B
Bob Kilgore
Attempted to submit this report via the embedded coms. Package but got an
error telling me to check my proxy.
Have had MS anti spy ware installed and running for several weeks, no
problems noted. I shut it down via the tray icon to load an application.
Attempted a re-start and it would not run, deferred trouble shooting for a
week. Made several attempts to start the system manually all resulted in
the loading variables window showing and no further action.
I suddenly suffered a general slowdown of my system and eventually received
a low disk space warning. In checking my system, partition D:, the system
partition, was full. I have all temporary storage, including the swap file,
assigned to another drive so the system did not quit or show a blue screen.
The culprit turned out to be the anti spy ware log file which was over 4GB
in length. Erased the file and system operation returned to normal.
In watching the log file it kept growing with out the anti spy ware running.
Checked the running process' and saw two that could be associated with
Giant, however I have no document that tells me which process is assigned to
it. At that point I removed MS anti spy ware from the system. Will now
insure that there is no log file built that will take up all the space.
The error log message is:
91::ln 0:Object variable or With block variable not
set::gcasDtServ:modThreatData:Initialize::05/03/2005 15:41:00:1.0.501
The data for the error submission is:
Data for Error submission:
- <MSSSRT version="1.0.501" createdate="05/03/2005 15:52:54" os=".3790"
user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="D:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Microsoft Office.lnk" nam="Microsoft Office 2000
component (osa9.exe)" pub="Microsoft Corporation"
md5="536f27b2413490abc6ecdd53f9cdf4aa" ver="9.0.3720" sz="65588" is="0"
gfp="">d:\program files (x86)\microsoft office\office\osa9.exe</StartupFile>
<StartupFile path="D:\Documents and Settings\All Users\Start
Menu\Programs\Startup\yProxy.lnk" nam="yENC Decoding Proxy Server
(yproxy.exe)" pub="Brawny Lads Productions"
md5="5a57fa9814b2a8f0b6f17e8dd16efc55" ver="1.3.0.15" sz="675328" is="0"
gfp="">d:\program files (x86)\yproxy\yproxy.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AsioReg"
dat="REGSVR32 /S CTASIO.DLL" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="CTHelper"
dat="CTHELPER.EXE" nam="CtHelper Application (cthelper.exe)" pub="Creative
Technology Ltd" md5="a8c58599661e926fa792f50e84cea519" ver="2, 0, 0, 20"
sz="17408" is="0"
gfp="">d:\windows\system32\cthelper.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="avast!"
dat="D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" nam="avast! service GUI
component (ashdisp.exe)" pub="Unavailable"
md5="b61c42616bc28baec83515246ee450f4" ver="4, 6, 585, 0" sz="98352" is="0"
gfp="">d:\progra~2\alwils~1\avast4\ashdisp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="gcasServ"
dat=""D:\Program Files (x86)\Microsoft AntiSpyware\gcasServ.exe""
nam="Microsoft AntiSpyware Service (gcasserv.exe)" pub="Microsoft
Corporation" md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">d:\program files (x86)\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NeroFilterCheck" dat="D:\WINDOWS\SysWow64\NeroCheck.exe" nam="NeroCheck
(nerocheck.exe)" pub="Ahead Software Gmbh"
md5="3e4c03cefad8de135263236b61a49c90" ver="1, 0, 0, 2" sz="155648" is="0"
gfp="">d:\windows\syswow64\nerocheck.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="QuickTime
Task" dat=""D:\Program Files (x86)\QuickTime\qttask.exe" -atboottime"
nam="qttask.exe" pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1" sz="98304" is="0"
gfp="">d:\program files (x86)\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AEZBProc"
dat="c:\ibmtools\aptezbtn\aptezbp.exe" nam="APTEZBP MFC Application - Aptiva
EZ Buttons run-time process (aptezbp.exe)" pub="IBM Corporation"
md5="799758380c5bbd85389764e220f3b8c7" ver="1, 2, 0, 1" sz="372736" is="0"
gfp="">c:\ibmtools\aptezbtn\aptezbp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Atomic.exe"
dat=""D:\Program Files (x86)\Atomic Clock Sync\Atomic.exe"" nam="None
(atomic.exe)" pub="Chaos Software Group, Inc."
md5="0137879ac29569b612146a8ecef6617b" ver="2.7.0.3" sz="524288" is="0"
gfp="">d:\program files (x86)\atomic clock
sync\atomic.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="CTFMON.EXE"
dat="D:\WINDOWS\system32\ctfmon.exe" nam="CTF Loader (ctfmon.exe)"
pub="Microsoft Corporation" md5="2ae02b325b6242115f8771d1c4ab919d"
ver="5.2.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="15360" is="0"
gfp="">d:\windows\system32\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SetDefaultMIDI" dat="MIDIDef.exe" nam="" pub="" md5="" ver="" sz=""
is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="MSMSGS"
dat=""D:\Program Files\Messenger\msmsgs.exe" /background" nam="Windows
Messenger (msmsgs.exe)" pub="Microsoft Corporation"
md5="602bb3f43c2c40fb648fdb6ecf04dcd3" ver="4.7.3001" sz="1681920" is="0"
gfp="">d:\program files\messenger\msmsgs.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Eraser"
dat="D:\Program Files (x86)\Eraser\eraser.exe -hide" nam="Eraser.
(eraser.exe)" pub="-" md5="e8ca34a6f5b49505a5a92767a492292e" ver="5.7"
sz="536576" is="0" gfp="">d:\program files
(x86)\eraser\eraser.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="0" nam="" pub="" md5="" ver="" sz="" is="0"
gfp="" />
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.3790.1433">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"
prog="AcroIEHelper.AcroIEHlprObj.1" val="AcroIEHlprObj Class" nam="Adobe
Acrobat IE Helper Version 6.0 for ActivieX (acroiehelper.dll)" pub="Adobe
Systems Incorporated" md5="0c0e1b2bcaed8df401be94d538bcb412"
ver="6.0.0.2003051500" sz="50376" is="0" gfp="">d:\program files
(x86)\adobe\acrobat 6.0\reader\activex\acroiehelper.dll</BHO>
<BHO ex="1" clsid="{53707962-6F74-2D53-2644-206D7942484F}" prog="" val=""
nam="Bad download blocker (sdhelper.dll)" pub="Safer Networking Limited"
md5="abf5ba518c6a5ed104496ff42d19ad88" ver="1, 3, 0, 12" sz="744960" is="0"
gfp="">d:\program files (x86)\spybot - search & destroy\sdhelper.dll</BHO>
</BrowserHelperObjects>
<IEToolbars />
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}"
prog="" val="&Tip of the Day" nam="Shell Doc Object and Control Library
(shdocvw.dll)" pub="Microsoft Corporation"
md5="7bc379edf6741bc802dd61c8f9acaf97" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="1503232" is="0"
gfp="">d:\windows\syswow64\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="f4d3138273bb2007053013f00b128a39"
ver="6.00.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="1033216" is="0"
gfp="">d:\windows\syswow64\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="f4d3138273bb2007053013f00b128a39"
ver="6.00.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="1033216" is="0"
gfp="">d:\windows\syswow64\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEWebBrowsers>
<IEMenuExts />
- <IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"
prog="" val="Microsoft Url Search Hook" nam="Shell Doc Object and Control
Library (shdocvw.dll)" pub="Microsoft Corporation"
md5="7bc379edf6741bc802dd61c8f9acaf97" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="1503232" is="0"
gfp="">d:\windows\syswow64\shdocvw.dll</IEURLSearchHook>
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">D:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search Bar" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Search_URL"
/>
<IEURL val="HCU\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start
Page">http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local
Page">%SystemRoot%\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}"
prog="" val="URL Exec Hook" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation" md5="c75a05e0663146e9b69334cef3f8aa36"
ver="6.00.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="8377344" is="0"
gfp="">D:\WINDOWS\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1" nam="Microsoft AntiSpyware
Shell Extension (shellextension.dll)" pub="Microsoft Corporation"
md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501" sz="93408" is="0"
gfp="">d:\program files (x86)\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">%SystemRoot%\system32\mshta.exe "%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand val="HCR\mp3file\shell\open\command">"D:\Program Files
(x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mpegfile\shell\open\command">"D:\Program Files
(x86)\Windows Media Player\wmplayer.exe" /prefetch:9 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"%ProgramFiles(x86)%\Outlook
Express\msimn.exe" /mailurl:%1?</ShellOpenCommand>
<ShellOpenCommand val="HCR\htmlfile\shell\open\command">"D:\Program Files
(x86)\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\http\shell\open\command">"D:\Program Files
(x86)\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\https\shell\open\command">"D:\Program Files
(x86)\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\ftp\shell\open\command">"D:\Program Files
(x86)\Internet Explorer\iexplore.exe" %1</ShellOpenCommand>
</ShellOpenCommands>
<ActiveXInstalls />
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="195092a1db4fd3c47ee4d1897ed6d227" ver="2.0.40607.16
(beta1.040607-1600)" sz="227328" is="0"
gfp="">D:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="195092a1db4fd3c47ee4d1897ed6d227" ver="2.0.40607.16
(beta1.040607-1600)" sz="227328" is="0"
gfp="">D:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="195092a1db4fd3c47ee4d1897ed6d227" ver="2.0.40607.16
(beta1.040607-1600)" sz="227328" is="0"
gfp="">D:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="deflate" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="lzdhtml" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="c75a05e0663146e9b69334cef3f8aa36" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="8377344" is="0"
gfp="">d:\windows\syswow64\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
prog="" filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
prog="" filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="8f5888f7319f95010fa76401aa6b5d7b" ver="6.05.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="1563136" is="0"
gfp="">d:\windows\syswow64\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="gopher" val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="c1294d14dbe0f18c15336d8883e0d2ac" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="136704" is="0"
gfp="">d:\windows\syswow64\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="javascript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="mailto" val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
prog="" filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
nam="Microsoft Internet Messaging API (inetcomm.dll)" pub="Microsoft
Corporation" md5="b6b5c580f27334d6fbfb7ad1b40145d6" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="681984" is="0"
gfp="">d:\windows\syswow64\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft InfoTech Storage
System Library (itss.dll)" pub="Microsoft Corporation"
md5="c1294d14dbe0f18c15336d8883e0d2ac" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="136704" is="0"
gfp="">d:\windows\syswow64\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-006008059382}"
prog="" filter="sysimage" val="{76E67A63-06E9-11D2-A840-006008059382}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
prog="" filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="8f5888f7319f95010fa76401aa6b5d7b" ver="6.05.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="1563136" is="0"
gfp="">d:\windows\syswow64\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="vbscript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA Scripting Layer
(wiascr.dll)" pub="Microsoft Corporation"
md5="7e9687f8bd379fd1478abf95f8bced76" ver="5.2.3790.0
(srv03_rtm.030324-2048)" sz="74240" is="0"
gfp="">d:\windows\syswow64\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0"
namespace="mk" namespacefilter="NameSpace Filter for MK
MSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft InfoTech Storage
System Library (itss.dll)" pub="Microsoft Corporation"
md5="c1294d14dbe0f18c15336d8883e0d2ac" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="136704" is="0"
gfp="">d:\windows\syswow64\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater
val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0 (compatible; MSIE 6.0;
Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain Count">0</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1"
clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation" md5="c75a05e0663146e9b69334cef3f8aa36"
ver="6.00.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="8377344" is="0"
gfp="">d:\windows\syswow64\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation"
md5="c75a05e0663146e9b69334cef3f8aa36" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="8377344" is="0"
gfp="">d:\windows\syswow64\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft Corporation"
md5="2d7504c259db0b0e861947725e9728f9" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="279040" is="0"
gfp="">d:\windows\syswow64\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)" pub="Microsoft
Corporation" md5="349c9e1c3d6ed3d432d3474045ff6cc6" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="123392" is="0"
gfp="">d:\windows\syswow64\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway Service" desc="Provides
support for 3rd party protocol plug-ins for Internet Connection Sharing and
the Windows Firewall" nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation" md5="aee3c8e03b43e1c67135d1e5cadbbbbb"
ver="5.2.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="45056" is="0"
gfp="">D:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="ASP.NET Admin Service" desc="Provides support for
configuring ASP.NET applications and configuration." nam="Microsoft ASP.NET
Admin Service (aspnet_admin.exe)" pub="Microsoft Corporation"
md5="98e10748c94f700604186bd6c76223b6" ver="2.0.40607.16
(beta1.040607-1600)" sz="16384" is="0"
gfp="">D:\WINDOWS\Microsoft.NET\Framework64\v2.0.40607\aspnet_admin.exe</Service>
<Service ex="1" disp="ASP.NET State Service" desc="Provides support for
out-of-process session states for ASP.NET. If this service is stopped,
out-of-process requests will not be processed. If this service is disabled,
any services that explicitly depend on it will fail to start."
nam="Microsoft ASP.NET State Server (aspnet_state.exe)" pub="Microsoft
Corporation" md5="1fd8016d8b04cc55a2203e793edf249f" ver="2.0.40607.16
(beta1.040607-1600)" sz="34816" is="0"
gfp="">D:\WINDOWS\Microsoft.NET\Framework64\v2.0.40607\aspnet_state.exe</Service>
<Service ex="1" disp="avast! iAVS4 Control Service" desc="Provides
automatic updating for the avast! antivirus." nam="(aswUpdSv.exe)" pub=""
md5="84ff20f4a9e56507a719f41c6370d2ad" ver="" sz="53248" is="0"
gfp="">D:\Program Files (x86)\Alwil Software\Avast4\aswUpdSv.exe</Service>
<Service ex="1" disp="avast! Antivirus" desc="Manages and implements
avast! antivirus services for this computer. This includes the resident
protection, the virus chest and the scheduler." nam="avast! antivirus
service (ashServ.exe)" pub="Unavailable"
md5="7de21c541db3cf8627e22605995eac27" ver="4, 6, 602, 0" sz="90160" is="0"
gfp="">D:\Program Files (x86)\Alwil Software\Avast4\ashServ.exe</Service>
<Service ex="1" disp="avast! Mail Scanner" desc="Implements mail scanning
for the avast! antivirus." nam="avast! e-Mail Scanner Service
(ashMaiSv.exe)" pub="ALWIL Software" md5="8815c53e8fab4fb4d0838f749ee0a2d8"
ver="4, 6, 602, 0" sz="237616" is="0" gfp="">D:\Program Files (x86)\Alwil
Software\Avast4\ashMaiSv.exe</Service>
<Service ex="1" disp="avast! Web Scanner" desc="Implements web (HTTP)
scanning for avast! antivirus." nam="avast! Web Scanner (ashWebSv.exe)"
pub="ALWIL Software" md5="0dc829149691c9cfb4145b9b0ec08a86" ver="4, 6, 602,
0" sz="335920" is="0" gfp="">D:\Program Files (x86)\Alwil
Software\Avast4\ashWebSv.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes contents and
properties of files on local and remote computers; provides rapid access to
files through flexible querying language." nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="ed4c2037b627d0870c4ed60d36f36d0f" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="6656" is="0"
gfp="">D:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook Viewer to store
information and share it with remote computers. If the service is stopped,
ClipBook Viewer will not be able to share information with remote computers.
If this service is disabled, any services that explicitly depend on it will
fail to start." nam="Windows Clipbook DDE Server (clipsrv.exe)"
pub="Microsoft Corporation" md5="e53196ba56081f154e2d7a9e50a1d33f"
ver="5.2.3790.0 (srv03_rtm.030324-2048)" sz="32256" is="0"
gfp="">D:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application" desc="Manages the
configuration and tracking of Component Object Model (COM)+-based
components. If the service is stopped, most COM+-based components will not
function properly. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="COM Surrogate (dllhost.exe)"
pub="Microsoft Corporation" md5="f3929b46c4a07d57aed604906d6ba08b"
ver="5.2.3790.0 (srv03_rtm.030324-2048)" sz="5632" is="0"
gfp="">D:\WINDOWS\system32\dllhost.exe</Service>
<Service ex="0" disp="Logical Disk Manager Administrative Service"
desc="Configures hard disk drives and volumes. The service only runs for
configuration processes and then stops." nam="(dmadmin.exe)" pub="" md5=""
ver="" sz="" is="0" gfp="">D:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="0" disp="Event Log" desc="Enables event log messages issued
by Windows-based programs and components to be viewed in Event Viewer. This
service cannot be stopped." nam="(services.exe)" pub="" md5="" ver="" sz=""
is="0" gfp="">D:\WINDOWS\system32\services.exe</Service>
<Service ex="0" disp="HTTP SSL" desc="This service implements the secure
hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure
Socket Layer (SSL). If this service is disabled, any services that
explicitly depend on it will fail to start." nam="(lsass.exe)" pub="" md5=""
ver="" sz="" is="0" gfp="">D:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="IAS Jet Database Access" desc="Configures Internet
Authentication Service (IAS). If this service is stopped, remote network
access that requires user authentication will be unavailable. If this
service is disabled, any services that explicitly depend on it will fail to
start." nam="Generic Host Process for Win32 Services (svchost.exe)"
pub="Microsoft Corporation" md5="5fb8d44af1c0ca1208097a3600af8c49"
ver="5.2.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\SysWOW64\svchost.exe</Service>
<Service ex="0" disp="IMAPI CD-Burning COM Service" desc="Manages CD
recording using Image Mastering Applications Programming Interface (IMAPI).
If this service is stopped, this computer will be unable to record CDs. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="(imapi.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\imapi.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing" desc="Enables an
authorized user to access this computer remotely by using NetMeeting over a
corporate intranet. If this service is stopped, remote desktop sharing will
be unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="NetMeeting Remote Desktop Sharing
(mnmsrvc.exe)" pub="Microsoft Corporation"
md5="7582c0c32cac91598bff7c0e54a7d7d1" ver="5.2.3790.1433" sz="32768" is="0"
gfp="">D:\WINDOWS\system32\mnmsrvc.exe</Service>
<Service ex="0" disp="Distributed Transaction Coordinator"
desc="Coordinates transactions that span multiple resource managers, such as
databases, message queues, and file systems. If this service is stopped,
these transactions will not occur. If this service is disabled, any services
that explicitly depend on it will fail to start." nam="(msdtc.exe)" pub=""
md5="" ver="" sz="" is="0" gfp="">D:\WINDOWS\system32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds, modifies, and removes
applications provided as a Windows Installer (*.msi) package. If this
service is disabled, any services that explicitly depend on it will fail to
start." nam="Windows installer (msiexec.exe)" pub="Microsoft Corporation"
md5="9f535bc421ea6d3e3a2380fbb0656a26" ver="3.1.4000.1433" sz="78848" is="0"
gfp="">D:\WINDOWS\system32\msiexec.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides network transport and
security for Dynamic Data Exchange (DDE) for programs running on the same
computer or on different computers. If this service is stopped, DDE
transport and security will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start." nam="Network
DDE - DDE Communication (netdde.exe)" pub="Microsoft Corporation"
md5="6ab3ac7404fe967b9adccb61778ea279" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="110080" is="0"
gfp="">D:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages Dynamic Data
Exchange (DDE) network shares. If this service is stopped, DDE network
shares will be unavailable. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Network DDE - DDE
Communication (netdde.exe)" pub="Microsoft Corporation"
md5="6ab3ac7404fe967b9adccb61778ea279" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="110080" is="0"
gfp="">D:\WINDOWS\system32\netdde.exe</Service>
<Service ex="0" disp="Net Logon" desc="Maintains a secure channel between
this computer and the domain controller for authenticating users and
services. If this service is stopped, the computer may not authenticate
users and services and the domain controller cannot register DNS records. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="(lsass.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="0" disp="NT LM Security Support Provider" desc="Provides
security to remote procedure call (RPC) programs that use transports other
than named pipes." nam="(lsass.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="0" disp="Plug and Play" desc="Enables a computer to recognize
and adapt to hardware changes with little or no user input. Stopping or
disabling this service will result in system instability."
nam="(services.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\services.exe</Service>
<Service ex="0" disp="IPSEC Services" desc="Provides end-to-end security
between clients and servers on TCP/IP networks. If this service is stopped,
TCP/IP security between clients and servers on the network will be impaired.
If this service is disabled, any services that explicitly depend on it will
fail to start." nam="(lsass.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="0" disp="Protected Storage" desc="Protects storage of
sensitive information, such as private keys, and prevents access by
unauthorized services, processes, or users. If this service is stopped,
protected storage will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start." nam="(lsass.exe)"
pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="0" disp="Remote Desktop Help Session Manager" desc="Manages
and controls Remote Assistance. If this service is stopped, Remote
Assistance will be unavailable. Before stopping this service, see the
Dependencies tab of the Properties dialog box." nam="(sessmgr.exe)" pub=""
md5="" ver="" sz="" is="0" gfp="">D:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC) Locator" desc="Enables
remote procedure call (RPC) clients using the RpcNs* family of APIs to
locate RPC servers. If this service is stopped or disabled, RPC clients
using RpcNs* APIs may be unable to locate servers or fail to start. RpcNs*
APIs are not used internally in Windows." nam="Rpc Locator (locator.exe)"
pub="Microsoft Corporation" md5="a83414d7a45555274e99793aa22d54ab"
ver="5.2.3790.0 (srv03_rtm.030324-2048)" sz="71680" is="0"
gfp="">D:\WINDOWS\system32\locator.exe</Service>
<Service ex="0" disp="Security Accounts Manager" desc="The startup of this
service signals other services that the Security Accounts Manager (SAM) is
ready to accept requests. Disabling this service will prevent other services
in the system from being notified when the SAM is ready, which may in turn
cause those services to fail to start correctly. This service should not be
disabled." nam="(lsass.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access to smart cards read
by this computer. If this service is stopped, this computer will be unable
to read smart cards. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft Corporation"
md5="73267430f525ec1c1bdfae7ededef6b6" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="90112" is="0"
gfp="">D:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Manages all local and network
print queues and controls all printing jobs. If this service is stopped,
printing on the local machine will be unavailable. If this service is
disabled, any services that explicitly depend on it will fail to start."
nam="Spooler SubSystem App (spoolsv.exe)" pub="Microsoft Corporation"
md5="3d76038c4d60edc2798a042a0b6ff595" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="110080" is="0"
gfp="">D:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts" desc="Collects
performance data from local or remote computers based on preconfigured
schedule parameters, then writes the data to a log or triggers an alert. If
this service is stopped, performance information will not be collected. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation" md5="faa23c67642a6f3740b93d9ab29a1dac"
ver="5.2.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="96256" is="0"
gfp="">D:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="0" disp="Telnet" desc="Enables a remote user to log on to
this computer and run programs, and supports various TCP/IP Telnet clients,
including UNIX-based and Windows-based computers. If this service is
stopped, remote user access to programs might be unavailable. If this
service is disabled, any services that explicitly depend on it will fail to
start." nam="(tlntsvr.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\tlntsvr.exe</Service>
<Service ex="1" disp="Windows User Mode Driver Framework" desc="Enables
Windows user mode drivers." nam="Windows User Mode Driver Manager
(wdfmgr.exe)" pub="Microsoft Corporation"
md5="de4615dfec22171c0b868696b965122b" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="39424" is="0"
gfp="">D:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply" desc="Manages an
uninterruptible power supply (UPS) connected to the computer." nam="UPS
Service (ups.exe)" pub="Microsoft Corporation"
md5="92c3a632e963a8224fe62aa37c9508f6" ver="5.2.3790.0
(srv03_rtm.030324-2048)" sz="16896" is="0"
gfp="">D:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="UPS - UPSentry Service" desc="" nam="upsd
(upsd.exe)" pub="Delta" md5="ac21387edd188b7bafa5ea38983915cf" ver="1.1"
sz="192512" is="0" gfp="">D:\Program Files (x86)\Belkin Sentry
Bulldog\upsd.exe</Service>
<Service ex="0" disp="Virtual Disk Service" desc="Provides software volume
and hardware volume management service." nam="(vds.exe)" pub="" md5=""
ver="" sz="" is="0" gfp="">D:\WINDOWS\System32\vds.exe</Service>
<Service ex="0" disp="Volume Shadow Copy" desc="Manages and implements
Volume Shadow Copies used for backup and other purposes. If this service is
stopped, shadow copies will be unavailable for backup and the backup may
fail. If this service is disabled, any services that explicitly depend on it
will fail to start." nam="(vssvc.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="0" disp="WMI Performance Adapter" desc="Provides performance
library information from Windows Management Instrumentation (WMI) providers
to clients on the network. This service only runs when Performance Data
Helper is activated." nam="(wmiapsrv.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\wbem\wmiapsrv.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="0" pid="436" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="540" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="728" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="804" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="816" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="136" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="256" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="5fb8d44af1c0ca1208097a3600af8c49" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\system32\svchost.exe</Process>
<Process ex="0" pid="360" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="460" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="5fb8d44af1c0ca1208097a3600af8c49" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="580" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="5fb8d44af1c0ca1208097a3600af8c49" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\system32\svchost.exe</Process>
<Process ex="0" pid="1004" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="1256" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="1304" nam="(aswupdsv.exe)" pub=""
md5="84ff20f4a9e56507a719f41c6370d2ad" ver="" sz="53248" is="0"
gfp="">d:\program files (x86)\alwil software\avast4\aswupdsv.exe</Process>
<Process ex="1" pid="1340" nam="avast! antivirus service (ashserv.exe)"
pub="Unavailable" md5="7de21c541db3cf8627e22605995eac27" ver="4, 6, 602, 0"
sz="90160" is="0" gfp="">d:\program files (x86)\alwil
software\avast4\ashserv.exe</Process>
<Process ex="0" pid="1384" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="1472" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="5fb8d44af1c0ca1208097a3600af8c49" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1668" nam="upsd (upsd.exe)" pub="Delta"
md5="ac21387edd188b7bafa5ea38983915cf" ver="1.1" sz="192512" is="0"
gfp="">d:\program files (x86)\belkin sentry bulldog\upsd.exe</Process>
<Process ex="0" pid="664" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="1512" nam="avast! Web Scanner (ashwebsv.exe)"
pub="ALWIL Software" md5="0dc829149691c9cfb4145b9b0ec08a86" ver="4, 6, 602,
0" sz="335920" is="0" gfp="">d:\program files (x86)\alwil
software\avast4\ashwebsv.exe</Process>
<Process ex="1" pid="1984" nam="Application Layer Gateway Service
(alg.exe)" pub="Microsoft Corporation"
md5="aee3c8e03b43e1c67135d1e5cadbbbbb" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="45056" is="0"
gfp="">D:\WINDOWS\system32\alg.exe</Process>
<Process ex="0" pid="1996" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="2440" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="2504" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="2568" nam="Windows Messenger (msmsgs.exe)"
pub="Microsoft Corporation" md5="602bb3f43c2c40fb648fdb6ecf04dcd3"
ver="4.7.3001" sz="1681920" is="0" gfp="">d:\program
files\messenger\msmsgs.exe</Process>
<Process ex="1" pid="2588" nam="Eraser. (eraser.exe)" pub="-"
md5="e8ca34a6f5b49505a5a92767a492292e" ver="5.7" sz="536576" is="0"
gfp="">d:\program files (x86)\eraser\eraser.exe</Process>
<Process ex="1" pid="2628" nam="CTF Loader (ctfmon.exe)" pub="Microsoft
Corporation" md5="2ae02b325b6242115f8771d1c4ab919d" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="15360" is="0"
gfp="">d:\windows\syswow64\ctfmon.exe</Process>
<Process ex="1" pid="2664" nam="yENC Decoding Proxy Server (yproxy.exe)"
pub="Brawny Lads Productions" md5="5a57fa9814b2a8f0b6f17e8dd16efc55"
ver="1.3.0.15" sz="675328" is="0" gfp="">d:\program files
(x86)\yproxy\yproxy.exe</Process>
<Process ex="1" pid="2836" nam="CtHelper Application (cthelper.exe)"
pub="Creative Technology Ltd" md5="a8c58599661e926fa792f50e84cea519" ver="2,
0, 0, 20" sz="17408" is="0"
gfp="">d:\windows\system32\cthelper.exe</Process>
<Process ex="1" pid="2852" nam="avast! service GUI component
(ashdisp.exe)" pub="Unavailable" md5="b61c42616bc28baec83515246ee450f4"
ver="4, 6, 585, 0" sz="98352" is="0"
gfp="">d:\progra~2\alwils~1\avast4\ashdisp.exe</Process>
<Process ex="1" pid="2888" nam="Microsoft AntiSpyware Service
(gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501" sz="469824" is="0"
gfp="">d:\program files (x86)\microsoft antispyware\gcasserv.exe</Process>
<Process ex="1" pid="2916" nam="qttask.exe" pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1" sz="98304" is="0"
gfp="">d:\program files (x86)\quicktime\qttask.exe</Process>
<Process ex="1" pid="2936" nam="APTEZBP MFC Application - Aptiva EZ
Buttons run-time process (aptezbp.exe)" pub="IBM Corporation"
md5="799758380c5bbd85389764e220f3b8c7" ver="1, 2, 0, 1" sz="372736" is="0"
gfp="">c:\ibmtools\aptezbtn\aptezbp.exe</Process>
<Process ex="1" pid="2960" nam="None (atomic.exe)" pub="Chaos Software
Group, Inc." md5="0137879ac29569b612146a8ecef6617b" ver="2.7.0.3"
sz="524288" is="0" gfp="">d:\program files (x86)\atomic clock
sync\atomic.exe</Process>
<Process ex="1" pid="3028" nam="Microsoft AntiSpyware Data Service
(gcasdtserv.exe)" pub="Microsoft Corporation"
md5="255ca546f8e187c41ebed2aabbeee07c" ver="1.00.0501" sz="748352" is="0"
gfp="">d:\program files (x86)\microsoft antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="112" nam="IBM RAK2 USB Driver (rakusb.exe)" pub="IBM"
md5="f350995d26af6fa8da03915ffc26ecc3" ver="2, 0, 0, 0" sz="452096" is="0"
gfp="">c:\ibmtools\aptezbtn\rakusb.exe</Process>
<Process ex="1" pid="2364" nam="NeroMediaPlayer (neromediaplayer.exe)"
pub="Ahead software" md5="d75ea06b5dd3303b326eb4b75baccce2" ver="1, 4, 0,
27" sz="1146880" is="0" gfp="">d:\program files
(x86)\ahead\neromediaplayer\neromediaplayer.exe</Process>
<Process ex="1" pid="220" nam="Microsoft Suspected Spyware Reporting Tool
(msssrt.exe)" pub="Microsoft Corporation"
md5="464528294c858e175e8f82371117e8e1" ver="1.00.0501" sz="400184" is="0"
gfp="">d:\program files (x86)\microsoft antispyware\msssrt.exe</Process>
<Process ex="0" pid="2736" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="2100" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
The system OS is Windows XP Pro 64 bit edition, system drive is 0 partition
2.
Drive 0 partition 1 contains XP Pro 32 bit edition.
Drive 0 partition 3 contains the main data storage area
Drive 1 partition 1 contains data storage and temp files for OE,IE and Swap.
Thank you;
Bob
E-Mail address is (e-mail address removed)
error telling me to check my proxy.
Have had MS anti spy ware installed and running for several weeks, no
problems noted. I shut it down via the tray icon to load an application.
Attempted a re-start and it would not run, deferred trouble shooting for a
week. Made several attempts to start the system manually all resulted in
the loading variables window showing and no further action.
I suddenly suffered a general slowdown of my system and eventually received
a low disk space warning. In checking my system, partition D:, the system
partition, was full. I have all temporary storage, including the swap file,
assigned to another drive so the system did not quit or show a blue screen.
The culprit turned out to be the anti spy ware log file which was over 4GB
in length. Erased the file and system operation returned to normal.
In watching the log file it kept growing with out the anti spy ware running.
Checked the running process' and saw two that could be associated with
Giant, however I have no document that tells me which process is assigned to
it. At that point I removed MS anti spy ware from the system. Will now
insure that there is no log file built that will take up all the space.
The error log message is:
91::ln 0:Object variable or With block variable not
set::gcasDtServ:modThreatData:Initialize::05/03/2005 15:41:00:1.0.501
The data for the error submission is:
Data for Error submission:
- <MSSSRT version="1.0.501" createdate="05/03/2005 15:52:54" os=".3790"
user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="D:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Microsoft Office.lnk" nam="Microsoft Office 2000
component (osa9.exe)" pub="Microsoft Corporation"
md5="536f27b2413490abc6ecdd53f9cdf4aa" ver="9.0.3720" sz="65588" is="0"
gfp="">d:\program files (x86)\microsoft office\office\osa9.exe</StartupFile>
<StartupFile path="D:\Documents and Settings\All Users\Start
Menu\Programs\Startup\yProxy.lnk" nam="yENC Decoding Proxy Server
(yproxy.exe)" pub="Brawny Lads Productions"
md5="5a57fa9814b2a8f0b6f17e8dd16efc55" ver="1.3.0.15" sz="675328" is="0"
gfp="">d:\program files (x86)\yproxy\yproxy.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AsioReg"
dat="REGSVR32 /S CTASIO.DLL" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="CTHelper"
dat="CTHELPER.EXE" nam="CtHelper Application (cthelper.exe)" pub="Creative
Technology Ltd" md5="a8c58599661e926fa792f50e84cea519" ver="2, 0, 0, 20"
sz="17408" is="0"
gfp="">d:\windows\system32\cthelper.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="avast!"
dat="D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" nam="avast! service GUI
component (ashdisp.exe)" pub="Unavailable"
md5="b61c42616bc28baec83515246ee450f4" ver="4, 6, 585, 0" sz="98352" is="0"
gfp="">d:\progra~2\alwils~1\avast4\ashdisp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="gcasServ"
dat=""D:\Program Files (x86)\Microsoft AntiSpyware\gcasServ.exe""
nam="Microsoft AntiSpyware Service (gcasserv.exe)" pub="Microsoft
Corporation" md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">d:\program files (x86)\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NeroFilterCheck" dat="D:\WINDOWS\SysWow64\NeroCheck.exe" nam="NeroCheck
(nerocheck.exe)" pub="Ahead Software Gmbh"
md5="3e4c03cefad8de135263236b61a49c90" ver="1, 0, 0, 2" sz="155648" is="0"
gfp="">d:\windows\syswow64\nerocheck.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="QuickTime
Task" dat=""D:\Program Files (x86)\QuickTime\qttask.exe" -atboottime"
nam="qttask.exe" pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1" sz="98304" is="0"
gfp="">d:\program files (x86)\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AEZBProc"
dat="c:\ibmtools\aptezbtn\aptezbp.exe" nam="APTEZBP MFC Application - Aptiva
EZ Buttons run-time process (aptezbp.exe)" pub="IBM Corporation"
md5="799758380c5bbd85389764e220f3b8c7" ver="1, 2, 0, 1" sz="372736" is="0"
gfp="">c:\ibmtools\aptezbtn\aptezbp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Atomic.exe"
dat=""D:\Program Files (x86)\Atomic Clock Sync\Atomic.exe"" nam="None
(atomic.exe)" pub="Chaos Software Group, Inc."
md5="0137879ac29569b612146a8ecef6617b" ver="2.7.0.3" sz="524288" is="0"
gfp="">d:\program files (x86)\atomic clock
sync\atomic.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="CTFMON.EXE"
dat="D:\WINDOWS\system32\ctfmon.exe" nam="CTF Loader (ctfmon.exe)"
pub="Microsoft Corporation" md5="2ae02b325b6242115f8771d1c4ab919d"
ver="5.2.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="15360" is="0"
gfp="">d:\windows\system32\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SetDefaultMIDI" dat="MIDIDef.exe" nam="" pub="" md5="" ver="" sz=""
is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="MSMSGS"
dat=""D:\Program Files\Messenger\msmsgs.exe" /background" nam="Windows
Messenger (msmsgs.exe)" pub="Microsoft Corporation"
md5="602bb3f43c2c40fb648fdb6ecf04dcd3" ver="4.7.3001" sz="1681920" is="0"
gfp="">d:\program files\messenger\msmsgs.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Eraser"
dat="D:\Program Files (x86)\Eraser\eraser.exe -hide" nam="Eraser.
(eraser.exe)" pub="-" md5="e8ca34a6f5b49505a5a92767a492292e" ver="5.7"
sz="536576" is="0" gfp="">d:\program files
(x86)\eraser\eraser.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="0" nam="" pub="" md5="" ver="" sz="" is="0"
gfp="" />
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.3790.1433">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"
prog="AcroIEHelper.AcroIEHlprObj.1" val="AcroIEHlprObj Class" nam="Adobe
Acrobat IE Helper Version 6.0 for ActivieX (acroiehelper.dll)" pub="Adobe
Systems Incorporated" md5="0c0e1b2bcaed8df401be94d538bcb412"
ver="6.0.0.2003051500" sz="50376" is="0" gfp="">d:\program files
(x86)\adobe\acrobat 6.0\reader\activex\acroiehelper.dll</BHO>
<BHO ex="1" clsid="{53707962-6F74-2D53-2644-206D7942484F}" prog="" val=""
nam="Bad download blocker (sdhelper.dll)" pub="Safer Networking Limited"
md5="abf5ba518c6a5ed104496ff42d19ad88" ver="1, 3, 0, 12" sz="744960" is="0"
gfp="">d:\program files (x86)\spybot - search & destroy\sdhelper.dll</BHO>
</BrowserHelperObjects>
<IEToolbars />
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}"
prog="" val="&Tip of the Day" nam="Shell Doc Object and Control Library
(shdocvw.dll)" pub="Microsoft Corporation"
md5="7bc379edf6741bc802dd61c8f9acaf97" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="1503232" is="0"
gfp="">d:\windows\syswow64\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="f4d3138273bb2007053013f00b128a39"
ver="6.00.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="1033216" is="0"
gfp="">d:\windows\syswow64\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="f4d3138273bb2007053013f00b128a39"
ver="6.00.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="1033216" is="0"
gfp="">d:\windows\syswow64\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEWebBrowsers>
<IEMenuExts />
- <IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"
prog="" val="Microsoft Url Search Hook" nam="Shell Doc Object and Control
Library (shdocvw.dll)" pub="Microsoft Corporation"
md5="7bc379edf6741bc802dd61c8f9acaf97" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="1503232" is="0"
gfp="">d:\windows\syswow64\shdocvw.dll</IEURLSearchHook>
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">D:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search Bar" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Search_URL"
/>
<IEURL val="HCU\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start
Page">http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local
Page">%SystemRoot%\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}"
prog="" val="URL Exec Hook" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation" md5="c75a05e0663146e9b69334cef3f8aa36"
ver="6.00.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="8377344" is="0"
gfp="">D:\WINDOWS\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1" nam="Microsoft AntiSpyware
Shell Extension (shellextension.dll)" pub="Microsoft Corporation"
md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501" sz="93408" is="0"
gfp="">d:\program files (x86)\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">%SystemRoot%\system32\mshta.exe "%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand val="HCR\mp3file\shell\open\command">"D:\Program Files
(x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mpegfile\shell\open\command">"D:\Program Files
(x86)\Windows Media Player\wmplayer.exe" /prefetch:9 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"%ProgramFiles(x86)%\Outlook
Express\msimn.exe" /mailurl:%1?</ShellOpenCommand>
<ShellOpenCommand val="HCR\htmlfile\shell\open\command">"D:\Program Files
(x86)\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\http\shell\open\command">"D:\Program Files
(x86)\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\https\shell\open\command">"D:\Program Files
(x86)\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\ftp\shell\open\command">"D:\Program Files
(x86)\Internet Explorer\iexplore.exe" %1</ShellOpenCommand>
</ShellOpenCommands>
<ActiveXInstalls />
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="195092a1db4fd3c47ee4d1897ed6d227" ver="2.0.40607.16
(beta1.040607-1600)" sz="227328" is="0"
gfp="">D:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="195092a1db4fd3c47ee4d1897ed6d227" ver="2.0.40607.16
(beta1.040607-1600)" sz="227328" is="0"
gfp="">D:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="195092a1db4fd3c47ee4d1897ed6d227" ver="2.0.40607.16
(beta1.040607-1600)" sz="227328" is="0"
gfp="">D:\WINDOWS\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="deflate" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="lzdhtml" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="c75a05e0663146e9b69334cef3f8aa36" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="8377344" is="0"
gfp="">d:\windows\syswow64\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
prog="" filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
prog="" filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="8f5888f7319f95010fa76401aa6b5d7b" ver="6.05.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="1563136" is="0"
gfp="">d:\windows\syswow64\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="gopher" val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="c1294d14dbe0f18c15336d8883e0d2ac" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="136704" is="0"
gfp="">d:\windows\syswow64\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="javascript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="mailto" val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
prog="" filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
nam="Microsoft Internet Messaging API (inetcomm.dll)" pub="Microsoft
Corporation" md5="b6b5c580f27334d6fbfb7ad1b40145d6" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="681984" is="0"
gfp="">d:\windows\syswow64\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="44aa5798c5061eea37aebb2e3b92704a" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="689152" is="0"
gfp="">d:\windows\syswow64\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft InfoTech Storage
System Library (itss.dll)" pub="Microsoft Corporation"
md5="c1294d14dbe0f18c15336d8883e0d2ac" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="136704" is="0"
gfp="">d:\windows\syswow64\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-006008059382}"
prog="" filter="sysimage" val="{76E67A63-06E9-11D2-A840-006008059382}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
prog="" filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="8f5888f7319f95010fa76401aa6b5d7b" ver="6.05.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="1563136" is="0"
gfp="">d:\windows\syswow64\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="vbscript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="150a5617ccd4e8680c3d6217c573ea88" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="3105280" is="0"
gfp="">d:\windows\syswow64\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA Scripting Layer
(wiascr.dll)" pub="Microsoft Corporation"
md5="7e9687f8bd379fd1478abf95f8bced76" ver="5.2.3790.0
(srv03_rtm.030324-2048)" sz="74240" is="0"
gfp="">d:\windows\syswow64\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0"
namespace="mk" namespacefilter="NameSpace Filter for MK
MSITStore:..."val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft InfoTech Storage
System Library (itss.dll)" pub="Microsoft Corporation"
md5="c1294d14dbe0f18c15336d8883e0d2ac" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="136704" is="0"
gfp="">d:\windows\syswow64\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater
val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0 (compatible; MSIE 6.0;
Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain Count">0</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1"
clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation" md5="c75a05e0663146e9b69334cef3f8aa36"
ver="6.00.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="8377344" is="0"
gfp="">d:\windows\syswow64\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation"
md5="c75a05e0663146e9b69334cef3f8aa36" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="8377344" is="0"
gfp="">d:\windows\syswow64\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft Corporation"
md5="2d7504c259db0b0e861947725e9728f9" ver="6.00.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="279040" is="0"
gfp="">d:\windows\syswow64\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)" pub="Microsoft
Corporation" md5="349c9e1c3d6ed3d432d3474045ff6cc6" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="123392" is="0"
gfp="">d:\windows\syswow64\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway Service" desc="Provides
support for 3rd party protocol plug-ins for Internet Connection Sharing and
the Windows Firewall" nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation" md5="aee3c8e03b43e1c67135d1e5cadbbbbb"
ver="5.2.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="45056" is="0"
gfp="">D:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="ASP.NET Admin Service" desc="Provides support for
configuring ASP.NET applications and configuration." nam="Microsoft ASP.NET
Admin Service (aspnet_admin.exe)" pub="Microsoft Corporation"
md5="98e10748c94f700604186bd6c76223b6" ver="2.0.40607.16
(beta1.040607-1600)" sz="16384" is="0"
gfp="">D:\WINDOWS\Microsoft.NET\Framework64\v2.0.40607\aspnet_admin.exe</Service>
<Service ex="1" disp="ASP.NET State Service" desc="Provides support for
out-of-process session states for ASP.NET. If this service is stopped,
out-of-process requests will not be processed. If this service is disabled,
any services that explicitly depend on it will fail to start."
nam="Microsoft ASP.NET State Server (aspnet_state.exe)" pub="Microsoft
Corporation" md5="1fd8016d8b04cc55a2203e793edf249f" ver="2.0.40607.16
(beta1.040607-1600)" sz="34816" is="0"
gfp="">D:\WINDOWS\Microsoft.NET\Framework64\v2.0.40607\aspnet_state.exe</Service>
<Service ex="1" disp="avast! iAVS4 Control Service" desc="Provides
automatic updating for the avast! antivirus." nam="(aswUpdSv.exe)" pub=""
md5="84ff20f4a9e56507a719f41c6370d2ad" ver="" sz="53248" is="0"
gfp="">D:\Program Files (x86)\Alwil Software\Avast4\aswUpdSv.exe</Service>
<Service ex="1" disp="avast! Antivirus" desc="Manages and implements
avast! antivirus services for this computer. This includes the resident
protection, the virus chest and the scheduler." nam="avast! antivirus
service (ashServ.exe)" pub="Unavailable"
md5="7de21c541db3cf8627e22605995eac27" ver="4, 6, 602, 0" sz="90160" is="0"
gfp="">D:\Program Files (x86)\Alwil Software\Avast4\ashServ.exe</Service>
<Service ex="1" disp="avast! Mail Scanner" desc="Implements mail scanning
for the avast! antivirus." nam="avast! e-Mail Scanner Service
(ashMaiSv.exe)" pub="ALWIL Software" md5="8815c53e8fab4fb4d0838f749ee0a2d8"
ver="4, 6, 602, 0" sz="237616" is="0" gfp="">D:\Program Files (x86)\Alwil
Software\Avast4\ashMaiSv.exe</Service>
<Service ex="1" disp="avast! Web Scanner" desc="Implements web (HTTP)
scanning for avast! antivirus." nam="avast! Web Scanner (ashWebSv.exe)"
pub="ALWIL Software" md5="0dc829149691c9cfb4145b9b0ec08a86" ver="4, 6, 602,
0" sz="335920" is="0" gfp="">D:\Program Files (x86)\Alwil
Software\Avast4\ashWebSv.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes contents and
properties of files on local and remote computers; provides rapid access to
files through flexible querying language." nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="ed4c2037b627d0870c4ed60d36f36d0f" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="6656" is="0"
gfp="">D:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook Viewer to store
information and share it with remote computers. If the service is stopped,
ClipBook Viewer will not be able to share information with remote computers.
If this service is disabled, any services that explicitly depend on it will
fail to start." nam="Windows Clipbook DDE Server (clipsrv.exe)"
pub="Microsoft Corporation" md5="e53196ba56081f154e2d7a9e50a1d33f"
ver="5.2.3790.0 (srv03_rtm.030324-2048)" sz="32256" is="0"
gfp="">D:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application" desc="Manages the
configuration and tracking of Component Object Model (COM)+-based
components. If the service is stopped, most COM+-based components will not
function properly. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="COM Surrogate (dllhost.exe)"
pub="Microsoft Corporation" md5="f3929b46c4a07d57aed604906d6ba08b"
ver="5.2.3790.0 (srv03_rtm.030324-2048)" sz="5632" is="0"
gfp="">D:\WINDOWS\system32\dllhost.exe</Service>
<Service ex="0" disp="Logical Disk Manager Administrative Service"
desc="Configures hard disk drives and volumes. The service only runs for
configuration processes and then stops." nam="(dmadmin.exe)" pub="" md5=""
ver="" sz="" is="0" gfp="">D:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="0" disp="Event Log" desc="Enables event log messages issued
by Windows-based programs and components to be viewed in Event Viewer. This
service cannot be stopped." nam="(services.exe)" pub="" md5="" ver="" sz=""
is="0" gfp="">D:\WINDOWS\system32\services.exe</Service>
<Service ex="0" disp="HTTP SSL" desc="This service implements the secure
hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure
Socket Layer (SSL). If this service is disabled, any services that
explicitly depend on it will fail to start." nam="(lsass.exe)" pub="" md5=""
ver="" sz="" is="0" gfp="">D:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="IAS Jet Database Access" desc="Configures Internet
Authentication Service (IAS). If this service is stopped, remote network
access that requires user authentication will be unavailable. If this
service is disabled, any services that explicitly depend on it will fail to
start." nam="Generic Host Process for Win32 Services (svchost.exe)"
pub="Microsoft Corporation" md5="5fb8d44af1c0ca1208097a3600af8c49"
ver="5.2.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\SysWOW64\svchost.exe</Service>
<Service ex="0" disp="IMAPI CD-Burning COM Service" desc="Manages CD
recording using Image Mastering Applications Programming Interface (IMAPI).
If this service is stopped, this computer will be unable to record CDs. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="(imapi.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\imapi.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing" desc="Enables an
authorized user to access this computer remotely by using NetMeeting over a
corporate intranet. If this service is stopped, remote desktop sharing will
be unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="NetMeeting Remote Desktop Sharing
(mnmsrvc.exe)" pub="Microsoft Corporation"
md5="7582c0c32cac91598bff7c0e54a7d7d1" ver="5.2.3790.1433" sz="32768" is="0"
gfp="">D:\WINDOWS\system32\mnmsrvc.exe</Service>
<Service ex="0" disp="Distributed Transaction Coordinator"
desc="Coordinates transactions that span multiple resource managers, such as
databases, message queues, and file systems. If this service is stopped,
these transactions will not occur. If this service is disabled, any services
that explicitly depend on it will fail to start." nam="(msdtc.exe)" pub=""
md5="" ver="" sz="" is="0" gfp="">D:\WINDOWS\system32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds, modifies, and removes
applications provided as a Windows Installer (*.msi) package. If this
service is disabled, any services that explicitly depend on it will fail to
start." nam="Windows installer (msiexec.exe)" pub="Microsoft Corporation"
md5="9f535bc421ea6d3e3a2380fbb0656a26" ver="3.1.4000.1433" sz="78848" is="0"
gfp="">D:\WINDOWS\system32\msiexec.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides network transport and
security for Dynamic Data Exchange (DDE) for programs running on the same
computer or on different computers. If this service is stopped, DDE
transport and security will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start." nam="Network
DDE - DDE Communication (netdde.exe)" pub="Microsoft Corporation"
md5="6ab3ac7404fe967b9adccb61778ea279" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="110080" is="0"
gfp="">D:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages Dynamic Data
Exchange (DDE) network shares. If this service is stopped, DDE network
shares will be unavailable. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Network DDE - DDE
Communication (netdde.exe)" pub="Microsoft Corporation"
md5="6ab3ac7404fe967b9adccb61778ea279" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="110080" is="0"
gfp="">D:\WINDOWS\system32\netdde.exe</Service>
<Service ex="0" disp="Net Logon" desc="Maintains a secure channel between
this computer and the domain controller for authenticating users and
services. If this service is stopped, the computer may not authenticate
users and services and the domain controller cannot register DNS records. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="(lsass.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="0" disp="NT LM Security Support Provider" desc="Provides
security to remote procedure call (RPC) programs that use transports other
than named pipes." nam="(lsass.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="0" disp="Plug and Play" desc="Enables a computer to recognize
and adapt to hardware changes with little or no user input. Stopping or
disabling this service will result in system instability."
nam="(services.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\services.exe</Service>
<Service ex="0" disp="IPSEC Services" desc="Provides end-to-end security
between clients and servers on TCP/IP networks. If this service is stopped,
TCP/IP security between clients and servers on the network will be impaired.
If this service is disabled, any services that explicitly depend on it will
fail to start." nam="(lsass.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="0" disp="Protected Storage" desc="Protects storage of
sensitive information, such as private keys, and prevents access by
unauthorized services, processes, or users. If this service is stopped,
protected storage will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start." nam="(lsass.exe)"
pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="0" disp="Remote Desktop Help Session Manager" desc="Manages
and controls Remote Assistance. If this service is stopped, Remote
Assistance will be unavailable. Before stopping this service, see the
Dependencies tab of the Properties dialog box." nam="(sessmgr.exe)" pub=""
md5="" ver="" sz="" is="0" gfp="">D:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC) Locator" desc="Enables
remote procedure call (RPC) clients using the RpcNs* family of APIs to
locate RPC servers. If this service is stopped or disabled, RPC clients
using RpcNs* APIs may be unable to locate servers or fail to start. RpcNs*
APIs are not used internally in Windows." nam="Rpc Locator (locator.exe)"
pub="Microsoft Corporation" md5="a83414d7a45555274e99793aa22d54ab"
ver="5.2.3790.0 (srv03_rtm.030324-2048)" sz="71680" is="0"
gfp="">D:\WINDOWS\system32\locator.exe</Service>
<Service ex="0" disp="Security Accounts Manager" desc="The startup of this
service signals other services that the Security Accounts Manager (SAM) is
ready to accept requests. Disabling this service will prevent other services
in the system from being notified when the SAM is ready, which may in turn
cause those services to fail to start correctly. This service should not be
disabled." nam="(lsass.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access to smart cards read
by this computer. If this service is stopped, this computer will be unable
to read smart cards. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft Corporation"
md5="73267430f525ec1c1bdfae7ededef6b6" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="90112" is="0"
gfp="">D:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Manages all local and network
print queues and controls all printing jobs. If this service is stopped,
printing on the local machine will be unavailable. If this service is
disabled, any services that explicitly depend on it will fail to start."
nam="Spooler SubSystem App (spoolsv.exe)" pub="Microsoft Corporation"
md5="3d76038c4d60edc2798a042a0b6ff595" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="110080" is="0"
gfp="">D:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts" desc="Collects
performance data from local or remote computers based on preconfigured
schedule parameters, then writes the data to a log or triggers an alert. If
this service is stopped, performance information will not be collected. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation" md5="faa23c67642a6f3740b93d9ab29a1dac"
ver="5.2.3790.1433 (srv03_sp1_rc2.050203-1635)" sz="96256" is="0"
gfp="">D:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="0" disp="Telnet" desc="Enables a remote user to log on to
this computer and run programs, and supports various TCP/IP Telnet clients,
including UNIX-based and Windows-based computers. If this service is
stopped, remote user access to programs might be unavailable. If this
service is disabled, any services that explicitly depend on it will fail to
start." nam="(tlntsvr.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\tlntsvr.exe</Service>
<Service ex="1" disp="Windows User Mode Driver Framework" desc="Enables
Windows user mode drivers." nam="Windows User Mode Driver Manager
(wdfmgr.exe)" pub="Microsoft Corporation"
md5="de4615dfec22171c0b868696b965122b" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="39424" is="0"
gfp="">D:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply" desc="Manages an
uninterruptible power supply (UPS) connected to the computer." nam="UPS
Service (ups.exe)" pub="Microsoft Corporation"
md5="92c3a632e963a8224fe62aa37c9508f6" ver="5.2.3790.0
(srv03_rtm.030324-2048)" sz="16896" is="0"
gfp="">D:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="UPS - UPSentry Service" desc="" nam="upsd
(upsd.exe)" pub="Delta" md5="ac21387edd188b7bafa5ea38983915cf" ver="1.1"
sz="192512" is="0" gfp="">D:\Program Files (x86)\Belkin Sentry
Bulldog\upsd.exe</Service>
<Service ex="0" disp="Virtual Disk Service" desc="Provides software volume
and hardware volume management service." nam="(vds.exe)" pub="" md5=""
ver="" sz="" is="0" gfp="">D:\WINDOWS\System32\vds.exe</Service>
<Service ex="0" disp="Volume Shadow Copy" desc="Manages and implements
Volume Shadow Copies used for backup and other purposes. If this service is
stopped, shadow copies will be unavailable for backup and the backup may
fail. If this service is disabled, any services that explicitly depend on it
will fail to start." nam="(vssvc.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="0" disp="WMI Performance Adapter" desc="Provides performance
library information from Windows Management Instrumentation (WMI) providers
to clients on the network. This service only runs when Performance Data
Helper is activated." nam="(wmiapsrv.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">D:\WINDOWS\system32\wbem\wmiapsrv.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="0" pid="436" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="540" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="728" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="804" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="816" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="136" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="256" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="5fb8d44af1c0ca1208097a3600af8c49" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\system32\svchost.exe</Process>
<Process ex="0" pid="360" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="460" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="5fb8d44af1c0ca1208097a3600af8c49" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="580" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="5fb8d44af1c0ca1208097a3600af8c49" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\system32\svchost.exe</Process>
<Process ex="0" pid="1004" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="1256" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="1304" nam="(aswupdsv.exe)" pub=""
md5="84ff20f4a9e56507a719f41c6370d2ad" ver="" sz="53248" is="0"
gfp="">d:\program files (x86)\alwil software\avast4\aswupdsv.exe</Process>
<Process ex="1" pid="1340" nam="avast! antivirus service (ashserv.exe)"
pub="Unavailable" md5="7de21c541db3cf8627e22605995eac27" ver="4, 6, 602, 0"
sz="90160" is="0" gfp="">d:\program files (x86)\alwil
software\avast4\ashserv.exe</Process>
<Process ex="0" pid="1384" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="1472" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="5fb8d44af1c0ca1208097a3600af8c49" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="14848" is="0"
gfp="">D:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1668" nam="upsd (upsd.exe)" pub="Delta"
md5="ac21387edd188b7bafa5ea38983915cf" ver="1.1" sz="192512" is="0"
gfp="">d:\program files (x86)\belkin sentry bulldog\upsd.exe</Process>
<Process ex="0" pid="664" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="1512" nam="avast! Web Scanner (ashwebsv.exe)"
pub="ALWIL Software" md5="0dc829149691c9cfb4145b9b0ec08a86" ver="4, 6, 602,
0" sz="335920" is="0" gfp="">d:\program files (x86)\alwil
software\avast4\ashwebsv.exe</Process>
<Process ex="1" pid="1984" nam="Application Layer Gateway Service
(alg.exe)" pub="Microsoft Corporation"
md5="aee3c8e03b43e1c67135d1e5cadbbbbb" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="45056" is="0"
gfp="">D:\WINDOWS\system32\alg.exe</Process>
<Process ex="0" pid="1996" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="2440" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="2504" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="1" pid="2568" nam="Windows Messenger (msmsgs.exe)"
pub="Microsoft Corporation" md5="602bb3f43c2c40fb648fdb6ecf04dcd3"
ver="4.7.3001" sz="1681920" is="0" gfp="">d:\program
files\messenger\msmsgs.exe</Process>
<Process ex="1" pid="2588" nam="Eraser. (eraser.exe)" pub="-"
md5="e8ca34a6f5b49505a5a92767a492292e" ver="5.7" sz="536576" is="0"
gfp="">d:\program files (x86)\eraser\eraser.exe</Process>
<Process ex="1" pid="2628" nam="CTF Loader (ctfmon.exe)" pub="Microsoft
Corporation" md5="2ae02b325b6242115f8771d1c4ab919d" ver="5.2.3790.1433
(srv03_sp1_rc2.050203-1635)" sz="15360" is="0"
gfp="">d:\windows\syswow64\ctfmon.exe</Process>
<Process ex="1" pid="2664" nam="yENC Decoding Proxy Server (yproxy.exe)"
pub="Brawny Lads Productions" md5="5a57fa9814b2a8f0b6f17e8dd16efc55"
ver="1.3.0.15" sz="675328" is="0" gfp="">d:\program files
(x86)\yproxy\yproxy.exe</Process>
<Process ex="1" pid="2836" nam="CtHelper Application (cthelper.exe)"
pub="Creative Technology Ltd" md5="a8c58599661e926fa792f50e84cea519" ver="2,
0, 0, 20" sz="17408" is="0"
gfp="">d:\windows\system32\cthelper.exe</Process>
<Process ex="1" pid="2852" nam="avast! service GUI component
(ashdisp.exe)" pub="Unavailable" md5="b61c42616bc28baec83515246ee450f4"
ver="4, 6, 585, 0" sz="98352" is="0"
gfp="">d:\progra~2\alwils~1\avast4\ashdisp.exe</Process>
<Process ex="1" pid="2888" nam="Microsoft AntiSpyware Service
(gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501" sz="469824" is="0"
gfp="">d:\program files (x86)\microsoft antispyware\gcasserv.exe</Process>
<Process ex="1" pid="2916" nam="qttask.exe" pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1" sz="98304" is="0"
gfp="">d:\program files (x86)\quicktime\qttask.exe</Process>
<Process ex="1" pid="2936" nam="APTEZBP MFC Application - Aptiva EZ
Buttons run-time process (aptezbp.exe)" pub="IBM Corporation"
md5="799758380c5bbd85389764e220f3b8c7" ver="1, 2, 0, 1" sz="372736" is="0"
gfp="">c:\ibmtools\aptezbtn\aptezbp.exe</Process>
<Process ex="1" pid="2960" nam="None (atomic.exe)" pub="Chaos Software
Group, Inc." md5="0137879ac29569b612146a8ecef6617b" ver="2.7.0.3"
sz="524288" is="0" gfp="">d:\program files (x86)\atomic clock
sync\atomic.exe</Process>
<Process ex="1" pid="3028" nam="Microsoft AntiSpyware Data Service
(gcasdtserv.exe)" pub="Microsoft Corporation"
md5="255ca546f8e187c41ebed2aabbeee07c" ver="1.00.0501" sz="748352" is="0"
gfp="">d:\program files (x86)\microsoft antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="112" nam="IBM RAK2 USB Driver (rakusb.exe)" pub="IBM"
md5="f350995d26af6fa8da03915ffc26ecc3" ver="2, 0, 0, 0" sz="452096" is="0"
gfp="">c:\ibmtools\aptezbtn\rakusb.exe</Process>
<Process ex="1" pid="2364" nam="NeroMediaPlayer (neromediaplayer.exe)"
pub="Ahead software" md5="d75ea06b5dd3303b326eb4b75baccce2" ver="1, 4, 0,
27" sz="1146880" is="0" gfp="">d:\program files
(x86)\ahead\neromediaplayer\neromediaplayer.exe</Process>
<Process ex="1" pid="220" nam="Microsoft Suspected Spyware Reporting Tool
(msssrt.exe)" pub="Microsoft Corporation"
md5="464528294c858e175e8f82371117e8e1" ver="1.00.0501" sz="400184" is="0"
gfp="">d:\program files (x86)\microsoft antispyware\msssrt.exe</Process>
<Process ex="0" pid="2736" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
<Process ex="0" pid="2100" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""
/>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
The system OS is Windows XP Pro 64 bit edition, system drive is 0 partition
2.
Drive 0 partition 1 contains XP Pro 32 bit edition.
Drive 0 partition 3 contains the main data storage area
Drive 1 partition 1 contains data storage and temp files for OE,IE and Swap.
Thank you;
Bob
E-Mail address is (e-mail address removed)