b656f" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="1019904" is="0" gfp="">c:\windows\system32\browseui.dll</IEShellBrowser> <IEShellBrowser ex="0" clsid="{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" prog="" val="HP View" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEShellBrowser> <IEShellBrowser ex="0" clsid=" " prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEShellBrowser> </IEShellBrowsers> <IEWebBrowsers> <IEWebBrowser ex="0" clsid="{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" prog="" val="HP View" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEWebBrowser> <IEWebBrowser ex="0" clsid=" " prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEWebBrowser> <IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)" pub="Microsoft Corporation" md5="33e419191b4b92face6d6d3cf17b656f" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="1019904" is="0" gfp="">c:\windows\system32\browseui.dll</IEWebBrowser> <IEWebBrowser ex="0" clsid="{2318C2B1-4965-11D4-9B18-009027A5CD4F}" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEWebBrowser> <IEWebBrowser ex="0" clsid="{D7F30B62-8269-41AF-9539-B2697FA7D77E}" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEWebBrowser> <IEWebBrowser ex="0" clsid=" " prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEWebBrowser> </IEWebBrowsers> <IEMenuExts> <IEMenuExt val="Refresh Pa&ge with Full Quality">C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html</IEMenuExt> <IEMenuExt val="Refresh Pi&cture with Full Quality">C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html</IEMenuExt> </IEMenuExts> <IEURLSearchHooks> <IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" prog="" val="Microsoft Url Search Hook" nam="Shell Doc Object and Control Library (shdocvw.dll)" pub="Microsoft Corporation" md5="47a418daae87e73814fa449ef32d0e0e" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="1483776" is="0" gfp="">c:\windows\system32\shdocvw.dll</IEURLSearchHook> </IEURLSearchHooks> <IEURLs> <IEURL val="HCU\Software\Microsoft\Internet Explorer Start Page">http://www.google.com</IEURL> <IEURL val="HCU\Software\Microsoft\Internet Explorer Search Page"> <G ..?AVCW</IEURL> <IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Page_URL">http://start.earthlink.net</IEURL> <IEURL val="HCU\Software\Microsoft\Internet Explore Local Page">C:\WINDOWS\system32\blank.htm</IEURL> <IEURL val="HCU\Software\Microsoft\Internet Explore Search Bar"></IEURL> <IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Search_URL"></IEURL> <IEURL val="HCU\Software\Microsoft\Internet Explorer HomeOldSP"></IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer Start Page">http://www.google.com/</IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer Search Page"> <G ..?AVCW</IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer Local Page">%SystemRoot%\system32\blank.htm</IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer Search Bar"></IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer HomeOldSP"></IEURL> <IEURL val="HCU\Software\Microsoft\Internet Explorer\Search CustomizeSearch"></IEURL> <IEURL val="HCU\Software\Microsoft\Internet Explorer\Search SearchAssistant"></IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer\Search CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer\Search SearchAssistant">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</IEURL> <IEURL val="HCU\Software\Microsoft\Internet Explorer\SearchUrl">http://www.google.com/keyword/%s</IEURL> <IEURL val="HLM\Software\Microsoft\Internet Explorer\SearchUrl"></IEURL> <IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs blank">res://mshtml.dll/blank.htm</IEURL> <IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL> <IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL> <IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL> <IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL> <IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs PostNotCached">res://mshtml.dll/repost.htm</IEURL> <IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs mozilla"></IEURL> </IEURLs> </InternetExplorerAudit> <SystemAudit> <ShellExecuteHooks> <ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}" prog="Microsoft.AntiSpyware.ShellExecuteHook.1" val="Microsoft.AntiSpyware.ShellExecuteHook.1" nam="Microsoft AntiSpyware Shell Extension (shellextension.dll)" pub="Microsoft Corporation" md5="4b202fff9eb43fdc8d3290deaab7487e" ver="1.0.0614.10" sz="101080" is="0" gfp="">c:\program files\microsoft antispyware\shellextension.dll</ShellExecuteHook> </ShellExecuteHooks> <ShellOpenCommands> <ShellOpenCommand val="HCR\exefile\shell\open\command">"%1" %*</ShellOpenCommand> <ShellOpenCommand val="HCR\comfile\shell\open\command">"%1" %*</ShellOpenCommand> <ShellOpenCommand val="HCR\batfile\shell\open\command">"%1" %*</ShellOpenCommand> <ShellOpenCommand val="HCR\htafile\shell\open\command">C:\WINDOWS\System32\mshta.exe "%1" %*</ShellOpenCommand> <ShellOpenCommand val="HCR\piffile\shell\open\command">"%1" %*</ShellOpenCommand> <ShellOpenCommand val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand> <ShellOpenCommand val="HCR\mp3file\shell\open\command">"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"</ShellOpenCommand> <ShellOpenCommand val="HCR\mpegfile\shell\open\command">"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"</ShellOpenCommand> <ShellOpenCommand val="HCR\mailto\shell\open\command">"C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE" /mailurl:%1</ShellOpenCommand> <ShellOpenCommand val="HCR\htmlfile\shell\open\command">"C:\Program Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand> <ShellOpenCommand val="HCR\http\shell\open\command">"C:\Program Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand> <ShellOpenCommand val="HCR\https\shell\open\command">"C:\Program Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand> <ShellOpenCommand val="HCR\ftp\shell\open\command">"C:\Program Files\Internet Explorer\iexplore.exe" %1</ShellOpenCommand> </ShellOpenCommands> <ActiveXInstalls> <ActiveXInstall clsid="{02BCC737-B171-4746-94C9-0D8A0B2C0089}" prog="Office.awsdc.1" nam="Microsoft Office Template and Media Control" codebase="http://office.microsoft.com/templates/ieawsdc.cab"> <Files> <File ex="1" nam="IEAWSDC.DLL" pub="Unavailable" md5="50804f20a0e541d9a0dbad1d56019ada" ver="Unavailable" sz="87240" is="0" gfp="">C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL</File> </Files> </ActiveXInstall> <ActiveXInstall clsid="{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}" prog="QuickTime.QuickTime.4" nam="QuickTime Object" codebase="http://www.apple.com/qtactivex/qtplugin.cab"> <Files> </Files> </ActiveXInstall> <ActiveXInstall clsid="{166B1BCA-3F9C-11CF-8075-444553540000}" prog="SWCtl.SWCtl.8.5.1" nam="Shockwave ActiveX Control" codebase="http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab"> <Files> </Files> </ActiveXInstall> <ActiveXInstall clsid="{17492023-C23A-453E-A040-C7C580BBF700}" prog="LegitCheckControl.LegitCheck.1" nam="Windows Genuine Advantage Validation Tool" codebase="http://go.microsoft.com/fwlink/?linkid=39204"> <Files> <File ex="1" nam="PidGen (GWFSPidGen.DLL)" pub="Microsoft" md5="76cfe0b49089af874d3d135efc38bf3a" ver="1, 5, 0, 42" sz="23304" is="0" gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File> <File ex="1" nam="Windows Genuine Advantage Validation (LegitCheckControl.DLL)" pub="Microsoft Corporation" md5="679088dd42afb105a6da3f5e876d69b6" ver="1.3.0272.0" sz="520968" is="0" gfp="">C:\WINDOWS\system32\LegitCheckControl.DLL</File> </Files> </ActiveXInstall> <ActiveXInstall clsid="{8AD9C840-044E-11D1-B3E9-00805F499D93}" prog="" nam="Java Plug-in 1.4.2" codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab"> <Files> </Files> </ActiveXInstall> <ActiveXInstall clsid="{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}" prog="" nam="Java Plug-in 1.4.2" codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab"> <Files> </Files> </ActiveXInstall> <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1" nam="Shockwave Flash Object" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"> <Files> </Files> </ActiveXInstall> </ActiveXInstalls> <PROTOCOLSFilters> <PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" prog="CorRegistration.CorFltr.1" filter="application/octet-stream" val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft Corporation" md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648" is="0" gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter> <PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" prog="CorRegistration.CorFltr.1" filter="application/x-complus" val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft Corporation" md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648" is="0" gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter> <PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" prog="CorRegistration.CorFltr.1" filter="application/x-msdownload" val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft Corporation" md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648" is="0" gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter> <PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" prog="" filter="Class Install Handler" val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter> <PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog="" filter="deflate" val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter> <PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter> <PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter> <PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" prog="" filter="text/webviewhtml" val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation" md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0" gfp="">c:\windows\system32\shell32.dll</PROTOCOLSFilter> </PROTOCOLSFilters> <PROTOCOLSHandlers> <PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722 (xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0" gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{CF184AD3-CDCB-4168-A3F7-8E447D129300}" prog="HPCETI.UIZipProtocol.1" filter="cetihpz" val="{CF184AD3-CDCB-4168-A3F7-8E447D129300}" nam="HPCETIUI Protocol Handler Module (hpuiprot.dll)" pub="Hewlett-Packard Company" md5="25709aea0b57a61e67c35ddd7994c9ed" ver="2.1.4" sz="81920" is="0" gfp="">c:\program files\hp\hpcoretech\comp\hpuiprot.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" prog="" filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0" gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="gopher" val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" filter="its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft Corporation" md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453 (srv03_sp1_gdr.050525-1542)" sz="137216" is="0" gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="javascript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722 (xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0" gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="mailto" val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722 (xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0" gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet Messaging API (inetcomm.dll)" pub="Microsoft Corporation" md5="64528cdf39d8bc19d800be60039bb7e4" ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="678400" is="0" gfp="">c:\windows\system32\inetcomm.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="607744" is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" filter="ms-its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft Corporation" md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453 (srv03_sp1_gdr.050525-1542)" sz="137216" is="0" gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722 (xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0" gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-006008059382}" prog="" filter="sysimage" val="{76E67A63-06E9-11D2-A840-006008059382}" nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722 (xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0" gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" prog="" filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0" gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="vbscript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722 (xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0" gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler> <PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" prog="Wia.WiaProtocol.1" filter="wia" val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA Scripting Layer (wiascr.dll)" pub="Microsoft Corporation" md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75776" is="0" gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler> </PROTOCOLSHandlers> <PROTOCOLSNameSpaceHandlers> <PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk" namespacefilter="NameSpace Filter for MK:@MSITStore:..." val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft Corporation" md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453 (srv03_sp1_gdr.050525-1542)" sz="137216" is="0" gfp="">c:\windows\system32\itss.dll</PROTOCOLSNameSpaceHandler> </PROTOCOLSNameSpaceHandlers> <TCPIPParamaters> <TCPIPParamater val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater> <TCPIPParamater val="Domain"></TCPIPParamater> <TCPIPParamater val="NameServer"></TCPIPParamater> <TCPIPParamater val="SearchList"></TCPIPParamater> <TCPIPParamater val="VXD MSTCP: NameServer"></TCPIPParamater> </TCPIPParamaters> <InternetSettings> <InternetSetting val="ProxyEnable">1</InternetSetting> <InternetSetting val="ProxyServer">http=localhost:8080</InternetSetting> <InternetSetting val="ProxyOverride"><local></InternetSetting> <InternetSetting val="User Agent">Mozilla/4.0 (compatible; MSIE 6.0; Win32)</InternetSetting> <InternetSetting val="ZoneMap Domain Count">0</InternetSetting> </InternetSettings> <IESettings> <IESetting val="UseMyStylesheet" set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles"></IESetting> <IESetting val="UserStylesheet" set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles"></IESetting> <IESetting val="UseMyStylesheet" set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles"></IESetting> <IESetting val="UserStylesheet" set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles"></IESetting> </IESettings> <AppInitDLLs val=""> </AppInitDLLs> <ShellServiceObjectDelayLoads> <ShellServiceObjectDelayLoad ex="1" clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog="" val="PostBootReminder" nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation" md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0" gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad> <ShellServiceObjectDelayLoad ex="1" clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn" nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation" md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0" gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad> <ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck" nam="Web Site Monitor (webcheck.dll)" pub="Microsoft Corporation" md5="6501db5182d5a8c0f1f1707286161d66" ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="276480" is="0" gfp="">c:\windows\system32\webcheck.dll</ShellServiceObjectDelayLoad> <ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog="" val="SysTray" nam="Systray shell service object (stobject.dll)" pub="Microsoft Corporation" md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="121856" is="0" gfp="">c:\windows\system32\stobject.dll</ShellServiceObjectDelayLoad> </ShellServiceObjectDelayLoads> <ScheduledTasks> </ScheduledTasks> <Services> <Service ex="1" disp="Adobe LM Service" desc="Adobe LM Service" nam="System Level Service Utilty (Adobelmsvc.exe)" pub="Unavailable" md5="3dca27d49522aacf37a4a3e2aca8e0b2" ver="2.43.000" sz="68096" is="0" gfp="">C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe</Service> <Service ex="1" disp="Application Layer Gateway Service" desc="Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall." nam="Application Layer Gateway Service (alg.exe)" pub="Microsoft Corporation" md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="44544" is="0" gfp="">C:\WINDOWS\System32\alg.exe</Service> <Service ex="1" disp="ASP.NET State Service" desc="Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start." nam="aspnet_state.exe (aspnet_state.exe)" pub="Microsoft Corporation" md5="a986fcfdac587e68478db51547b90800" ver="1.1.4322.573" sz="32768" is="0" gfp="">C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe</Service> <Service ex="1" disp="AVG7 Alert Manager Server" desc="" nam="AVG Alert Manager (avgamsvr.exe)" pub="GRISOFT, s.r.o." md5="9dbd26d7d7967d918c507b1e2a93a37e" ver="7,1,0,321" sz="330240" is="0" gfp="">C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe</Service> <Service ex="1" disp="AVG7 Update Service" desc="" nam="AVG Update Service (avgupsvc.exe)" pub="GRISOFT, s.r.o." md5="62e6b23b906b213836470740fe449b43" ver="7,1,0,321" sz="84480" is="0" gfp="">C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe</Service> <Service ex="1" disp="Indexing Service" desc="Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language." nam="Content Index service (cisvc.exe)" pub="Microsoft Corporation" md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="5632" is="0" gfp="">C:\WINDOWS\system32\cisvc.exe</Service> <Service ex="1" disp="ClipBook" desc="Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Windows NT DDE Server (clipsrv.exe)" pub="Microsoft Corporation" md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="33280" is="0" gfp="">C:\WINDOWS\system32\clipsrv.exe</Service> <Service ex="1" disp="COM+ System Application" desc="Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." nam="COM Surrogate (dllhost.exe)" pub="Microsoft Corporation" md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="5120" is="0" gfp="">C:\WINDOWS\System32\dllhost.exe</Service> <Service ex="1" disp="Logical Disk Manager Administrative Service" desc="Configures hard disk drives and volumes. The service only runs for configuration processes and then stops." nam="Logical Disk Manager service process (dmadmin.exe)" pub="Microsoft Corp., Veritas Software" md5="554c7cb178fe3bd12450b81ad63adbc3" ver="2600.2180.503.0" sz="224768" is="0" gfp="">C:\WINDOWS\System32\dmadmin.exe</Service> <Service ex="1" disp="EarthLink Monitor Service" desc="" nam="wmonitor Module (wmonitor.exe)" pub="Boingo Wireless, Inc." md5="80a5870b25b47e0a018cb42505e6ada0" ver="1, 4, 1220, 0" sz="65604" is="0" gfp="">C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe</Service> <Service ex="1" disp="Event Log" desc="Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped." nam="Services and Controller app (services.exe)" pub="Microsoft Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032" is="0" gfp="">C:\WINDOWS\system32\services.exe</Service> <Service ex="1" disp="Fax" desc="Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network." nam="Fax Service (fxssvc.exe)" pub="Microsoft Corporation" md5="fcbd571fa0ee8dc238944ae5fab74461" ver="5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="267776" is="0" gfp="">C:\WINDOWS\system32\fxssvc.exe</Service> <Service ex="1" disp="IMAPI CD-Burning COM Service" desc="Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Image Mastering API (imapi.exe)" pub="Microsoft Corporation" md5="fa788520bcac0f5d9d5cde5615c0d931" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="150016" is="0" gfp="">C:\WINDOWS\System32\imapi.exe</Service> <Service ex="1" disp="NetMeeting Remote Desktop Sharing" desc="Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." nam="NetMeeting Remote Desktop Sharing (mnmsrvc.exe)" pub="Microsoft Corporation" md5="f6415361201915b9fe3896b0e4e724ff" ver="5.1.2600.2180" sz="32768" is="0" gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service> <Service ex="1" disp="Distributed Transaction Coordinator" desc="Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. " nam="MS DTC console program (msdtc.exe)" pub="Microsoft Corporation" md5="c7c3d89eb0a6f3dba622ea737fa335b1" ver="2001.12.4414.258" sz="6144" is="0" gfp="">C:\WINDOWS\System32\msdtc.exe</Service> <Service ex="1" disp="Windows Installer" desc="Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Windows installer (msiexec.exe)" pub="Microsoft Corporation" md5="f5f0146580e7023adb963879840777f8" ver="3.1.4000.1823" sz="78848" is="0" gfp="">C:\WINDOWS\system32\msiexec.exe</Service> <Service ex="1" disp="Network DDE" desc="Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Network DDE - DDE Communication (netdde.exe)" pub="Microsoft Corporation" md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="111104" is="0" gfp="">C:\WINDOWS\system32\netdde.exe</Service> <Service ex="1" disp="Network DDE DSDM" desc="Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. " nam="Network DDE - DDE Communication (netdde.exe)" pub="Microsoft Corporation" md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="111104" is="0" gfp="">C:\WINDOWS\system32\netdde.exe</Service> <Service ex="1" disp="Net Logon" desc="Supports pass-through authentication of account logon events for computers in a domain." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINDOWS\System32\lsass.exe</Service> <Service ex="1" disp="NT LM Security Support Provider" desc="Provides security to remote procedure call (RPC) programs that use transports other than named pipes." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINDOWS\System32\lsass.exe</Service> <Service ex="1" disp="NVIDIA Driver Helper Service" desc="" nam="NVIDIA Driver Helper Service, Version 45.28 (nvsvc32.exe)" pub="NVIDIA Corporation" md5="88a8cfcd2bc3ff1484901ce985782e6e" ver="6.14.10.4528" sz="77824" is="0" gfp="">C:\WINDOWS\System32\nvsvc32.exe</Service> <Service ex="1" disp="Plug and Play" desc="Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability." nam="Services and Controller app (services.exe)" pub="Microsoft Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032" is="0" gfp="">C:\WINDOWS\system32\services.exe</Service> <Service ex="1" disp="IPSEC Services" desc="Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINDOWS\System32\lsass.exe</Service> <Service ex="1" disp="Protected Storage" desc="Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service> <Service ex="1" disp="Remote Desktop Help Session Manager" desc="Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box." nam="Microsoft Remote Desktop Help Session Manager (sessmgr.exe)" pub="Microsoft Corporation" md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="140800" is="0" gfp="">C:\WINDOWS\system32\sessmgr.exe</Service> <Service ex="1" disp="Remote Procedure Call (RPC) Locator" desc="Manages the RPC name service database." nam="Rpc Locator (locator.exe)" pub="Microsoft Corporation" md5="793f04a09b15e7c6c11dbdffaf06c0ab" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75264" is="0" gfp="">C:\WINDOWS\System32\locator.exe</Service> <Service ex="1" disp="QoS RSVP" desc="Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets." nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft Corporation" md5="471b3f9741d762abe75e9deea4787e47" ver="5.1.2600.0 (xpclient.010817-1148)" sz="132608" is="0" gfp="">C:\WINDOWS\System32\rsvp.exe</Service> <Service ex="1" disp="Security Accounts Manager" desc="Stores security information for local user accounts." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service> <Service ex="1" disp="Smart Card" desc="Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Smart Card Resource Management Server (SCardSvr.exe)" pub="Microsoft Corporation" md5="25d8de134df108e3dbc8d7d23b1aa58e" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="95744" is="0" gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service> <Service ex="1" disp="Print Spooler" desc="Loads files to memory for later printing." nam="Spooler SubSystem App (spoolsv.exe)" pub="Microsoft Corporation" md5="da81ec57acd4cdc3d4c51cf3d409af9f" ver="5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)" sz="57856" is="0" gfp="">C:\WINDOWS\system32\spoolsv.exe</Service> <Service ex="1" disp="MS Software Shadow Copy Provider" desc="Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start." nam="COM Surrogate (dllhost.exe)" pub="Microsoft Corporation" md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="5120" is="0" gfp="">C:\WINDOWS\System32\dllhost.exe</Service> <Service ex="1" disp="Performance Logs and Alerts" desc="Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Performance Logs and Alerts Service (smlogsvc.exe)" pub="Microsoft Corporation" md5="8b54aa346d1b1b113ffaa75501b8b1b2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="89600" is="0" gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service> <Service ex="1" disp="Windows User Mode Driver Framework" desc="Enables Windows user mode drivers." nam="Windows User Mode Driver Manager (wdfmgr.exe)" pub="Microsoft Corporation" md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230 built by: DNSRV(bld4act)" sz="38912" is="0" gfp="">C:\WINDOWS\System32\wdfmgr.exe</Service> <Service ex="1" disp="Uninterruptible Power Supply" desc="Manages an uninterruptible power supply (UPS) connected to the computer." nam="UPS Service (ups.exe)" pub="Microsoft Corporation" md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="18432" is="0" gfp="">C:\WINDOWS\System32\ups.exe</Service> <Service ex="1" disp="Volume Shadow Copy" desc="Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Microsoft Volume Shadow Copy Service (vssvc.exe)" pub="Microsoft Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="289792" is="0" gfp="">C:\WINDOWS\System32\vssvc.exe</Service> <Service ex="1" disp="WMI Performance Adapter" desc="Provides performance library information from WMI HiPerf providers." nam="WMI Performance Adapter Service (wmiapsrv.exe)" pub="Microsoft Corporation" md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="126464" is="0" gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service> </Services> </SystemAudit> <ProcessesAudit> <Processes> <Process ex="1" pid="384" nam="Windows NT Session Manager (smss.exe)" pub="Microsoft Corporation" md5="bd7fb0957c716f1a60333aee04de2178" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="50688" is="0" gfp="">c:\windows\system32\smss.exe</Process> <Process ex="1" pid="456" nam="Client Server Runtime Process (csrss.exe)" pub="Microsoft Corporation" md5="f12b178b1678d778cfd3ff1fc38c71fb" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="6144" is="0" gfp="">C:\WINDOWS\system32\csrss.exe</Process> <Process ex="1" pid="480" nam="Windows NT Logon Application (winlogon.exe)" pub="Microsoft Corporation" md5="01c3346c241652f43aed8e2149881bfe" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="502272" is="0" gfp="">c:\windows\system32\winlogon.exe</Process> <Process ex="1" pid="524" nam="Services and Controller app (services.exe)" pub="Microsoft Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032" is="0" gfp="">c:\windows\system32\services.exe</Process> <Process ex="1" pid="536" nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">c:\windows\system32\lsass.exe</Process> <Process ex="1" pid="684" nam="Generic Host Process for Win32 Services (svchost.exe)" pub="Microsoft Corporation" md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336" is="0" gfp="">c:\windows\system32\svchost.exe</Process> <Process ex="1" pid="760" nam="Generic Host Process for Win32 Services (svchost.exe)" pub="Microsoft Corporation" md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336" is="0" gfp="">C:\WINDOWS\system32\svchost.exe</Process> <Process ex="1" pid="808" nam="Generic Host Process for Win32 Services (svchost.exe)" pub="Microsoft Corporation" md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336" is="0" gfp="">c:\windows\system32\svchost.exe</Process> <Process ex="1" pid="848" nam="Generic Host Process for Win32 Services (svchost.exe)" pub="Microsoft Corporation" md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336" is="0" gfp="">C:\WINDOWS\system32\svchost.exe</Process> <Process ex="1" pid="912" nam="Generic Host Process for Win32 Services (svchost.exe)" pub="Microsoft Corporation" md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336" is="0" gfp="">C:\WINDOWS\system32\svchost.exe</Process> <Process ex="1" pid="1116" nam="Windows Explorer (explorer.exe)" pub="Microsoft Corporation" md5="a0732187050030ae399b241436565e64" ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="1032192" is="0" gfp="">c:\windows\explorer.exe</Process> <Process ex="1" pid="1144" nam="Spooler SubSystem App (spoolsv.exe)" pub="Microsoft Corporation" md5="da81ec57acd4cdc3d4c51cf3d409af9f" ver="5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)" sz="57856" is="0" gfp="">c:\windows\system32\spoolsv.exe</Process> <Process ex="1" pid="1276" nam="AVG Alert Manager (avgamsvr.exe)" pub="GRISOFT, s.r.o." md5="9dbd26d7d7967d918c507b1e2a93a37e" ver="7,1,0,321" sz="330240" is="0" gfp="">c:\progra~1\grisoft\avgfre~1\avgamsvr.exe</Process> <Process ex="1" pid="1292" nam="AVG Update Service (avgupsvc.exe)" pub="GRISOFT, s.r.o." md5="62e6b23b906b213836470740fe449b43" ver="7,1,0,321" sz="84480" is="0" gfp="">c:\progra~1\grisoft\avgfre~1\avgupsvc.exe</Process> <Process ex="1" pid="1340" nam="wmonitor Module (wmonitor.exe)" pub="Boingo Wireless, Inc." md5="80a5870b25b47e0a018cb42505e6ada0" ver="1, 4, 1220, 0" sz="65604" is="0" gfp="">c:\program files\earthlink totalaccess\wengine\wmonitor.exe</Process> <Process ex="1" pid="1516" nam="Generic Host Process for Win32 Services (svchost.exe)" pub="Microsoft Corporation" md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336" is="0" gfp="">c:\windows\system32\svchost.exe</Process> <Process ex="1" pid="1572" nam="Windows User Mode Driver Manager (wdfmgr.exe)" pub="Microsoft Corporation" md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230 built by: DNSRV(bld4act)" sz="38912" is="0" gfp="">C:\WINDOWS\system32\wdfmgr.exe</Process> <Process ex="1" pid="1896" nam="Application Layer Gateway Service (alg.exe)" pub="Microsoft Corporation" md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="44544" is="0" gfp="">C:\WINDOWS\system32\alg.exe</Process> <Process ex="1" pid="1924" nam="Sunkist (shwicon2k.exe)" pub="Alcor Micro, Corp." md5="334e242417b1e66ecaf45d9dc62b288a" ver="1, 0, 0, 7" sz="139264" is="0" gfp="">c:\program files\multimedia card reader\shwicon2k.exe</Process> <Process ex="1" pid="1964" nam="ltmsg (ltmsg.exe)" pub="Agere Systems" md5="4d3f3641aa76a48964102856fd7b955f" ver="3, 0, 0, 4" sz="40960" is="0" gfp="">c:\windows\ltmsg.exe</Process> <Process ex="1" pid="1984" nam="hpsysdrv (hpsysdrv.exe)" pub="Hewlett-Packard Company" md5="06a1ecb63df139ec639e084d4ab3c9d7" ver="1, 7, 0, 0" sz="52736" is="0" gfp="">c:\windows\system\hpsysdrv.exe</Process> <Process ex="1" pid="1996" nam="hkcmd Module (hkcmd.exe)" pub="Intel Corporation" md5="ea5dd164296f66241bead39e12fa69f2" ver="3.0.0.3889" sz="118784" is="0" gfp="">c:\windows\system32\hkcmd.exe</Process> <Process ex="1" pid="128" nam="HP Framework Component Manager Service (hpcmpmgr.exe)" pub="Hewlett-Packard Company" md5="b75b654ee1da99876461b24597ae3ff3" ver="2.1.1.0" sz="241664" is="0" gfp="">c:\program files\hp\hpcoretech\hpcmpmgr.exe</Process> <Process ex="1" pid="176" nam="None (hpztsb10.exe)" pub="HP" md5="fd32127449af0b96ebeca3caab74e423" ver="2.323.0.0" sz="172032" is="0" gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe</Process> <Process ex="1" pid="168" nam="AVG Control Center (avgcc.exe)" pub="GRISOFT, s.r.o." md5="6e74941e3e14cb67fb1648b45a041f0d" ver="7,1,0,338" sz="352256" is="0" gfp="">c:\progra~1\grisoft\avgfre~1\avgcc.exe</Process> <Process ex="1" pid="364" nam="Microsoft AntiSpyware Data Service (gcasdtserv.exe)" pub="Microsoft Corporation" md5="21bd4696317a4a6383f86cdc5e026bfd" ver="1.00.0615" sz="756552" is="0" gfp="">c:\program files\microsoft antispyware\gcasdtserv.exe</Process> <Process ex="1" pid="2020" nam="Internet Explorer (iexplore.exe)" pub="Microsoft Corporation" md5="e7484514c0464642be7b4dc2689354c8" ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="93184" is="0" gfp="">c:\program files\internet explorer\iexplore.exe</Process> <Process ex="1" pid="2572" nam="Microsoft AntiSpyware Service (gcasserv.exe)" pub="Microsoft Corporation" md5="263740ede788a60a6c0a47249fc410bf" ver="1.00.0615" sz="473928" is="0" gfp="">c:\program files\microsoft antispyware\gcasserv.exe</Process> <Process ex="1" pid="2740" nam="None (taskpanl.exe)" pub="EarthLink, Inc." md5="031da5f6f0625b7db3c9629180de440c" ver="2005.2.98.0" sz="942080" is="0" gfp="">c:\program files\earthlink totalaccess\taskpanl.exe</Process> <Process ex="1" pid="3244" nam="IP Session Statistics (ipclient.exe)" pub="Visual Networks" md5="a454402ec7ee565c0ed225ed6cfb452f" ver="5.5.100.115" sz="364544" is="0" gfp="">c:\program files\earthlink totalaccess\fastlane\ipclient.exe</Process> <Process ex="1" pid="3376" nam="elinkacc.exe" pub="Unavailable" md5="a0007fe4c1d8bc9b50d03792084f8f75" ver="Unavailable" sz="1007159" is="0" gfp="">c:\program files\earthlink totalaccess\accelerator\elinkacc.exe</Process> <Process ex="1" pid="3504" nam="Outlook Express (msimn.exe)" pub="Microsoft Corporation" md5="091c14f4c71328d4316248a2421190de" ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="60416" is="0" gfp="">c:\program files\outlook express\msimn.exe</Process> <Process ex="1" pid="2564" nam="Internet Explorer (iexplore.exe)" pub="Microsoft Corporation" md5="e7484514c0464642be7b4dc2689354c8" ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="93184" is="0" gfp="">c:\program files\internet explorer\iexplore.exe</Process> <Process ex="1" pid="2940" nam="ccleaner.exe" pub="CCleaner.com" md5="149bb71d2bdf3235cd7174fcacd4dc09" ver="1.24.0180" sz="528384" is="0" gfp="">c:\program files\ccleaner\ccleaner.exe</Process> <Process ex="1" pid="1636" nam="Microsoft AntiSpyware Main (giantantispywaremain.exe)" pub="Microsoft Corporation" md5="2f92f172d6f47c28b048e6899985bb4b" ver="1.00.0615" sz="4598608" is="0" gfp="">c:\program files\microsoft antispyware\giantantispywaremain.exe</Process> <Process ex="1" pid="1244" nam="Microsoft Suspected Spyware Reporting Tool (msssrt.exe)" pub="Microsoft Corporation" md5="1d3fc56e8adb2e911390c775a4de94dd" ver="1.00.0615" sz="400200" is="0" gfp="">c:\program files\microsoft antispyware\msssrt.exe</Process> </Processes> </ProcessesAudit> </Audit> </MSSSRT> |
|
|
09-10-2005, 08:54 PM
|
#2 |
|
Guest
Posts: n/a
|
RE: MAS Scan Log
Are you unable to read the replies?
Has Plunl's information failed in your case? Engel |
|
|
|
09-10-2005, 09:07 PM
|
#3 |
|
Guest
Posts: n/a
|
RE: MAS Scan Log
Hi Dave and Engel
Takes it again then: I would try this but it´s a lot of manual work. http://www.spyware-removal-guidelin...infixer-removal Winfixer must be changed now with new processes but maybe above works ? This is a AndyM case beacuse I cannot find any good advice within any forum without using HijackThis and to be carefully guided. http://www.merijn.org/files/hijackthis.zip -- plun Engel was thinking very hard : > Are you unable to read the replies? > Has Plunl's information failed in your case? > > Engel |
|
|
|
09-10-2005, 09:47 PM
|
#4 |
|
Guest
Posts: n/a
|
RE: MAS Scan Log
Hi Dave
Run HijackThis and post a log. The WebUI i much better now to handle these logs. AndyM also probably sees it. -- plun plun presented the following explanation : > http://www.merijn.org/files/hijackthis.zip |
|
|
|
10-10-2005, 12:50 AM
|
#5 |
|
Guest
Posts: n/a
|
Re: MAS Scan Log
It's actually better not to post these logs here, WebUI or no.
Go for a specialized forum--if you post here, there are several issues: 1) bad advice--we don't have a log of folks with the skills to analyze the logs and give you the best current advice--Ron Kinner is exceptional, and there are others here, but you'll find more in the private forums such as www.aumha.org 2) The logs are big--there are folks on dialup here. -- "plun" <paralun@msn.com> wrote in message news:mn.4d1b7d5a7c2c3e8f.32385@msn.com... > Hi Dave > > Run HijackThis and post a log. > > The WebUI i much better now to handle these logs. > > AndyM also probably sees it. > > -- > plun > > plun presented the following explanation : >> http://www.merijn.org/files/hijackthis.zip > > |
|
|
|
10-10-2005, 09:46 AM
|
#6 |
|
Guest
Posts: n/a
|
Re: MAS Scan Log
 Mostly all "helpers" just look for similar HijackThis logs and follows others with "canned" removal messages. In this world we have a few really skilled helpers which can deal with new unknown hijacks as Calamity Jane and a few others. But this was the first time I´m not recommended to go to a real HijackThis forum So here they are again: http://www.merijn.org/forums.html ASAP: http://asap.maddoktor2.com/ -- plun After serious thinking Bill Sanderson wrote : > It's actually better not to post these logs here, WebUI or no. > > Go for a specialized forum--if you post here, there are several issues: 1) > bad advice--we don't have a log of folks with the skills to analyze the logs > and give you the best current advice--Ron Kinner is exceptional, and there > are others here, but you'll find more in the private forums such as > www.aumha.org > > 2) The logs are big--there are folks on dialup here. > > -- > > "plun" <paralun@msn.com> wrote in message > news:mn.4d1b7d5a7c2c3e8f.32385@msn.com... >> Hi Dave >> >> Run HijackThis and post a log. >> >> The WebUI i much better now to handle these logs. >> >> AndyM also probably sees it. >> >> -- >> plun >> >> plun presented the following explanation : >>> http://www.merijn.org/files/hijackthis.zip >> >> |
|
|
|
10-10-2005, 12:09 PM
|
#7 |
|
Guest
Posts: n/a
|
Re: MAS Scan Log
Bill's suggestion would be easier for you as its always better to deal with these problems on a forum and running Hijack This would be alot faster to review but here's a standard fix for Vundo and the file thats causing you problems which is showing in the MS log  Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe Save it in a convenient permanent folder such as C:\HJT\, Make a copy of these instructions so you have them handy as the most steps need to be done in safe mode with IE closed. Please save the VundoFix tool to your desktop : www.atribune.org/downloads/VundoFix.exe Double-click VundoFix.exe to extract the files This will create a folder named VundoFix on your desktop. After the files are extracted, please reboot your computer into Safe Mode. Reboot and Keep tapping F8 then choose safe mode from the list . Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat You will first be presented with a message and a list of forums to seek help at At this point press enter one time. Next you will see: -------------------------------------------------------------------------------- Type in the filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix -------------------------------------------------------------------------------- At this point please type the following file path (make sure to enter it exactly as below!): c:\windows\servicepackfiles\i386\wincr.dll Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. Next you will see: -------------------------------------------------------------------------------- Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix. -------------------------------------------------------------------------------- At this point please type the following file path (make sure to enter it exactly as below!): c:\windows\servicepackfiles\i386\rcniw.* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. The fix will run then HijackThis will open. In HijackThis, please place a check next to the following items if they exist: O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - c:\windows\servicepackfiles\i386\wincr.dll O20 - Winlogon Notify: wincr.dll -c:\windows\servicepackfiles\i386\wincr.dll With the above checked then press FIX CHECKED After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer. Pressing any key will cause a "Blue Screen of Death" this is normal ! Once your machine reboots Enable Hidden Files and Folder Goto Start Menu and Search then Tools on the Top Bar, Choose Folder Options then goto the view tab make sure that 'Show hidden files and folders' is enabled. 'Display the contents of system folders' is checked & 'Hide extentions for known file types ' is not checked then press apply You can set this back later by opening the same page and pressing 'restore defaults' then pressing apply, Check for these files and delete if found c:\windows\servicepackfiles\i386\wincr.dll c:\windows\servicepackfiles\i386\rcniw.dll c:\windows\servicepackfiles\i386\rcniw.bak1 c:\windows\servicepackfiles\i386\rcniw.bak2 c:\windows\servicepackfiles\i386\rcniw.ini c:\windows\servicepackfiles\i386\rcniw.ini2 c:\windows\servicepackfiles\i386\rcniw.tmp c:\windows\servicepackfiles\i386\rcniw.tmp1 c:\windows\servicepackfiles\i386\rcniw.tmp2 Then please run this online virus scan: ActiveScan http://www.pandasoftware.com/products/activescan.htm Run Ccleaner on the cleaner and issues feature and remove any problems repeat untill they show clear. All The Best Andy |
|
|
|
10-10-2005, 12:57 PM
|
#8 |
|
Guest
Posts: n/a
|
Re: MAS Scan Log
Hi Andy
Hmmm? In the past this always seems to have been the "last resort"........ Let MSAS handle it in safe mode. This seems to be the MVP way to deal with this ?! Now we indeed have some really difficult "pests" to deal with so it is probably best to directly "redirect" to a real HijackThis forum for proper careful guidance for removal. It is also not possible to announce or make messages "sticky" about standard "house cleans" for a majority of threats within this UI. The consequense is that users tries every antispyware app and removal tool instead of using HijackThis and withhelp directly see the cause of this "infection". It is easy with HijackThis logs and even more easy if Adawares log is included to see the cause. "In this world we have a few really skilled helpers which can deal with new unknown hijacks as Calamity Jane and a few others." Well Andy, you are probably among these few Indeed difficult ! best regards plun AndyManchesta was thinking very hard : > Bill's suggestion would be easier for you as its always better to deal with > these problems on a forum and running Hijack This would be alot faster to > review but here's a standard fix for Vundo and the file thats causing you > problems which is showing in the MS log > > Download 'Hijack This!'. > > http://www.spywareinfo.com/~merijn/files/HijackThis.exe > > Save it in a convenient permanent folder such as C:\HJT\, > > Make a copy of these instructions so you have them handy as the most steps > need to be done in safe mode with IE closed. > > Please save the VundoFix tool to your desktop : > > www.atribune.org/downloads/VundoFix.exe > > Double-click VundoFix.exe to extract the files > > This will create a folder named VundoFix on your desktop. > > After the files are extracted, please reboot your computer into Safe Mode. > > Reboot and Keep tapping F8 then choose safe mode from the list . > > Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat > > You will first be presented with a message and a list of forums to seek help > at > > At this point press enter one time. > > Next you will see: > > -------------------------------------------------------------------------------- > Type in the filepath as instructed by the forum staff > Then Press Enter, Then F6, Then Enter Again to continue with the fix > -------------------------------------------------------------------------------- > > At this point please type the following file path (make sure to enter it > exactly as below!): > > c:\windows\servicepackfiles\i386\wincr.dll > > Press Enter, then press the F6 key, then press Enter one more time to > continue with the fix. > > Next you will see: > > -------------------------------------------------------------------------------- > Please type in the second filepath as instructed by the forum staff > Then Press Enter, Then F6, Then Enter Again to continue with the fix. > -------------------------------------------------------------------------------- > > At this point please type the following file path (make sure to enter it > exactly as below!): > > c:\windows\servicepackfiles\i386\rcniw.* > > Press Enter, then press the F6 key, then press Enter one more time to > continue with the fix. > > The fix will run then HijackThis will open. > > In HijackThis, please place a check next to the following items if they > exist: > > O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - > c:\windows\servicepackfiles\i386\wincr.dll > > O20 - Winlogon Notify: wincr.dll -c:\windows\servicepackfiles\i386\wincr.dll > > With the above checked then press FIX CHECKED > > After you have fixed these items, close Hijackthis and Press any key to > Force a reboot of your computer. > > Pressing any key will cause a "Blue Screen of Death" this is normal ! > > Once your machine reboots Enable Hidden Files and Folder > > Goto Start Menu and Search then Tools on the Top Bar, Choose Folder Options > then goto the view tab make sure that 'Show hidden files and folders' is > enabled. 'Display the contents of system folders' is checked & 'Hide > extentions for known file types ' is not checked then press apply > > You can set this back later by opening the same page and pressing 'restore > defaults' then pressing apply, > > Check for these files and delete if found > > c:\windows\servicepackfiles\i386\wincr.dll > c:\windows\servicepackfiles\i386\rcniw.dll > c:\windows\servicepackfiles\i386\rcniw.bak1 > c:\windows\servicepackfiles\i386\rcniw.bak2 > c:\windows\servicepackfiles\i386\rcniw.ini > c:\windows\servicepackfiles\i386\rcniw.ini2 > c:\windows\servicepackfiles\i386\rcniw.tmp > c:\windows\servicepackfiles\i386\rcniw.tmp1 > c:\windows\servicepackfiles\i386\rcniw.tmp2 > > Then please run this online virus scan: > > ActiveScan > > http://www.pandasoftware.com/products/activescan.htm > > Run Ccleaner on the cleaner and issues feature and remove any problems > repeat untill they show clear. > > All The Best > > Andy |
|
|
|
10-10-2005, 02:52 PM
|
#9 |
|
Guest
Posts: n/a
|
Re: MAS Scan Log
Hey Plun This isnt Winfixer Plun its Trojan Vundo, If it was Winfixer they wouldnt be getting pop ups to install winfixer, With Vundo it can be a pain as its Usually called from the Winlogon/Notify key and entered as a BHO so standand spyware removers cannot kill it, I posted to a user on one of these groups who just had it entered as a BHO and not showing in the Winlogon/Notify key and took the easy option of attempting to remove the file with killbox on reboot and fixing the entry in hijack this as it was only in one area and didnt look like it had fully infected the system but I decided to use the full canned speech here so they know all possible files and folders. If a spyware remover removed the dll file and its being called from the Winlogon/Notify key there is a chance it will cause conflict if the Notify key isnt also removed. If its pointing to a invalid entry there is a chance the system wil refuse to boot, Its a very small chance but its not one worth risking so the old fix would of been to use killbox and replace the dll with a harmless dummy file then removing that and the 020 line in hijack this, The Blue screen of death isnt a problem here as its just part of the fix and a side effect of stopping winlogon but with this fix it should remove the infection without any issues. The alternative is very complicated using Process Explorer from sysinternals and viewing system processes like explorer and winlogon and using the Threads tab to stop the trojan files from using the genuine files as they are using them to remain on the system and start with windows, They Trojan files will usually be using Winlogon.exe, explorer.exe and iexplore.exe so its not a easy task to kill them I agree with your comments about posting on a hijack this forum but most are getting swamped with requests for help so this was just to really let them know whats involved and the steps they need to take to remove Vundo. Regards Andy |
|
|
|
10-10-2005, 06:40 PM
|
#10 |
|
Guest
Posts: n/a
|
Re: MAS Scan Log
Hi Andy
Writing in circles...... I know that this is the Vundo trojan which often comes with Winfixer (always maybe ? Similar to PS Guard) But this is minor important beacuse this was about principles for removals when it is severe threats which MSAS, Adaware etc cannot handle. I would then suggest that Aumhas quickfix protocol is good and maybe worth to try for all in conjunction with MSAS and safe mode scans. http://www.aumha.org/a/quickfix.htm Step 2 then with CCleaner to save time. Step 5 should then be, scan in safe mode with MSAS and Adaware Sorry Aumha for this maybe unpolite way to make a proposal) It ends up in HijackThis and saves time for both a user and a helper. Maybe we must take this private but it´s important for all usersto get help as fast as possible and also a solution and HijackThis is the only way for this as I can see it. I takes "milliseconds" to find other similar solved removals with HijackThis logs and to get proper guidance from a "canned" message. Nevertheless it´s important that these logs matches. Trying to be constructive or what the word is ? best regards plun AndyManchesta expressed precisely : > Hey Plun > > This isnt Winfixer Plun its Trojan Vundo, If it was Winfixer they wouldnt be > getting pop ups to install winfixer, With Vundo it can be a pain as its > Usually called from the Winlogon/Notify key and entered as a BHO so standand > spyware removers cannot kill it, > > I posted to a user on one of these groups who just had it entered as a BHO > and not showing in the Winlogon/Notify key and took the easy option of > attempting to remove the file with killbox on reboot and fixing the entry in > hijack this as it was only in one area and didnt look like it had fully > infected the system but I decided to use the full canned speech here so they > know all possible files and folders. > > If a spyware remover removed the dll file and its being called from the > Winlogon/Notify key there is a chance it will cause conflict if the Notify > key isnt also removed. If its pointing to a invalid entry there is a chance > the system wil refuse to boot, Its a very small chance but its not one worth > risking so the old fix would of been to use killbox and replace the dll with > a harmless dummy file then removing that and the 020 line in hijack this, The > Blue screen of death isnt a problem here as its just part of the fix and a > side effect of stopping winlogon but with this fix it should remove the > infection without any issues. > > The alternative is very complicated using Process Explorer from sysinternals > and viewing system processes like explorer and winlogon and using the Threads > tab to stop the trojan files from using the genuine files as they are using > them to remain on the system and start with windows, They Trojan files will > usually be using Winlogon.exe, explorer.exe and iexplore.exe so its not a > easy task to kill them > > I agree with your comments about posting on a hijack this forum but most are > getting swamped with requests for help so this was just to really let them > know whats involved and the steps they need to take to remove Vundo. > > Regards > > Andy |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
