G
Guest
it has even disabled features in Microsofts Antispyware program preventing it
from connecting to the internet...
Here's the information from the "raw scan results" that couldnt be submitted
to microsoft... any idea on how to get rid of this #$#@$#@#$????
- <MSSSRT version="1.0.615" createdate="12/12/2005 11:30:29 AM"
os="2000.2195" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Adobe Reader Speed Launch.lnk" nam="Adobe Acrobat
SpeedLauncher (reader_sl.exe)" pub="Adobe Systems Incorporated"
md5="43362b96870ce8649f4f2ec893da93f0" ver="7.0.5.2005092300" sz="29696"
is="0" gfp="">c:\program files\adobe\acrobat
7.0\reader\reader_sl.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\GPS Pathfinder Office Connection Manager.lnk"
nam="Connection Manager (conmgr.exe)" pub="Trimble Navigation Limited"
md5="44a31e90dbc7254ad8b5bd18c6a8abbc" ver="3,10,0,453" sz="65536" is="0"
gfp="">c:\program files\gps pathfinder office 3.10\conmgr.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\GPS Pathfinder Office Project Changer.lnk" nam="Project
Changer (pfpjchgr.exe)" pub="Trimble Navigation Limited"
md5="1b4d19e39045d1e69d2ca4392596edd7" ver="3,10,0,453" sz="32768" is="0"
gfp="">c:\program files\gps pathfinder office 3.10\pfpjchgr.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\RightFAX Print-to-Fax Driver.lnk" nam="RightFAX 32-bit
Windows Tray-Fax (faxctrl.exe)" pub="RightFAX, Inc."
md5="b2b6172749ab7762ffa30890ec3de82c" ver="7, 0, 1, 125" sz="126976" is="0"
gfp="">c:\program files\rightfax\faxctrl.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Synchronization
Manager" dat="mobsync.exe /logon" nam="Microsoft Synchronization Manager
(mobsync.exe)" pub="Microsoft Corporation"
md5="9b2f5b9e745deaaa57fb78329ed03061" ver="5.00.2195.6627" sz="111376"
is="0" gfp="">c:\winnt\system32\mobsync.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="000StTHK"
dat="000StTHK.exe" nam="(000stthk.exe)" pub=""
md5="ccb1a96002f0888da70964781c742a82" ver="" sz="24576" is="0"
gfp="">c:\winnt\system32\000stthk.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NvCplDaemon"
dat="RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" nam="NVIDIA Display
Properties Extension (nvcpl.dll)" pub="NVIDIA Corporation"
md5="13ebd854d9af3552da50809813bdfac6" ver="6.14.10.4591" sz="4866048" is="0"
gfp="">c:\winnt\system32\nvcpl.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="EM_EXEC"
dat="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" nam="Control Center
(em_exec.exe)" pub="Logitech Inc." md5="f2db39dc69cf295be5fe715c6a2f0f48"
ver="9.42.42" sz="35328" is="0"
gfp="">c:\progra~1\mousew~1\system\em_exec.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="TFNF5"
dat="TFNF5.exe" nam="TFnF5 (tfnf5.exe)" pub="Toshiba Corp."
md5="613943b7bb8983e249084ed3f8d04ef1" ver="1. 0. 1. 0" sz="73728" is="0"
gfp="">c:\winnt\system32\tfnf5.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="TosHKCW.exe"
dat="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" nam="Wireless
Hotkey (toshkcw.exe)" pub="TOSHIBA CORPORATION"
md5="231daf8b0a18d8fb1c43b05a57e9f418" ver="2, 0, 0, 1" sz="49152" is="0"
gfp="">c:\program files\toshiba\wireless
hotkey\toshkcw.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Tpwrtray"
dat="TPWRTRAY.EXE" nam="TOSHIBA Power Saver (tpwrtray.exe)" pub="TOSHIBA
Corporation" md5="789b4d11794a4f2bb962a559a7677d68" ver="4.12.10" sz="192512"
is="0" gfp="">c:\winnt\system32\tpwrtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="TMESRV.EXE"
dat="C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon" nam="TOSHIBA
MobileExtension Service (tmesrv3.exe)" pub="TOSHIBA"
md5="4fa6706d52e76eb09f6e9af1398eb856" ver="3, 0, 17, 0" sz="126976" is="0"
gfp="">c:\program files\toshiba\tme3\tmesrv3.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="TMESBS.EXE"
dat="C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon" nam="tmesbs3
(tmesbs3.exe)" pub="TOSHIBA Corporation"
md5="f4ae3d8a67ecfcff07d45899ed08d16d" ver="1, 0, 1, 15" sz="61440" is="0"
gfp="">c:\program files\toshiba\tme3\tmesbs3.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Pinger"
dat="C:\Toshiba\IVP\ISM\pinger.exe /run" nam="Toshiba Pinger (pinger.exe)"
pub="Toshiba Corporation" md5="5eccb0ab767501b1b44fe55f22ff5c57" ver="3.3"
sz="159744" is="0" gfp="">c:\toshiba\ivp\ism\pinger.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NWTRAY"
dat="NWTRAY.EXE" nam="Novell System Tray Icon (nwtray.exe)" pub="Novell,
Inc." md5="8ea25db3b87bf8837f8799cda811f719" ver="v4.90" sz="28672" is="0"
gfp="">c:\winnt\system32\nwtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NDPS"
dat="C:\WINNT\system32\dpmw32.exe" nam="(dpmw32.exe)" pub=""
md5="d3988b8235405baf0e837d22091febfe" ver="" sz="28672" is="0"
gfp="">c:\winnt\system32\dpmw32.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="nwiz"
dat="nwiz.exe /installquiet /nodetect /keeploaded" nam="NVIDIA nView Wizard,
Version 45.91 (nwiz.exe)" pub="NVIDIA Corporation"
md5="a74273395f839829a3e74fa0bf523628" ver="6.14.10.4591" sz="323584" is="0"
gfp="">c:\winnt\system32\nwiz.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="" dat="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="gcasServ"
dat=""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" nam="Microsoft
AntiSpyware Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="263740ede788a60a6c0a47249fc410bf" ver="1.00.0615" sz="473928" is="0"
gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AOLDialer"
dat="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" nam="AOL Connectivity
Service Dialer (aoldial.exe)" pub="America Online, Inc"
md5="c470f57fb6c4b4df32d694ce0fd2b387" ver="2.0.20.1.US.1" sz="496752" is="0"
gfp="">c:\program files\common
files\aol\acs\aoldial.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="QuickTime Task"
dat=""C:\Program Files\QuickTime\qttask.exe" -atboottime" nam="qttask.exe"
pub="Apple Computer, Inc." md5="c341ccfbe98bc7df6e0b856bb9fc265a" ver="6.5"
sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="PFO Check
Settings" dat="pfochk.exe" nam="(pfochk.exe)" pub=""
md5="00ed53c86ff6d71241eab34b6bfa7302" ver="" sz="57344" is="0"
gfp="">c:\winnt\pfochk.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Promon.exe"
dat="Promon.exe" nam="Intel(R) PROSet Tray Icon (promon.exe)" pub="Intel
Corporation" md5="953d76f56c42fa1ccd6c5ceae70f9471" ver="1.11" sz="29184"
is="0" gfp="">c:\winnt\system32\promon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="ccApp"
dat=""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" nam="Symantec
User Session (ccapp.exe)" pub="Symantec Corporation"
md5="696f43558ea1c4bff475a4b8ecc5cac4" ver="103.5.1.9" sz="48752" is="0"
gfp="">c:\program files\common files\symantec
shared\ccapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="vptray"
dat="C:\PROGRA~1\SYMANT~2\VPTray.exe" nam="Symantec AntiVirus (vptray.exe)"
pub="Symantec Corporation" md5="1b5036466136a1451bdba17b6aebecb3"
ver="10.0.0.359" sz="85184" is="0"
gfp="">c:\progra~1\symant~2\vptray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Weather"
dat="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1" nam="weather.exe" pub="AWS
Convergence Technologies, Inc." md5="f5296df5b0ab419e4e37c9115405bebd"
ver="6, 5, 0, 15" sz="1339392" is="0"
gfp="">c:\progra~1\aws\weathe~1\weather.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="msnmsgr"
dat=""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" nam="MSN
Messenger (msnmsgr.exe)" pub="Microsoft Corporation"
md5="79ac63592f9b6750f2026a2520c11bee" ver="7.0.0816" sz="6856704" is="0"
gfp="">c:\program files\msn messenger\msnmsgr.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="H/PC Connection
Agent" dat=""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE""
nam="ActiveSync Connection Manager (wcescomm.exe)" pub="Microsoft
Corporation" md5="a4ce7e9913893e1b59e303cf2a43d5d6" ver="3.8.0.5004"
sz="405583" is="0" gfp="">c:\program files\microsoft
activesync\wcescomm.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Iconoid"
dat=""C:\Program Files\Accessories\Iconoid\iconoid.exe" -wait 0" nam="Iconoid
(iconoid.exe)" pub="SillySot Software" md5="10ce6bf491c0bcf963844a842ad1824f"
ver="3.3.0" sz="163840" is="0" gfp="">c:\program
files\accessories\iconoid\iconoid.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="ctfmon.exe"
dat="ctfmon.exe" nam="Cicero Loader (ctfmon.exe)" pub="Microsoft Corporation"
md5="d36a33c21eeed5a6c1daecb7c80a1909" ver="1.00.2409.7 built by: Lab06_N"
sz="8192" is="0" gfp="">c:\winnt\system32\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="PocketController" dat="C:\Program Files\SOTI\Pocket
Controller-Professional\PocketController.exe" nam="Pocket Controller -
Professional (pocketcontroller.exe)" pub="SOTI Inc."
md5="5b040f42099de4a70dd811de7ef79c1d" ver="5.0.1" sz="3387392" is="0"
gfp="">c:\program files\soti\pocket
controller-professional\pocketcontroller.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NVIEW"
dat="rundll32.exe nview.dll,nViewLoadHook" nam="NVIDIA nView Desktop and
Window Manager 45.91 (nview.dll)" pub="NVIDIA Corporation"
md5="4f3cd1f607c6d0f88fe6c9436634e547" ver="6.14.10.4591" sz="852039" is="0"
gfp="">c:\winnt\system32\nview.dll</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Som"
dat="C:\WINNT\system32\??mbols\dexplore.exe" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Acis"
dat=""C:\Program Files\locb\pwbe.exe" -vt ndrv" nam="(pwbe.exe)" pub=""
md5="bd7d21a203d4e56be778da54ed89c8cc" ver="" sz="68096" is="0"
gfp="">c:\program files\locb\pwbe.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon Application
(userinit.exe)" pub="Microsoft Corporation"
md5="bf179c5b8a722cc79aef1ca90d6c7d48" ver="5.00.2195.6612" sz="17680" is="0"
gfp="">c:\winnt\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2800.1106">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"
prog="AcroIEHelper.AcroIEHlprObj.1" val="AcroIEHlprObj Class" nam="Adobe
Acrobat IE Helper Version 7.0 for ActiveX (acroiehelper.dll)" pub="Adobe
Systems Incorporated" md5="b61d5d651ecc6055c29bf826ca7b1141"
ver="7.0.5.2005092300" sz="63136" is="0" gfp="">c:\program
files\adobe\acrobat 7.0\activex\acroiehelper.dll</BHO>
<BHO ex="1" clsid="{9394EDE7-C8B5-483E-8773-474BF36AF6E4}" prog=""
val="ST" nam="st (stmain.dll)" pub="Microsoft Corporation"
md5="0da1349495955cb41a5899047c5a1267" ver="01.02.3000.1001" sz="155648"
is="0" gfp="">c:\program files\msn
apps\st\01.03.0000.1005\en-xu\stmain.dll</BHO>
<BHO ex="1" clsid="{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" prog=""
val="MSNToolBandBHO" nam="MSN Toolbar extension (msntb.dll)" pub="Microsoft
Corporation" md5="0deb8b7cad01ee86d1c4062e1b587c5a" ver="01.02.3000.1001"
sz="282624" is="0" gfp="">c:\program files\msn apps\msn
toolbar\01.02.3000.1001\en-us\msntb.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{8E718888-423F-11D2-876E-00A0C9082467}"
prog="Mmedia.RadioBand.1" val="&Radio" nam="msdxm.ocx" pub="Unavailable"
md5="755aa1f85e3788c3c287ffa03cf58627" ver="Unavailable" sz="844560" is="0"
gfp="">c:\winnt\system32\msdxm.ocx</IEToolbar>
<IEToolbar ex="1" clsid="{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" prog=""
val="MSN" nam="MSN Toolbar extension (msntb.dll)" pub="Microsoft Corporation"
md5="0deb8b7cad01ee86d1c4062e1b587c5a" ver="01.02.3000.1001" sz="282624"
is="0" gfp="">c:\program files\msn apps\msn
toolbar\01.02.3000.1001\en-us\msntb.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="0" clsid="{4528BBE0-4E08-11D5-AD55-00010333D0AD}"
prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}"
prog="" val="&Tip of the Day" nam="Shell Doc Object and Control Library
(shdocvw.dll)" pub="Microsoft Corporation"
md5="49bcf11876f6741c7204fbc3d49744e5" ver="6.00.2800.1692
(xpsp2.050617-2102)" sz="1338368" is="0"
gfp="">c:\winnt\system32\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="4ccefd261eb9c0481f3eadb60305a07f"
ver="6.00.2800.1692 (xpsp2.050617-2102)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEShellBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="4ccefd261eb9c0481f3eadb60305a07f"
ver="6.00.2800.1692 (xpsp2.050617-2102)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
prog="" val="MSN" nam="MSN Toolbar extension (msntb.dll)" pub="Microsoft
Corporation" md5="0deb8b7cad01ee86d1c4062e1b587c5a" ver="01.02.3000.1001"
sz="282624" is="0" gfp="">c:\program files\msn apps\msn
toolbar\01.02.3000.1001\en-us\msntb.dll</IEWebBrowser>
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&AOL Toolbar search">res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"
prog="" val="Microsoft Url Search Hook" nam="Shell Doc Object and Control
Library (shdocvw.dll)" pub="Microsoft Corporation"
md5="49bcf11876f6741c7204fbc3d49744e5" ver="6.00.2800.1692
(xpsp2.050617-2102)" sz="1338368" is="0"
gfp="">c:\winnt\system32\shdocvw.dll</IEURLSearchHook>
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search Bar" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
blank">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
DesktopItemNavigationFailure">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationCanceled">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationFailure">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
OfflineInformation">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
PostNotCached">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
mozilla">http://www.yahoo.com/</IEURL>
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}"
prog="" val="URL Exec Hook" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation" md5="4405f4b520eadf9aaf65261484759e31"
ver="5.00.3900.7071" sz="2360592" is="0"
gfp="">C:\WINNT\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="0" clsid="{B4870B70-F390-11d2-9FB9-F4ED725EA20D}"
prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1" nam="Microsoft AntiSpyware
Shell Extension (shellextension.dll)" pub="Microsoft Corporation"
md5="4b202fff9eb43fdc8d3290deaab7487e" ver="1.0.0614.10" sz="101080" is="0"
gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINNT\System32\mshta.exe "%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE"
-c IPM.Note /m "%1"</ShellOpenCommand>
<ShellOpenCommand val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="DirectAnimation Java Classes" prog="" nam=""
codebase="file://C:\WINNT\Java\classes\dajava.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="Microsoft XML Parser for Java" prog="" nam=""
codebase="file://C:\WINNT\Java\classes\xmldso.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{03A89EFD-E023-7700-A22D-45F77558EB4C}"
prog="iLinci77.ILINCInstall77.1" nam="ILINCInstall77 Class"
codebase="https://lm-learnlinc.ilinc.com/download/ilinci77.dll">
- <Files>
<File ex="1" nam="iLinc ActiveX Install (ilinci77.dll)" pub="iLinc
Communications, Inc." md5="851d2a3ed97d3409899abf5f970aff9d" ver="7.7.1.1354"
sz="420392" is="0" gfp="">C:\WINNT\Downloaded Program
Files\ilinci77.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{3a4f9191-65a8-11d5-85c1-0001023952c1}" prog=""
nam=""
codebase="http://www.skylinesoft.com/interactive/terraexplorer/install/TE.cab">
- <Files>
<File ex="1" nam="TerraExplorer Setup (TE.exe)" pub="Skyline Software
Systems, Inc." md5="060e52954fa98bf163b5c90c72be9afa" ver="4, 6, 2, 7"
sz="1957888" is="0" gfp="">C:\WINNT\Downloaded Program Files\TE.exe</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-444553540000}"
prog="ShockwaveFlash.ShockwaveFlash.1" nam="Shockwave Flash Object"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
<Files />
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="fb93fa3e9837a21e2b00d02220a2f549" ver="2.0.50727.42 (RTM.050727-4200)"
sz="270848" is="0" gfp="">C:\WINNT\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="fb93fa3e9837a21e2b00d02220a2f549" ver="2.0.50727.42 (RTM.050727-4200)"
sz="270848" is="0" gfp="">C:\WINNT\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="fb93fa3e9837a21e2b00d02220a2f549" ver="2.0.50727.42 (RTM.050727-4200)"
sz="270848" is="0" gfp="">C:\WINNT\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="deflate" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="lzdhtml" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="4405f4b520eadf9aaf65261484759e31" ver="5.00.3900.7071" sz="2360592"
is="0" gfp="">c:\winnt\system32\shell32.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{807553E5-5146-11D5-A672-00B0D022E945}"
prog="" filter="text/xml" val="{807553E5-5146-11D5-A672-00B0D022E945}"
nam="Microsoft Office XML MIME Filter (msoxmlmf.dll)" pub="Microsoft
Corporation" md5="7469b9d06f0299273769c3e5365f5469" ver="11.0.5510"
sz="39488" is="0" gfp="">c:\program files\common files\microsoft
shared\office11\msoxmlmf.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="478081e607d4a0cedf883adbe53ad23d" ver="6.00.2800.1522" sz="2700288"
is="0" gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
prog="" filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
from connecting to the internet...
Here's the information from the "raw scan results" that couldnt be submitted
to microsoft... any idea on how to get rid of this #$#@$#@#$????
- <MSSSRT version="1.0.615" createdate="12/12/2005 11:30:29 AM"
os="2000.2195" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Adobe Reader Speed Launch.lnk" nam="Adobe Acrobat
SpeedLauncher (reader_sl.exe)" pub="Adobe Systems Incorporated"
md5="43362b96870ce8649f4f2ec893da93f0" ver="7.0.5.2005092300" sz="29696"
is="0" gfp="">c:\program files\adobe\acrobat
7.0\reader\reader_sl.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\GPS Pathfinder Office Connection Manager.lnk"
nam="Connection Manager (conmgr.exe)" pub="Trimble Navigation Limited"
md5="44a31e90dbc7254ad8b5bd18c6a8abbc" ver="3,10,0,453" sz="65536" is="0"
gfp="">c:\program files\gps pathfinder office 3.10\conmgr.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\GPS Pathfinder Office Project Changer.lnk" nam="Project
Changer (pfpjchgr.exe)" pub="Trimble Navigation Limited"
md5="1b4d19e39045d1e69d2ca4392596edd7" ver="3,10,0,453" sz="32768" is="0"
gfp="">c:\program files\gps pathfinder office 3.10\pfpjchgr.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\RightFAX Print-to-Fax Driver.lnk" nam="RightFAX 32-bit
Windows Tray-Fax (faxctrl.exe)" pub="RightFAX, Inc."
md5="b2b6172749ab7762ffa30890ec3de82c" ver="7, 0, 1, 125" sz="126976" is="0"
gfp="">c:\program files\rightfax\faxctrl.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Synchronization
Manager" dat="mobsync.exe /logon" nam="Microsoft Synchronization Manager
(mobsync.exe)" pub="Microsoft Corporation"
md5="9b2f5b9e745deaaa57fb78329ed03061" ver="5.00.2195.6627" sz="111376"
is="0" gfp="">c:\winnt\system32\mobsync.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="000StTHK"
dat="000StTHK.exe" nam="(000stthk.exe)" pub=""
md5="ccb1a96002f0888da70964781c742a82" ver="" sz="24576" is="0"
gfp="">c:\winnt\system32\000stthk.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NvCplDaemon"
dat="RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" nam="NVIDIA Display
Properties Extension (nvcpl.dll)" pub="NVIDIA Corporation"
md5="13ebd854d9af3552da50809813bdfac6" ver="6.14.10.4591" sz="4866048" is="0"
gfp="">c:\winnt\system32\nvcpl.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="EM_EXEC"
dat="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" nam="Control Center
(em_exec.exe)" pub="Logitech Inc." md5="f2db39dc69cf295be5fe715c6a2f0f48"
ver="9.42.42" sz="35328" is="0"
gfp="">c:\progra~1\mousew~1\system\em_exec.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="TFNF5"
dat="TFNF5.exe" nam="TFnF5 (tfnf5.exe)" pub="Toshiba Corp."
md5="613943b7bb8983e249084ed3f8d04ef1" ver="1. 0. 1. 0" sz="73728" is="0"
gfp="">c:\winnt\system32\tfnf5.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="TosHKCW.exe"
dat="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" nam="Wireless
Hotkey (toshkcw.exe)" pub="TOSHIBA CORPORATION"
md5="231daf8b0a18d8fb1c43b05a57e9f418" ver="2, 0, 0, 1" sz="49152" is="0"
gfp="">c:\program files\toshiba\wireless
hotkey\toshkcw.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Tpwrtray"
dat="TPWRTRAY.EXE" nam="TOSHIBA Power Saver (tpwrtray.exe)" pub="TOSHIBA
Corporation" md5="789b4d11794a4f2bb962a559a7677d68" ver="4.12.10" sz="192512"
is="0" gfp="">c:\winnt\system32\tpwrtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="TMESRV.EXE"
dat="C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon" nam="TOSHIBA
MobileExtension Service (tmesrv3.exe)" pub="TOSHIBA"
md5="4fa6706d52e76eb09f6e9af1398eb856" ver="3, 0, 17, 0" sz="126976" is="0"
gfp="">c:\program files\toshiba\tme3\tmesrv3.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="TMESBS.EXE"
dat="C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon" nam="tmesbs3
(tmesbs3.exe)" pub="TOSHIBA Corporation"
md5="f4ae3d8a67ecfcff07d45899ed08d16d" ver="1, 0, 1, 15" sz="61440" is="0"
gfp="">c:\program files\toshiba\tme3\tmesbs3.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Pinger"
dat="C:\Toshiba\IVP\ISM\pinger.exe /run" nam="Toshiba Pinger (pinger.exe)"
pub="Toshiba Corporation" md5="5eccb0ab767501b1b44fe55f22ff5c57" ver="3.3"
sz="159744" is="0" gfp="">c:\toshiba\ivp\ism\pinger.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NWTRAY"
dat="NWTRAY.EXE" nam="Novell System Tray Icon (nwtray.exe)" pub="Novell,
Inc." md5="8ea25db3b87bf8837f8799cda811f719" ver="v4.90" sz="28672" is="0"
gfp="">c:\winnt\system32\nwtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NDPS"
dat="C:\WINNT\system32\dpmw32.exe" nam="(dpmw32.exe)" pub=""
md5="d3988b8235405baf0e837d22091febfe" ver="" sz="28672" is="0"
gfp="">c:\winnt\system32\dpmw32.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="nwiz"
dat="nwiz.exe /installquiet /nodetect /keeploaded" nam="NVIDIA nView Wizard,
Version 45.91 (nwiz.exe)" pub="NVIDIA Corporation"
md5="a74273395f839829a3e74fa0bf523628" ver="6.14.10.4591" sz="323584" is="0"
gfp="">c:\winnt\system32\nwiz.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="" dat="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="gcasServ"
dat=""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" nam="Microsoft
AntiSpyware Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="263740ede788a60a6c0a47249fc410bf" ver="1.00.0615" sz="473928" is="0"
gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AOLDialer"
dat="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" nam="AOL Connectivity
Service Dialer (aoldial.exe)" pub="America Online, Inc"
md5="c470f57fb6c4b4df32d694ce0fd2b387" ver="2.0.20.1.US.1" sz="496752" is="0"
gfp="">c:\program files\common
files\aol\acs\aoldial.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="QuickTime Task"
dat=""C:\Program Files\QuickTime\qttask.exe" -atboottime" nam="qttask.exe"
pub="Apple Computer, Inc." md5="c341ccfbe98bc7df6e0b856bb9fc265a" ver="6.5"
sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="PFO Check
Settings" dat="pfochk.exe" nam="(pfochk.exe)" pub=""
md5="00ed53c86ff6d71241eab34b6bfa7302" ver="" sz="57344" is="0"
gfp="">c:\winnt\pfochk.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Promon.exe"
dat="Promon.exe" nam="Intel(R) PROSet Tray Icon (promon.exe)" pub="Intel
Corporation" md5="953d76f56c42fa1ccd6c5ceae70f9471" ver="1.11" sz="29184"
is="0" gfp="">c:\winnt\system32\promon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="ccApp"
dat=""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" nam="Symantec
User Session (ccapp.exe)" pub="Symantec Corporation"
md5="696f43558ea1c4bff475a4b8ecc5cac4" ver="103.5.1.9" sz="48752" is="0"
gfp="">c:\program files\common files\symantec
shared\ccapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="vptray"
dat="C:\PROGRA~1\SYMANT~2\VPTray.exe" nam="Symantec AntiVirus (vptray.exe)"
pub="Symantec Corporation" md5="1b5036466136a1451bdba17b6aebecb3"
ver="10.0.0.359" sz="85184" is="0"
gfp="">c:\progra~1\symant~2\vptray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Weather"
dat="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1" nam="weather.exe" pub="AWS
Convergence Technologies, Inc." md5="f5296df5b0ab419e4e37c9115405bebd"
ver="6, 5, 0, 15" sz="1339392" is="0"
gfp="">c:\progra~1\aws\weathe~1\weather.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="msnmsgr"
dat=""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" nam="MSN
Messenger (msnmsgr.exe)" pub="Microsoft Corporation"
md5="79ac63592f9b6750f2026a2520c11bee" ver="7.0.0816" sz="6856704" is="0"
gfp="">c:\program files\msn messenger\msnmsgr.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="H/PC Connection
Agent" dat=""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE""
nam="ActiveSync Connection Manager (wcescomm.exe)" pub="Microsoft
Corporation" md5="a4ce7e9913893e1b59e303cf2a43d5d6" ver="3.8.0.5004"
sz="405583" is="0" gfp="">c:\program files\microsoft
activesync\wcescomm.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Iconoid"
dat=""C:\Program Files\Accessories\Iconoid\iconoid.exe" -wait 0" nam="Iconoid
(iconoid.exe)" pub="SillySot Software" md5="10ce6bf491c0bcf963844a842ad1824f"
ver="3.3.0" sz="163840" is="0" gfp="">c:\program
files\accessories\iconoid\iconoid.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="ctfmon.exe"
dat="ctfmon.exe" nam="Cicero Loader (ctfmon.exe)" pub="Microsoft Corporation"
md5="d36a33c21eeed5a6c1daecb7c80a1909" ver="1.00.2409.7 built by: Lab06_N"
sz="8192" is="0" gfp="">c:\winnt\system32\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="PocketController" dat="C:\Program Files\SOTI\Pocket
Controller-Professional\PocketController.exe" nam="Pocket Controller -
Professional (pocketcontroller.exe)" pub="SOTI Inc."
md5="5b040f42099de4a70dd811de7ef79c1d" ver="5.0.1" sz="3387392" is="0"
gfp="">c:\program files\soti\pocket
controller-professional\pocketcontroller.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NVIEW"
dat="rundll32.exe nview.dll,nViewLoadHook" nam="NVIDIA nView Desktop and
Window Manager 45.91 (nview.dll)" pub="NVIDIA Corporation"
md5="4f3cd1f607c6d0f88fe6c9436634e547" ver="6.14.10.4591" sz="852039" is="0"
gfp="">c:\winnt\system32\nview.dll</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Som"
dat="C:\WINNT\system32\??mbols\dexplore.exe" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Acis"
dat=""C:\Program Files\locb\pwbe.exe" -vt ndrv" nam="(pwbe.exe)" pub=""
md5="bd7d21a203d4e56be778da54ed89c8cc" ver="" sz="68096" is="0"
gfp="">c:\program files\locb\pwbe.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon Application
(userinit.exe)" pub="Microsoft Corporation"
md5="bf179c5b8a722cc79aef1ca90d6c7d48" ver="5.00.2195.6612" sz="17680" is="0"
gfp="">c:\winnt\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2800.1106">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"
prog="AcroIEHelper.AcroIEHlprObj.1" val="AcroIEHlprObj Class" nam="Adobe
Acrobat IE Helper Version 7.0 for ActiveX (acroiehelper.dll)" pub="Adobe
Systems Incorporated" md5="b61d5d651ecc6055c29bf826ca7b1141"
ver="7.0.5.2005092300" sz="63136" is="0" gfp="">c:\program
files\adobe\acrobat 7.0\activex\acroiehelper.dll</BHO>
<BHO ex="1" clsid="{9394EDE7-C8B5-483E-8773-474BF36AF6E4}" prog=""
val="ST" nam="st (stmain.dll)" pub="Microsoft Corporation"
md5="0da1349495955cb41a5899047c5a1267" ver="01.02.3000.1001" sz="155648"
is="0" gfp="">c:\program files\msn
apps\st\01.03.0000.1005\en-xu\stmain.dll</BHO>
<BHO ex="1" clsid="{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" prog=""
val="MSNToolBandBHO" nam="MSN Toolbar extension (msntb.dll)" pub="Microsoft
Corporation" md5="0deb8b7cad01ee86d1c4062e1b587c5a" ver="01.02.3000.1001"
sz="282624" is="0" gfp="">c:\program files\msn apps\msn
toolbar\01.02.3000.1001\en-us\msntb.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{8E718888-423F-11D2-876E-00A0C9082467}"
prog="Mmedia.RadioBand.1" val="&Radio" nam="msdxm.ocx" pub="Unavailable"
md5="755aa1f85e3788c3c287ffa03cf58627" ver="Unavailable" sz="844560" is="0"
gfp="">c:\winnt\system32\msdxm.ocx</IEToolbar>
<IEToolbar ex="1" clsid="{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" prog=""
val="MSN" nam="MSN Toolbar extension (msntb.dll)" pub="Microsoft Corporation"
md5="0deb8b7cad01ee86d1c4062e1b587c5a" ver="01.02.3000.1001" sz="282624"
is="0" gfp="">c:\program files\msn apps\msn
toolbar\01.02.3000.1001\en-us\msntb.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="0" clsid="{4528BBE0-4E08-11D5-AD55-00010333D0AD}"
prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}"
prog="" val="&Tip of the Day" nam="Shell Doc Object and Control Library
(shdocvw.dll)" pub="Microsoft Corporation"
md5="49bcf11876f6741c7204fbc3d49744e5" ver="6.00.2800.1692
(xpsp2.050617-2102)" sz="1338368" is="0"
gfp="">c:\winnt\system32\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="4ccefd261eb9c0481f3eadb60305a07f"
ver="6.00.2800.1692 (xpsp2.050617-2102)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEShellBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="4ccefd261eb9c0481f3eadb60305a07f"
ver="6.00.2800.1692 (xpsp2.050617-2102)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
prog="" val="MSN" nam="MSN Toolbar extension (msntb.dll)" pub="Microsoft
Corporation" md5="0deb8b7cad01ee86d1c4062e1b587c5a" ver="01.02.3000.1001"
sz="282624" is="0" gfp="">c:\program files\msn apps\msn
toolbar\01.02.3000.1001\en-us\msntb.dll</IEWebBrowser>
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&AOL Toolbar search">res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"
prog="" val="Microsoft Url Search Hook" nam="Shell Doc Object and Control
Library (shdocvw.dll)" pub="Microsoft Corporation"
md5="49bcf11876f6741c7204fbc3d49744e5" ver="6.00.2800.1692
(xpsp2.050617-2102)" sz="1338368" is="0"
gfp="">c:\winnt\system32\shdocvw.dll</IEURLSearchHook>
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search Bar" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local
Page">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
blank">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
DesktopItemNavigationFailure">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationCanceled">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationFailure">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
OfflineInformation">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
PostNotCached">http://www.yahoo.com/</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
mozilla">http://www.yahoo.com/</IEURL>
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}"
prog="" val="URL Exec Hook" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation" md5="4405f4b520eadf9aaf65261484759e31"
ver="5.00.3900.7071" sz="2360592" is="0"
gfp="">C:\WINNT\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="0" clsid="{B4870B70-F390-11d2-9FB9-F4ED725EA20D}"
prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1" nam="Microsoft AntiSpyware
Shell Extension (shellextension.dll)" pub="Microsoft Corporation"
md5="4b202fff9eb43fdc8d3290deaab7487e" ver="1.0.0614.10" sz="101080" is="0"
gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINNT\System32\mshta.exe "%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE"
-c IPM.Note /m "%1"</ShellOpenCommand>
<ShellOpenCommand val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="DirectAnimation Java Classes" prog="" nam=""
codebase="file://C:\WINNT\Java\classes\dajava.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="Microsoft XML Parser for Java" prog="" nam=""
codebase="file://C:\WINNT\Java\classes\xmldso.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{03A89EFD-E023-7700-A22D-45F77558EB4C}"
prog="iLinci77.ILINCInstall77.1" nam="ILINCInstall77 Class"
codebase="https://lm-learnlinc.ilinc.com/download/ilinci77.dll">
- <Files>
<File ex="1" nam="iLinc ActiveX Install (ilinci77.dll)" pub="iLinc
Communications, Inc." md5="851d2a3ed97d3409899abf5f970aff9d" ver="7.7.1.1354"
sz="420392" is="0" gfp="">C:\WINNT\Downloaded Program
Files\ilinci77.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{3a4f9191-65a8-11d5-85c1-0001023952c1}" prog=""
nam=""
codebase="http://www.skylinesoft.com/interactive/terraexplorer/install/TE.cab">
- <Files>
<File ex="1" nam="TerraExplorer Setup (TE.exe)" pub="Skyline Software
Systems, Inc." md5="060e52954fa98bf163b5c90c72be9afa" ver="4, 6, 2, 7"
sz="1957888" is="0" gfp="">C:\WINNT\Downloaded Program Files\TE.exe</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-444553540000}"
prog="ShockwaveFlash.ShockwaveFlash.1" nam="Shockwave Flash Object"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
<Files />
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="fb93fa3e9837a21e2b00d02220a2f549" ver="2.0.50727.42 (RTM.050727-4200)"
sz="270848" is="0" gfp="">C:\WINNT\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="fb93fa3e9837a21e2b00d02220a2f549" ver="2.0.50727.42 (RTM.050727-4200)"
sz="270848" is="0" gfp="">C:\WINNT\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="fb93fa3e9837a21e2b00d02220a2f549" ver="2.0.50727.42 (RTM.050727-4200)"
sz="270848" is="0" gfp="">C:\WINNT\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="deflate" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="lzdhtml" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="4405f4b520eadf9aaf65261484759e31" ver="5.00.3900.7071" sz="2360592"
is="0" gfp="">c:\winnt\system32\shell32.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{807553E5-5146-11D5-A672-00B0D022E945}"
prog="" filter="text/xml" val="{807553E5-5146-11D5-A672-00B0D022E945}"
nam="Microsoft Office XML MIME Filter (msoxmlmf.dll)" pub="Microsoft
Corporation" md5="7469b9d06f0299273769c3e5365f5469" ver="11.0.5510"
sz="39488" is="0" gfp="">c:\program files\common files\microsoft
shared\office11\msoxmlmf.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="478081e607d4a0cedf883adbe53ad23d" ver="6.00.2800.1522" sz="2700288"
is="0" gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
prog="" filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="0f2799130639fd1d60c5ad5ecffb9b57" ver="6.00.2800.1519" sz="457216"
is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>