Anther reort question?

D

David Sherman

What information is Microsoft needing?

Here is what Microsoft gathers and is sent:

- <MSSSRT version="1.0.501" createdate="1/10/2005 9:35:34 AM"
os="XP.2600" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Acrobat Assistant.lnk" nam="AcroTray
(acrotray.exe)" pub="Adobe Systems Inc."
md5="cfe5228556c93d03d6753e7953ccd4a9" ver="6.0.1.2003102300"
sz="217194" is="0" gfp="">c:\program files\adobe\acrobat
6.0\distillr\acrotray.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\AdSubtract.lnk" nam="AdSubtract PRO (adsub.exe)"
pub="interMute, Inc." md5="fc57f96c3a5d571bf1491dba8e7cda45" ver="2,
5, 5, 0" sz="65536" is="0" gfp="">c:\program
files\adsubtract\adsub.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Microsoft Office.lnk" nam="Microsoft Office 2000
component (osa9.exe)" pub="Microsoft Corporation"
md5="f51f9e10d937a8edd58d2d456ff49468" ver="9.0.3720" sz="65588"
is="0" gfp="">c:\ms2k\office\osa9.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Smapp"
dat="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"
nam="SoundMAX System Tray (smtray.exe)" pub="Analog Devices, Inc."
md5="2d765e811b6ffea9f91d4425e34b8461" ver="3, 2, 17, 0" sz="143360"
is="0" gfp="">c:\program files\analog
devices\soundmax\smtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="InstantAccess" dat="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h"
nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="RegisterDropHandler"
dat="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" nam="REGISTERDROPHANDLER
MFC Application (regist~1.exe)" pub="None"
md5="ebea065b4a6932c83059c190d1516e4c" ver="1, 0, 0, 1" sz="23040"
is="0"
gfp="">c:\progra~1\textbr~1.0\bin\regist~1.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="StatusClient" dat="C:\Program
Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto" nam="" pub=""
md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="TomcatStartup" dat="C:\Program
Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" nam="(hpbpsttp.exe)"
pub="" md5="dbfc15a757470302b3a81ccde3feea28" ver="" sz="143360"
is="0" gfp="">c:\program
files\hewlett-packard\toolbox2.0\hpbpsttp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NeroFilterCheck" dat="C:\WINDOWS\system32\NeroCheck.exe"
nam="NeroCheck (nerocheck.exe)" pub="Ahead Software Gmbh"
md5="3e4c03cefad8de135263236b61a49c90" ver="1, 0, 0, 2" sz="155648"
is="0" gfp="">c:\windows\system32\nerocheck.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NvCplDaemon" dat="RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup" nam="NVIDIA Display
Properties Extension (nvcpl.dll)" pub="NVIDIA Corporation"
md5="aa8b1b6ad9e721e2f0dbbc7d95d32ea4" ver="6.14.10.5216" sz="5058560"
is="0" gfp="">c:\windows\system32\nvcpl.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="nwiz"
dat="nwiz.exe /install" nam="NVIDIA nView Wizard, Version 52.16
(nwiz.exe)" pub="NVIDIA Corporation"
md5="a4ae9ba1e10cb9f6c0949c4db91a1f72" ver="6.14.10.5216" sz="741376"
is="0" gfp="">c:\windows\system32\nwiz.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QuickFinder Scheduler" dat=""C:\Program Files\WordPerfect Office
11\Programs\QFSCHD110.EXE"" nam="QuickFinder Index Scheduler
(qfschd110.exe)" pub="Novell, Inc., c/o Corel Corporation Limited"
md5="634bf188c65620df31445377d9242d0a" ver="11.0.0.233" sz="77887"
is="0" gfp="">c:\program files\wordperfect office
11\programs\qfschd110.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="RCScheduleCheck" dat="C:\Program Files\VCOM\Recovery
Commander\RCSCHED.EXE -CHECK" nam="Checkpoint Scheduler Wizard
(rcsched.exe)" pub="imagine LAN, Inc."
md5="09e1c0c57dfe2d0483ea8c99794fa909" ver="2.00.03" sz="151552"
is="0" gfp="">c:\program files\vcom\recovery
commander\rcsched.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AXEControl" dat="C:\Program Files\Alexander
SPK\Agent\AXEControl.exe" nam="Control for Alexander SPK (Single PC)
(axecontrol.exe)" pub="Alexander LAN"
md5="d10781b124d81dec41e577028d6a09bb" ver="1, 0, 0, 1" sz="1470564"
is="0" gfp="">c:\program files\alexander
spk\agent\axecontrol.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="ASUS
Probe" dat="C:\Program Files\ASUS\Probe\AsusProb.exe"
nam="(asusprob.exe)" pub="" md5="b7e260f00988380f72ff06d2fe181d70"
ver="" sz="617984" is="0" gfp="">c:\program
files\asus\probe\asusprob.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="DiskeeperSystray" dat=""C:\Program Files\Executive
Software\Diskeeper\DkIcon.exe"" nam="DKICON.EXE (dkicon.exe)"
pub="Executive Software International, Inc."
md5="8d8770c0fa1a0c981c19190e4f58b2e5" ver="9.0.504.0" sz="176216"
is="0" gfp="">c:\program files\executive
software\diskeeper\dkicon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="WFXSwtch" dat="C:\PROGRA~1\WinFax\WFXSWTCH.exe"
nam="(wfxswtch.exe)" pub="" md5="3e3a982f8dfd0ab8e7472ee150da6525"
ver="" sz="28160" is="0"
gfp="">c:\progra~1\winfax\wfxswtch.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="WinFaxAppPortStarter" dat="wfxsnt40.exe" nam="Delrina Fax Port
Launcher (wfxsnt40.exe)" pub="Microsoft Corporation"
md5="f2819b460530ccde6b734639f2aaff39" ver="7.00 (Build 019)"
sz="45568" is="0"
gfp="">c:\windows\system32\wfxsnt40.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="ccApp"
dat=""C:\Program Files\Common Files\Symantec Shared\ccApp.exe""
nam="Symantec User Session (ccapp.exe)" pub="Symantec Corporation"
md5="b737c1bc70b004827a447985f0242cf0" ver="103.0.1.26" sz="58488"
is="0" gfp="">c:\program files\common files\symantec
shared\ccapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="GhostStartTrayApp" dat="C:\Program Files\Symantec\Norton Ghost
2003\GhostStartTrayApp.exe" nam="Norton Ghost Start
(ghoststarttrayapp.exe)" pub="Symantec Corporation"
md5="45725ce2a9bd68cf1526728fcffcc24e" ver="2003.775" sz="94208"
is="0" gfp="">c:\program files\symantec\norton ghost
2003\ghoststarttrayapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Microsoft Works Update Detection" dat="C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe" nam="Microsoft Works
Update Detection (wkufind.exe)" pub="Microsoft Corporation"
md5="6156e1b7a5a91d8d7a570223a344a650" ver="9.00.0603.0" sz="50688"
is="0" gfp="">c:\program files\common files\microsoft shared\works
shared\wkufind.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="vptray"
dat="C:\PROGRA~1\SYMANT~1\VPTray.exe" nam="Symantec AntiVirus
(vptray.exe)" pub="Symantec Corporation"
md5="5972a3384ebceaeb99f4216e77ebed59" ver="9.0.0.338" sz="124128"
is="0" gfp="">c:\progra~1\symant~1\vptray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware Service
(gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501" sz="469824"
is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="RssReader" dat="C:\Program Files\RssReader\RssReader.exe"
nam="RssReader (rssreader.exe)" pub="Ykoon"
md5="67e80544174bf1627a90d767e511ba72" ver="1.0.88.0" sz="1069056"
is="0" gfp="">c:\program
files\rssreader\rssreader.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ctfmon.exe" dat="C:\WINDOWS\system32\ctfmon.exe" nam="CTF Loader
(ctfmon.exe)" pub="Microsoft Corporation"
md5="24232996a38c0b0cf151c2140ae29fc8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="SpybotSD
TeaTimer" dat="C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe" nam="System settings protector (teatimer.exe)"
pub="Safer Networking Limited" md5="58f7e6434d285f4c98ad3621e0bd8c8d"
ver="1, 3, 0, 12" sz="1038336" is="0" gfp="">c:\program files\spybot -
search & destroy\teatimer.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\Software\Microsoft\Windows\CurrentVersion\RunServices"
val="RegisterDropHandler"
dat="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" nam="REGISTERDROPHANDLER
MFC Application (regist~1.exe)" pub="None"
md5="ebea065b4a6932c83059c190d1516e4c" ver="1, 0, 0, 1" sz="23040"
is="0"
gfp="">c:\progra~1\textbr~1.0\bin\regist~1.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon Application
(userinit.exe)" pub="Microsoft Corporation"
md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2900.2180">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"
prog="AcroIEHelper.AcroIEHlprObj.1" val="AcroIEHlprObj Class"
nam="Adobe Acrobat IE Helper Version 6.0 for ActivieX
(acroiehelper.dll)" pub="Adobe Systems Incorporated"
md5="fc7850324464e4d19a24a03d882b5cc4" ver="6.0.1.2003110300"
sz="54248" is="0" gfp="">c:\program files\adobe\acrobat
6.0\acrobat\activex\acroiehelper.dll</BHO>
<BHO ex="1" clsid="{53707962-6F74-2D53-2644-206D7942484F}" prog=""
val="" nam="Bad download blocker (sdhelper.dll)" pub="Safer Networking
Limited" md5="abf5ba518c6a5ed104496ff42d19ad88" ver="1, 3, 0, 12"
sz="744960" is="0" gfp="">c:\progra~1\spybot~1\sdhelper.dll</BHO>
<BHO ex="1" clsid="{AA58ED58-01DD-4d91-8333-CF10577473F7}" prog=""
val="Google Toolbar Helper" nam="Google IE Client Toolbar
(googletoolbar1.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9" sz="720896"
is="0" gfp="">c:\program files\google\googletoolbar1.dll</BHO>
<BHO ex="1" clsid="{AE7CD045-E861-484f-8273-0445EE161910}"
prog="Adobe.AcroIEToolbarHelper.1" val="AcroIEToolbarHelper Class"
nam="(acroiefavclient.dll)" pub=""
md5="44bcff08947790e74bd7cc7532d2b793" ver="" sz="147456" is="0"
gfp="">c:\program files\adobe\acrobat
6.0\acrobat\acroiefavclient.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
prog="Adobe.AcroIEToolbar.1" val="Adobe PDF"
nam="(acroiefavclient.dll)" pub=""
md5="44bcff08947790e74bd7cc7532d2b793" ver="" sz="147456" is="0"
gfp="">c:\program files\adobe\acrobat
6.0\acrobat\acroiefavclient.dll</IEToolbar>
<IEToolbar ex="1" clsid="{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
prog="" val="&Google" nam="Google IE Client Toolbar
(googletoolbar1.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9" sz="720896"
is="0" gfp="">c:\program files\google\googletoolbar1.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{182EC0BE-5110-49C8-A062-BEB1D02A220B}"
prog="Adobe.AcroIEFavorites.1" val="Adobe PDF"
nam="(acroiefavclient.dll)" pub=""
md5="44bcff08947790e74bd7cc7532d2b793" ver="" sz="147456" is="0"
gfp="">c:\program files\adobe\acrobat
6.0\acrobat\acroiefavclient.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}"
prog="" val="&Tip of the Day" nam="Shell Doc Object and Control
Library (shdocvw.dll)" pub="Microsoft Corporation"
md5="9b65c9b401b8f28a55cc641013068d67" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="1483264" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1"
clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog="" val="&Address"
nam="Shell Browser UI Library (browseui.dll)" pub="Microsoft
Corporation" md5="84c4b096044b015707183c19df338417"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)" sz="1016832" is="0"
gfp="">c:\windows\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="1"
clsid="{2318C2B1-4965-11D4-9B18-009027A5CD4F}" prog="" val="&Google"
nam="Google IE Client Toolbar (googletoolbar1.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9" sz="720896"
is="0" gfp="">c:\program
files\google\googletoolbar1.dll</IEShellBrowser>
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="84c4b096044b015707183c19df338417"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)" sz="1016832" is="0"
gfp="">c:\windows\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5=""
ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
prog="" val="&Google" nam="Google IE Client Toolbar
(googletoolbar1.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9" sz="720896"
is="0" gfp="">c:\program
files\google\googletoolbar1.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5=""
ver="" sz="" is="0" gfp="" />
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&Google Search">res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html</IEMenuExt>
<IEMenuExt val="Backward Links">res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html</IEMenuExt>
<IEMenuExt val="Cached Snapshot of Page">res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html</IEMenuExt>
<IEMenuExt val="Capture &Image To Onfolio..." />
<IEMenuExt val="Capture &Page To Onfolio..." />
<IEMenuExt val="Capture &Snippet To Onfolio..." />
<IEMenuExt val="Capture &Target To Onfolio..." />
<IEMenuExt val="E&xport to Microsoft
Excel">res://C:\MSOFFI~2\OFFICE11\EXCEL.EXE/3000</IEMenuExt>
<IEMenuExt val="Similar Pages">res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html</IEMenuExt>
<IEMenuExt val="Translate into English">res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="1"
clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" prog="" val="Microsoft
Url Search Hook" nam="Shell Doc Object and Control Library
(shdocvw.dll)" pub="Microsoft Corporation"
md5="9b65c9b401b8f28a55cc641013068d67" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="1483264" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEURLSearchHook>
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start
Page">http://www.drudgereport.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search
Page">http://www.google.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search
Bar">http://www.google.com/ie</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start
Page">http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local
Page">%SystemRoot%\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant">http://www.google.com/ie</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">http://www.google.com/keyword/%s</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1"
clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}" prog="" val="URL Exec
Hook" nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="d5988a5048e4dc7175bca9f29fc144ae"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="8384000" is="0"
gfp="">C:\WINDOWS\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1"
clsid="{0cab0400-7395-11d0-a5e5-0020afe2fdd9}" prog="" val="Quick View
Plus - ShellExecute Hook"
nam="(qvphook.dll{0cab0400-7395-11d0-a5e5-0020)" pub=""
md5="ae5b5bec7e4817e82d8e5d5f8a322dc1" ver="" sz="41472" is="0"
gfp="">C:\WINDOWS\qvphook.dll{0cab0400-7395-11d0-a5e5-0020</ShellExecuteHook>
<ShellExecuteHook ex="1"
clsid="{a5780613-492e-4a2a-a7fd-549610edf6cc}" prog="RCHook.HookRC.1"
val="HookRC Class" nam="RCHook Module (rchook.dll)" pub="None"
md5="c3699dcfb80a9d4ea8371a98be9c1a8e" ver="1, 0, 7, 0" sz="102400"
is="0" gfp="">c:\program files\vcom\recovery
commander\rchook.dll</ShellExecuteHook>
<ShellExecuteHook ex="1"
clsid="{A213B520-C6C2-11d0-AF9D-008029E1027E}" prog="" val="WinFax PRO
IShellExecuteHook" nam="Shell extension for ACT phonebook integration
DLL (wfxseh32.dll)" pub="Symantec Corporation"
md5="a9c8efc93b38ee4e23271d6f1d88edc7" ver="9.00.98.0727" sz="38400"
is="0" gfp="">c:\program files\winfax\wfxseh32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1"
clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1" nam="Microsoft
AntiSpyware Shell Extension (shellextension.dll)" pub="Microsoft
Corporation" md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\System32\mshta.exe
"%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\MSOFFI~2\OFFICE11\OUTLOOK.EXE"
-c IPM.Note /m "%1"</ShellOpenCommand>
<ShellOpenCommand val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %1</ShellOpenCommand>
<ShellOpenCommand val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" 1%</ShellOpenCommand>
<ShellOpenCommand val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" 1%</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="DirectAnimation Java Classes" prog="" nam=""
codebase="file://C:\WINDOWS\Java\classes\dajava.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="Microsoft XML Parser for Java" prog="" nam=""
codebase="file://C:\WINDOWS\Java\classes\xmldso.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{17492023-C23A-453E-A040-C7C580BBF700}"
prog="LegitCheckControl.LegitCheck.1" nam="Windows Genuine Advantage
Validation Tool"
codebase="http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)" pub="Microsoft"
md5="39c923c97c0adea0ed878e427c3c9204" ver="1, 5, 0, 42" sz="16384"
is="0" gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="40fc24cef49eaf0ebc7c51c67f89a952" ver="1.0.0058.6" sz="346888"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{3299935F-2C5A-499A-9908-95CFFF6EF8C1}"
prog="PlaceWare.Quicksilver.1" nam="Quicksilver Class"
codebase="http://scpwjc.ops.placeware.com/etc/place/JULIET/SCJpws-c1/5.1.6.246/lib/quicksilver.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}"
prog="OPUCatalog.OPUCatalog11.1" nam="Office Update Installation
Engine"
codebase="http://office.microsoft.com/officeupdate/content/opuc.cab">
- <Files>
<File ex="1" nam="Microsoft Office Update Detection Engine
(opuc.dll)" pub="Microsoft Corporation"
md5="1e32ec4a8a17b19926b49ea5f6b79a76" ver="11.0.5626" sz="314368"
is="0" gfp="">C:\WINDOWS\opuc.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}"
prog="mcinstall.mcos.1" nam="McAfee.com Operating System Class"
codebase="http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{8AD9C840-044E-11D1-B3E9-00805F499D93}"
prog="" nam="Java Plug-in 1.4.1_02"
codebase="http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{A8658086-E6AC-4957-BC8E-8D54A7E8A790}"
prog="GDIChk.FileChk.0" nam="GDIChk Object"
codebase="http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB">
- <Files>
<File ex="1" nam="Microsoft GDI+ Detection Tool. (GDIChk.dll)"
pub="Microsoft Corporation" md5="56af5ff66a5f8f927411b59b66107c84"
ver="1.0.0.0" sz="65272" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\GDIChk.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}"
prog="" nam="Java Plug-in 1.4.1"
codebase="http://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}"
prog="" nam="Java Plug-in 1.4.1_02"
codebase="http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}"
prog="SymAData.ActiveDataInfo.1" nam="ActiveDataInfo Class"
codebase="http://www.symantec.com/techsupp/activedata/SymAData.cab">
- <Files>
<File ex="1" nam="SymAData Module (SymAData.dll)" pub="None"
md5="b7a28cbd0022210fd0d877c9951694f1" ver="2, 0, 0, 1" sz="156792"
is="0" gfp="">C:\WINDOWS\Downloaded Program Files\SymAData.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-444553540000}"
prog="ShockwaveFlash.ShockwaveFlash.1" nam="Shockwave Flash Object"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{D68DAEED-C2A6-4C6F-9365-4676B173D8EF}"
prog="Ocarpt.OcarptMain.1" nam="OcarptMain Class"
codebase="https://oca.microsoft.com/en/secure/ocarpt.CAB">
- <Files>
<File ex="1" nam="Reporting Helper Utility (OCARPT.DLL)"
pub="Microsoft Corporation" md5="7afe580476e1d1e8be0e7adf753fb959"
ver="3.4.0000.2 (Lab01_N(kksharma).010729-2201)" sz="184832" is="0"
gfp="">C:\WINDOWS\Downloaded Program Files\OCARPT.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{E77C0D62-882A-456F-AD8F-7C6C9569B8C7}"
prog="ActiveData.ActiveDataObj.1" nam="ActiveDataObj Class"
codebase="https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab">
- <Files>
<File ex="1" nam="ActiveData Module (ActiveData.dll)" pub="None"
md5="c0a5720a581109543b113a8beae7868c" ver="1, 0, 0, 1" sz="112312"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\ActiveData.dll</File>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET
Runtime Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648"
is="0" gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET
Runtime Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648"
is="0" gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET
Runtime Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648"
is="0" gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" prog="" filter="Class
Install Handler" val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="deflate" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog="" filter="gzip"
val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="lzdhtml" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="ae492783117a9a50887f6d5ded646767"
ver="6.00.2900.2518 (xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" prog=""
filter="text/webviewhtml" val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="d5988a5048e4dc7175bca9f29fc144ae"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="8384000" is="0"
gfp="">c:\windows\system32\shell32.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{807553E5-5146-11D5-A672-00B0D022E945}" prog=""
filter="text/xml" val="{807553E5-5146-11D5-A672-00B0D022E945}"
nam="Microsoft Office XML MIME Filter (msoxmlmf.dll)" pub="Microsoft
Corporation" md5="7469b9d06f0299273769c3e5365f5469" ver="11.0.5510"
sz="39488" is="0" gfp="">c:\program files\common files\microsoft
shared\office11\msoxmlmf.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1"
clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="about"
val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d94e6405e420373161467acd3da65640" ver="6.00.2900.2523
(xpsp_sp2_gdr.040919-1056)" sz="3004928" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" prog="" filter="cdl"
val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
prog="CDO.KnowledgePluggable.1" filter="cdo"
val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}" nam="Microsoft SharePoint
Portal Server Object Model (pkmcdo.dll)" pub="Microsoft Corporation"
md5="623d03d48a2da1bc03764d6d7fc88542" ver="10.145.7329.0" sz="868352"
is="0" gfp="">c:\program files\common files\microsoft shared\web
folders\pkmcdo.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" prog="" filter="dvd"
val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft Corporation"
md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="file"
val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="ftp"
val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="gopher"
val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="http"
val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="https"
val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0"
filter="its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation" md5="a00b287bb6f78bdd3589b7e75a86a6fa"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="javascript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="d94e6405e420373161467acd3da65640"
ver="6.00.2900.2523 (xpsp_sp2_gdr.040919-1056)" sz="3004928" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="local"
val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="mailto"
val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d94e6405e420373161467acd3da65640" ver="6.00.2900.2523
(xpsp_sp2_gdr.040919-1056)" sz="3004928" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" prog="" filter="mhtml"
val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet
Messaging API (inetcomm.dll)" pub="Microsoft Corporation"
md5="ad83a2a04f68db2dff500c30536fcd6b" ver="6.00.2900.2527
(xpsp_sp2_gdr.040919-1056)" sz="679424" is="0"
gfp="">c:\windows\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="mk"
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="ae492783117a9a50887f6d5ded646767" ver="6.00.2900.2518
(xpsp_sp2_gdr.040919-1056)" sz="603648" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0"
filter="ms-its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation" md5="a00b287bb6f78bdd3589b7e75a86a6fa"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{0A9007C0-4076-11D3-8789-0000F8105754}"
prog="Microsoft.ITSS.URLProtocol" filter="ms-itss"
val="{0A9007C0-4076-11D3-8789-0000F8105754}" nam="Microsoft InfoTech
Storage System Library (msitss.dll)" pub="Microsoft Corporation"
md5="bb67c719ccdaf8b442cc194a429079bb" ver="5.40.0358.1" sz="217088"
is="0" gfp="">c:\program files\common files\microsoft
shared\information retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3D9F03FA-7A94-11D3-BE81-0050048385D1}" prog=""
filter="mso-offdap" val="{3D9F03FA-7A94-11D3-BE81-0050048385D1}"
nam="Microsoft Office XP Web Components (owc10.dll)" pub="Microsoft
Corporation" md5="36db6c81fed2402ec9822922f9a05fb0" ver="10.0.6712"
sz="7334592" is="0"
gfp="">c:\progra~1\common~1\micros~1\webcom~1\10\owc10.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{32505114-5902-49B2-880A-1F7738E5A384}"
prog="OWC11.Etcetera.PluggableProtocol.1" filter="mso-offdap11"
val="{32505114-5902-49B2-880A-1F7738E5A384}" nam="Microsoft Office Web
Components 2003 (owc11.dll)" pub="Microsoft Corporation"
md5="650be4cbdb48ca37c27a673be3d25011" ver="11.0.6255" sz="8140480"
is="0"
gfp="">c:\progra~1\common~1\micros~1\webcom~1\11\owc11.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="res"
val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="d94e6405e420373161467acd3da65640" ver="6.00.2900.2523
(xpsp_sp2_gdr.040919-1056)" sz="3004928" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{76E67A63-06E9-11D2-A840-006008059382}" prog=""
filter="sysimage" val="{76E67A63-06E9-11D2-A840-006008059382}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="d94e6405e420373161467acd3da65640"
ver="6.00.2900.2523 (xpsp_sp2_gdr.040919-1056)" sz="3004928" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" prog="" filter="tv"
val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft Corporation"
md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="vbscript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="d94e6405e420373161467acd3da65640"
ver="6.00.2900.2523 (xpsp_sp2_gdr.040919-1056)" sz="3004928" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA Scripting Layer
(wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0"
namespace="mk" namespacefilter="NameSpace Filter for
MK:mad:MSITStore:..." val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation" md5="a00b287bb6f78bdd3589b7e75a86a6fa"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater
val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater
val="Domain">home.davidhsherman.local</TCPIPParamater>
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">1</InternetSetting>
<InternetSetting
val="ProxyServer">http=AdSubtract:4444</InternetSetting>
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0 (compatible; MSIE 6.0;
Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain Count">0</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles"
/>
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles"
/>
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1"
clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation" md5="d5988a5048e4dc7175bca9f29fc144ae"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="8384000" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="d5988a5048e4dc7175bca9f29fc144ae"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="8384000" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft Corporation"
md5="6501db5182d5a8c0f1f1707286161d66" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="276480" is="0"
gfp="">c:\windows\system32\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)" pub="Microsoft
Corporation" md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="AgentS" desc="" nam="(Agent_S.exe)" pub=""
md5="8ed6536a3692db53e0cc8762cdbaa388" ver="" sz="245852" is="0"
gfp="">C:\Program Files\Alexander SPK\Agent\Agent_S.exe</Service>
<Service ex="1" disp="Application Layer Gateway Service"
desc="Provides support for 3rd party protocol plug-ins for Internet
Connection Sharing and the Windows Firewall." nam="Application Layer
Gateway Service (alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="ASP.NET State Service" desc="Provides support
for out-of-process session states for ASP.NET. If this service is
stopped, out-of-process requests will not be processed. If this
service is disabled, any services that explicitly depend on it will
fail to start." nam="aspnet_state.exe (aspnet_state.exe)"
pub="Microsoft Corporation" md5="e1a1206a4fb19b675e947b29ccd25fba"
ver="1.1.4322.2032" sz="32768" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes contents and
properties of files on local and remote computers; provides rapid
access to files through flexible querying language." nam="Content
Index service (cisvc.exe)" pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook Viewer to
store information and share it with remote computers. If the service
is stopped, ClipBook Viewer will not be able to share information with
remote computers. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Windows NT DDE
Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application" desc="Manages the
configuration and tracking of Component Object Model (COM)+-based
components. If the service is stopped, most COM+-based components will
not function properly. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM Surrogate
(dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Symantec AntiVirus Definition Watcher"
desc="Monitors and maintains virus definitions." nam="Virus Definition
Daemon (DefWatch.exe)" pub="Symantec Corporation"
md5="a3985a8ded49f67e3e25d2d2921b4dac" ver="9.0.0.338" sz="29928"
is="0" gfp="">C:\Program Files\Symantec
AntiVirus\DefWatch.exe</Service>
<Service ex="1" disp="Diskeeper" desc="Controls the Windows
Diskeeper Service" nam="DKSERVICE.EXE (DkService.exe)" pub="Executive
Software International, Inc." md5="e2afd2e1fe8f9360139fa4425eb72136"
ver="9.0.504.0" sz="577644" is="0" gfp="">C:\Program Files\Executive
Software\Diskeeper\DkService.exe</Service>
<Service ex="1" disp="Logical Disk Manager Administrative Service"
desc="Configures hard disk drives and volumes. The service only runs
for configuration processes and then stops." nam="Logical Disk Manager
service process (dmadmin.exe)" pub="Microsoft Corp., Veritas Software"
md5="554c7cb178fe3bd12450b81ad63adbc3" ver="2600.2180.503.0"
sz="224768" is="0" gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event log messages
issued by Windows-based programs and components to be viewed in Event
Viewer. This service cannot be stopped." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="Fax" desc="Enables you to send and receive
faxes, utilizing fax resources available on this computer or on the
network." nam="Fax Service (fxssvc.exe)" pub="Microsoft Corporation"
md5="fcbd571fa0ee8dc238944ae5fab74461" ver="5.2.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="267776" is="0"
gfp="">C:\WINDOWS\system32\fxssvc.exe</Service>
<Service ex="1" disp="" desc="" nam="gearsec (GEARSec.exe)"
pub="GEAR Software" md5="17b77d83c53ae007c11ed811d992e727" ver="1, 0,
0, 3" sz="49152" is="0"
gfp="">C:\WINDOWS\System32\GEARSec.exe</Service>
<Service ex="1" disp="GhostStartService" desc="Background service to
allow Norton Ghost to perform priviledged operations" nam="Norton
Ghost Start (GhostStartService.exe)" pub="Symantec Corporation"
md5="bc9c77fac763d84bfdf09b55d4b41afa" ver="2003.775" sz="200704"
is="0" gfp="">C:\Program Files\Symantec\Norton Ghost
2003\GhostStartService.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service" desc="Manages CD
recording using Image Mastering Applications Programming Interface
(IMAPI). If this service is stopped, this computer will be unable to
record CDs. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Image Mastering API
(imapi.exe)" pub="Microsoft Corporation"
md5="fa788520bcac0f5d9d5cde5615c0d931" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="150016" is="0"
gfp="">C:\WINDOWS\System32\imapi.exe</Service>
<Service ex="1" disp="Machine Debug Manager" desc="Supports local
and remote debugging for Visual Studio and script debuggers. If this
service is stopped, the debuggers will not function properly."
nam="Machine Debug Manager (mdm.exe)" pub="Microsoft Corporation"
md5="11f714f85530a2bd134074dc30e99fca" ver="7.00.9466" sz="322120"
is="0" gfp="">C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Enables an authorized user to access this computer remotely by
using NetMeeting over a corporate intranet. If this service is
stopped, remote desktop sharing will be unavailable. If this service
is disabled, any services that explicitly depend on it will fail to
start." nam="NetMeeting Remote Desktop Sharing (mnmsrvc.exe)"
pub="Microsoft Corporation" md5="f6415361201915b9fe3896b0e4e724ff"
ver="5.1.2600.2180" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction Coordinator"
desc="Coordinates transactions that span multiple resource managers,
such as databases, message queues, and file systems. If this service
is stopped, these transactions will not occur. If this service is
disabled, any services that explicitly depend on it will fail to
start." nam="MS DTC console program (msdtc.exe)" pub="Microsoft
Corporation" md5="c7c3d89eb0a6f3dba622ea737fa335b1"
ver="2001.12.4414.258" sz="6144" is="0"
gfp="">C:\WINDOWS\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds, modifies, and
removes applications provided as a Windows Installer (*.msi) package.
If this service is disabled, any services that explicitly depend on it
will fail to start." nam="Windows installer (msiexec.exe)"
pub="Microsoft Corporation" md5="4236ae241f193f58adab141ceccfd5f4"
ver="3.0.3790.2180" sz="77312" is="0"
gfp="">C:\WINDOWS\System32\msiexec.exe</Service>
<Service ex="1" disp="MSSQL$MICROSOFTBCM" desc="" nam="SQL Server
Windows NT (sqlservr.exe)" pub="Microsoft Corporation"
md5="1251256fefc2b00a7bd603578241f0ad" ver="2000.080.0818.00"
sz="7544916" is="0" gfp="">C:\Program Files\Microsoft SQL
Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe</Service>
<Service ex="1" disp="MSSQLServerADHelper" desc="" nam="Microsoft
SQL Server Active Directory Helper Service (sqladhlp.exe)"
pub="Microsoft Corporation" md5="cb7524c21727404bd3140dca32deb7de"
ver="2000.080.0760.00" sz="66112" is="0" gfp="">C:\Program
Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe</Service>
<Service ex="1" disp="MSSQLServerOLAPService" desc="Microsoft SQL
Server 2000 Analysis Services" nam="Analysis server (msmdsrv.exe)"
pub="Microsoft Corporation" md5="b14bd015e8fa26f5d0be034570445e72"
ver="8.00.194" sz="1732667" is="0" gfp="">C:\Program Files\Microsoft
Analysis Services\Bin\msmdsrv.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides network transport
and security for Dynamic Data Exchange (DDE) for programs running on
the same computer or on different computers. If this service is
stopped, DDE transport and security will be unavailable. If this
service is disabled, any services that explicitly depend on it will
fail to start." nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation" md5="05afb5ad06462257bea7495283c86d50"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages Dynamic Data
Exchange (DDE) network shares. If this service is stopped, DDE network
shares will be unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start." nam="Network DDE -
DDE Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-through
authentication of account logon events for computers in a domain."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC) programs that
use transports other than named pipes." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NVIDIA Display Driver Service" desc="Provides
system and desktop level support to the NVIDIA display driver"
nam="NVIDIA Driver Helper Service, Version 52.16 (nvsvc32.exe)"
pub="NVIDIA Corporation" md5="5ed834603c36414b579979b3a9c90f54"
ver="6.14.10.5216" sz="81920" is="0"
gfp="">C:\WINDOWS\System32\nvsvc32.exe</Service>
<Service ex="1" disp="Office Source Engine" desc="Saves installation
files used for updates and repairs and is required for the downloading
of Setup updates and Watson error reports." nam="Office Source Engine
(OSE.EXE)" pub="Microsoft Corporation"
md5="7a56cf3e3f12e8af599963b16f50fb6a" ver="11.0.5525" sz="89136"
is="0" gfp="">C:\Program Files\Common Files\Microsoft Shared\Source
Engine\OSE.EXE</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a computer to
recognize and adapt to hardware changes with little or no user input.
Stopping or disabling this service will result in system instability."
nam="Services and Controller app (services.exe)" pub="Microsoft
Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="Pml Driver HPZ12" desc="" nam="PML Driver
(HPZipm12.exe)" pub="HP" md5="364e30f27be1e6ded83e81c4de93e808"
ver="5, 0, 5, 3" sz="65536" is="0"
gfp="">C:\WINDOWS\System32\HPZipm12.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP security
policy and starts the ISAKMP/Oakley (IKE) and the IP security driver."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides protected
storage for sensitive data, such as private keys, to prevent access by
unauthorized services, processes, or users." nam="LSA Shell
(lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session Manager"
desc="Manages and controls Remote Assistance. If this service is
stopped, Remote Assistance will be unavailable. Before stopping this
service, see the Dependencies tab of the Properties dialog box."
nam="Microsoft Remote Desktop Help Session Manager (sessmgr.exe)"
pub="Microsoft Corporation" md5="729798e0933076b8fcfcd9934698f164"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="140800" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC) Locator"
desc="Manages the RPC name service database." nam="Rpc Locator
(locator.exe)" pub="Microsoft Corporation"
md5="793f04a09b15e7c6c11dbdffaf06c0ab" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75264" is="0"
gfp="">C:\WINDOWS\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network signaling and
local traffic control setup functionality for QoS-aware programs and
control applets." nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft
Corporation" md5="471b3f9741d762abe75e9deea4787e47" ver="5.1.2600.0
(xpclient.010817-1148)" sz="132608" is="0"
gfp="">C:\WINDOWS\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager" desc="Stores
security information for local user accounts." nam="LSA Shell
(lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="SAVRoam" desc="Symantec AntiVirus Roaming
Service" nam="SAVRoam (SavRoam.exe)" pub="symantec"
md5="40f6c7dd9228e62aa54f25df23585634" ver="1.5.0.0" sz="169192"
is="0" gfp="">C:\Program Files\Symantec
AntiVirus\SavRoam.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access to smart
cards read by this computer. If this service is stopped, this computer
will be unable to read smart cards. If this service is disabled, any
services that explicitly depend on it will fail to start." nam="Smart
Card Resource Management Server (SCardSvr.exe)" pub="Microsoft
Corporation" md5="25d8de134df108e3dbc8d7d23b1aa58e" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="95744" is="0"
gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Symantec Network Drivers Service"
desc="Symantec Network Drivers Service" nam="Network Driver Service
(SNDSrvc.exe)" pub="Symantec Corporation"
md5="e6d3841a12face16e2eba24e714ca203" ver="5.3.0.46" sz="193760"
is="0" gfp="">C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe</Service>
<Service ex="1" disp="SoundMAX Agent Service" desc="" nam="SoundMAX
service agent component (SMAgent.exe)" pub="Analog Devices, Inc."
md5="3978f082274f723ad5a0a8058c2417dd" ver="3, 2, 6, 0" sz="45056"
is="0" gfp="">C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files to memory for
later printing." nam="Spooler SubSystem App (spoolsv.exe)"
pub="Microsoft Corporation" md5="7435b108b935e42ea92ca94f59c8e717"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="SQLAgent$MICROSOFTBCM" desc="" nam="Microsoft
SQL Server Agent (sqlagent.EXE)" pub="Microsoft Corporation"
md5="e3f974bdedc336490a2e6f3a703f016a" ver="2000.080.0760.00"
sz="311872" is="0" gfp="">C:\Program Files\Microsoft SQL
Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Manages software-based volume shadow copies taken by the Volume
Shadow Copy service. If this service is stopped, software-based volume
shadow copies cannot be managed. If this service is disabled, any
services that explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Symantec AntiVirus" desc="Provides real-time
virus scanning, reporting, and management functionality for Symantec
AntiVirus." nam="Symantec AntiVirus (Rtvscan.exe)" pub="Symantec
Corporation" md5="91c4579e77abdfac02c16e0d0736123e" ver="9.0.0.338"
sz="1221864" is="0" gfp="">C:\Program Files\Symantec
AntiVirus\Rtvscan.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts" desc="Collects
performance data from local or remote computers based on preconfigured
schedule parameters, then writes the data to a log or triggers an
alert. If this service is stopped, performance information will not be
collected. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Performance Logs and Alerts
Service (smlogsvc.exe)" pub="Microsoft Corporation"
md5="8b54aa346d1b1b113ffaa75501b8b1b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Telnet" desc="Enables a remote user to log on
to this computer and run programs, and supports various TCP/IP Telnet
clients, including UNIX-based and Windows-based computers. If this
service is stopped, remote user access to programs might be
unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Telnet (tlntsvr.exe)"
pub="Microsoft Corporation" md5="37db0a7d097310e8b4de803fc3119c78"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="73216" is="0"
gfp="">C:\WINDOWS\System32\tlntsvr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply" desc="Manages an
uninterruptible power supply (UPS) connected to the computer."
nam="UPS Service (ups.exe)" pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="V2i Protector" desc="Administrative service
for scheduling and disk imaging." nam="V2i Protector Service Module
(PQV2iSvc.exe)" pub="PowerQuest Corporation"
md5="d04b0e50847104007979a57fc3115899" ver="2.0.0.305" sz="1200128"
is="0" gfp="">C:\Program Files\PowerQuest\V2i Protector
2.0\Agent\PQV2iSvc.exe</Service>
<Service ex="1" disp="VMware Authorization Service"
desc="Authorization and authentication service for starting and
accessing virtual machines" nam="VMware Authorization Service
(vmware-authd.exe)" pub="VMware, Inc."
md5="557c6b973cc16e2416367e056f105b0b" ver="4.5.2 build-8848"
sz="106575" is="0" gfp="">C:\Program Files\VMware\VMware
Workstation\vmware-authd.exe</Service>
<Service ex="1" disp="VMware DHCP Service" desc="DHCP service for
virtual networks" nam="VMware VMnet DHCP service (vmnetdhcp.exe)"
pub="VMware, Inc." md5="d6893b88ba969869ea9cb7dc362e6438" ver="4.5.2
build-8848" sz="102479" is="0"
gfp="">C:\WINDOWS\system32\vmnetdhcp.exe</Service>
<Service ex="0" disp="VMware Virtual Mount Manager Extended" desc=""
nam="(vmount2.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">C:\Program Files\Common Files\VMware\VMware Virtual Image
Editing\vmount2.exe</Service>
<Service ex="1" disp="VMware NAT Service" desc="Network address
translation for virtual networks" nam="VMware NAT Service (vmnat.exe)"
pub="VMware, Inc." md5="eb0d72844da3aed09870c1be90c9342f" ver="4.5.2
build-8848" sz="143432" is="0"
gfp="">C:\WINDOWS\system32\vmnat.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages and
implements Volume Shadow Copies used for backup and other purposes. If
this service is stopped, shadow copies will be unavailable for backup
and the backup may fail. If this service is disabled, any services
that explicitly depend on it will fail to start." nam="Microsoft
Volume Shadow Copy Service (vssvc.exe)" pub="Microsoft Corporation"
md5="3ee00364ae0fd8d604f46cbaf512838a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="289792" is="0"
gfp="">C:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="1" disp="WinFax PRO" desc="" nam="Symantec WinFax PRO
NT Service (WFXSVC.EXE)" pub="Symantec Corporation"
md5="be2157595c087207676ec716a6be4cce" ver="10.00.2000.0929"
sz="129536" is="0" gfp="">C:\WINDOWS\system32\WFXSVC.EXE</Service>
<Service ex="1" disp="WMI Performance Adapter" desc="Provides
performance library information from WMI HiPerf providers." nam="WMI
Performance Adapter Service (wmiapsrv.exe)" pub="Microsoft
Corporation" md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="892" nam="Windows NT Session Manager
(smss.exe)" pub="Microsoft Corporation"
md5="bd7fb0957c716f1a60333aee04de2178" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="960" nam="Client Server Runtime Process
(csrss.exe)" pub="Microsoft Corporation"
md5="f12b178b1678d778cfd3ff1fc38c71fb" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\csrss.exe</Process>
<Process ex="1" pid="984" nam="Windows NT Logon Application
(winlogon.exe)" pub="Microsoft Corporation"
md5="01c3346c241652f43aed8e2149881bfe" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="1028" nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="1040" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="1220" nam="Generic Host Process for Win32
Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1264" nam="Generic Host Process for Win32
Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1688" nam="Generic Host Process for Win32
Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1752" nam="Generic Host Process for Win32
Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1876" nam="Generic Host Process for Win32
Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="384" nam="Spooler SubSystem App (spoolsv.exe)"
pub="Microsoft Corporation" md5="7435b108b935e42ea92ca94f59c8e717"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="580" nam="(agent_s.exe)" pub=""
md5="8ed6536a3692db53e0cc8762cdbaa388" ver="" sz="245852" is="0"
gfp="">c:\program files\alexander spk\agent\agent_s.exe</Process>
<Process ex="1" pid="636" nam="Virus Definition Daemon
(defwatch.exe)" pub="Symantec Corporation"
md5="a3985a8ded49f67e3e25d2d2921b4dac" ver="9.0.0.338" sz="29928"
is="0" gfp="">c:\program files\symantec
antivirus\defwatch.exe</Process>
<Process ex="1" pid="680" nam="DKSERVICE.EXE (dkservice.exe)"
pub="Executive Software International, Inc."
md5="e2afd2e1fe8f9360139fa4425eb72136" ver="9.0.504.0" sz="577644"
is="0" gfp="">c:\program files\executive
software\diskeeper\dkservice.exe</Process>
<Process ex="1" pid="1252" nam="gearsec (gearsec.exe)" pub="GEAR
Software" md5="17b77d83c53ae007c11ed811d992e727" ver="1, 0, 0, 3"
sz="49152" is="0" gfp="">c:\windows\system32\gearsec.exe</Process>
<Process ex="1" pid="1448" nam="Norton Ghost Start
(ghoststartservice.exe)" pub="Symantec Corporation"
md5="bc9c77fac763d84bfdf09b55d4b41afa" ver="2003.775" sz="200704"
is="0" gfp="">c:\program files\symantec\norton ghost
2003\ghoststartservice.exe</Process>
<Process ex="1" pid="1480" nam="Machine Debug Manager (mdm.exe)"
pub="Microsoft Corporation" md5="11f714f85530a2bd134074dc30e99fca"
ver="7.00.9466" sz="322120" is="0" gfp="">c:\program files\common
files\microsoft shared\vs7debug\mdm.exe</Process>
<Process ex="1" pid="1512" nam="SQL Server Windows NT
(sqlservr.exe)" pub="Microsoft Corporation"
md5="1251256fefc2b00a7bd603578241f0ad" ver="2000.080.0818.00"
sz="7544916" is="0" gfp="">c:\program files\microsoft sql
server\mssql$microsoftbcm\binn\sqlservr.exe</Process>
<Process ex="1" pid="468" nam="Analysis server (msmdsrv.exe)"
pub="Microsoft Corporation" md5="b14bd015e8fa26f5d0be034570445e72"
ver="8.00.194" sz="1732667" is="0" gfp="">c:\program files\microsoft
analysis services\bin\msmdsrv.exe</Process>
<Process ex="1" pid="956" nam="Windows Explorer (explorer.exe)"
pub="Microsoft Corporation" md5="a0732187050030ae399b241436565e64"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="1116" nam="NVIDIA Driver Helper Service,
Version 52.16 (nvsvc32.exe)" pub="NVIDIA Corporation"
md5="5ed834603c36414b579979b3a9c90f54" ver="6.14.10.5216" sz="81920"
is="0" gfp="">c:\windows\system32\nvsvc32.exe</Process>
<Process ex="1" pid="1340" nam="SoundMAX service agent component
(smagent.exe)" pub="Analog Devices, Inc."
md5="3978f082274f723ad5a0a8058c2417dd" ver="3, 2, 6, 0" sz="45056"
is="0" gfp="">c:\program files\analog
devices\soundmax\smagent.exe</Process>
<Process ex="1" pid="1528" nam="Symantec AntiVirus (rtvscan.exe)"
pub="Symantec Corporation" md5="91c4579e77abdfac02c16e0d0736123e"
ver="9.0.0.338" sz="1221864" is="0" gfp="">c:\program files\symantec
antivirus\rtvscan.exe</Process>
<Process ex="1" pid="1172" nam="SoundMAX System Tray (smtray.exe)"
pub="Analog Devices, Inc." md5="2d765e811b6ffea9f91d4425e34b8461"
ver="3, 2, 17, 0" sz="143360" is="0" gfp="">c:\program files\analog
devices\soundmax\smtray.exe</Process>
<Process ex="1" pid="356" nam="VMware Authorization Service
(vmware-authd.exe)" pub="VMware, Inc."
md5="557c6b973cc16e2416367e056f105b0b" ver="4.5.2 build-8848"
sz="106575" is="0" gfp="">c:\program files\vmware\vmware
workstation\vmware-authd.exe</Process>
<Process ex="1" pid="872" nam="(instan~1.exe)" pub=""
md5="ef5fe31ef2a0c741de3c5650de0f5e91" ver="" sz="37376" is="0"
gfp="">c:\progra~1\textbr~1.0\bin\instan~1.exe</Process>
<Process ex="1" pid="232" nam="VMware NAT Service (vmnat.exe)"
pub="VMware, Inc." md5="eb0d72844da3aed09870c1be90c9342f" ver="4.5.2
build-8848" sz="143432" is="0"
gfp="">c:\windows\system32\vmnat.exe</Process>
<Process ex="1" pid="416" nam="Symantec WinFax PRO NT Service
(wfxsvc.exe)" pub="Symantec Corporation"
md5="be2157595c087207676ec716a6be4cce" ver="10.00.2000.0929"
sz="129536" is="0" gfp="">c:\windows\system32\wfxsvc.exe</Process>
<Process ex="1" pid="1044" nam="WinFax Pro Serial Modem Driver
(wfxmod32.exe)" pub="Symantec Corporation"
md5="1534d10424d6a4a61fe760e82c2e125e" ver="10.00.2002.1212"
sz="541184" is="0" gfp="">c:\program
files\winfax\wfxmod32.exe</Process>
<Process ex="1" pid="112" nam="Hewlett-Packard T-TR Status Client
(statusclient.exe)" pub="Hewlett-Packard"
md5="d6e32f50ccc40a0dcd4fbd9473382eae" ver="00.00.13" sz="36864"
is="0" gfp="">c:\program files\hewlett-packard\toolbox2.0\apache
tomcat 4.0\webapps\toolbox\statusclient\statusclient.exe</Process>
<Process ex="1" pid="2184" nam="VMware VMnet DHCP service
(vmnetdhcp.exe)" pub="VMware, Inc."
md5="d6893b88ba969869ea9cb7dc362e6438" ver="4.5.2 build-8848"
sz="102479" is="0" gfp="">c:\windows\system32\vmnetdhcp.exe</Process>
<Process ex="1" pid="2276" nam="(javaw.exe)" pub=""
md5="83e5de7ccd6009997a238aba4712aba6" ver="" sz="20549" is="0"
gfp="">c:\program
files\hewlett-packard\toolbox2.0\javasoft\jre\1.3.1\bin\javaw.exe</Process>
<Process ex="1" pid="2520" nam="Control for Alexander SPK (Single
PC) (axecontrol.exe)" pub="Alexander LAN"
md5="d10781b124d81dec41e577028d6a09bb" ver="1, 0, 0, 1" sz="1470564"
is="0" gfp="">c:\program files\alexander
spk\agent\axecontrol.exe</Process>
<Process ex="1" pid="2548" nam="(asusprob.exe)" pub=""
md5="b7e260f00988380f72ff06d2fe181d70" ver="" sz="617984" is="0"
gfp="">c:\program files\asus\probe\asusprob.exe</Process>
<Process ex="1" pid="2576" nam="(wfxswtch.exe)" pub=""
md5="3e3a982f8dfd0ab8e7472ee150da6525" ver="" sz="28160" is="0"
gfp="">c:\progra~1\winfax\wfxswtch.exe</Process>
<Process ex="1" pid="2604" nam="Delrina Fax Port Launcher
(wfxsnt40.exe)" pub="Microsoft Corporation"
md5="f2819b460530ccde6b734639f2aaff39" ver="7.00 (Build 019)"
sz="45568" is="0" gfp="">c:\windows\system32\wfxsnt40.exe</Process>
<Process ex="1" pid="2672" nam="Norton Ghost Start
(ghoststarttrayapp.exe)" pub="Symantec Corporation"
md5="45725ce2a9bd68cf1526728fcffcc24e" ver="2003.775" sz="94208"
is="0" gfp="">c:\program files\symantec\norton ghost
2003\ghoststarttrayapp.exe</Process>
<Process ex="1" pid="2696" nam="Microsoft Works Update Detection
(wkufind.exe)" pub="Microsoft Corporation"
md5="6156e1b7a5a91d8d7a570223a344a650" ver="9.00.0603.0" sz="50688"
is="0" gfp="">c:\program files\common files\microsoft shared\works
shared\wkufind.exe</Process>
<Process ex="1" pid="2752" nam="Symantec AntiVirus (vptray.exe)"
pub="Symantec Corporation" md5="5972a3384ebceaeb99f4216e77ebed59"
ver="9.0.0.338" sz="124128" is="0"
gfp="">c:\progra~1\symant~1\vptray.exe</Process>
<Process ex="1" pid="2824" nam="CTF Loader (ctfmon.exe)"
pub="Microsoft Corporation" md5="24232996a38c0b0cf151c2140ae29fc8"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</Process>
<Process ex="1" pid="2916" nam="System settings protector
(teatimer.exe)" pub="Safer Networking Limited"
md5="58f7e6434d285f4c98ad3621e0bd8c8d" ver="1, 3, 0, 12" sz="1038336"
is="0" gfp="">c:\program files\spybot - search &
destroy\teatimer.exe</Process>
<Process ex="1" pid="3256" nam="AcroTray (acrotray.exe)" pub="Adobe
Systems Inc." md5="cfe5228556c93d03d6753e7953ccd4a9"
ver="6.0.1.2003102300" sz="217194" is="0" gfp="">c:\program
files\adobe\acrobat 6.0\distillr\acrotray.exe</Process>
<Process ex="1" pid="3264" nam="AdSubtract PRO (adsub.exe)"
pub="interMute, Inc." md5="fc57f96c3a5d571bf1491dba8e7cda45" ver="2,
5, 5, 0" sz="65536" is="0" gfp="">c:\program
files\adsubtract\adsub.exe</Process>
<Process ex="1" pid="2340" nam="Application Layer Gateway Service
(alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\system32\alg.exe</Process>
<Process ex="1" pid="2692" nam="Microsoft Tablet PC Platform
Component (wisptis.exe)" pub="Microsoft Corporation"
md5="15978e469a559ba917fd8359bd48011b" ver="1.0.2201.0
(xpsp1.020828-1920)" sz="194560" is="0"
gfp="">c:\windows\system32\wisptis.exe</Process>
<Process ex="1" pid="4044" nam="RssReader (rssreader.exe)"
pub="Ykoon" md5="67e80544174bf1627a90d767e511ba72" ver="1.0.88.0"
sz="1069056" is="0" gfp="">c:\program
files\rssreader\rssreader.exe</Process>
<Process ex="1" pid="4068" nam="Microsoft AntiSpyware Main
(giantantispywaremain.exe)" pub="Microsoft Corporation"
md5="1f652552465f84e09d548b499139fe2e" ver="1.00.0501" sz="4561736"
is="0" gfp="">c:\program files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="444" nam="Microsoft AntiSpyware Data Service
(gcasdtserv.exe)" pub="Microsoft Corporation"
md5="255ca546f8e187c41ebed2aabbeee07c" ver="1.00.0501" sz="748352"
is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="4072" nam="Microsoft AntiSpyware Service
(gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501" sz="469824"
is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="1188" nam="Microsoft Suspected Spyware
Reporting Tool (msssrt.exe)" pub="Microsoft Corporation"
md5="464528294c858e175e8f82371117e8e1" ver="1.00.0501" sz="400184"
is="0" gfp="">c:\program files\microsoft
antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top