go.worldspan.com

[Engel]

Hello Amy

Please submit a Tools, suspected spyware report from the
infected machine!

Engel

 

[JohnF.]

Have you tried to reinstall the WorldSpan software?

JohnF.

 

[amy]

I've tried reinstalling multiple times. Been through the
entire removal and reinstall process including hand
removing of registry entries associated with Worldspan.
I've tried installing worldspan first and then anti-
spyware. I've tried installing anti-spyware and then
worldspan. Nothing changes the results.

 

[amy]

Here you go. I'm not sure how this will help you. As I
mentioned the worldspan application is not detected as
spyware.

- <MSSSRT version="1.0.501" createdate="4/11/2005 3:33:41
PM" os="XP.2600" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk"
nam="AcroTray (acrotray.exe)" pub="Adobe Systems Inc."
md5="78bfe3201ada2fe02d1e35d2488e5f55"
ver="6.0.0.2003051500" sz="217193" is="0"
gfp="">c:\program files\adobe\acrobat 6.0
\distillr\acrotray.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Firewall Client
Connectivity Monitor.LNK" nam="Microsoft Firewall Client
taskbar application (isatray.exe)" pub="Microsoft
Corporation" md5="90bcb927a978044125e293dcb7d10ed8"
ver="3.0" sz="52496" is="0" gfp="">c:\program
files\microsoft firewall client\isatray.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Worldspan Filter
Agent.lnk" nam="Worldspan Filter Agent (filteragent.exe)"
pub="Worldspan L.P."
md5="d655ec02f2b55761b637d9a81b90b714" ver="6.00.02"
sz="127049" is="0"
gfp="">c:\wspan\swgw\filteragent.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="IgfxTray" dat="C:\WINDOWS\system32\igfxtray.exe"
nam="igfxTray Module (igfxtray.exe)" pub="Intel
Corporation" md5="8bbbada96ffe1449edd39256eda99cd8"
ver="3.0.0.3889" sz="155648" is="0"
gfp="">c:\windows\system32
\igfxtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="HotKeysCmds" dat="C:\WINDOWS\system32\hkcmd.exe"
nam="hkcmd Module (hkcmd.exe)" pub="Intel Corporation"
md5="ea5dd164296f66241bead39e12fa69f2" ver="3.0.0.3889"
sz="118784" is="0" gfp="">c:\windows\system32
\hkcmd.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SunJavaUpdateSched" dat="C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe" nam="Java(TM) 2
Platform Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc."
md5="1f6573d67dd5dc06dd29ec7fcf81dc6f" ver="5.0.20.9"
sz="36975" is="0" gfp="">c:\program files\java\jre1.5.0_02
\bin\jusched.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="vptray" dat="C:\PROGRA~1\SYMANT~1\SYMANT~1
\vptray.exe" nam="Symantec AntiVirus (vptray.exe)"
pub="Symantec Corporation"
md5="2c2c5c662e71a1ebec6569bd05911237" ver="8.00.00.9374"
sz="77824" is="0" gfp="">c:\progra~1\symant~1\symant~1
\vptray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="msnappau" dat=""C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\en-us\msnappau.exe""
nam="MSN Updater (msnappau.exe)" pub="Microsoft
Corporation" md5="e377c992dfbb5837826ea311e436c66d"
ver="01.02.3000.1001" sz="86016" is="0" gfp="">c:\program
files\msn apps\updater\01.02.3000.1001\en-
us\msnappau.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnc
e" val="MicrosoftAntiSpywareCleaner" dat="C:\Program
Files\Microsoft AntiSpyware\gcASCleaner.exe" nam="Threat
Cleaner Helper (gcascleaner.exe)" pub="Microsoft
Corporation" md5="8d104546cb6c462521df09fda0bf8944"
ver="1.00.0501" sz="39744" is="0" gfp="">c:\program
files\microsoft
antispyware\gcascleaner.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ctfmon.exe" dat="C:\WINDOWS\system32\ctfmon.exe"
nam="CTF Loader (ctfmon.exe)" pub="Microsoft Corporation"
md5="24232996a38c0b0cf151c2140ae29fc8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32
\ctfmon.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32
\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2900.2180">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3}" prog="AcroIEHelper.AcroIEHlprObj.1"
val="AcroIEHlprObj Class" nam="Adobe Acrobat IE Helper
Version 6.0 for ActivieX (acroiehelper.dll)" pub="Adobe
Systems Incorporated"
md5="0c0e1b2bcaed8df401be94d538bcb412"
ver="6.0.0.2003051500" sz="50376" is="0"
gfp="">c:\program files\adobe\acrobat 6.0
\acrobat\activex\acroiehelper.dll</BHO>
<BHO ex="1" clsid="{9394EDE7-C8B5-483E-8773-
474BF36AF6E4}" prog="" val="ST" nam="st (stmain.dll)"
pub="Microsoft Corporation"
md5="0da1349495955cb41a5899047c5a1267"
ver="01.02.3000.1001" sz="155648" is="0"
gfp="">c:\program files\msn apps\st\01.02.3000.1001\en-
xu\stmain.dll</BHO>
<BHO ex="1" clsid="{AE7CD045-E861-484f-8273-
0445EE161910}" prog="Adobe.AcroIEToolbarHelper.1"
val="AcroIEToolbarHelper Class"
nam="(acroiefavclient.dll)" pub=""
md5="44bcff08947790e74bd7cc7532d2b793" ver="" sz="147456"
is="0" gfp="">c:\program files\adobe\acrobat 6.0
\acrobat\acroiefavclient.dll</BHO>
<BHO ex="1" clsid="{BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0}" prog="" val="MSNToolBandBHO" nam="MSN
Toolbar extension (msntb.dll)" pub="Microsoft
Corporation" md5="0deb8b7cad01ee86d1c4062e1b587c5a"
ver="01.02.3000.1001" sz="282624" is="0"
gfp="">c:\program files\msn apps\msn
toolbar\01.02.3000.1001\en-us\msntb.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{47833539-D0C5-4125-9FA8-
0819E2EAAC93}" prog="Adobe.AcroIEToolbar.1" val="Adobe
PDF" nam="(acroiefavclient.dll)" pub=""
md5="44bcff08947790e74bd7cc7532d2b793" ver="" sz="147456"
is="0" gfp="">c:\program files\adobe\acrobat 6.0
\acrobat\acroiefavclient.dll</IEToolbar>
<IEToolbar ex="1" clsid="{BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0}" prog="" val="MSN" nam="MSN Toolbar
extension (msntb.dll)" pub="Microsoft Corporation"
md5="0deb8b7cad01ee86d1c4062e1b587c5a"
ver="01.02.3000.1001" sz="282624" is="0"
gfp="">c:\program files\msn apps\msn
toolbar\01.02.3000.1001\en-us\msntb.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{182EC0BE-5110-49C8-A062-
BEB1D02A220B}" prog="Adobe.AcroIEFavorites.1" val="Adobe
PDF" nam="(acroiefavclient.dll)" pub=""
md5="44bcff08947790e74bd7cc7532d2b793" ver="" sz="147456"
is="0" gfp="">c:\program files\adobe\acrobat 6.0
\acrobat\acroiefavclient.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-
00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="68346bc7fa4ccd81248a2c7d728644a4"
ver="6.00.2900.2573 (xpsp_sp2_gdr.041130-1729)"
sz="1483264" is="0" gfp="">c:\windows\system32
\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
<IEShellBrowsers />
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="691b1420ada790e9cda5356ee752f3a3"
ver="6.00.2900.2578 (xpsp_sp2_gdr.041130-1729)"
sz="1016832" is="0" gfp="">c:\windows\system32
\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{47833539-D0C5-4125-9FA8-
0819E2EAAC93}" prog="Adobe.AcroIEToolbar.1" val="Adobe
PDF" nam="(acroiefavclient.dll)" pub=""
md5="44bcff08947790e74bd7cc7532d2b793" ver="" sz="147456"
is="0" gfp="">c:\program files\adobe\acrobat 6.0
\acrobat\acroiefavclient.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="E&xport to Microsoft
Excel">res://C:\PROGRA~1\MICROS~2\OFFICE11
\EXCEL.EXE/3000</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-
00C04FD64497}" prog="" val="Microsoft Url Search Hook"
nam="Shell Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="68346bc7fa4ccd81248a2c7d728644a4"
ver="6.00.2900.2573 (xpsp_sp2_gdr.041130-1729)"
sz="1483264" is="0" gfp="">c:\windows\system32
\shdocvw.dll</IEURLSearchHook>
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">http://companyweb/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search Page">http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.dell.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Local Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search Bar" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start Page">http://www.msn.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search Page">http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.dell.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">%SystemRoot%\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.d
ll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
CustomizeSearch">http://ie.search.msn.com/en-
us/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http://ie.search.msn.com/en-
us/srchasst/srchasst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.h
tm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>

<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>

<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-
97EE-00C04FD91972}" prog="" val="URL Exec Hook"
nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6"
ver="6.00.2900.2578 (xpsp_sp2_gdr.041130-1729)"
sz="8450048" is="0" gfp="">C:\WINDOWS\system32
\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-
9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand
val="HCR\exefile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\comfile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\batfile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\system32
\mshta.exe "%1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\piffile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%
SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:6 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:9 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mailto\shell\open\command">"%
ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%
1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %
1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="Microsoft XML Parser for Java"
prog="" nam=""
codebase="file://C:\WINDOWS\Java\classes\xmldso.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{15B782AF-55D8-11D1-B477-
006097098764}"
prog="Macromedia.AuthorwareShockwaveControl.1"
nam="Macromedia Authorware Web Player Control"
codebase="http://download.macromedia.com/pub/shockwave/cab
s/authorware/awswaxf.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{17492023-C23A-453E-A040-
C7C580BBF700}" prog="LegitCheckControl.LegitCheck.1"
nam="Windows Genuine Advantage Validation Tool"
codebase="http://go.microsoft.com/fwlink/?
linkid=36467&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)"
pub="Microsoft" md5="76cfe0b49089af874d3d135efc38bf3a"
ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="c3c3864da698f0cc1be56f9695534dd8" ver="1.0.0132.4"
sz="421128" is="0" gfp="">C:\WINDOWS\system32
\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{6414512B-B978-451D-A0D8-
FCFDF33E833C}" prog="SoftwareDistribution.WebControl.1"
nam="WUWebControl Class"
codebase="http://v5.windowsupdate.microsoft.com/v5consumer
/V5Controls/en/x86/client/wuweb_site.cab?1110371519722">
- <Files>
<File ex="1" nam="Windows Update Web Control
(wuweb.dll)" pub="Microsoft Corporation"
md5="0cd6248038c70b4c688dbd315d90a97a" ver="5.4.3790.2182
built by: srv03_rtm(ntvbl04)" sz="120288" is="0"
gfp="">C:\WINDOWS\system32\wuweb.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{8AD9C840-044E-11D1-B3E9-
00805F499D93}" prog="" nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-
1_5_0_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{8EAE71AA-9FDD-499A-8150-
34C8CCBA62C5}" prog="SiteStudio72.ContribCtrl" nam="Site
Studio Contributor Control"
codebase="http://www.travelsitenow.com/Stellent/common/sit
estudiocontributor.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{9145A52A-9B22-4858-AEE7-
74D6C7D3F366}" prog="WSBrowserConfig.BrowserConfig.1"
nam="BrowserConfig Class"
codebase="http://gopublic.wspan.com/Secure/DLLs/WSBrowserC
onfig.cab">
- <Files>
<File ex="1" nam="WSBrowserConfig Module
(WSBrowserConfig.dll)" pub="None"
md5="519b8acd010422167c7b7dd83eb53f79" ver="1, 0, 0, 4"
sz="110592" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\WSBrowserConfig.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0014-0002-0003-
ABCDEFFEDCBA}" prog="" nam="Java Plug-in 1.4.2_03"
codebase="http://java.sun.com/products/plugin/autodl/jinst
all-142-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0015-0000-0002-
ABCDEFFEDCBA}" prog="" nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-
1_5_0_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CB6F8DE2-913D-4543-9FBB-
C1E1340BFD24}" prog="WSPANFTP.FTPCtrl.1" nam="FTPCtrl
Class"
codebase="http://gopublic.wspan.com/secure/DLLs/wsftp.cab"- <Files>
<File ex="1" nam="WSPANFTP Module (WSPANFTP.dll)"
pub="None" md5="dd13e5a6f4039bdaf0cdc5f865a82ecc" ver="1,
0, 0, 1" sz="458752" is="0" gfp="">C:\WINDOWS\Downloaded
Program Files\WSPANFTP.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-
444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1"
nam="Shockwave Flash Object"
codebase="http://download.macromedia.com/pub/shockwave/cab
s/flash/swflash.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{D4233B6D-88A0-11D3-BC29-
400011500032}" prog="WspanCal.WspGoCal.1" nam="WspGoCal
Class"
codebase="http://gopublic.wspan.com/scripts/us/bin/WSCAL.C
AB">
- <Files>
<File ex="1" nam="WspanCal Module (wspancal.dll)"
pub="Worldspan L. P."
md5="0033e4809813150dc5671cbf4ecdbe2b" ver="1, 0, 0, 2"
sz="81920" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\CONFLICT.2\wspancal.dll</File>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/octet-stream" val="{1E66F26B-79EE-
11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-complus" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-msdownload" val="{1E66F26B-79EE-
11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-
00AA00B92AF1}" prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="deflate" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-
11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-
00A0C90312E1}" prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="5db5f53f801b616f4b4b7cae6ee7d1c6"
ver="6.00.2900.2578 (xpsp_sp2_gdr.041130-1729)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{807553E5-5146-11D5-A672-
00B0D022E945}" prog="" filter="text/xml" val="{807553E5-
5146-11D5-A672-00B0D022E945}" nam="Microsoft Office XML
MIME Filter (msoxmlmf.dll)" pub="Microsoft Corporation"
md5="7469b9d06f0299273769c3e5365f5469" ver="11.0.5510"
sz="39488" is="0" gfp="">c:\program files\common
files\microsoft shared\office11
\msoxmlmf.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="about" val="{3050F406-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-
b013-00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-
7b8b-11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-
A120-47A3D7D937CC}" prog="" filter="dvd" val="{12D51199-
0DB5-46FE-A120-47A3D7D937CC}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="file" val="{79eac9e7-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="gopher"
val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="http" val="{79eac9e2-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="https" val="{79eac9e5-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-
A4CC-0000F80149F6}" prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="javascript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="local" val="{79eac9e7-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="mailto"
val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-
85E3-00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-
BCBC-11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet
Messaging API (inetcomm.dll)" pub="Microsoft Corporation"
md5="64528cdf39d8bc19d800be60039bb7e4"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="678400" is="0" gfp="">c:\windows\system32
\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-
A4CC-0000F80149F6}" prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{0A9007C0-4076-11D3-
8789-0000F8105754}" prog="Microsoft.ITSS.URLProtocol"
filter="ms-itss" val="{0A9007C0-4076-11D3-8789-
0000F8105754}" nam="Microsoft InfoTech Storage System
Library (msitss.dll)" pub="Microsoft Corporation"
md5="10dccc0270637294a0a148e2a6720490"
ver="05.02.9336.01" sz="520117" is="0" gfp="">c:\program
files\common files\microsoft shared\information
retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{32505114-5902-49B2-
880A-1F7738E5A384}"
prog="OWC11.Etcetera.PluggableProtocol.1" filter="mso-
offdap11" val="{32505114-5902-49B2-880A-1F7738E5A384}"
nam="Microsoft Office Web Components 2003 (owc11.dll)"
pub="Microsoft Corporation"
md5="41fea807d9fea8da5ad3e5705272bcc3" ver="11.0.5531"
sz="8086072" is="0" gfp="">c:\progra~1\common~1\micros~1
\webcom~1\11\owc11.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-
A840-006008059382}" prog="" filter="sysimage"
val="{76E67A63-06E9-11D2-A840-006008059382}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-
B6D6-00C04FBBDE6E}" prog="" filter="tv" val="{CBD30858-
AF45-11D2-B6D6-00C04FBBDE6E}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="vbscript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-
AD76-D2853AC8BECE}" prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA
Scripting Layer (wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-
11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk"
namespacefilter="NameSpace Filter for MKMSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32
\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32
\drivers\etc</TCPIPParamater>
<TCPIPParamater
val="Domain">bptravel.local</TCPIPParamater>
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">1</InternetSetting>
<InternetSetting
val="ProxyServer">sbs2003:8080</InternetSetting>
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">0</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7849596a-
48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6"
ver="6.00.2900.2578 (xpsp_sp2_gdr.041130-1729)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{fbeb8a05-
beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6"
ver="6.00.2900.2578 (xpsp_sp2_gdr.041130-1729)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-
DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft
Corporation" md5="6501db5182d5a8c0f1f1707286161d66"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="276480" is="0" gfp="">c:\windows\system32
\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-
2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)"
pub="Microsoft Corporation"
md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32
\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway
Service" desc="Provides support for 3rd party protocol
plug-ins for Internet Connection Sharing and the Windows
Firewall." nam="Application Layer Gateway Service
(alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="ASP.NET State Service"
desc="Provides support for out-of-process session states
for ASP.NET. If this service is stopped, out-of-process
requests will not be processed. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="aspnet_state.exe (aspnet_state.exe)"
pub="Microsoft Corporation"
md5="e1a1206a4fb19b675e947b29ccd25fba"
ver="1.1.4322.2032" sz="32768" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
\aspnet_state.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes
contents and properties of files on local and remote
computers; provides rapid access to files through
flexible querying language." nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook
Viewer to store information and share it with remote
computers. If the service is stopped, ClipBook Viewer
will not be able to share information with remote
computers. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Windows
NT DDE Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application"
desc="Manages the configuration and tracking of Component
Object Model (COM)+-based components. If the service is
stopped, most COM+-based components will not function
properly. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\system32\dllhost.exe</Service>
<Service ex="1" disp="DefWatch" desc="" nam="Virus
Definition Daemon (DefWatch.exe)" pub="Symantec
Corporation" md5="f4ceed318f6669820a198b9498a88159"
ver="8.00.00.9374" sz="32768" is="0" gfp="">C:\Program
Files\Symantec_Client_Security\Symantec
AntiVirus\DefWatch.exe</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative Service" desc="Configures hard disk drives
and volumes. The service only runs for configuration
processes and then stops." nam="Logical Disk Manager
service process (dmadmin.exe)" pub="Microsoft Corp.,
Veritas Software" md5="554c7cb178fe3bd12450b81ad63adbc3"
ver="2600.2180.503.0" sz="224768" is="0"
gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event
log messages issued by Windows-based programs and
components to be viewed in Event Viewer. This service
cannot be stopped." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="Fax" desc="Enables you to send
and receive faxes, utilizing fax resources available on
this computer or on the network." nam="Fax Service
(fxssvc.exe)" pub="Microsoft Corporation"
md5="fcbd571fa0ee8dc238944ae5fab74461" ver="5.2.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="267776" is="0"
gfp="">C:\WINDOWS\system32\fxssvc.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service"
desc="Manages CD recording using Image Mastering
Applications Programming Interface (IMAPI). If this
service is stopped, this computer will be unable to
record CDs. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Image Mastering API (imapi.exe)" pub="Microsoft
Corporation" md5="fa788520bcac0f5d9d5cde5615c0d931"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="150016" is="0" gfp="">C:\WINDOWS\system32
\imapi.exe</Service>
<Service ex="1" disp="Machine Debug Manager"
desc="Supports local and remote debugging for Visual
Studio and script debuggers. If this service is stopped,
the debuggers will not function properly." nam="Machine
Debug Manager (MDM.EXE)" pub="Microsoft Corporation"
md5="11f714f85530a2bd134074dc30e99fca" ver="7.00.9466"
sz="322120" is="0" gfp="">C:\Program Files\Common
Files\Microsoft Shared\VS7DEBUG\MDM.EXE</Service>
<Service ex="1" disp="NetMeeting Remote Desktop
Sharing" desc="Enables an authorized user to access this
computer remotely by using NetMeeting over a corporate
intranet. If this service is stopped, remote desktop
sharing will be unavailable. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="NetMeeting Remote Desktop Sharing
(mnmsrvc.exe)" pub="Microsoft Corporation"
md5="f6415361201915b9fe3896b0e4e724ff"
ver="5.1.2600.2180" sz="32768" is="0"
gfp="">C:\WINDOWS\system32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that span
multiple resource managers, such as databases, message
queues, and file systems. If this service is stopped,
these transactions will not occur. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="c7c3d89eb0a6f3dba622ea737fa335b1"
ver="2001.12.4414.258" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds,
modifies, and removes applications provided as a Windows
Installer (*.msi) package. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="Windows installer (msiexec.exe)"
pub="Microsoft Corporation"
md5="4236ae241f193f58adab141ceccfd5f4"
ver="3.0.3790.2180" sz="77312" is="0"
gfp="">C:\WINDOWS\system32\msiexec.exe</Service>
<Service ex="1" disp="MSSQL$MICROSOFTBCM" desc=""
nam="SQL Server Windows NT (sqlservr.exe)" pub="Microsoft
Corporation" md5="1251256fefc2b00a7bd603578241f0ad"
ver="2000.080.0818.00" sz="7544916" is="0"
gfp="">C:\Program Files\Microsoft SQL
Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe</Service>
<Service ex="1" disp="MSSQLServerADHelper" desc=""
nam="Microsoft SQL Server Active Directory Helper Service
(sqladhlp.exe)" pub="Microsoft Corporation"
md5="cb7524c21727404bd3140dca32deb7de"
ver="2000.080.0760.00" sz="66112" is="0"
gfp="">C:\Program Files\Microsoft SQL Server\80
\Tools\Binn\sqladhlp.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides
network transport and security for Dynamic Data Exchange
(DDE) for programs running on the same computer or on
different computers. If this service is stopped, DDE
transport and security will be unavailable. If this
service is disabled, any services that explicitly depend
on it will fail to start." nam="Network DDE - DDE
Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
Dynamic Data Exchange (DDE) network shares. If this
service is stopped, DDE network shares will be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-
through authentication of account logon events for
computers in a domain." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Intel NCS NetService" desc=""
nam="NetSvc Module (NetSvc.exe)" pub="Intel(R)
Corporation" md5="737351f39fef765234037770abdd72bd"
ver="1.2.26.0" sz="143360" is="0" gfp="">C:\Program
Files\Intel\NCS\Sync\NetSvc.exe</Service>
<Service ex="1" disp="Symantec AntiVirus Client"
desc="" nam="Symantec AntiVirus (Rtvscan.exe)"
pub="Symantec Corporation"
md5="8d2bc561da4b3e269b148cd7d2f9c176" ver="8.00.00.9374"
sz="573440" is="0" gfp="">C:\Program
Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Office Source Engine" desc="Saves
installation files used for updates and repairs and is
required for the downloading of Setup updates and Watson
error reports." nam="Office Source Engine (OSE.EXE)"
pub="Microsoft Corporation"
md5="7a56cf3e3f12e8af599963b16f50fb6a" ver="11.0.5525"
sz="89136" is="0" gfp="">C:\Program Files\Common
Files\Microsoft Shared\Source Engine\OSE.EXE</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a
computer to recognize and adapt to hardware changes with
little or no user input. Stopping or disabling this
service will result in system instability." nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="108032" is="0" gfp="">C:\WINDOWS\system32
\services.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP
security policy and starts the ISAKMP/Oakley (IKE) and
the IP security driver." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private
keys, to prevent access by unauthorized services,
processes, or users." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session
Manager" desc="Manages and controls Remote Assistance. If
this service is stopped, Remote Assistance will be
unavailable. Before stopping this service, see the
Dependencies tab of the Properties dialog box."
nam="Microsoft Remote Desktop Help Session Manager
(sessmgr.exe)" pub="Microsoft Corporation"
md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="140800" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="793f04a09b15e7c6c11dbdffaf06c0ab"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75264"
is="0" gfp="">C:\WINDOWS\system32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality
for QoS-aware programs and control applets."
nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft
Corporation" md5="471b3f9741d762abe75e9deea4787e47"
ver="5.1.2600.0 (xpclient.010817-1148)" sz="132608"
is="0" gfp="">C:\WINDOWS\system32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user
accounts." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access
to smart cards read by this computer. If this service is
stopped, this computer will be unable to read smart
cards. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Smart
Card Resource Management Server (SCardSvr.exe)"
pub="Microsoft Corporation"
md5="25d8de134df108e3dbc8d7d23b1aa58e" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="95744" is="0"
gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files
to memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="SQLAgent$MICROSOFTBCM" desc=""
nam="Microsoft SQL Server Agent (sqlagent.EXE)"
pub="Microsoft Corporation"
md5="e3f974bdedc336490a2e6f3a703f016a"
ver="2000.080.0760.00" sz="311872" is="0"
gfp="">C:\Program Files\Microsoft SQL
Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Manages software-based volume shadow copies taken
by the Volume Shadow Copy service. If this service is
stopped, software-based volume shadow copies cannot be
managed. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\system32\dllhost.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Collects performance data from local or remote
computers based on preconfigured schedule parameters,
then writes the data to a log or triggers an alert. If
this service is stopped, performance information will not
be collected. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="8b54aa346d1b1b113ffaa75501b8b1b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Telnet" desc="Enables a remote
user to log on to this computer and run programs, and
supports various TCP/IP Telnet clients, including UNIX-
based and Windows-based computers. If this service is
stopped, remote user access to programs might be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Telnet (tlntsvr.exe)" pub="Microsoft Corporation"
md5="37db0a7d097310e8b4de803fc3119c78" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="73216" is="0"
gfp="">C:\WINDOWS\system32\tlntsvr.exe</Service>
<Service ex="1" disp="Windows User Mode Driver
Framework" desc="Enables Windows user mode drivers."
nam="Windows User Mode Driver Manager (wdfmgr.exe)"
pub="Microsoft Corporation"
md5="ab0a7ca90d9e3d6a193905dc1715ded0" ver="5.2.3790.1230
built by: dnsrv(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages
and implements Volume Shadow Copies used for backup and
other purposes. If this service is stopped, shadow copies
will be unavailable for backup and the backup may fail.
If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Microsoft Volume
Shadow Copy Service (vssvc.exe)" pub="Microsoft
Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="289792" is="0" gfp="">C:\WINDOWS\System32
\vssvc.exe</Service>
<Service ex="1" disp="WMI Performance Adapter"
desc="Provides performance library information from WMI
HiPerf providers." nam="WMI Performance Adapter Service
(wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\system32\wbem\wmiapsrv.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="576" nam="Windows NT Session
Manager (smss.exe)" pub="Microsoft Corporation"
md5="bd7fb0957c716f1a60333aee04de2178" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="624" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="f12b178b1678d778cfd3ff1fc38c71fb" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\csrss.exe</Process>
<Process ex="1" pid="648" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="01c3346c241652f43aed8e2149881bfe" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="692" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="704" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="876" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="940" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1036" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1084" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1188" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1360" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="1504" nam="Virus Definition Daemon
(defwatch.exe)" pub="Symantec Corporation"
md5="f4ceed318f6669820a198b9498a88159" ver="8.00.00.9374"
sz="32768" is="0" gfp="">c:\program
files\symantec_client_security\symantec
antivirus\defwatch.exe</Process>
<Process ex="1" pid="1588" nam="Machine Debug Manager
(mdm.exe)" pub="Microsoft Corporation"
md5="11f714f85530a2bd134074dc30e99fca" ver="7.00.9466"
sz="322120" is="0" gfp="">c:\program files\common
files\microsoft shared\vs7debug\mdm.exe</Process>
<Process ex="1" pid="1616" nam="SQL Server Windows NT
(sqlservr.exe)" pub="Microsoft Corporation"
md5="1251256fefc2b00a7bd603578241f0ad"
ver="2000.080.0818.00" sz="7544916" is="0"
gfp="">c:\program files\microsoft sql
server\mssql$microsoftbcm\binn\sqlservr.exe</Process>
<Process ex="1" pid="1724" nam="Symantec AntiVirus
(rtvscan.exe)" pub="Symantec Corporation"
md5="8d2bc561da4b3e269b148cd7d2f9c176" ver="8.00.00.9374"
sz="573440" is="0" gfp="">c:\program
files\symantec_client_security\symantec
antivirus\rtvscan.exe</Process>
<Process ex="1" pid="1788" nam="Windows User Mode
Driver Manager (wdfmgr.exe)" pub="Microsoft Corporation"
md5="ab0a7ca90d9e3d6a193905dc1715ded0" ver="5.2.3790.1230
built by: dnsrv(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Process>
<Process ex="1" pid="608" nam="Application Layer
Gateway Service (alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\system32\alg.exe</Process>
<Process ex="1" pid="1680" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="a0732187050030ae399b241436565e64"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="1020" nam="hkcmd Module
(hkcmd.exe)" pub="Intel Corporation"
md5="ea5dd164296f66241bead39e12fa69f2" ver="3.0.0.3889"
sz="118784" is="0" gfp="">c:\windows\system32
\hkcmd.exe</Process>
<Process ex="1" pid="1408" nam="Java(TM) 2 Platform
Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc."
md5="1f6573d67dd5dc06dd29ec7fcf81dc6f" ver="5.0.20.9"
sz="36975" is="0" gfp="">c:\program files\java\jre1.5.0_02
\bin\jusched.exe</Process>
<Process ex="1" pid="736" nam="Symantec AntiVirus
(vptray.exe)" pub="Symantec Corporation"
md5="2c2c5c662e71a1ebec6569bd05911237" ver="8.00.00.9374"
sz="77824" is="0" gfp="">c:\progra~1\symant~1\symant~1
\vptray.exe</Process>
<Process ex="1" pid="1524" nam="MSN Updater
(msnappau.exe)" pub="Microsoft Corporation"
md5="e377c992dfbb5837826ea311e436c66d"
ver="01.02.3000.1001" sz="86016" is="0" gfp="">c:\program
files\msn apps\updater\01.02.3000.1001\en-
us\msnappau.exe</Process>
<Process ex="1" pid="1668" nam="CTF Loader
(ctfmon.exe)" pub="Microsoft Corporation"
md5="24232996a38c0b0cf151c2140ae29fc8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</Process>
<Process ex="1" pid="1696" nam="AcroTray
(acrotray.exe)" pub="Adobe Systems Inc."
md5="78bfe3201ada2fe02d1e35d2488e5f55"
ver="6.0.0.2003051500" sz="217193" is="0"
gfp="">c:\program files\adobe\acrobat 6.0
\distillr\acrotray.exe</Process>
<Process ex="1" pid="1716" nam="Microsoft Firewall
Client taskbar application (isatray.exe)" pub="Microsoft
Corporation" md5="90bcb927a978044125e293dcb7d10ed8"
ver="3.0" sz="52496" is="0" gfp="">c:\program
files\microsoft firewall client\isatray.exe</Process>
<Process ex="1" pid="1520" nam="Worldspan Filter Agent
(filteragent.exe)" pub="Worldspan L.P."
md5="d655ec02f2b55761b637d9a81b90b714" ver="6.00.02"
sz="127049" is="0"
gfp="">c:\wspan\swgw\filteragent.exe</Process>
<Process ex="1" pid="1760" nam="COM Surrogate
(dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">c:\windows\system32\dllhost.exe</Process>
<Process ex="1" pid="3508" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft
Corporation" md5="255ca546f8e187c41ebed2aabbeee07c"
ver="1.00.0501" sz="748352" is="0" gfp="">c:\program
files\microsoft antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="3568" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="3028" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="1f652552465f84e09d548b499139fe2e"
ver="1.00.0501" sz="4561736" is="0" gfp="">c:\program
files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="3084" nam="Notepad (notepad.exe)"
pub="Microsoft Corporation"
md5="388b8fbc36a8558587afc90fb23a3b99" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="69120" is="0"
gfp="">c:\windows\system32\notepad.exe</Process>
<Process ex="1" pid="3200" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="464528294c858e175e8f82371117e8e1"
ver="1.00.0501" sz="400184" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
<Process ex="1" pid="3164" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="464528294c858e175e8f82371117e8e1"
ver="1.00.0501" sz="400184" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>

 

[plun]

Here you go. I'm not sure how this will help you. As I
mentioned the worldspan application is not detected as
spyware.

Hi

No, the XML file does not help you I believe.

The Internet application
go.worldspan.com, used by the majority of travel agents
to place reservations and look up airline fares, is
hanging just before it connects and opens the right
script pane.

I think it is this script function that causes this problem,
scripts are
one wellknown bug with MSAS and MS works for a solution with
Beta 2.

Maybe this also can be solved with an VB6 upgrade.....?

http://www.microsoft.com/downloads/...61-7a9c-43e7-9117-f673077ffb3c&DisplayLang=en

Worth to try.........

 

[Bill Sanderson]

I like the idea of a scripting related issue, but Amy doesn't mention any
prompts when the problem occurs.

There's an installer app compat bug that happens at 99% of a
pre-installation expanding files step, as I recall. Simply shutting down
Microsoft Antispyware allows the install to continue.

This doesn't sound like that, nor, from the sound of the post, does it sound
like a specific issue with one installation on one machine.

And this doesn't look like something the developers are going to be able to
find to test in-house, either.

One step I could imagine for Amy to take would be a binary search through
the real-time agent checkpoints to see whether disabling one or more of them
fixes the issue.

First step would be to disable all three Agents and see whether the problem
goes away.

If it does not, the next step would be to apply the workaround paragraph of
this KB article:
http://support.microsoft.com/kb/892375 End users may be prompted to allow or
block administrative actions that originate from a central management tool
after they install Windows AntiSpyware (Beta) on a computer that is managed
by Systems Management Server 2003

This "really" turns off real-time protection.

If turning off all the agents fixes things, then I'd turn each agent on
singly and see where it breaks. If one particular agent is at fault, turn
off half that agents checkpoints, then the other half, split the half that
demonstrates the fault in half again, etc--til' you can pin it on an
individual checkpoint, if possible.

 

[amy]

Turning off the agents doesn't resolve the issue. I'll
give the "really" turning off a try.

It could be a scriping issue because the program does
hang at the point where it intializes scripts for the
site.

Both good ideas. I'll give them a try and post back.
Might be a few days before I get back out there.

thanks.

 

[amy]

It's the version change that has caused the problem. I've
got other PC's in the office that run fine with the older
build. But while updating one machine and setting up a
brand new PC, I encountered the problem. I've left the
rest at the old build.

Amy