Hi Ron,
Is this what you meant?
[colin, ccvATkeypointdotcomdotau]
- <MSSSRT version="1.0.501" createdate="1/17/2005
10:29:05 AM" os="XP.2600" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\GetRight - Tray
Icon.lnk" nam="GetRight
www.getright.com (getright.exe)"
pub="Headlight Software, Inc."
md5="2982c2f0ceb62033e075cf992c80406e" ver="5.2b"
sz="2215936" is="0" gfp="">c:\program
files\getright\getright.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="WorksFUD" dat="C:\Program Files\Microsoft
Works\wkfud.exe" nam="Microsoft Works Marketing Feature
(wkfud.exe)" pub="Microsoft Corporation"
md5="8f13ea2d495ae946b1f33898ada8fdd5" ver="6.00.3221.3"
sz="24576" is="0" gfp="">c:\program files\microsoft
works\wkfud.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Microsoft Works Update Detection" dat="C:\Program
Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe" nam="Microsoft Works Update Detection
(wkufind.exe)" pub="Microsoft Corporation"
md5="5ac34c17115d3818dc9c9f5b2d909858" ver="6.00.3215.0"
sz="28738" is="0" gfp="">c:\program files\common
files\microsoft shared\works
shared\wkufind.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SiS KHooker" dat="C:\WINDOWS\System32\khooker.exe"
nam="SiS Compatible Super VGA Keyboard Daemon
(khooker.exe)" pub="Silicon Integrated Systems
Corporation" md5="757d1e00e5c59bb88905af490ac8287b"
ver="0, 0, 0, 2030" sz="294912" is="0"
gfp="">c:\windows\system32
\khooker.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SiS Tray" dat="C:\WINDOWS\system32\sistray.EXE"
nam="SiS 630/730 Super VGA Tray Application
(sistray.exe)" pub="Silicon Integrated Systems
Corporation" md5="a5123b037e479a658dca7147852d2a10"
ver="0.0.0.2030" sz="266240" is="0"
gfp="">c:\windows\system32
\sistray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ccApp" dat=""c:\Documents and Settings\colin\Local
Settings\Temp\Support\ccCommon\ccCommon\ccApp.exe""
nam="Common Client User Session (ccapp.exe)"
pub="Symantec Corporation"
md5="631bd98882f6fc3e1191c8c7ef942638" ver="2.1.0.610"
sz="70816" is="0" gfp="">c:\documents and
settings\colin\local
settings\temp\support\cccommon\cccommon\ccapp.exe</Startup
FileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="rfagent" dat="C:\Program Files\RFA\rfagent.exe"
nam="Registry First Aid, the easy powerful registry
cleanup program (rfagent.exe)" pub="KsL Software"
md5="d2437e5434b12dd08ff3bca536edb866" ver="3.4.0.515"
sz="293888" is="0" gfp="">c:\program
files\rfa\rfagent.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AVG7_CC" dat="C:\PROGRA~1\Grisoft\AVGFRE~1
\avgcc.exe /STARTUP" nam="AVG Control Center (avgcc.exe)"
pub="GRISOFT, s.r.o."
md5="90e91e213d88d5e48e2c33bd1058ecf9" ver="7,0,0,298"
sz="332847" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgcc.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AVG7_EMC" dat="C:\PROGRA~1\Grisoft\AVGFRE~1
\avgemc.exe" nam="AVG E-Mail Scanner (avgemc.exe)"
pub="GRISOFT, s.r.o."
md5="d0a368090484ef6c277529d8524fea1a" ver="7,0,0,301"
sz="223796" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgemc.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnc
e" val="MicrosoftAntiSpywareCleaner" dat="C:\Program
Files\Microsoft AntiSpyware\gcASCleaner.exe" nam="Threat
Cleaner Helper (gcascleaner.exe)" pub="Microsoft
Corporation" md5="8d104546cb6c462521df09fda0bf8944"
ver="1.00.0501" sz="39744" is="0" gfp="">c:\program
files\microsoft
antispyware\gcascleaner.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="CTFMON.EXE" dat="C:\WINDOWS\system32\ctfmon.exe"
nam="CTF Loader (ctfmon.exe)" pub="Microsoft Corporation"
md5="24232996a38c0b0cf151c2140ae29fc8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32
\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="" dat="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp="" />
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SpybotSD TeaTimer" dat="C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe" nam="System settings
protector (teatimer.exe)" pub="Safer Networking Limited"
md5="58f7e6434d285f4c98ad3621e0bd8c8d" ver="1, 3, 0, 12"
sz="1038336" is="0" gfp="">c:\program files\spybot -
search & destroy\teatimer.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="MSMSGS" dat=""C:\Program
Files\Messenger\msmsgs.exe" /background" nam="Windows
Messenger (msmsgs.exe)" pub="Microsoft Corporation"
md5="b53343fe60a33ee765c2476d50d27b26" ver="4.7.3000"
sz="1667584" is="0" gfp="">c:\program
files\messenger\msmsgs.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SpySweeper" dat=""C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0" nam="Spy Sweeper
(spysweeper.exe)" pub="Webroot Software, Inc."
md5="f568ad4ecc3ecb1c0685bf091b3ec995" ver="3.5.0.189"
sz="3550208" is="0" gfp="">c:\program files\webroot\spy
sweeper\spysweeper.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32
\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2900.2180">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3}" prog="AcroIEHelper.AcroIEHlprObj.1"
val="AcroIEHlprObj Class" nam="AcroIEHelper Module
(acroiehelper.ocx)" pub="None"
md5="8394abfc1be196a62c9f532511936df7" ver="1, 0, 0, 1"
sz="37808" is="0" gfp="">c:\program files\adobe\acrobat
5.0\reader\activex\acroiehelper.ocx</BHO>
<BHO ex="1" clsid="{31FF080D-12A3-439A-A2EF-
4BA95A3148E8}" prog="Msie2gr.bho2gr.1" val="bho2gr Class"
nam="GetRight's IE & NS Click Monitoring.
www.getright.com (xx2gr.dll)" pub="Headlight Software,
Inc." md5="23380d8a570b3c81e749327ded630f68" ver="5.2b"
sz="233472" is="0" gfp="">c:\program
files\getright\xx2gr.dll</BHO>
<BHO ex="1" clsid="{53707962-6F74-2D53-2644-
206D7942484F}" prog="" val="" nam="Bad download blocker
(sdhelper.dll)" pub="Safer Networking Limited"
md5="abf5ba518c6a5ed104496ff42d19ad88" ver="1, 3, 0, 12"
sz="744960" is="0" gfp="">c:\progra~1\spybot~1
\sdhelper.dll</BHO>
<BHO ex="1" clsid="{AA58ED58-01DD-4d91-8333-
CF10577473F7}" prog="" val="Google Toolbar Helper"
nam="Google IE Client Toolbar (googletoolbar1.dll)"
pub="Google Inc." md5="d4e9b7b696e8c40a0e5cb76621a03ee4"
ver="2, 0, 114, 9" sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="0" clsid="{42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6}" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEToolbar ex="1" clsid="{2318C2B1-4965-11d4-9B18-
009027A5CD4F}" prog="" val="&Google" nam="Google IE
Client Toolbar (googletoolbar1.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-
00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="9b65c9b401b8f28a55cc641013068d67"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="1483264" is="0" gfp="">c:\windows\system32
\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="84c4b096044b015707183c19df338417"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="1016832" is="0" gfp="">c:\windows\system32
\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="1" clsid="{2318C2B1-4965-11D4-9B18-
009027A5CD4F}" prog="" val="&Google" nam="Google IE
Client Toolbar (googletoolbar1.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="84c4b096044b015707183c19df338417"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="1016832" is="0" gfp="">c:\windows\system32
\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{2318C2B1-4965-11D4-9B18-
009027A5CD4F}" prog="" val="&Google" nam="Google IE
Client Toolbar (googletoolbar1.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&Google Search">res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html</IEMenuExt>
<IEMenuExt val="Backward Links">res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html</IEMenuEx
t>
<IEMenuExt val="Cached Snapshot of
Page">res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html</IEMenuExt>
<IEMenuExt val="Download with GetRight">C:\Program
Files\GetRight\GRdownload.htm</IEMenuExt>
<IEMenuExt val="Open with GetRight Browser">C:\Program
Files\GetRight\GRbrowse.htm</IEMenuExt>
<IEMenuExt val="Similar Pages">res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html</IEMenuExt>
<IEMenuExt val="Translate into
English">res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-
00C04FD64497}" prog="" val="Microsoft Url Search Hook"
nam="Shell Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="9b65c9b401b8f28a55cc641013068d67"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="1483264" is="0" gfp="">c:\windows\system32
\shdocvw.dll</IEURLSearchHook>
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">
http://www.msn.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search Page">
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore
Local Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search
Bar">
http://home.microsoft.com/search/lobby/search.asp</IE
URL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start Page">
http://www.msn.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search Page">
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">
http://www.microsoft.com/isapi/redir.dll
?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Bar">
http://home.microsoft.com/search/lobby/search.asp</IE
URL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">
http://home.microsoft.com/search/searc
h.asp</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search CustomizeSearch">
http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search SearchAssistant">
http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchasst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">
http://home.microsoft.com/access/autos
earch.asp?p=%s</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl">
http://home.microsoft.com/access/autos
earch.asp?p=%s</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.h
tm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-
97EE-00C04FD91972}" prog="" val="URL Exec Hook"
nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="d5988a5048e4dc7175bca9f29fc144ae"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="8384000" is="0" gfp="">C:\WINDOWS\system32
\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{532057F3-3C02-4E70-
BE56-011CBF2029AC}" prog="ExecHook.Handler"
val="SPAMfighter Inject" nam="exechook.dll"
pub="SPAMfighter ApS"
md5="dbf00a77adff7369d8c6902cbfabedae" ver="1.00.0142"
sz="26312" is="0" gfp="">c:\program
files\spamfighter\clients\outlook
express\exechook.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-
9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand
val="HCR\exefile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\comfile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\batfile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\System32
\mshta.exe "%1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\piffile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%
SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:6 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:9 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mailto\shell\open\command">"%
ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%
1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %
1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="Microsoft XML Parser for Java"
prog="" nam="" codebase="">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{19E28AFC-EAE3-4CE5-AC83-
2407B42F57C9}"
prog="WindowsSecurityAdvisor.WindowsSecurityAdvisor.1"
nam="MSSecurityAdvisor Class"
codebase="
http://download.microsoft.com/download/0/5/c/05c
905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?
1092476622434">
- <Files>
<File ex="1" nam="Windows Security Advisor
(mssecadv.dll)" pub="Microsoft Corporation"
md5="a4282fd762ce1c4ffa665538e335cff0" ver="5.4.3790.14
built by: lab04_n" sz="36960" is="0"
gfp="">C:\WINDOWS\System32\mssecadv.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{205FF73B-CA67-11D5-99DD-
444553540000}" prog="" nam="CInstall Class" codebase="">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{3E68E405-C6DE-49FF-83AE-
41EE9F4C36CE}" prog="OPUCatalog.OPUCatalog11.1"
nam="Office Update Installation Engine"
codebase="
http://office.microsoft.com/officeupdate/content
/opuc.cab">
- <Files>
<File ex="1" nam="Microsoft Office Update Detection
Engine (opuc.dll)" pub="Microsoft Corporation"
md5="1e32ec4a8a17b19926b49ea5f6b79a76" ver="11.0.5626"
sz="314368" is="0" gfp="">C:\WINDOWS\opuc.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{A8658086-E6AC-4957-BC8E-
7D54A7E8A78E}" prog="SassChk.FileChk.6" nam="SassCln
Object"
codebase="
http://www.microsoft.com/security/controls/Sasse
r/20/SassCln.CAB">
- <Files>
<File ex="1" nam="Microsoft Sasser Worm Removal Tool.
(SassCln.dll)" pub="Microsoft Corporation"
md5="a41ca01d1f7e6f64bcd08c88faeaf85f" ver="1.0.0.20"
sz="118784" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\SassCln.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-
444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1"
nam="Shockwave Flash Object"
codebase="
http://download.macromedia.com/pub/shockwave/cab
s/flash/swflash.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="" nam="" codebase="">
<Files />
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-
00AA00B92AF1}" prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="deflate" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-
11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-
00A0C90312E1}" prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="d5988a5048e4dc7175bca9f29fc144ae"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="8384000" is="0" gfp="">c:\windows\system32
\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="about" val="{3050F406-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d94e6405e420373161467acd3da65640"
ver="6.00.2900.2523 (xpsp_sp2_gdr.040919-1056)"
sz="3004928" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-
b013-00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-
7b8b-11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CD00020A-8B95-11D1-
82DB-00C04FB1625D}" prog="CDO.KnowledgePluggable.1"
filter="cdo" val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
nam="Microsoft SharePoint Portal Server Object Model
(pkmcdo.dll)" pub="Microsoft Corporation"
md5="a5944428a77ce0e5337b40f5fc12e327"
ver="10.145.3722.0" sz="872448" is="0" gfp="">c:\program
files\common files\microsoft shared\web
folders\pkmcdo.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-
A120-47A3D7D937CC}" prog="" filter="dvd" val="{12D51199-
0DB5-46FE-A120-47A3D7D937CC}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="file" val="{79eac9e7-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="gopher"
val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="http" val="{79eac9e2-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="https" val="{79eac9e5-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-
A4CC-0000F80149F6}" prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="javascript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="d94e6405e420373161467acd3da65640"
ver="6.00.2900.2523 (xpsp_sp2_gdr.040919-1056)"
sz="3004928" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{5C135180-9973-46D9-
ABF4-148267CBB8BF}" prog="" filter="lid" val="{5C135180-
9973-46D9-ABF4-148267CBB8BF}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="local" val="{79eac9e7-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="mailto"
val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="d94e6405e420373161467acd3da65640"
ver="6.00.2900.2523 (xpsp_sp2_gdr.040919-1056)"
sz="3004928" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-
85E3-00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-
BCBC-11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet
Messaging API (inetcomm.dll)" pub="Microsoft Corporation"
md5="ad83a2a04f68db2dff500c30536fcd6b"
ver="6.00.2900.2527 (xpsp_sp2_gdr.040919-1056)"
sz="679424" is="0" gfp="">c:\windows\system32
\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)"
sz="603648" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-
A4CC-0000F80149F6}" prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d94e6405e420373161467acd3da65640"
ver="6.00.2900.2523 (xpsp_sp2_gdr.040919-1056)"
sz="3004928" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-
A840-006008059382}" prog="" filter="sysimage"
val="{76E67A63-06E9-11D2-A840-006008059382}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="d94e6405e420373161467acd3da65640"
ver="6.00.2900.2523 (xpsp_sp2_gdr.040919-1056)"
sz="3004928" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-
B6D6-00C04FBBDE6E}" prog="" filter="tv" val="{CBD30858-
AF45-11D2-B6D6-00C04FBBDE6E}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="vbscript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="d94e6405e420373161467acd3da65640"
ver="6.00.2900.2523 (xpsp_sp2_gdr.040919-1056)"
sz="3004928" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-
AD76-D2853AC8BECE}" prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA
Scripting Layer (wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-
11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk"
namespacefilter="NameSpace Filter for MK
MSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32
\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32
\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">1702</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7849596a-
48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="d5988a5048e4dc7175bca9f29fc144ae"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="8384000" is="0" gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{fbeb8a05-
beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="d5988a5048e4dc7175bca9f29fc144ae"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="8384000" is="0" gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-
DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft
Corporation" md5="6501db5182d5a8c0f1f1707286161d66"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="276480" is="0" gfp="">c:\windows\system32
\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-
2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)"
pub="Microsoft Corporation"
md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32
\stobject.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{e57ce738-
33e8-4c51-8354-bb4de9d215d1}" prog="" val="UPnPMonitor"
nam="UPNP Tray Monitor and Folder (upnpui.dll)"
pub="Microsoft Corporation"
md5="4e1be01eb03fe21c18ef8cfadd03b030" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="239616" is="0"
gfp="">c:\windows\system32
\upnpui.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway
Service" desc="Provides support for 3rd party protocol
plug-ins for Internet Connection Sharing and the Windows
Firewall." nam="Application Layer Gateway Service
(alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="AVG7 Alert Manager Server"
desc="" nam="AVG Alert Manager (avgamsvr.exe)"
pub="GRISOFT, s.r.o."
md5="164d825505b771c9243bb11490fb6c9f" ver="7,0,0,297"
sz="314931" is="0" gfp="">C:\PROGRA~1\Grisoft\AVGFRE~1
\avgamsvr.exe</Service>
<Service ex="1" disp="AVG7 Update Service" desc=""
nam="AVG Update Service (avgupsvc.exe)" pub="GRISOFT,
s.r.o." md5="d90569304779c0d6bf39ede0be230c41"
ver="7,0,0,301" sz="36403" is="0" gfp="">C:\PROGRA~1
\Grisoft\AVGFRE~1\avgupsvc.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes
contents and properties of files on local and remote
computers; provides rapid access to files through
flexible querying language." nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook
Viewer to store information and share it with remote
computers. If the service is stopped, ClipBook Viewer
will not be able to share information with remote
computers. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Windows
NT DDE Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application"
desc="Manages the configuration and tracking of Component
Object Model (COM)+-based components. If the service is
stopped, most COM+-based components will not function
properly. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative Service" desc="Configures hard disk drives
and volumes. The service only runs for configuration
processes and then stops." nam="Logical Disk Manager
service process (dmadmin.exe)" pub="Microsoft Corp.,
Veritas Software" md5="554c7cb178fe3bd12450b81ad63adbc3"
ver="2600.2180.503.0" sz="224768" is="0"
gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="EPSON Printer Status Agent2"
desc="" nam="EPSON Printer Status Agent (SAgent2.exe)"
pub="SEIKO EPSON CORPORATION"
md5="8ab495f0d82f81458bc9ac85e018fbbf" ver="1, 2, 0, 0"
sz="114688" is="0" gfp="">C:\Program Files\Common
Files\EPSON\EBAPI\SAgent2.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event
log messages issued by Windows-based programs and
components to be viewed in Event Viewer. This service
cannot be stopped." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service"
desc="Manages CD recording using Image Mastering
Applications Programming Interface (IMAPI). If this
service is stopped, this computer will be unable to
record CDs. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Image Mastering API (imapi.exe)" pub="Microsoft
Corporation" md5="fa788520bcac0f5d9d5cde5615c0d931"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="150016" is="0" gfp="">C:\WINDOWS\System32
\imapi.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop
Sharing" desc="Enables an authorized user to access this
computer remotely by using NetMeeting over a corporate
intranet. If this service is stopped, remote desktop
sharing will be unavailable. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="NetMeeting Remote Desktop Sharing
(mnmsrvc.exe)" pub="Microsoft Corporation"
md5="f6415361201915b9fe3896b0e4e724ff"
ver="5.1.2600.2180" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that span
multiple resource managers, such as databases, message
queues, and file systems. If this service is stopped,
these transactions will not occur. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="c7c3d89eb0a6f3dba622ea737fa335b1"
ver="2001.12.4414.258" sz="6144" is="0"
gfp="">C:\WINDOWS\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds,
modifies, and removes applications provided as a Windows
Installer (*.msi) package. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="Windows installer (msiexec.exe)"
pub="Microsoft Corporation"
md5="4236ae241f193f58adab141ceccfd5f4"
ver="3.0.3790.2180" sz="77312" is="0"
gfp="">C:\WINDOWS\System32\msiexec.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides
network transport and security for Dynamic Data Exchange
(DDE) for programs running on the same computer or on
different computers. If this service is stopped, DDE
transport and security will be unavailable. If this
service is disabled, any services that explicitly depend
on it will fail to start." nam="Network DDE - DDE
Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
Dynamic Data Exchange (DDE) network shares. If this
service is stopped, DDE network shares will be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-
through authentication of account logon events for
computers in a domain." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a
computer to recognize and adapt to hardware changes with
little or no user input. Stopping or disabling this
service will result in system instability." nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="108032" is="0" gfp="">C:\WINDOWS\system32
\services.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP
security policy and starts the ISAKMP/Oakley (IKE) and
the IP security driver." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private
keys, to prevent access by unauthorized services,
processes, or users." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session
Manager" desc="Manages and controls Remote Assistance. If
this service is stopped, Remote Assistance will be
unavailable. Before stopping this service, see the
Dependencies tab of the Properties dialog box."
nam="Microsoft Remote Desktop Help Session Manager
(sessmgr.exe)" pub="Microsoft Corporation"
md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="140800" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="793f04a09b15e7c6c11dbdffaf06c0ab"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75264"
is="0" gfp="">C:\WINDOWS\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality
for QoS-aware programs and control applets."
nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft
Corporation" md5="471b3f9741d762abe75e9deea4787e47"
ver="5.1.2600.0 (xpclient.010817-1148)" sz="132608"
is="0" gfp="">C:\WINDOWS\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user
accounts." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access
to smart cards read by this computer. If this service is
stopped, this computer will be unable to read smart
cards. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Smart
Card Resource Management Server (SCardSvr.exe)"
pub="Microsoft Corporation"
md5="25d8de134df108e3dbc8d7d23b1aa58e" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="95744" is="0"
gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Simple TCP/IP Services"
desc="Supports the following TCP/IP services: Character
Generator, Daytime, Discard, Echo, and Quote of the Day."
nam="TCP/IP Services Application (tcpsvcs.exe)"
pub="Microsoft Corporation"
md5="32933b07fc16d9f778bee12545fa1b1a" ver="5.1.2600.0
(xpclient.010817-1148)" sz="19456" is="0"
gfp="">C:\WINDOWS\System32\tcpsvcs.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files
to memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Manages software-based volume shadow copies taken
by the Volume Shadow Copy service. If this service is
stopped, software-based volume shadow copies cannot be
managed. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Collects performance data from local or remote
computers based on preconfigured schedule parameters,
then writes the data to a log or triggers an alert. If
this service is stopped, performance information will not
be collected. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="8b54aa346d1b1b113ffaa75501b8b1b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Windows User Mode Driver
Framework" desc="Enables Windows user mode drivers."
nam="Windows User Mode Driver Manager (wdfmgr.exe)"
pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages
and implements Volume Shadow Copies used for backup and
other purposes. If this service is stopped, shadow copies
will be unavailable for backup and the backup may fail.
If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Microsoft Volume
Shadow Copy Service (vssvc.exe)" pub="Microsoft
Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="289792" is="0" gfp="">C:\WINDOWS\System32
\vssvc.exe</Service>
<Service ex="1" disp="WMI Performance Adapter"
desc="Provides performance library information from WMI
HiPerf providers." nam="WMI Performance Adapter Service
(wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="404" nam="Windows NT Session
Manager (smss.exe)" pub="Microsoft Corporation"
md5="bd7fb0957c716f1a60333aee04de2178" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="460" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="f12b178b1678d778cfd3ff1fc38c71fb" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">c:\windows\system32\csrss.exe</Process>
<Process ex="1" pid="484" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="01c3346c241652f43aed8e2149881bfe" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="528" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="540" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="684" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="764" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="804" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="852" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="904" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1084" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="1180" nam="AVG Alert Manager
(avgamsvr.exe)" pub="GRISOFT, s.r.o."
md5="164d825505b771c9243bb11490fb6c9f" ver="7,0,0,297"
sz="314931" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgamsvr.exe</Process>
<Process ex="1" pid="1196" nam="AVG Update Service
(avgupsvc.exe)" pub="GRISOFT, s.r.o."
md5="d90569304779c0d6bf39ede0be230c41" ver="7,0,0,301"
sz="36403" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgupsvc.exe</Process>
<Process ex="1" pid="1216" nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">c:\windows\system32\cisvc.exe</Process>
<Process ex="1" pid="1244" nam="EPSON Printer Status
Agent (sagent2.exe)" pub="SEIKO EPSON CORPORATION"
md5="8ab495f0d82f81458bc9ac85e018fbbf" ver="1, 2, 0, 0"
sz="114688" is="0" gfp="">c:\program files\common
files\epson\ebapi\sagent2.exe</Process>
<Process ex="1" pid="1416" nam="TCP/IP Services
Application (tcpsvcs.exe)" pub="Microsoft Corporation"
md5="32933b07fc16d9f778bee12545fa1b1a" ver="5.1.2600.0
(xpclient.010817-1148)" sz="19456" is="0"
gfp="">c:\windows\system32\tcpsvcs.exe</Process>
<Process ex="1" pid="1444" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1472" nam="Windows User Mode
Driver Manager (wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">c:\windows\system32\wdfmgr.exe</Process>
<Process ex="1" pid="180" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="a0732187050030ae399b241436565e64"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="208" nam="Application Layer
Gateway Service (alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">c:\windows\system32\alg.exe</Process>
<Process ex="1" pid="260" nam="Microsoft Works Update
Detection (wkufind.exe)" pub="Microsoft Corporation"
md5="5ac34c17115d3818dc9c9f5b2d909858" ver="6.00.3215.0"
sz="28738" is="0" gfp="">c:\program files\common
files\microsoft shared\works shared\wkufind.exe</Process>
<Process ex="1" pid="284" nam="SiS Compatible Super VGA
Keyboard Daemon (khooker.exe)" pub="Silicon Integrated
Systems Corporation"
md5="757d1e00e5c59bb88905af490ac8287b" ver="0, 0, 0,
2030" sz="294912" is="0" gfp="">c:\windows\system32
\khooker.exe</Process>
<Process ex="1" pid="420" nam="SiS 630/730 Super VGA
Tray Application (sistray.exe)" pub="Silicon Integrated
Systems Corporation"
md5="a5123b037e479a658dca7147852d2a10" ver="0.0.0.2030"
sz="266240" is="0" gfp="">c:\windows\system32
\sistray.exe</Process>
<Process ex="1" pid="444" nam="Registry First Aid, the
easy powerful registry cleanup program (rfagent.exe)"
pub="KsL Software" md5="d2437e5434b12dd08ff3bca536edb866"
ver="3.4.0.515" sz="293888" is="0" gfp="">c:\program
files\rfa\rfagent.exe</Process>
<Process ex="1" pid="656" nam="AVG Control Center
(avgcc.exe)" pub="GRISOFT, s.r.o."
md5="90e91e213d88d5e48e2c33bd1058ecf9" ver="7,0,0,298"
sz="332847" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgcc.exe</Process>
<Process ex="1" pid="712" nam="AVG E-Mail Scanner
(avgemc.exe)" pub="GRISOFT, s.r.o."
md5="d0a368090484ef6c277529d8524fea1a" ver="7,0,0,301"
sz="223796" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgemc.exe</Process>
<Process ex="1" pid="740" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="832" nam="CTF Loader (ctfmon.exe)"
pub="Microsoft Corporation"
md5="24232996a38c0b0cf151c2140ae29fc8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</Process>
<Process ex="1" pid="880" nam="System settings
protector (teatimer.exe)" pub="Safer Networking Limited"
md5="58f7e6434d285f4c98ad3621e0bd8c8d" ver="1, 3, 0, 12"
sz="1038336" is="0" gfp="">c:\program files\spybot -
search & destroy\teatimer.exe</Process>
<Process ex="1" pid="576" nam="Windows Messenger
(msmsgs.exe)" pub="Microsoft Corporation"
md5="b53343fe60a33ee765c2476d50d27b26" ver="4.7.3000"
sz="1667584" is="0" gfp="">c:\program
files\messenger\msmsgs.exe</Process>
<Process ex="1" pid="1008" nam="GetRight
www.getright.com (getright.exe)" pub="Headlight Software,
Inc." md5="2982c2f0ceb62033e075cf992c80406e" ver="5.2b"
sz="2215936" is="0" gfp="">c:\program
files\getright\getright.exe</Process>
<Process ex="1" pid="1132" nam="GetRight
www.getright.com (getright.exe)" pub="Headlight Software,
Inc." md5="2982c2f0ceb62033e075cf992c80406e" ver="5.2b"
sz="2215936" is="0" gfp="">c:\program
files\getright\getright.exe</Process>
<Process ex="1" pid="2056" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft
Corporation" md5="255ca546f8e187c41ebed2aabbeee07c"
ver="1.00.0501" sz="748352" is="0" gfp="">c:\program
files\microsoft antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="2560" nam="Indexing Service filter
daemon (cidaemon.exe)" pub="Microsoft Corporation"
md5="582304f6f1946fa5068cf143d729d7ed" ver="5.1.2600.0
(xpclient.010817-1148)" sz="8192" is="0"
gfp="">c:\windows\system32\cidaemon.exe</Process>
<Process ex="1" pid="4044" nam="(ud_mon.exe)" pub=""
md5="1158e5ccdc814321a7bbbd162fd5e851" ver=""
sz="1001472" is="0"
gfp="">c:\downloads\ud_mon.exe</Process>
<Process ex="1" pid="1664" nam="United Devices
(ud.exe)" pub="United Devices, Inc."
md5="9baf07edb1ce9b8bc3d67c41af8d07fc" ver="3.00.2814"
sz="475648" is="0" gfp="">c:\program files\united
devices\ud.exe</Process>
<Process ex="1" pid="1864" nam="(ud_7657531.exe)"
pub="" md5="265f746fb65d6b23def58c9df488fc7f" ver=""
sz="2798530" is="0" gfp="">c:\program files\united
devices\ud_7657531.exe</Process>
<Process ex="1" pid="1392" nam="Created under grants
from the National Science Foundation number MCB-9458178,
the Packard Foundation, the Los Alamos National
Laboratory, Office of Naval Research grant number N00014-
95-1-0417, and the Howard Hughes Medical Institute
(wcgrid_rosetta.exe)" pub="University of Washington and
IBM Corporation" md5="97e6be315ffe048a5a3dfa3336fb6579"
ver="1, 0, 0, 5" sz="7274496" is="0" gfp="">c:\program
files\united
devices\ud_7657531_0.dir\wcgrid_rosetta.exe</Process>
<Process ex="1" pid="2404" nam="Spy Sweeper
(spysweeper.exe)" pub="Webroot Software, Inc."
md5="f568ad4ecc3ecb1c0685bf091b3ec995" ver="3.5.0.189"
sz="3550208" is="0" gfp="">c:\program files\webroot\spy
sweeper\spysweeper.exe</Process>
<Process ex="1" pid="2296" nam="Internet Explorer
(iexplore.exe)" pub="Microsoft Corporation"
md5="e7484514c0464642be7b4dc2689354c8"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="93184" is="0" gfp="">c:\program files\internet
explorer\iexplore.exe</Process>
<Process ex="1" pid="1628" nam="Outlook Express
(msimn.exe)" pub="Microsoft Corporation"
md5="091c14f4c71328d4316248a2421190de"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="60416" is="0" gfp="">c:\program files\outlook
express\msimn.exe</Process>
<Process ex="1" pid="1200" nam="EditPad Lite
(editpad.exe)" pub="JGsoft - Just Great Software"
md5="69157f68084b914dd7ef48a5df7c2324" ver="5.4.0.0"
sz="473088" is="0" gfp="">c:\program
files\jgsoft\editpadlite\editpad.exe</Process>
<Process ex="1" pid="2332" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="1f652552465f84e09d548b499139fe2e"
ver="1.00.0501" sz="4561736" is="0" gfp="">c:\program
files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="2812" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="464528294c858e175e8f82371117e8e1"
ver="1.00.0501" sz="400184" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
