B
BlueMan
Hi.from MSAS I could not get report sent to you. Being
the cycnic that I am, maybe he spyware rats have blocked
this path!
Anyway.I have a pop up window named Aurora which I cannot
outsmart. Maybe tied this file:
C:/windows/prefetch/PROTECTOR_UPDATE[1].EXE-12D260CA.pf
Below is the report MSAS assembled to go with my report.
Can you pass this info along to the correct group?
And..an some tell me how to rid my machine of this
problem?
If spyware people can control my machine like this, can't
they also access my personal stuff, SSN, credit info,
etc.???
Why do the bother to even do this? I would never actually
look at their stuff or buy anything from vendors who use
them.
Assembled report from msas:
- <MSSSRT version="1.0.509" createdate="5/3/2005 11:22:01
AM" os="XP.2600" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Wireless-G Notebook
Adapter with SpeedBooster Utility.lnk" nam="Startup MFC
Application (startup.exe)" pub="None"
md5="e7684929d4dad95c7c631fab77100137" ver="1, 0, 0, 1"
sz="24576" is="0" gfp="">c:\program
files\linksys\wireless-g notebook adapter with
speedbooster\startup.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NvCplDaemon" dat="RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup" nam="NVIDIA Display Properties
Extension (nvcpl.dll)" pub="NVIDIA Corporation"
md5="c28deeda832dd438f4f6de5bbf1d9556" ver="6.14.10.6742"
sz="4632576" is="0" gfp="">c:\windows\system32
\nvcpl.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="nwiz" dat="nwiz.exe /installquiet" nam="NVIDIA nView
Wizard, Version 67.42 (nwiz.exe)" pub="NVIDIA
Corporation" md5="0bd6973f95cf3b90dc0cec8a16e2a482"
ver="6.14.10.6742" sz="921600" is="0"
gfp="">c:\windows\system32\nwiz.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="DVDSentry" dat="C:\WINDOWS\System32\DSentry.exe"
nam="DVDSentry (dsentry.exe)" pub="Dell - Advanced
Desktop Engineering"
md5="b434b19e717a4e6e8de708008b55b7f9" ver="1, 0, 0, 0"
sz="28672" is="0" gfp="">c:\windows\system32
\dsentry.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="dla" dat="C:\WINDOWS\system32\dla\tfswctrl.exe"
nam="Drive Letter Access Component (tfswctrl.exe)"
pub="Sonic Solutions"
md5="2bff8a443334a034df73d2c8d808d2a7" ver="1.04.05b"
sz="114741" is="0" gfp="">c:\windows\system32
\dla\tfswctrl.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="" dat="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="PrinTray" dat="C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\printray.exe" nam="PrinTray
(printray.exe)" pub="Lexmark"
md5="f45d04cb01feaa8dbf3e09407e9a1fb3" ver="1, 0, 0, 7"
sz="36864" is="0" gfp="">c:\windows\system32
\spool\drivers\w32x86\3
\printray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Apoint" dat="C:\Program Files\Apoint\Apoint.exe"
nam="Alps Pointing-device Driver (apoint.exe)" pub="Alps
Electric Co., Ltd."
md5="81924a480fcecf6aa71ddf0c2fabc2cc" ver="5.4.101.115"
sz="147456" is="0" gfp="">c:\program
files\apoint\apoint.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SprintPort" dat=""C:\Program Files\Novatel
Wireless\SprintPort\SprintPortA.exe"" nam="SprintPort
HSRAS Serial Redirector (sprintporta.exe)"
pub="CommWorks" md5="96a7853d973629735951d1929e9edb3b"
ver="1, 0, 0, 11" sz="122959" is="0" gfp="">c:\program
files\novatel
wireless\sprintport\sprintporta.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="REGSHAVE" dat="C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" nam="Shaving
Registry (regshave.exe)" pub="FUJI PHOTO FILM CO., LTD."
md5="552e9ca7b91120fb7d49cd5c10018dc3" ver="3.0.0.4"
sz="53248" is="0" gfp="">c:\program
files\regshave\regshave.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="RegisterDropHandler" dat="C:\PROGRA~1\TEXTBR~1.0
\Bin\REGIST~1.EXE" nam="REGISTERDROPHANDLER MFC
Application (regist~1.exe)" pub="None"
md5="4546d855fe282eb8e2fa04e4d759b79a" ver="1, 0, 0, 1"
sz="22528" is="0" gfp="">c:\progra~1\textbr~1.0
\bin\regist~1.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="InstantAccess" dat="C:\PROGRA~1\TEXTBR~1.0
\Bin\INSTAN~1.EXE /h" nam="" pub="" md5="" ver="" sz=""
is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="e519945deb3875341d36db0ea141e0c5" ver="1.00.0509"
sz="473920" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QuickTime Task" dat=""C:\Program
Files\QuickTime\qttask.exe" -atboottime" nam="qttask.exe"
pub="Apple Computer, Inc."
md5="c9128ae6036cdf67873a516e1a00ed4b" ver="6.3"
sz="77824" is="0" gfp="">c:\program
files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Spyware Doctor" dat=""C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q" nam="Spyware Doctor
(swdoctor.exe)" pub="PCTools"
md5="f383e32dd59ffa7cb3268f9000f20737" ver="3.2.0.3421"
sz="1472184" is="0" gfp="">c:\program files\spyware
doctor\swdoctor.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\Software\Microsoft\Windows\CurrentVersion\RunSer
vices" val="AccessRampLAN 01"
dat="C:\SSBRLA\Insight\ArUpld32.exe" nam="IP Connection
Statistics (arupld32.exe)" pub="Visual Networks"
md5="30452e75d914a55f8785dd21cff6ea73" ver="4.3.2.69"
sz="252416" is="0"
gfp="">c:\ssbrla\insight\arupld32.exe</StartupFileRegistry<StartupFileRegistry ex="1"
path="HLM\Software\Microsoft\Windows\CurrentVersion\RunSer
vices" val="AccessRampMonitor 01"
dat="C:\SSBRLA\Insight\ArMon32a.exe" nam="IP Monitor
(armon32a.exe)" pub="Visual Networks"
md5="fdf1ee01b292ffdf9e033bbd1592c904" ver="4.3.2.69"
sz="71680" is="0"
gfp="">c:\ssbrla\insight\armon32a.exe</StartupFileRegistry<StartupFileRegistry ex="1"
path="HLM\Software\Microsoft\Windows\CurrentVersion\RunSer
vices" val="RegisterDropHandler" dat="C:\PROGRA~1
\TEXTBR~1.0\Bin\REGIST~1.EXE" nam="REGISTERDROPHANDLER
MFC Application (regist~1.exe)" pub="None"
md5="4546d855fe282eb8e2fa04e4d759b79a" ver="1, 0, 0, 1"
sz="22528" is="0" gfp="">c:\progra~1\textbr~1.0
\bin\regist~1.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32
\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2900.2180">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{02478D38-C3F9-4efb-9B51-
7695ECA05670}" prog="YBIOCtrl.CompanionBHO.4" val="Yahoo!
Companion BHO" nam="Yahoo! Toolbar 5.5 for Internet
Explorer (ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</BHO>
<BHO ex="1" clsid="{5C8B2A36-3DB1-42A4-A3CB-
D426709BBFEB}" prog="" val="PCTools Site Guard" nam="None
(iesdsg.dll)" pub="PC Tools"
md5="d8dc757360121251916936c2349374c2" ver="3.0.0.412"
sz="598272" is="0" gfp="">c:\progra~1\spywar~1
\tools\iesdsg.dll</BHO>
<BHO ex="1" clsid="{B56A7D7D-6927-48C8-A975-
17DF180C71AC}" prog="" val="PCTools Browser Monitor"
nam="iesdpb.dll (iesdpb.dll)" pub="GuideWorks Pty. Ltd."
md5="52941bdfa8ff199f6135ed630bb70180" ver="3.0.0.255"
sz="671392" is="0" gfp="">c:\progra~1\spywar~1
\tools\iesdpb.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4528BBE0-4E08-11D5-AD55-
00010333D0AD}" prog="" val="&Yahoo! Messenger"
nam="YhExBMes (yhexbmes0411.dll)" pub="Yahoo! Inc."
md5="c97bc13a36444da7ee0c8cd45dc0ee1b" ver="2003, 4, 11,
1" sz="296120" is="0" gfp="">c:\program files\yahoo!
\messenger\yhexbmes0411.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-
00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="ae8ab1175327702d3a6f10dc122c254e"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1483264" is="0" gfp="">c:\windows\system32
\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{83B28A74-640D-48F4-9F51-
E80EED7CC7E0}" prog="" val="SideStep" nam="SideStep
(sbcie02a.dll)" pub="SideStep Inc."
md5="abe9d10e3b170bb57b205584d6bbfcda" ver="4, 1, 19,
382" sz="208896" is="0" gfp="">c:\windows\downloaded
program files\sbcie02a.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{FE54FA40-D68C-11d2-98FA-
00C0F0318AFE}" prog="" val="Real.com" nam="Shell Doc
Object and Control Library (shdocvw.dll)" pub="Microsoft
Corporation" md5="ae8ab1175327702d3a6f10dc122c254e"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1483264" is="0" gfp="">c:\windows\system32
\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="6eea72937f62376558bf8d693c296ab4"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1016832" is="0" gfp="">c:\windows\system32
\browseui.dll</IEShellBrowser>
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</IEWebBrowser>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="6eea72937f62376558bf8d693c296ab4"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1016832" is="0" gfp="">c:\windows\system32
\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="E&xport to Microsoft
Excel">res://C:\PROGRA~1\MICROS~4\OFFICE11
\EXCEL.EXE/3000</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{37D2CDBF-2AF4-44AA-8113-
BD0D2DA3C2B8}" prog="UOL.URLSearchHook.1"
val="URLSearchHook Class" nam="Browser Search
Enhancements (searchenh1.dll)" pub="United Online, Inc."
md5="b073c343002fc8a6b4e77c0ed12b6a4d" ver="2.1.03"
sz="102472" is="0" gfp="">c:\program
files\nzsearch\searchenh1.dll</IEURLSearchHook>
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">about:blank</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defa
ults/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.dell.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Local Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search
Bar">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sb/*http://www.yahoo.com/search/ie.html</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start Page">about:blank</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defa
ults/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll
?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Bar">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sb/*http://www.yahoo.com/search/ie.html</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://my.netzero.net/s/search?
r=minisearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http://ie.search.msn.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search CustomizeSearch">http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http://ie.search.msn.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/custom
ize/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/custom
ize/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.h
tm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-
97EE-00C04FD91972}" prog="" val="URL Exec Hook"
nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8450048" is="0" gfp="">C:\WINDOWS\system32
\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-
9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="f3a7b87726c87c8e5653df0e7da15a47" ver="1.00.0509"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand
val="HCR\exefile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\comfile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\batfile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\system32
\mshta.exe "%1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\piffile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%
SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:6 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:9 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~4
\OFFICE11\OUTLOOK.EXE" -c IPM.Note /m "%
1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %
1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="{0A5FD7C5-A45C-49FC-ADB5-
9952547D5715}" prog="CTSUENG.CTSUEngCtrl.1" nam="Creative
Software AutoUpdate"
codebase="http://www.creative.com/su/ocx/15009/CTSUEng.cab
">
- <Files>
<File ex="1" nam="Creative Software AutoUpdate OCX
Module (CTSUEng.ocx)" pub="Creative Technology Ltd"
md5="278d87f436d8a207426f60892d079982" ver="1.50.7.0"
sz="225280" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\CTSUEng.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{17492023-C23A-453E-A040-
C7C580BBF700}" prog="LegitCheckControl.LegitCheck.1"
nam="Windows Genuine Advantage Validation Tool"
codebase="http://go.microsoft.com/fwlink/?
linkid=36467&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)"
pub="Microsoft" md5="76cfe0b49089af874d3d135efc38bf3a"
ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="c3c3864da698f0cc1be56f9695534dd8" ver="1.0.0132.4"
sz="421128" is="0" gfp="">C:\WINDOWS\system32
\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{30528230-99F7-4BB4-88D8-
FA1D4F56A2AB}" prog="YInstHelper.YInstStarter.1"
nam="YInstStarter Class"
codebase="http://download.yahoo.com/dl/installs/yinst0309.
cab">
- <Files>
<File ex="0" nam="(yinsthelper.dll)" pub="" md5=""
ver="" sz="" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\yinsthelper.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{4CC35DAD-40EA-4640-ACC2-
A1A3B6FB3E06}" prog="NEOTERISSETUP.NeoterisSetupCtrl.1"
nam="NeoterisSetup Control"
codebase="https://desktop.citigroup.com/dana-
cached/setup/NeoterisSetup.cab">
- <Files>
<File ex="1" nam="(setupResource_fr.dll)" pub=""
md5="0d27e2dfc791d682ef341b774a631dd9" ver="" sz="28672"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\setupResource_fr.dll</File>
<File ex="1" nam="(setupResource_de.dll)" pub=""
md5="dc347d375a5bb0f99d65dff90e3d6f6e" ver="" sz="28672"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\setupResource_de.dll</File>
<File ex="1" nam="(setupResource_ja.dll)" pub=""
md5="4e9ac08cfa91a00f7e5f5775bfe417c6" ver="" sz="24576"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\setupResource_ja.dll</File>
<File ex="1" nam="(setupResource_en.dll)" pub=""
md5="3b4c9e043bbb29c8e9b476b794b19e22" ver="" sz="28672"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\setupResource_en.dll</File>
<File ex="1" nam="Neoteris Debug Library (neodbg.dll)"
pub="Neoteris" md5="aebfbdd51c4f0532fe4bc0bf05d89158"
ver="3, 3, 0, 4683" sz="24576" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\neodbg.dll</File>
<File ex="1" nam="NeoterisSetup ActiveX Control Module
(NeoterisSetup.ocx)" pub="Neoteris, Inc."
md5="9aa385f72e7a47277b5e3be3ff9267af" ver="3, 3, 1, 23"
sz="73728" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\NeoterisSetup.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{4ED9DDF0-7479-4BBE-9335-
5A1EDB1D8A21}" prog="mcinstall.mcos.1" nam="McAfee.com
Operating System Class"
codebase="http://bin.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,76/mcinsctl.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{640B39C1-D713-464F-92C3-
75BD972B95EE}" prog="" nam=""
codebase="http://www.sidestep.com/get/k42037/sb02a.cab">
- <Files>
<File ex="1" nam="SideStep (SbCIe02a.dll)"
pub="SideStep Inc."
md5="abe9d10e3b170bb57b205584d6bbfcda" ver="4, 1, 19,
382" sz="208896" is="0" gfp="">C:\WINDOWS\Downloaded
Program Files\SbCIe02a.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{6414512B-B978-451D-A0D8-
FCFDF33E833C}" prog="SoftwareDistribution.WebControl.1"
nam="WUWebControl Class"
codebase="http://v5.windowsupdate.microsoft.com/v5consumer
/V5Controls/en/x86/client/wuweb_site.cab?1109737560756">
- <Files>
<File ex="1" nam="Windows Update Web Control
(wuweb.dll)" pub="Microsoft Corporation"
md5="0cd6248038c70b4c688dbd315d90a97a" ver="5.4.3790.2182
built by: srv03_rtm(ntvbl04)" sz="120288" is="0"
gfp="">C:\WINDOWS\system32\wuweb.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{8714912E-380D-11D5-B8AA-
00D0B78F3D48}" prog="UplApp.UplDlg.1" nam="Yahoo! Webcam
Upload Wrapper"
codebase="http://chat.yahoo.com/cab/yuplapp.cab">
- <Files>
<File ex="1" nam="kdu_v32 -- Kakadu core DLL
(kdu_v32r.dll)" pub="The University of New South Wales"
md5="1da76880df3814afd6f66d71704b23e3" ver="3, 2, 0, 1"
sz="348160" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\kdu_v32r.dll</File>
<File ex="1" nam="Webcam Upload Networking and Imaging
(ywcupl.dll)" pub="Yahoo! Inc."
md5="0aff21da874d5982884af30c7b18c881" ver="2, 0, 0, 17"
sz="253952" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\ywcupl.dll</File>
<File ex="1" nam="Webcam Upload UI (yuplapp.dll)"
pub="Yahoo! Inc." md5="c9a7906090449a70f7135c5af16438ee"
ver="2, 0, 0, 17" sz="204800" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\yuplapp.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{8AD9C840-044E-11D1-B3E9-
00805F499D93}" prog="" nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinst
all-142-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{917623D1-D8E5-11D2-BE8B-
00104B06BDE3}" prog="CamImage.CamImage.1" nam="CamImage
Class"
codebase="http://floridakeysmedia.tv/axiscam/Codebase/Axis
CamControl.ocx">
- <Files>
<File ex="1" nam="ATLCamImage Module
(AxisCamControl.ocx)" pub="None"
md5="830c7ea2844458330d26f60b3c68910d" ver="1, 0, 1, 43"
sz="181136" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\AxisCamControl.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{A17E30C4-A9BA-11D4-8673-
60DB54C10000}" prog="YMMAPI.YMailTo.1" nam="YahooYMailTo
Class"
codebase="http://us.dl1.yimg.com/download.yahoo.com/dl/ins
talls/yse/ymmapi_416.dll">
- <Files>
<File ex="1" nam="YMMAPI Module (ymmapi.dll)"
pub="Yahoo! Inc." md5="42033bff83aacc47a86f5af8629547b1"
ver="2003, 4, 16, 1" sz="145120" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\ymmapi.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{A8F2B9BD-A6A0-486A-9744-
18920D898429}" prog="ScorchActiveXPlugin.ScorchPlugin.1"
nam="ScorchPlugin Class"
codebase="http://www.sibelius.com/download/software/win/Ac
tiveXPlugin.cab">
- <Files>
<File ex="1" nam="NPSibelius.dll" pub="Unavailable"
md5="6c3c3e11ae06891df807df1be4906942" ver="Unavailable"
sz="2764800" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\NPSibelius.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{BCC0FF27-31D9-4614-A68E-
C18E1ADA4389}" prog="McGDMgr.DwnldGroupMgr.1"
nam="DwnldGroupMgr Class"
codebase="http://bin.mcafee.com/molbin/shared/mcgdmgr/en-
us/1,0,0,16/mcgdmgr.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0014-0002-0000-
ABCDEFFEDCBA}" prog="" nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinst
all-142-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-
444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1"
nam="Shockwave Flash Object"
codebase="http://download.macromedia.com/pub/shockwave/cab
s/flash/swflash.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{F58E1CEF-A068-4C15-BA5E-
587CAF3EE8C6}" prog="" nam="MSN Chat Control 4.5"
codebase="http://chat.msn.com/bin/msnchat45.cab">
- <Files>
<File ex="1" nam="MSN Chat Control (MSNChat45.ocx)"
pub="Microsoft Corporation"
md5="60fed272bdbafa8214e40ad376c9987e"
ver="9.02.0310.2401" sz="510552" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\MSNChat45.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{F6ACF75C-C32C-447B-9BEF-
46B766368D29}" prog="CTPID.CTPIDCtrl.1" nam="Creative
Software AutoUpdate Support Package"
codebase="http://www.creative.com/su/ocx/15010/CTPID.cab">
- <Files>
<File ex="1" nam="CTPID ActiveX Control Module
(CTPID.ocx)" pub="Creative Technology Ltd"
md5="7d0cb10e8ee262055eeeda8f3a6af3c6" ver="1.0.16.0"
sz="32768" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\CTPID.ocx</File>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/octet-stream" val="{1E66F26B-79EE-
11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-complus" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-msdownload" val="{1E66F26B-79EE-
11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-
00AA00B92AF1}" prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="deflate" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-
11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-
00A0C90312E1}" prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{807553E5-5146-11D5-A672-
00B0D022E945}" prog="" filter="text/xml" val="{807553E5-
5146-11D5-A672-00B0D022E945}" nam="Microsoft Office XML
MIME Filter (msoxmlmf.dll)" pub="Microsoft Corporation"
md5="7469b9d06f0299273769c3e5365f5469" ver="11.0.5510"
sz="39488" is="0" gfp="">c:\program files\common
files\microsoft shared\office11
\msoxmlmf.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="about" val="{3050F406-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-
b013-00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-
7b8b-11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CF184AD3-CDCB-4168-
A3F7-8E447D129300}" prog="HPCETI.UIZipProtocol.1"
filter="cetihpz" val="{CF184AD3-CDCB-4168-A3F7-
8E447D129300}" nam="HPCETIUI Protocol Handler Module
(hpuiprot.dll)" pub="Hewlett-Packard Company"
md5="ae8b15e1d8f3a08ee9cefc9dd515b7b6" ver="1.80.0"
sz="81920" is="0" gfp="">c:\program
files\hp\hpcoretech\comp\hpuiprot.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-
A120-47A3D7D937CC}" prog="" filter="dvd" val="{12D51199-
0DB5-46FE-A120-47A3D7D937CC}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="file" val="{79eac9e7-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="gopher"
val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="http" val="{79eac9e2-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="https" val="{79eac9e5-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-
A4CC-0000F80149F6}" prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="javascript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="local" val="{79eac9e7-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="mailto"
val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-
85E3-00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-
BCBC-11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet
Messaging API (inetcomm.dll)" pub="Microsoft Corporation"
md5="ad83a2a04f68db2dff500c30536fcd6b"
ver="6.00.2900.2527 (xpsp_sp2_gdr.040919-1056)"
sz="679424" is="0" gfp="">c:\windows\system32
\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-
A4CC-0000F80149F6}" prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{0A9007C0-4076-11D3-
8789-0000F8105754}" prog="Microsoft.ITSS.URLProtocol"
filter="ms-itss" val="{0A9007C0-4076-11D3-8789-
0000F8105754}" nam="Microsoft InfoTech Storage System
Library (msitss.dll)" pub="Microsoft Corporation"
md5="fbfef8d1ccfe1b12c0303f0c4b67eb97" ver="5.40.1171.1"
sz="221184" is="0" gfp="">c:\program files\common
files\microsoft shared\information
retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{32505114-5902-49B2-
880A-1F7738E5A384}"
prog="OWC11.Etcetera.PluggableProtocol.1" filter="mso-
offdap11" val="{32505114-5902-49B2-880A-1F7738E5A384}"
nam="Microsoft Office Web Components 2003 (owc11.dll)"
pub="Microsoft Corporation"
md5="41fea807d9fea8da5ad3e5705272bcc3" ver="11.0.5531"
sz="8086072" is="0" gfp="">c:\progra~1\common~1\micros~1
\webcom~1\11\owc11.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-
A840-006008059382}" prog="" filter="sysimage"
val="{76E67A63-06E9-11D2-A840-006008059382}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-
B6D6-00C04FBBDE6E}" prog="" filter="tv" val="{CBD30858-
AF45-11D2-B6D6-00C04FBBDE6E}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="vbscript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-
AD76-D2853AC8BECE}" prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA
Scripting Layer (wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-
11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk"
namespacefilter="NameSpace Filter for MKMSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32
\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32
\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">2</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7849596a-
48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{fbeb8a05-
beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-
DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft
Corporation" md5="6501db5182d5a8c0f1f1707286161d66"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="276480" is="0" gfp="">c:\windows\system32
\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-
2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)"
pub="Microsoft Corporation"
md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32
\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway
Service" desc="Provides support for 3rd party protocol
plug-ins for Internet Connection Sharing and the Windows
Firewall." nam="Application Layer Gateway Service
(alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="AOL Connectivity Service" desc=""
nam="AOL Connectivity Service (acsd.exe)" pub="America
Online, Inc." md5="73d675514f148b1e69429e1d95e22adc"
ver="1,0,17,5" sz="1376360" is="0" gfp="">C:\PROGRA~1
\COMMON~1\AOL\ACS\acsd.exe</Service>
<Service ex="1" disp="ASP.NET State Service"
desc="Provides support for out-of-process session states
for ASP.NET. If this service is stopped, out-of-process
requests will not be processed. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="aspnet_state.exe (aspnet_state.exe)"
pub="Microsoft Corporation"
md5="e1a1206a4fb19b675e947b29ccd25fba"
ver="1.1.4322.2032" sz="32768" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
\aspnet_state.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes
contents and properties of files on local and remote
computers; provides rapid access to files through
flexible querying language." nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook
Viewer to store information and share it with remote
computers. If the service is stopped, ClipBook Viewer
will not be able to share information with remote
computers. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Windows
NT DDE Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application"
desc="Manages the configuration and tracking of Component
Object Model (COM)+-based components. If the service is
stopped, most COM+-based components will not function
properly. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\system32\dllhost.exe</Service>
<Service ex="1" disp="Creative Service for CDROM
Access" desc="" nam="Creative Service for CDROM Access
(CTSvcCDA.EXE)" pub="Creative Technology Ltd"
md5="3c8b6609712f4ff78e521f6dcfc4032b" ver="1.0.1.0"
sz="44032" is="0" gfp="">C:\WINDOWS\System32
\CTSvcCDA.EXE</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative Service" desc="Configures hard disk drives
and volumes. The service only runs for configuration
processes and then stops." nam="Logical Disk Manager
service process (dmadmin.exe)" pub="Microsoft Corp.,
Veritas Software" md5="554c7cb178fe3bd12450b81ad63adbc3"
ver="2600.2180.503.0" sz="224768" is="0"
gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event
log messages issued by Windows-based programs and
components to be viewed in Event Viewer. This service
cannot be stopped." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service"
desc="Manages CD recording using Image Mastering
Applications Programming Interface (IMAPI). If this
service is stopped, this computer will be unable to
record CDs. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Image Mastering API (imapi.exe)" pub="Microsoft
Corporation" md5="fa788520bcac0f5d9d5cde5615c0d931"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="150016" is="0" gfp="">C:\WINDOWS\system32
\imapi.exe</Service>
<Service ex="1" disp="Visual IP InSight Client
(CitiGroup-WWDS)" desc="" nam="IPI Launch Service
(LaunchIPI.exe)" pub="Visual Networks"
md5="b0ca5882e480d71ff89b945f3cd9c5b9" ver="4.3.2.69"
sz="59904" is="0"
gfp="">C:\ssbrla\insight\LaunchIPI.exe</Service>
<Service ex="1" disp="Iomega App Services" desc=""
nam="AppServices (AppServices.exe)" pub="Iomega
Corporation" md5="19ef7fb809d3073ee60f85464e9c4c51"
ver="2, 0, 2, 5" sz="73728" is="0" gfp="">C:\PROGRA~1
\Iomega\System32\AppServices.exe</Service>
<Service ex="1" disp="McAfee.com McShield" desc=""
nam="mcshield.exe" pub="Unavailable"
md5="97addee4dc70929a8b482a7ae7842920" ver="Unavailable"
sz="225375" is="0" gfp="">c:\PROGRA~1
\mcafee.com\vso\mcshield.exe</Service>
<Service ex="1" disp="McAfee SecurityCenter Update
Manager" desc="" nam="McAfee SecurityCenter Update
Manager (mcupdmgr.exe)" pub="Networks Associates
Technology, Inc" md5="71f408756b910cd33610105dc59425ca"
ver="4, 3, 0, 8" sz="245760" is="0" gfp="">C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe</Service>
<Service ex="1" disp="McAfee.com VirusScan Online
Realtime Engine" desc="" nam="McAfee VirusScan Real-time
Engine (mcvsrte.exe)" pub="Networks Associates
Technology, Inc" md5="b1e94b3ed8af23aebbc2ccfccadba104"
ver="8, 0, 0, 12" sz="106496" is="0" gfp="">c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop
Sharing" desc="Enables an authorized user to access this
computer remotely by using NetMeeting over a corporate
intranet. If this service is stopped, remote desktop
sharing will be unavailable. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="NetMeeting Remote Desktop Sharing
(mnmsrvc.exe)" pub="Microsoft Corporation"
md5="f6415361201915b9fe3896b0e4e724ff"
ver="5.1.2600.2180" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that span
multiple resource managers, such as databases, message
queues, and file systems. If this service is stopped,
these transactions will not occur. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="c7c3d89eb0a6f3dba622ea737fa335b1"
ver="2001.12.4414.258" sz="6144" is="0"
gfp="">C:\WINDOWS\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds,
modifies, and removes applications provided as a Windows
Installer (*.msi) package. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="Windows installer (msiexec.exe)"
pub="Microsoft Corporation"
md5="f5f0146580e7023adb963879840777f8"
ver="3.1.4000.1823" sz="78848" is="0"
gfp="">C:\WINDOWS\system32\msiexec.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides
network transport and security for Dynamic Data Exchange
(DDE) for programs running on the same computer or on
different computers. If this service is stopped, DDE
transport and security will be unavailable. If this
service is disabled, any services that explicitly depend
on it will fail to start." nam="Network DDE - DDE
Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
Dynamic Data Exchange (DDE) network shares. If this
service is stopped, DDE network shares will be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-
through authentication of account logon events for
computers in a domain." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="NICSer_WPC54GS" desc="" nam="None
(NICServ.exe)" pub="None"
md5="6fc277793d4cbdeaee0121eda6905661" ver="1.1.0.0"
sz="455680" is="0" gfp="">C:\Program
Files\Linksys\Wireless-G Notebook Adapter with
SpeedBooster\NICServ.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="NVIDIA Display Driver Service"
desc="Provides system and desktop level support to the
NVIDIA display driver" nam="NVIDIA Driver Helper Service,
Version 67.42 (nvsvc32.exe)" pub="NVIDIA Corporation"
md5="9233d25a68f320eb2361e5c383c1f31f" ver="6.14.10.6742"
sz="127044" is="0" gfp="">C:\WINDOWS\system32
\nvsvc32.exe</Service>
<Service ex="1" disp="Office Source Engine" desc="Saves
installation files used for updates and repairs and is
required for the downloading of Setup updates and Watson
error reports." nam="Office Source Engine (OSE.EXE)"
pub="Microsoft Corporation"
md5="7a56cf3e3f12e8af599963b16f50fb6a" ver="11.0.5525"
sz="89136" is="0" gfp="">C:\Program Files\Common
Files\Microsoft Shared\Source Engine\OSE.EXE</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a
computer to recognize and adapt to hardware changes with
little or no user input. Stopping or disabling this
service will result in system instability." nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="108032" is="0" gfp="">C:\WINDOWS\system32
\services.exe</Service>
<Service ex="1" disp="Pml Driver HPZ12" desc=""
nam="PML Driver (HPZipm12.exe)" pub="HP"
md5="5c1cadd1cb67c0b9d8a84ec6e4d6b5cc" ver="7, 0, 0, 0"
sz="65795" is="0" gfp="">C:\WINDOWS\System32
\HPZipm12.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP
security policy and starts the ISAKMP/Oakley (IKE) and
the IP security driver." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private
keys, to prevent access by unauthorized services,
processes, or users." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session
Manager" desc="Manages and controls Remote Assistance. If
this service is stopped, Remote Assistance will be
unavailable. Before stopping this service, see the
Dependencies tab of the Properties dialog box."
nam="Microsoft Remote Desktop Help Session Manager
(sessmgr.exe)" pub="Microsoft Corporation"
md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="140800" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="793f04a09b15e7c6c11dbdffaf06c0ab"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75264"
is="0" gfp="">C:\WINDOWS\system32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality
for QoS-aware programs and control applets."
nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft
Corporation" md5="471b3f9741d762abe75e9deea4787e47"
ver="5.1.2600.0 (xpclient.010817-1148)" sz="132608"
is="0" gfp="">C:\WINDOWS\system32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user
accounts." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access
to smart cards read by this computer. If this service is
stopped, this computer will be unable to read smart
cards. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Smart
Card Resource Management Server (SCardSvr.exe)"
pub="Microsoft Corporation"
md5="25d8de134df108e3dbc8d7d23b1aa58e" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="95744" is="0"
gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files
to memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Manages software-based volume shadow copies taken
by the Volume Shadow Copy service. If this service is
stopped, software-based volume shadow copies cannot be
managed. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\system32\dllhost.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Collects performance data from local or remote
computers based on preconfigured schedule parameters,
then writes the data to a log or triggers an alert. If
this service is stopped, performance information will not
be collected. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="8b54aa346d1b1b113ffaa75501b8b1b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Telnet" desc="Enables a remote
user to log on to this computer and run programs, and
supports various TCP/IP Telnet clients, including UNIX-
based and Windows-based computers. If this service is
stopped, remote user access to programs might be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Telnet (tlntsvr.exe)" pub="Microsoft Corporation"
md5="37db0a7d097310e8b4de803fc3119c78" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="73216" is="0"
gfp="">C:\WINDOWS\system32\tlntsvr.exe</Service>
<Service ex="1" disp="Windows User Mode Driver
Framework" desc="Enables Windows user mode drivers."
nam="Windows User Mode Driver Manager (wdfmgr.exe)"
pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages
and implements Volume Shadow Copies used for backup and
other purposes. If this service is stopped, shadow copies
will be unavailable for backup and the backup may fail.
If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Microsoft Volume
Shadow Copy Service (vssvc.exe)" pub="Microsoft
Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="289792" is="0" gfp="">C:\WINDOWS\System32
\vssvc.exe</Service>
<Service ex="1" disp="WAN Miniport (ATW) Service"
desc="" nam="Wan Miniport (ATW) Service (wanmpsvc.exe)"
pub="America Online, Inc."
md5="909f2dc0da7f57d229a05ee90647b2c3" ver="7, 0, 0, 2"
sz="65536" is="0"
gfp="">C:\WINDOWS\wanmpsvc.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC)"
desc="Serves shared multimedia content to Universal Plug
and Play devices" nam="Windows Media Connect
(mswmccds.exe)" pub="Microsoft Corporation"
md5="20263dafd033d30f151bb87568386769" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="483328" is="0"
gfp="">c:\program files\windows media
connect\mswmccds.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC)
Helper" desc="Monitors the network for new UPnP Media
Renderer devices." nam="Windows Media Connect
(mswmcls.exe)" pub="Microsoft Corporation"
md5="1dd015a69235dcfae18b5f98fb50be23" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="28160" is="0"
gfp="">C:\Program Files\Windows Media
Connect\mswmcls.exe</Service>
<Service ex="1" disp="WMDM PMSP Service" desc=""
nam="WMDM PMSP Service (MsPMSPSv.exe)" pub="Microsoft
Corporation" md5="581176f60885aef8f78c6e38dcc3cdf9"
ver="7.00.00.1954" sz="53520" is="0"
gfp="">C:\WINDOWS\System32\MsPMSPSv.exe</Service>
<Service ex="1" disp="WMI Performance Adapter"
desc="Provides performance library information from WMI
HiPerf providers." nam="WMI Performance Adapter Service
(wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\system32\wbem\wmiapsrv.exe</Service>
<Service ex="1" disp="Iomega Active Disk" desc=""
nam="Active Disk Service (ADService.exe)" pub="Iomega
Corporation" md5="b624180218bb196ad9869d5d6b454318"
ver="3, 2, 1, 5" sz="151552" is="0" gfp="">C:\Program
Files\Iomega\AutoDisk\ADService.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="1060" nam="Windows NT Session
Manager (smss.exe)" pub="Microsoft Corporation"
md5="bd7fb0957c716f1a60333aee04de2178" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="1172" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="f12b178b1678d778cfd3ff1fc38c71fb" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">c:\windows\system32\csrss.exe</Process>
<Process ex="1" pid="1200" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="01c3346c241652f43aed8e2149881bfe" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="1244" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="1256" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="1440" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1524" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1880" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1940" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="216" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="724" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="872" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="a0732187050030ae399b241436565e64"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="1692" nam="DVDSentry
(dsentry.exe)" pub="Dell - Advanced Desktop Engineering"
md5="b434b19e717a4e6e8de708008b55b7f9" ver="1, 0, 0, 0"
sz="28672" is="0" gfp="">c:\windows\system32
\dsentry.exe</Process>
<Process ex="1" pid="1700" nam="Drive Letter Access
Component (tfswctrl.exe)" pub="Sonic Solutions"
md5="2bff8a443334a034df73d2c8d808d2a7" ver="1.04.05b"
sz="114741" is="0" gfp="">c:\windows\system32
\dla\tfswctrl.exe</Process>
<Process ex="1" pid="1728" nam="Support (support.exe)"
pub="Dell" md5="27b68f137ed4c85ff92db98231bf11ed" ver="2,
1, 1, 0" sz="323584" is="0" gfp="">c:\program
files\common files\dell\eusw\support.exe</Process>
<Process ex="1" pid="1816" nam="Alps Pointing-device
Driver (apoint.exe)" pub="Alps Electric Co., Ltd."
md5="81924a480fcecf6aa71ddf0c2fabc2cc" ver="5.4.101.115"
sz="147456" is="0" gfp="">c:\program
files\apoint\apoint.exe</Process>
<Process ex="1" pid="776" nam="(notifyalert.exe)"
pub="" md5="68d63d92d73146ef9a5efd5e7f25611e"
ver="2.1.0.72" sz="352256" is="0" gfp="">c:\program
files\dell\support\alert\bin\notifyalert.exe</Process>
<Process ex="1" pid="784" nam="(instan~1.exe)" pub=""
md5="7668193f7dc461b10c11cb3e72a70656" ver="" sz="31744"
is="0" gfp="">c:\progra~1\textbr~1.0
\bin\instan~1.exe</Process>
<Process ex="1" pid="788" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="e519945deb3875341d36db0ea141e0c5" ver="1.00.0509"
sz="473920" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="808" nam="Spyware Doctor
(swdoctor.exe)" pub="PCTools"
md5="f383e32dd59ffa7cb3268f9000f20737" ver="3.2.0.3421"
sz="1472184" is="0" gfp="">c:\program files\spyware
doctor\swdoctor.exe</Process>
<Process ex="1" pid="1116" nam="Alps Pointing-device
Driver for Windows NT/2000/XP (apntex.exe)" pub="Alps
Electric Co., Ltd."
md5="cca1b81492b40890e44b2b20a780ee1f" ver="5.0.1.15"
sz="45056" is="0" gfp="">c:\program
files\apoint\apntex.exe</Process>
<Process ex="1" pid="1936" nam="Odyssey COM Host
(odhost.exe)" pub="None"
md5="8c5c6769b35f058396dbd63c856646b5" ver="1, 0, 0, 1"
sz="24576" is="0" gfp="">c:\program
files\linksys\wireless-g notebook adapter with
speedbooster\odhost.exe</Process>
<Process ex="1" pid="272" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft
Corporation" md5="ebb4d674ec5c5b34ef8a1ba14676de8e"
ver="1.00.0509" sz="752456" is="0" gfp="">c:\program
files\microsoft antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="432" nam="Linksys Instant WLAN
Monitor (wpc54cfg.exe)" pub="The Linksys Group, Inc."
md5="99d94789be30d494627764b1bfe221c6" ver="1.0.0.22"
sz="5429248" is="0" gfp="">c:\program
files\linksys\wireless-g notebook adapter with
speedbooster\wpc54cfg.exe</Process>
<Process ex="1" pid="184" nam="AOL Connectivity Service
(acsd.exe)" pub="America Online, Inc."
md5="73d675514f148b1e69429e1d95e22adc" ver="1,0,17,5"
sz="1376360" is="0" gfp="">c:\progra~1\common~1
\aol\acs\acsd.exe</Process>
<Process ex="1" pid="476" nam="Creative Service for
CDROM Access (ctsvccda.exe)" pub="Creative Technology
Ltd" md5="3c8b6609712f4ff78e521f6dcfc4032b" ver="1.0.1.0"
sz="44032" is="0" gfp="">c:\windows\system32
\ctsvccda.exe</Process>
<Process ex="1" pid="652" nam="IP Connection Statistics
(arupld32.exe)" pub="Visual Networks"
md5="30452e75d914a55f8785dd21cff6ea73" ver="4.3.2.69"
sz="252416" is="0"
gfp="">c:\ssbrla\insight\arupld32.exe</Process>
<Process ex="1" pid="688" nam="AppServices
(appservices.exe)" pub="Iomega Corporation"
md5="19ef7fb809d3073ee60f85464e9c4c51" ver="2, 0, 2, 5"
sz="73728" is="0" gfp="">c:\progra~1\iomega\system32
\appservices.exe</Process>
<Process ex="1" pid="696" nam="IP Monitor
(armon32a.exe)" pub="Visual Networks"
md5="fdf1ee01b292ffdf9e033bbd1592c904" ver="4.3.2.69"
sz="71680" is="0"
gfp="">c:\ssbrla\insight\armon32a.exe</Process>
<Process ex="1" pid="192" nam="McAfee VirusScan Real-
time Engine (mcvsrte.exe)" pub="Networks Associates
Technology, Inc" md5="b1e94b3ed8af23aebbc2ccfccadba104"
ver="8, 0, 0, 12" sz="106496" is="0" gfp="">c:\progra~1
\mcafee.com\vso\mcvsrte.exe</Process>
<Process ex="1" pid="1036" nam="None (nicserv.exe)"
pub="None" md5="6fc277793d4cbdeaee0121eda6905661"
ver="1.1.0.0" sz="455680" is="0" gfp="">c:\program
files\linksys\wireless-g notebook adapter with
speedbooster\nicserv.exe</Process>
<Process ex="1" pid="1100" nam="NVIDIA Driver Helper
Service, Version 67.42 (nvsvc32.exe)" pub="NVIDIA
Corporation" md5="9233d25a68f320eb2361e5c383c1f31f"
ver="6.14.10.6742" sz="127044" is="0"
gfp="">c:\windows\system32\nvsvc32.exe</Process>
<Process ex="1" pid="1468" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1600" nam="Wan Miniport (ATW)
Service (wanmpsvc.exe)" pub="America Online, Inc."
md5="909f2dc0da7f57d229a05ee90647b2c3" ver="7, 0, 0, 2"
sz="65536" is="0"
gfp="">c:\windows\wanmpsvc.exe</Process>
<Process ex="1" pid="1660" nam="WMDM PMSP Service
(mspmspsv.exe)" pub="Microsoft Corporation"
md5="581176f60885aef8f78c6e38dcc3cdf9" ver="7.00.00.1954"
sz="53520" is="0" gfp="">c:\windows\system32
\mspmspsv.exe</Process>
<Process ex="1" pid="1784" nam="Active Disk Service
(adservice.exe)" pub="Iomega Corporation"
md5="b624180218bb196ad9869d5d6b454318" ver="3, 2, 1, 5"
sz="151552" is="0" gfp="">c:\program
files\iomega\autodisk\adservice.exe</Process>
<Process ex="1" pid="2820" nam="WMI Performance Adapter
Service (wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">c:\windows\system32\wbem\wmiapsrv.exe</Process>
<Process ex="1" pid="2916" nam="mcshield.exe"
pub="Unavailable" md5="97addee4dc70929a8b482a7ae7842920"
ver="Unavailable" sz="225375" is="0" gfp="">c:\progra~1
\mcafee.com\vso\mcshield.exe</Process>
<Process ex="1" pid="2272" nam="Application Layer
Gateway Service (alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">c:\windows\system32\alg.exe</Process>
<Process ex="1" pid="380" nam="Internet Explorer
(iexplore.exe)" pub="Microsoft Corporation"
md5="e7484514c0464642be7b4dc2689354c8"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="93184" is="0" gfp="">c:\program files\internet
explorer\iexplore.exe</Process>
<Process ex="1" pid="3744" nam="IP Connection
Statistics (arupld32.exe)" pub="Visual Networks"
md5="30452e75d914a55f8785dd21cff6ea73" ver="4.3.2.69"
sz="252416" is="0"
gfp="">c:\ssbrla\insight\arupld32.exe</Process>
<Process ex="1" pid="1872" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="f0b4af2924697573e893d76229ff48d8"
ver="1.00.0509" sz="4586320" is="0" gfp="">c:\program
files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="1868" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="7ed5a4f71d669274adceeca2338ab28d"
ver="1.00.0509" sz="400192" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
the cycnic that I am, maybe he spyware rats have blocked
this path!
Anyway.I have a pop up window named Aurora which I cannot
outsmart. Maybe tied this file:
C:/windows/prefetch/PROTECTOR_UPDATE[1].EXE-12D260CA.pf
Below is the report MSAS assembled to go with my report.
Can you pass this info along to the correct group?
And..an some tell me how to rid my machine of this
problem?
If spyware people can control my machine like this, can't
they also access my personal stuff, SSN, credit info,
etc.???
Why do the bother to even do this? I would never actually
look at their stuff or buy anything from vendors who use
them.
Assembled report from msas:
- <MSSSRT version="1.0.509" createdate="5/3/2005 11:22:01
AM" os="XP.2600" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Wireless-G Notebook
Adapter with SpeedBooster Utility.lnk" nam="Startup MFC
Application (startup.exe)" pub="None"
md5="e7684929d4dad95c7c631fab77100137" ver="1, 0, 0, 1"
sz="24576" is="0" gfp="">c:\program
files\linksys\wireless-g notebook adapter with
speedbooster\startup.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NvCplDaemon" dat="RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup" nam="NVIDIA Display Properties
Extension (nvcpl.dll)" pub="NVIDIA Corporation"
md5="c28deeda832dd438f4f6de5bbf1d9556" ver="6.14.10.6742"
sz="4632576" is="0" gfp="">c:\windows\system32
\nvcpl.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="nwiz" dat="nwiz.exe /installquiet" nam="NVIDIA nView
Wizard, Version 67.42 (nwiz.exe)" pub="NVIDIA
Corporation" md5="0bd6973f95cf3b90dc0cec8a16e2a482"
ver="6.14.10.6742" sz="921600" is="0"
gfp="">c:\windows\system32\nwiz.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="DVDSentry" dat="C:\WINDOWS\System32\DSentry.exe"
nam="DVDSentry (dsentry.exe)" pub="Dell - Advanced
Desktop Engineering"
md5="b434b19e717a4e6e8de708008b55b7f9" ver="1, 0, 0, 0"
sz="28672" is="0" gfp="">c:\windows\system32
\dsentry.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="dla" dat="C:\WINDOWS\system32\dla\tfswctrl.exe"
nam="Drive Letter Access Component (tfswctrl.exe)"
pub="Sonic Solutions"
md5="2bff8a443334a034df73d2c8d808d2a7" ver="1.04.05b"
sz="114741" is="0" gfp="">c:\windows\system32
\dla\tfswctrl.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="" dat="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="PrinTray" dat="C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\printray.exe" nam="PrinTray
(printray.exe)" pub="Lexmark"
md5="f45d04cb01feaa8dbf3e09407e9a1fb3" ver="1, 0, 0, 7"
sz="36864" is="0" gfp="">c:\windows\system32
\spool\drivers\w32x86\3
\printray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Apoint" dat="C:\Program Files\Apoint\Apoint.exe"
nam="Alps Pointing-device Driver (apoint.exe)" pub="Alps
Electric Co., Ltd."
md5="81924a480fcecf6aa71ddf0c2fabc2cc" ver="5.4.101.115"
sz="147456" is="0" gfp="">c:\program
files\apoint\apoint.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SprintPort" dat=""C:\Program Files\Novatel
Wireless\SprintPort\SprintPortA.exe"" nam="SprintPort
HSRAS Serial Redirector (sprintporta.exe)"
pub="CommWorks" md5="96a7853d973629735951d1929e9edb3b"
ver="1, 0, 0, 11" sz="122959" is="0" gfp="">c:\program
files\novatel
wireless\sprintport\sprintporta.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="REGSHAVE" dat="C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" nam="Shaving
Registry (regshave.exe)" pub="FUJI PHOTO FILM CO., LTD."
md5="552e9ca7b91120fb7d49cd5c10018dc3" ver="3.0.0.4"
sz="53248" is="0" gfp="">c:\program
files\regshave\regshave.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="RegisterDropHandler" dat="C:\PROGRA~1\TEXTBR~1.0
\Bin\REGIST~1.EXE" nam="REGISTERDROPHANDLER MFC
Application (regist~1.exe)" pub="None"
md5="4546d855fe282eb8e2fa04e4d759b79a" ver="1, 0, 0, 1"
sz="22528" is="0" gfp="">c:\progra~1\textbr~1.0
\bin\regist~1.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="InstantAccess" dat="C:\PROGRA~1\TEXTBR~1.0
\Bin\INSTAN~1.EXE /h" nam="" pub="" md5="" ver="" sz=""
is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="e519945deb3875341d36db0ea141e0c5" ver="1.00.0509"
sz="473920" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QuickTime Task" dat=""C:\Program
Files\QuickTime\qttask.exe" -atboottime" nam="qttask.exe"
pub="Apple Computer, Inc."
md5="c9128ae6036cdf67873a516e1a00ed4b" ver="6.3"
sz="77824" is="0" gfp="">c:\program
files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Spyware Doctor" dat=""C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q" nam="Spyware Doctor
(swdoctor.exe)" pub="PCTools"
md5="f383e32dd59ffa7cb3268f9000f20737" ver="3.2.0.3421"
sz="1472184" is="0" gfp="">c:\program files\spyware
doctor\swdoctor.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\Software\Microsoft\Windows\CurrentVersion\RunSer
vices" val="AccessRampLAN 01"
dat="C:\SSBRLA\Insight\ArUpld32.exe" nam="IP Connection
Statistics (arupld32.exe)" pub="Visual Networks"
md5="30452e75d914a55f8785dd21cff6ea73" ver="4.3.2.69"
sz="252416" is="0"
gfp="">c:\ssbrla\insight\arupld32.exe</StartupFileRegistry<StartupFileRegistry ex="1"
path="HLM\Software\Microsoft\Windows\CurrentVersion\RunSer
vices" val="AccessRampMonitor 01"
dat="C:\SSBRLA\Insight\ArMon32a.exe" nam="IP Monitor
(armon32a.exe)" pub="Visual Networks"
md5="fdf1ee01b292ffdf9e033bbd1592c904" ver="4.3.2.69"
sz="71680" is="0"
gfp="">c:\ssbrla\insight\armon32a.exe</StartupFileRegistry<StartupFileRegistry ex="1"
path="HLM\Software\Microsoft\Windows\CurrentVersion\RunSer
vices" val="RegisterDropHandler" dat="C:\PROGRA~1
\TEXTBR~1.0\Bin\REGIST~1.EXE" nam="REGISTERDROPHANDLER
MFC Application (regist~1.exe)" pub="None"
md5="4546d855fe282eb8e2fa04e4d759b79a" ver="1, 0, 0, 1"
sz="22528" is="0" gfp="">c:\progra~1\textbr~1.0
\bin\regist~1.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32
\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2900.2180">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{02478D38-C3F9-4efb-9B51-
7695ECA05670}" prog="YBIOCtrl.CompanionBHO.4" val="Yahoo!
Companion BHO" nam="Yahoo! Toolbar 5.5 for Internet
Explorer (ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</BHO>
<BHO ex="1" clsid="{5C8B2A36-3DB1-42A4-A3CB-
D426709BBFEB}" prog="" val="PCTools Site Guard" nam="None
(iesdsg.dll)" pub="PC Tools"
md5="d8dc757360121251916936c2349374c2" ver="3.0.0.412"
sz="598272" is="0" gfp="">c:\progra~1\spywar~1
\tools\iesdsg.dll</BHO>
<BHO ex="1" clsid="{B56A7D7D-6927-48C8-A975-
17DF180C71AC}" prog="" val="PCTools Browser Monitor"
nam="iesdpb.dll (iesdpb.dll)" pub="GuideWorks Pty. Ltd."
md5="52941bdfa8ff199f6135ed630bb70180" ver="3.0.0.255"
sz="671392" is="0" gfp="">c:\progra~1\spywar~1
\tools\iesdpb.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4528BBE0-4E08-11D5-AD55-
00010333D0AD}" prog="" val="&Yahoo! Messenger"
nam="YhExBMes (yhexbmes0411.dll)" pub="Yahoo! Inc."
md5="c97bc13a36444da7ee0c8cd45dc0ee1b" ver="2003, 4, 11,
1" sz="296120" is="0" gfp="">c:\program files\yahoo!
\messenger\yhexbmes0411.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-
00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="ae8ab1175327702d3a6f10dc122c254e"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1483264" is="0" gfp="">c:\windows\system32
\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{83B28A74-640D-48F4-9F51-
E80EED7CC7E0}" prog="" val="SideStep" nam="SideStep
(sbcie02a.dll)" pub="SideStep Inc."
md5="abe9d10e3b170bb57b205584d6bbfcda" ver="4, 1, 19,
382" sz="208896" is="0" gfp="">c:\windows\downloaded
program files\sbcie02a.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{FE54FA40-D68C-11d2-98FA-
00C0F0318AFE}" prog="" val="Real.com" nam="Shell Doc
Object and Control Library (shdocvw.dll)" pub="Microsoft
Corporation" md5="ae8ab1175327702d3a6f10dc122c254e"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1483264" is="0" gfp="">c:\windows\system32
\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="6eea72937f62376558bf8d693c296ab4"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1016832" is="0" gfp="">c:\windows\system32
\browseui.dll</IEShellBrowser>
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</IEWebBrowser>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="6eea72937f62376558bf8d693c296ab4"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="1016832" is="0" gfp="">c:\windows\system32
\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="E&xport to Microsoft
Excel">res://C:\PROGRA~1\MICROS~4\OFFICE11
\EXCEL.EXE/3000</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{37D2CDBF-2AF4-44AA-8113-
BD0D2DA3C2B8}" prog="UOL.URLSearchHook.1"
val="URLSearchHook Class" nam="Browser Search
Enhancements (searchenh1.dll)" pub="United Online, Inc."
md5="b073c343002fc8a6b4e77c0ed12b6a4d" ver="2.1.03"
sz="102472" is="0" gfp="">c:\program
files\nzsearch\searchenh1.dll</IEURLSearchHook>
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">about:blank</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defa
ults/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.dell.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Local Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search
Bar">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sb/*http://www.yahoo.com/search/ie.html</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start Page">about:blank</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defa
ults/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll
?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Bar">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sb/*http://www.yahoo.com/search/ie.html</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://my.netzero.net/s/search?
r=minisearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http://ie.search.msn.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search CustomizeSearch">http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http://ie.search.msn.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/custom
ize/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/custom
ize/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.h
tm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-
97EE-00C04FD91972}" prog="" val="URL Exec Hook"
nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8450048" is="0" gfp="">C:\WINDOWS\system32
\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-
9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="f3a7b87726c87c8e5653df0e7da15a47" ver="1.00.0509"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand
val="HCR\exefile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\comfile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\batfile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\system32
\mshta.exe "%1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\piffile\shell\open\command">"%1" %
*</ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%
SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:6 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:9 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~4
\OFFICE11\OUTLOOK.EXE" -c IPM.Note /m "%
1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %
1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="{0A5FD7C5-A45C-49FC-ADB5-
9952547D5715}" prog="CTSUENG.CTSUEngCtrl.1" nam="Creative
Software AutoUpdate"
codebase="http://www.creative.com/su/ocx/15009/CTSUEng.cab
">
- <Files>
<File ex="1" nam="Creative Software AutoUpdate OCX
Module (CTSUEng.ocx)" pub="Creative Technology Ltd"
md5="278d87f436d8a207426f60892d079982" ver="1.50.7.0"
sz="225280" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\CTSUEng.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{17492023-C23A-453E-A040-
C7C580BBF700}" prog="LegitCheckControl.LegitCheck.1"
nam="Windows Genuine Advantage Validation Tool"
codebase="http://go.microsoft.com/fwlink/?
linkid=36467&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)"
pub="Microsoft" md5="76cfe0b49089af874d3d135efc38bf3a"
ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="c3c3864da698f0cc1be56f9695534dd8" ver="1.0.0132.4"
sz="421128" is="0" gfp="">C:\WINDOWS\system32
\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{30528230-99F7-4BB4-88D8-
FA1D4F56A2AB}" prog="YInstHelper.YInstStarter.1"
nam="YInstStarter Class"
codebase="http://download.yahoo.com/dl/installs/yinst0309.
cab">
- <Files>
<File ex="0" nam="(yinsthelper.dll)" pub="" md5=""
ver="" sz="" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\yinsthelper.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{4CC35DAD-40EA-4640-ACC2-
A1A3B6FB3E06}" prog="NEOTERISSETUP.NeoterisSetupCtrl.1"
nam="NeoterisSetup Control"
codebase="https://desktop.citigroup.com/dana-
cached/setup/NeoterisSetup.cab">
- <Files>
<File ex="1" nam="(setupResource_fr.dll)" pub=""
md5="0d27e2dfc791d682ef341b774a631dd9" ver="" sz="28672"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\setupResource_fr.dll</File>
<File ex="1" nam="(setupResource_de.dll)" pub=""
md5="dc347d375a5bb0f99d65dff90e3d6f6e" ver="" sz="28672"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\setupResource_de.dll</File>
<File ex="1" nam="(setupResource_ja.dll)" pub=""
md5="4e9ac08cfa91a00f7e5f5775bfe417c6" ver="" sz="24576"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\setupResource_ja.dll</File>
<File ex="1" nam="(setupResource_en.dll)" pub=""
md5="3b4c9e043bbb29c8e9b476b794b19e22" ver="" sz="28672"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\setupResource_en.dll</File>
<File ex="1" nam="Neoteris Debug Library (neodbg.dll)"
pub="Neoteris" md5="aebfbdd51c4f0532fe4bc0bf05d89158"
ver="3, 3, 0, 4683" sz="24576" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\neodbg.dll</File>
<File ex="1" nam="NeoterisSetup ActiveX Control Module
(NeoterisSetup.ocx)" pub="Neoteris, Inc."
md5="9aa385f72e7a47277b5e3be3ff9267af" ver="3, 3, 1, 23"
sz="73728" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\NeoterisSetup.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{4ED9DDF0-7479-4BBE-9335-
5A1EDB1D8A21}" prog="mcinstall.mcos.1" nam="McAfee.com
Operating System Class"
codebase="http://bin.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,76/mcinsctl.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{640B39C1-D713-464F-92C3-
75BD972B95EE}" prog="" nam=""
codebase="http://www.sidestep.com/get/k42037/sb02a.cab">
- <Files>
<File ex="1" nam="SideStep (SbCIe02a.dll)"
pub="SideStep Inc."
md5="abe9d10e3b170bb57b205584d6bbfcda" ver="4, 1, 19,
382" sz="208896" is="0" gfp="">C:\WINDOWS\Downloaded
Program Files\SbCIe02a.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{6414512B-B978-451D-A0D8-
FCFDF33E833C}" prog="SoftwareDistribution.WebControl.1"
nam="WUWebControl Class"
codebase="http://v5.windowsupdate.microsoft.com/v5consumer
/V5Controls/en/x86/client/wuweb_site.cab?1109737560756">
- <Files>
<File ex="1" nam="Windows Update Web Control
(wuweb.dll)" pub="Microsoft Corporation"
md5="0cd6248038c70b4c688dbd315d90a97a" ver="5.4.3790.2182
built by: srv03_rtm(ntvbl04)" sz="120288" is="0"
gfp="">C:\WINDOWS\system32\wuweb.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{8714912E-380D-11D5-B8AA-
00D0B78F3D48}" prog="UplApp.UplDlg.1" nam="Yahoo! Webcam
Upload Wrapper"
codebase="http://chat.yahoo.com/cab/yuplapp.cab">
- <Files>
<File ex="1" nam="kdu_v32 -- Kakadu core DLL
(kdu_v32r.dll)" pub="The University of New South Wales"
md5="1da76880df3814afd6f66d71704b23e3" ver="3, 2, 0, 1"
sz="348160" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\kdu_v32r.dll</File>
<File ex="1" nam="Webcam Upload Networking and Imaging
(ywcupl.dll)" pub="Yahoo! Inc."
md5="0aff21da874d5982884af30c7b18c881" ver="2, 0, 0, 17"
sz="253952" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\ywcupl.dll</File>
<File ex="1" nam="Webcam Upload UI (yuplapp.dll)"
pub="Yahoo! Inc." md5="c9a7906090449a70f7135c5af16438ee"
ver="2, 0, 0, 17" sz="204800" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\yuplapp.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{8AD9C840-044E-11D1-B3E9-
00805F499D93}" prog="" nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinst
all-142-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{917623D1-D8E5-11D2-BE8B-
00104B06BDE3}" prog="CamImage.CamImage.1" nam="CamImage
Class"
codebase="http://floridakeysmedia.tv/axiscam/Codebase/Axis
CamControl.ocx">
- <Files>
<File ex="1" nam="ATLCamImage Module
(AxisCamControl.ocx)" pub="None"
md5="830c7ea2844458330d26f60b3c68910d" ver="1, 0, 1, 43"
sz="181136" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\AxisCamControl.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{A17E30C4-A9BA-11D4-8673-
60DB54C10000}" prog="YMMAPI.YMailTo.1" nam="YahooYMailTo
Class"
codebase="http://us.dl1.yimg.com/download.yahoo.com/dl/ins
talls/yse/ymmapi_416.dll">
- <Files>
<File ex="1" nam="YMMAPI Module (ymmapi.dll)"
pub="Yahoo! Inc." md5="42033bff83aacc47a86f5af8629547b1"
ver="2003, 4, 16, 1" sz="145120" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\ymmapi.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{A8F2B9BD-A6A0-486A-9744-
18920D898429}" prog="ScorchActiveXPlugin.ScorchPlugin.1"
nam="ScorchPlugin Class"
codebase="http://www.sibelius.com/download/software/win/Ac
tiveXPlugin.cab">
- <Files>
<File ex="1" nam="NPSibelius.dll" pub="Unavailable"
md5="6c3c3e11ae06891df807df1be4906942" ver="Unavailable"
sz="2764800" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\NPSibelius.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{BCC0FF27-31D9-4614-A68E-
C18E1ADA4389}" prog="McGDMgr.DwnldGroupMgr.1"
nam="DwnldGroupMgr Class"
codebase="http://bin.mcafee.com/molbin/shared/mcgdmgr/en-
us/1,0,0,16/mcgdmgr.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0014-0002-0000-
ABCDEFFEDCBA}" prog="" nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinst
all-142-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-
444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1"
nam="Shockwave Flash Object"
codebase="http://download.macromedia.com/pub/shockwave/cab
s/flash/swflash.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{F58E1CEF-A068-4C15-BA5E-
587CAF3EE8C6}" prog="" nam="MSN Chat Control 4.5"
codebase="http://chat.msn.com/bin/msnchat45.cab">
- <Files>
<File ex="1" nam="MSN Chat Control (MSNChat45.ocx)"
pub="Microsoft Corporation"
md5="60fed272bdbafa8214e40ad376c9987e"
ver="9.02.0310.2401" sz="510552" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\MSNChat45.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{F6ACF75C-C32C-447B-9BEF-
46B766368D29}" prog="CTPID.CTPIDCtrl.1" nam="Creative
Software AutoUpdate Support Package"
codebase="http://www.creative.com/su/ocx/15010/CTPID.cab">
- <Files>
<File ex="1" nam="CTPID ActiveX Control Module
(CTPID.ocx)" pub="Creative Technology Ltd"
md5="7d0cb10e8ee262055eeeda8f3a6af3c6" ver="1.0.16.0"
sz="32768" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\CTPID.ocx</File>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/octet-stream" val="{1E66F26B-79EE-
11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-complus" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-msdownload" val="{1E66F26B-79EE-
11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-
00AA00B92AF1}" prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="deflate" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-
11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-
00A0C90312E1}" prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{807553E5-5146-11D5-A672-
00B0D022E945}" prog="" filter="text/xml" val="{807553E5-
5146-11D5-A672-00B0D022E945}" nam="Microsoft Office XML
MIME Filter (msoxmlmf.dll)" pub="Microsoft Corporation"
md5="7469b9d06f0299273769c3e5365f5469" ver="11.0.5510"
sz="39488" is="0" gfp="">c:\program files\common
files\microsoft shared\office11
\msoxmlmf.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="about" val="{3050F406-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-
b013-00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-
7b8b-11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CF184AD3-CDCB-4168-
A3F7-8E447D129300}" prog="HPCETI.UIZipProtocol.1"
filter="cetihpz" val="{CF184AD3-CDCB-4168-A3F7-
8E447D129300}" nam="HPCETIUI Protocol Handler Module
(hpuiprot.dll)" pub="Hewlett-Packard Company"
md5="ae8b15e1d8f3a08ee9cefc9dd515b7b6" ver="1.80.0"
sz="81920" is="0" gfp="">c:\program
files\hp\hpcoretech\comp\hpuiprot.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-
A120-47A3D7D937CC}" prog="" filter="dvd" val="{12D51199-
0DB5-46FE-A120-47A3D7D937CC}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="file" val="{79eac9e7-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="gopher"
val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="http" val="{79eac9e2-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="https" val="{79eac9e5-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-
A4CC-0000F80149F6}" prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="javascript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="local" val="{79eac9e7-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="mailto"
val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-
85E3-00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-
BCBC-11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet
Messaging API (inetcomm.dll)" pub="Microsoft Corporation"
md5="ad83a2a04f68db2dff500c30536fcd6b"
ver="6.00.2900.2527 (xpsp_sp2_gdr.040919-1056)"
sz="679424" is="0" gfp="">c:\windows\system32
\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-
8c82-00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-
baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="2511fa80ffea8e186dda6d28f847e113"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-
A4CC-0000F80149F6}" prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{0A9007C0-4076-11D3-
8789-0000F8105754}" prog="Microsoft.ITSS.URLProtocol"
filter="ms-itss" val="{0A9007C0-4076-11D3-8789-
0000F8105754}" nam="Microsoft InfoTech Storage System
Library (msitss.dll)" pub="Microsoft Corporation"
md5="fbfef8d1ccfe1b12c0303f0c4b67eb97" ver="5.40.1171.1"
sz="221184" is="0" gfp="">c:\program files\common
files\microsoft shared\information
retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{32505114-5902-49B2-
880A-1F7738E5A384}"
prog="OWC11.Etcetera.PluggableProtocol.1" filter="mso-
offdap11" val="{32505114-5902-49B2-880A-1F7738E5A384}"
nam="Microsoft Office Web Components 2003 (owc11.dll)"
pub="Microsoft Corporation"
md5="41fea807d9fea8da5ad3e5705272bcc3" ver="11.0.5531"
sz="8086072" is="0" gfp="">c:\progra~1\common~1\micros~1
\webcom~1\11\owc11.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-
A840-006008059382}" prog="" filter="sysimage"
val="{76E67A63-06E9-11D2-A840-006008059382}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-
B6D6-00C04FBBDE6E}" prog="" filter="tv" val="{CBD30858-
AF45-11D2-B6D6-00C04FBBDE6E}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-
BB82-00AA00BDCE0B}" prog="" filter="vbscript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)"
pub="Microsoft Corporation"
md5="84a1b9b0c362051e68bb131f14c6daad"
ver="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)"
sz="3010560" is="0" gfp="">c:\windows\system32
\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-
AD76-D2853AC8BECE}" prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA
Scripting Layer (wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-
11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk"
namespacefilter="NameSpace Filter for MKMSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library
(itss.dll)" pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32
\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32
\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">2</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7849596a-
48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{fbeb8a05-
beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-
DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft
Corporation" md5="6501db5182d5a8c0f1f1707286161d66"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="276480" is="0" gfp="">c:\windows\system32
\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-
2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)"
pub="Microsoft Corporation"
md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32
\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway
Service" desc="Provides support for 3rd party protocol
plug-ins for Internet Connection Sharing and the Windows
Firewall." nam="Application Layer Gateway Service
(alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="AOL Connectivity Service" desc=""
nam="AOL Connectivity Service (acsd.exe)" pub="America
Online, Inc." md5="73d675514f148b1e69429e1d95e22adc"
ver="1,0,17,5" sz="1376360" is="0" gfp="">C:\PROGRA~1
\COMMON~1\AOL\ACS\acsd.exe</Service>
<Service ex="1" disp="ASP.NET State Service"
desc="Provides support for out-of-process session states
for ASP.NET. If this service is stopped, out-of-process
requests will not be processed. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="aspnet_state.exe (aspnet_state.exe)"
pub="Microsoft Corporation"
md5="e1a1206a4fb19b675e947b29ccd25fba"
ver="1.1.4322.2032" sz="32768" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
\aspnet_state.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes
contents and properties of files on local and remote
computers; provides rapid access to files through
flexible querying language." nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook
Viewer to store information and share it with remote
computers. If the service is stopped, ClipBook Viewer
will not be able to share information with remote
computers. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Windows
NT DDE Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application"
desc="Manages the configuration and tracking of Component
Object Model (COM)+-based components. If the service is
stopped, most COM+-based components will not function
properly. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\system32\dllhost.exe</Service>
<Service ex="1" disp="Creative Service for CDROM
Access" desc="" nam="Creative Service for CDROM Access
(CTSvcCDA.EXE)" pub="Creative Technology Ltd"
md5="3c8b6609712f4ff78e521f6dcfc4032b" ver="1.0.1.0"
sz="44032" is="0" gfp="">C:\WINDOWS\System32
\CTSvcCDA.EXE</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative Service" desc="Configures hard disk drives
and volumes. The service only runs for configuration
processes and then stops." nam="Logical Disk Manager
service process (dmadmin.exe)" pub="Microsoft Corp.,
Veritas Software" md5="554c7cb178fe3bd12450b81ad63adbc3"
ver="2600.2180.503.0" sz="224768" is="0"
gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event
log messages issued by Windows-based programs and
components to be viewed in Event Viewer. This service
cannot be stopped." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service"
desc="Manages CD recording using Image Mastering
Applications Programming Interface (IMAPI). If this
service is stopped, this computer will be unable to
record CDs. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Image Mastering API (imapi.exe)" pub="Microsoft
Corporation" md5="fa788520bcac0f5d9d5cde5615c0d931"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="150016" is="0" gfp="">C:\WINDOWS\system32
\imapi.exe</Service>
<Service ex="1" disp="Visual IP InSight Client
(CitiGroup-WWDS)" desc="" nam="IPI Launch Service
(LaunchIPI.exe)" pub="Visual Networks"
md5="b0ca5882e480d71ff89b945f3cd9c5b9" ver="4.3.2.69"
sz="59904" is="0"
gfp="">C:\ssbrla\insight\LaunchIPI.exe</Service>
<Service ex="1" disp="Iomega App Services" desc=""
nam="AppServices (AppServices.exe)" pub="Iomega
Corporation" md5="19ef7fb809d3073ee60f85464e9c4c51"
ver="2, 0, 2, 5" sz="73728" is="0" gfp="">C:\PROGRA~1
\Iomega\System32\AppServices.exe</Service>
<Service ex="1" disp="McAfee.com McShield" desc=""
nam="mcshield.exe" pub="Unavailable"
md5="97addee4dc70929a8b482a7ae7842920" ver="Unavailable"
sz="225375" is="0" gfp="">c:\PROGRA~1
\mcafee.com\vso\mcshield.exe</Service>
<Service ex="1" disp="McAfee SecurityCenter Update
Manager" desc="" nam="McAfee SecurityCenter Update
Manager (mcupdmgr.exe)" pub="Networks Associates
Technology, Inc" md5="71f408756b910cd33610105dc59425ca"
ver="4, 3, 0, 8" sz="245760" is="0" gfp="">C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe</Service>
<Service ex="1" disp="McAfee.com VirusScan Online
Realtime Engine" desc="" nam="McAfee VirusScan Real-time
Engine (mcvsrte.exe)" pub="Networks Associates
Technology, Inc" md5="b1e94b3ed8af23aebbc2ccfccadba104"
ver="8, 0, 0, 12" sz="106496" is="0" gfp="">c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop
Sharing" desc="Enables an authorized user to access this
computer remotely by using NetMeeting over a corporate
intranet. If this service is stopped, remote desktop
sharing will be unavailable. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="NetMeeting Remote Desktop Sharing
(mnmsrvc.exe)" pub="Microsoft Corporation"
md5="f6415361201915b9fe3896b0e4e724ff"
ver="5.1.2600.2180" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that span
multiple resource managers, such as databases, message
queues, and file systems. If this service is stopped,
these transactions will not occur. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="c7c3d89eb0a6f3dba622ea737fa335b1"
ver="2001.12.4414.258" sz="6144" is="0"
gfp="">C:\WINDOWS\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds,
modifies, and removes applications provided as a Windows
Installer (*.msi) package. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="Windows installer (msiexec.exe)"
pub="Microsoft Corporation"
md5="f5f0146580e7023adb963879840777f8"
ver="3.1.4000.1823" sz="78848" is="0"
gfp="">C:\WINDOWS\system32\msiexec.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides
network transport and security for Dynamic Data Exchange
(DDE) for programs running on the same computer or on
different computers. If this service is stopped, DDE
transport and security will be unavailable. If this
service is disabled, any services that explicitly depend
on it will fail to start." nam="Network DDE - DDE
Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
Dynamic Data Exchange (DDE) network shares. If this
service is stopped, DDE network shares will be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-
through authentication of account logon events for
computers in a domain." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="NICSer_WPC54GS" desc="" nam="None
(NICServ.exe)" pub="None"
md5="6fc277793d4cbdeaee0121eda6905661" ver="1.1.0.0"
sz="455680" is="0" gfp="">C:\Program
Files\Linksys\Wireless-G Notebook Adapter with
SpeedBooster\NICServ.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="NVIDIA Display Driver Service"
desc="Provides system and desktop level support to the
NVIDIA display driver" nam="NVIDIA Driver Helper Service,
Version 67.42 (nvsvc32.exe)" pub="NVIDIA Corporation"
md5="9233d25a68f320eb2361e5c383c1f31f" ver="6.14.10.6742"
sz="127044" is="0" gfp="">C:\WINDOWS\system32
\nvsvc32.exe</Service>
<Service ex="1" disp="Office Source Engine" desc="Saves
installation files used for updates and repairs and is
required for the downloading of Setup updates and Watson
error reports." nam="Office Source Engine (OSE.EXE)"
pub="Microsoft Corporation"
md5="7a56cf3e3f12e8af599963b16f50fb6a" ver="11.0.5525"
sz="89136" is="0" gfp="">C:\Program Files\Common
Files\Microsoft Shared\Source Engine\OSE.EXE</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a
computer to recognize and adapt to hardware changes with
little or no user input. Stopping or disabling this
service will result in system instability." nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="108032" is="0" gfp="">C:\WINDOWS\system32
\services.exe</Service>
<Service ex="1" disp="Pml Driver HPZ12" desc=""
nam="PML Driver (HPZipm12.exe)" pub="HP"
md5="5c1cadd1cb67c0b9d8a84ec6e4d6b5cc" ver="7, 0, 0, 0"
sz="65795" is="0" gfp="">C:\WINDOWS\System32
\HPZipm12.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP
security policy and starts the ISAKMP/Oakley (IKE) and
the IP security driver." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private
keys, to prevent access by unauthorized services,
processes, or users." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session
Manager" desc="Manages and controls Remote Assistance. If
this service is stopped, Remote Assistance will be
unavailable. Before stopping this service, see the
Dependencies tab of the Properties dialog box."
nam="Microsoft Remote Desktop Help Session Manager
(sessmgr.exe)" pub="Microsoft Corporation"
md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="140800" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="793f04a09b15e7c6c11dbdffaf06c0ab"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75264"
is="0" gfp="">C:\WINDOWS\system32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality
for QoS-aware programs and control applets."
nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft
Corporation" md5="471b3f9741d762abe75e9deea4787e47"
ver="5.1.2600.0 (xpclient.010817-1148)" sz="132608"
is="0" gfp="">C:\WINDOWS\system32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user
accounts." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access
to smart cards read by this computer. If this service is
stopped, this computer will be unable to read smart
cards. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Smart
Card Resource Management Server (SCardSvr.exe)"
pub="Microsoft Corporation"
md5="25d8de134df108e3dbc8d7d23b1aa58e" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="95744" is="0"
gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files
to memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Manages software-based volume shadow copies taken
by the Volume Shadow Copy service. If this service is
stopped, software-based volume shadow copies cannot be
managed. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\system32\dllhost.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Collects performance data from local or remote
computers based on preconfigured schedule parameters,
then writes the data to a log or triggers an alert. If
this service is stopped, performance information will not
be collected. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="8b54aa346d1b1b113ffaa75501b8b1b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Telnet" desc="Enables a remote
user to log on to this computer and run programs, and
supports various TCP/IP Telnet clients, including UNIX-
based and Windows-based computers. If this service is
stopped, remote user access to programs might be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Telnet (tlntsvr.exe)" pub="Microsoft Corporation"
md5="37db0a7d097310e8b4de803fc3119c78" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="73216" is="0"
gfp="">C:\WINDOWS\system32\tlntsvr.exe</Service>
<Service ex="1" disp="Windows User Mode Driver
Framework" desc="Enables Windows user mode drivers."
nam="Windows User Mode Driver Manager (wdfmgr.exe)"
pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages
and implements Volume Shadow Copies used for backup and
other purposes. If this service is stopped, shadow copies
will be unavailable for backup and the backup may fail.
If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Microsoft Volume
Shadow Copy Service (vssvc.exe)" pub="Microsoft
Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="289792" is="0" gfp="">C:\WINDOWS\System32
\vssvc.exe</Service>
<Service ex="1" disp="WAN Miniport (ATW) Service"
desc="" nam="Wan Miniport (ATW) Service (wanmpsvc.exe)"
pub="America Online, Inc."
md5="909f2dc0da7f57d229a05ee90647b2c3" ver="7, 0, 0, 2"
sz="65536" is="0"
gfp="">C:\WINDOWS\wanmpsvc.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC)"
desc="Serves shared multimedia content to Universal Plug
and Play devices" nam="Windows Media Connect
(mswmccds.exe)" pub="Microsoft Corporation"
md5="20263dafd033d30f151bb87568386769" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="483328" is="0"
gfp="">c:\program files\windows media
connect\mswmccds.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC)
Helper" desc="Monitors the network for new UPnP Media
Renderer devices." nam="Windows Media Connect
(mswmcls.exe)" pub="Microsoft Corporation"
md5="1dd015a69235dcfae18b5f98fb50be23" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="28160" is="0"
gfp="">C:\Program Files\Windows Media
Connect\mswmcls.exe</Service>
<Service ex="1" disp="WMDM PMSP Service" desc=""
nam="WMDM PMSP Service (MsPMSPSv.exe)" pub="Microsoft
Corporation" md5="581176f60885aef8f78c6e38dcc3cdf9"
ver="7.00.00.1954" sz="53520" is="0"
gfp="">C:\WINDOWS\System32\MsPMSPSv.exe</Service>
<Service ex="1" disp="WMI Performance Adapter"
desc="Provides performance library information from WMI
HiPerf providers." nam="WMI Performance Adapter Service
(wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\system32\wbem\wmiapsrv.exe</Service>
<Service ex="1" disp="Iomega Active Disk" desc=""
nam="Active Disk Service (ADService.exe)" pub="Iomega
Corporation" md5="b624180218bb196ad9869d5d6b454318"
ver="3, 2, 1, 5" sz="151552" is="0" gfp="">C:\Program
Files\Iomega\AutoDisk\ADService.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="1060" nam="Windows NT Session
Manager (smss.exe)" pub="Microsoft Corporation"
md5="bd7fb0957c716f1a60333aee04de2178" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="1172" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="f12b178b1678d778cfd3ff1fc38c71fb" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">c:\windows\system32\csrss.exe</Process>
<Process ex="1" pid="1200" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="01c3346c241652f43aed8e2149881bfe" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="1244" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="1256" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="1440" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1524" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1880" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1940" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="216" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="724" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="872" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="a0732187050030ae399b241436565e64"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="1692" nam="DVDSentry
(dsentry.exe)" pub="Dell - Advanced Desktop Engineering"
md5="b434b19e717a4e6e8de708008b55b7f9" ver="1, 0, 0, 0"
sz="28672" is="0" gfp="">c:\windows\system32
\dsentry.exe</Process>
<Process ex="1" pid="1700" nam="Drive Letter Access
Component (tfswctrl.exe)" pub="Sonic Solutions"
md5="2bff8a443334a034df73d2c8d808d2a7" ver="1.04.05b"
sz="114741" is="0" gfp="">c:\windows\system32
\dla\tfswctrl.exe</Process>
<Process ex="1" pid="1728" nam="Support (support.exe)"
pub="Dell" md5="27b68f137ed4c85ff92db98231bf11ed" ver="2,
1, 1, 0" sz="323584" is="0" gfp="">c:\program
files\common files\dell\eusw\support.exe</Process>
<Process ex="1" pid="1816" nam="Alps Pointing-device
Driver (apoint.exe)" pub="Alps Electric Co., Ltd."
md5="81924a480fcecf6aa71ddf0c2fabc2cc" ver="5.4.101.115"
sz="147456" is="0" gfp="">c:\program
files\apoint\apoint.exe</Process>
<Process ex="1" pid="776" nam="(notifyalert.exe)"
pub="" md5="68d63d92d73146ef9a5efd5e7f25611e"
ver="2.1.0.72" sz="352256" is="0" gfp="">c:\program
files\dell\support\alert\bin\notifyalert.exe</Process>
<Process ex="1" pid="784" nam="(instan~1.exe)" pub=""
md5="7668193f7dc461b10c11cb3e72a70656" ver="" sz="31744"
is="0" gfp="">c:\progra~1\textbr~1.0
\bin\instan~1.exe</Process>
<Process ex="1" pid="788" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="e519945deb3875341d36db0ea141e0c5" ver="1.00.0509"
sz="473920" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="808" nam="Spyware Doctor
(swdoctor.exe)" pub="PCTools"
md5="f383e32dd59ffa7cb3268f9000f20737" ver="3.2.0.3421"
sz="1472184" is="0" gfp="">c:\program files\spyware
doctor\swdoctor.exe</Process>
<Process ex="1" pid="1116" nam="Alps Pointing-device
Driver for Windows NT/2000/XP (apntex.exe)" pub="Alps
Electric Co., Ltd."
md5="cca1b81492b40890e44b2b20a780ee1f" ver="5.0.1.15"
sz="45056" is="0" gfp="">c:\program
files\apoint\apntex.exe</Process>
<Process ex="1" pid="1936" nam="Odyssey COM Host
(odhost.exe)" pub="None"
md5="8c5c6769b35f058396dbd63c856646b5" ver="1, 0, 0, 1"
sz="24576" is="0" gfp="">c:\program
files\linksys\wireless-g notebook adapter with
speedbooster\odhost.exe</Process>
<Process ex="1" pid="272" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft
Corporation" md5="ebb4d674ec5c5b34ef8a1ba14676de8e"
ver="1.00.0509" sz="752456" is="0" gfp="">c:\program
files\microsoft antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="432" nam="Linksys Instant WLAN
Monitor (wpc54cfg.exe)" pub="The Linksys Group, Inc."
md5="99d94789be30d494627764b1bfe221c6" ver="1.0.0.22"
sz="5429248" is="0" gfp="">c:\program
files\linksys\wireless-g notebook adapter with
speedbooster\wpc54cfg.exe</Process>
<Process ex="1" pid="184" nam="AOL Connectivity Service
(acsd.exe)" pub="America Online, Inc."
md5="73d675514f148b1e69429e1d95e22adc" ver="1,0,17,5"
sz="1376360" is="0" gfp="">c:\progra~1\common~1
\aol\acs\acsd.exe</Process>
<Process ex="1" pid="476" nam="Creative Service for
CDROM Access (ctsvccda.exe)" pub="Creative Technology
Ltd" md5="3c8b6609712f4ff78e521f6dcfc4032b" ver="1.0.1.0"
sz="44032" is="0" gfp="">c:\windows\system32
\ctsvccda.exe</Process>
<Process ex="1" pid="652" nam="IP Connection Statistics
(arupld32.exe)" pub="Visual Networks"
md5="30452e75d914a55f8785dd21cff6ea73" ver="4.3.2.69"
sz="252416" is="0"
gfp="">c:\ssbrla\insight\arupld32.exe</Process>
<Process ex="1" pid="688" nam="AppServices
(appservices.exe)" pub="Iomega Corporation"
md5="19ef7fb809d3073ee60f85464e9c4c51" ver="2, 0, 2, 5"
sz="73728" is="0" gfp="">c:\progra~1\iomega\system32
\appservices.exe</Process>
<Process ex="1" pid="696" nam="IP Monitor
(armon32a.exe)" pub="Visual Networks"
md5="fdf1ee01b292ffdf9e033bbd1592c904" ver="4.3.2.69"
sz="71680" is="0"
gfp="">c:\ssbrla\insight\armon32a.exe</Process>
<Process ex="1" pid="192" nam="McAfee VirusScan Real-
time Engine (mcvsrte.exe)" pub="Networks Associates
Technology, Inc" md5="b1e94b3ed8af23aebbc2ccfccadba104"
ver="8, 0, 0, 12" sz="106496" is="0" gfp="">c:\progra~1
\mcafee.com\vso\mcvsrte.exe</Process>
<Process ex="1" pid="1036" nam="None (nicserv.exe)"
pub="None" md5="6fc277793d4cbdeaee0121eda6905661"
ver="1.1.0.0" sz="455680" is="0" gfp="">c:\program
files\linksys\wireless-g notebook adapter with
speedbooster\nicserv.exe</Process>
<Process ex="1" pid="1100" nam="NVIDIA Driver Helper
Service, Version 67.42 (nvsvc32.exe)" pub="NVIDIA
Corporation" md5="9233d25a68f320eb2361e5c383c1f31f"
ver="6.14.10.6742" sz="127044" is="0"
gfp="">c:\windows\system32\nvsvc32.exe</Process>
<Process ex="1" pid="1468" nam="Generic Host Process
for Win32 Services (svchost.exe)" pub="Microsoft
Corporation" md5="8f078ae4ed187aaabc0a305146de6716"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="14336"
is="0" gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1600" nam="Wan Miniport (ATW)
Service (wanmpsvc.exe)" pub="America Online, Inc."
md5="909f2dc0da7f57d229a05ee90647b2c3" ver="7, 0, 0, 2"
sz="65536" is="0"
gfp="">c:\windows\wanmpsvc.exe</Process>
<Process ex="1" pid="1660" nam="WMDM PMSP Service
(mspmspsv.exe)" pub="Microsoft Corporation"
md5="581176f60885aef8f78c6e38dcc3cdf9" ver="7.00.00.1954"
sz="53520" is="0" gfp="">c:\windows\system32
\mspmspsv.exe</Process>
<Process ex="1" pid="1784" nam="Active Disk Service
(adservice.exe)" pub="Iomega Corporation"
md5="b624180218bb196ad9869d5d6b454318" ver="3, 2, 1, 5"
sz="151552" is="0" gfp="">c:\program
files\iomega\autodisk\adservice.exe</Process>
<Process ex="1" pid="2820" nam="WMI Performance Adapter
Service (wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">c:\windows\system32\wbem\wmiapsrv.exe</Process>
<Process ex="1" pid="2916" nam="mcshield.exe"
pub="Unavailable" md5="97addee4dc70929a8b482a7ae7842920"
ver="Unavailable" sz="225375" is="0" gfp="">c:\progra~1
\mcafee.com\vso\mcshield.exe</Process>
<Process ex="1" pid="2272" nam="Application Layer
Gateway Service (alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">c:\windows\system32\alg.exe</Process>
<Process ex="1" pid="380" nam="Internet Explorer
(iexplore.exe)" pub="Microsoft Corporation"
md5="e7484514c0464642be7b4dc2689354c8"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="93184" is="0" gfp="">c:\program files\internet
explorer\iexplore.exe</Process>
<Process ex="1" pid="3744" nam="IP Connection
Statistics (arupld32.exe)" pub="Visual Networks"
md5="30452e75d914a55f8785dd21cff6ea73" ver="4.3.2.69"
sz="252416" is="0"
gfp="">c:\ssbrla\insight\arupld32.exe</Process>
<Process ex="1" pid="1872" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="f0b4af2924697573e893d76229ff48d8"
ver="1.00.0509" sz="4586320" is="0" gfp="">c:\program
files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="1868" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="7ed5a4f71d669274adceeca2338ab28d"
ver="1.00.0509" sz="400192" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>