L
Lou
Norton 2005 found Dontwannatry[2].htm but of course didn't
remove it. MSs Spyware Removal product didn't catch it. I
tried MSs report tool and it died on me. Tried to send the
a manual report and of course the contact us link went no
where (except for a phojn number). Here's what Norton said:
"The file C:\Documents and Settings\Diane\Local
Settings\Temporary Internet
Files\Content.IE5\2BINATYN\dontwannatry[2].htm is a Adware
threat."
When submitting the report it said: "An error occured
submitting the scan results. Please check you Internet
proxy settings and try again." Yes, it said "you" not your.
Here's the manual scan report if anyone can determine how
to get this to the right people.
- <MSSSRT version="1.0.501" createdate="2/17/2005 4:04:59
AM" os="XP.2600" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\America Online Tray
Icon.lnk" nam="AOL Tray Icon (aoltray.exe)" pub="America
Online, Inc." md5="d3e103e5b79a6e8ba5b58e0a7c21523b"
ver="9.00.001" sz="156784" is="0" gfp="">c:\program
files\america online 9.0a\aoltray.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Microsoft Office.lnk"
nam="Microsoft Office XP component (osa.exe)"
pub="Microsoft Corporation"
md5="5bc65464354a9fd3beaa28e18839734a" ver="10.0.2609"
sz="83360" is="0" gfp="">c:\program files\microsoft
office\office10\osa.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="RemoteControl" dat=""C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"" nam="PowerDVD RC
Service (pdvdserv.exe)" pub="Cyberlink Corp."
md5="915a106a2fb87292cef0ad4f36adf313" ver="5.00.0000"
sz="32768" is="0" gfp="">c:\program
files\cyberlink\powerdvd\pdvdserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SunKistEM" dat="C:\Program Files\eMachines Bay
Reader\shwiconem.exe" nam="None (shwiconem.exe)" pub="Alcor
Micro, Corp." md5="06a6145cddf7db1efbe6280a57880111"
ver="1, 4, 0, 8" sz="135168" is="0" gfp="">c:\program
files\emachines bay reader\shwiconem.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AOL Spyware Protection"
dat=""C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP
Scheduler.exe"" nam="AOLSP Scheduler (aolsp scheduler.exe)"
pub="Unavailable" md5="217697c43bff8d740cfbb9ad87621519"
ver="1, 0, 0, 74" sz="79448" is="0"
gfp="">c:\progra~1\common~1\aol\aolspy~1\aolsp
scheduler.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="HPDJ Taskbar Utility"
dat="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe"
nam="None (hpztsb03.exe)" pub="HP"
md5="ebee1e613e526663a6ea4b52335f1e34" ver="2,40,0,0"
sz="196608" is="0"
gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Pure Networks Port Magic"
dat=""C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run"
nam="Port Magic Application (portaol.exe)" pub="Pure
Networks, Inc." md5="ba99c608a075c44026720d5383f3d75b"
ver="1.2.1393.0" sz="99480" is="0"
gfp="">c:\progra~1\purene~1\portma~1\portaol.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="dla" dat="C:\WINDOWS\system32\dla\tfswctrl.exe"
nam="Direct Access Component (tfswctrl.exe)" pub="VERITAS
Software, Inc." md5="98fcf964dd54996a2005c7a081147313"
ver="1.00.15a" sz="32821" is="0"
gfp="">c:\windows\system32\dla\tfswctrl.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="HP CD-DVD" dat="C:\Program Files\HP
CD-DVD\Umbrella\hpcdtray.exe" nam="HP CD Tray
(hpcdtray.exe)" pub="Hewlett-Packard Company"
md5="e646a8cc7b99885ae27a053c49d67613" ver="1.1" sz="49152"
is="0" gfp="">c:\program files\hp
cd-dvd\umbrella\hpcdtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ccApp" dat=""C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"" nam="Symantec User Session (ccapp.exe)"
pub="Symantec Corporation"
md5="84ec0b55bcbe872f999acdce58e3f67d" ver="103.0.3.8"
sz="58992" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Symantec NetDriver Monitor"
dat="C:\PROGRA~1\SYMNET~1\SNDMon.exe" nam="Symantec
Security Drivers Install Monitor (sndmon.exe)"
pub="Symantec Corporation"
md5="46462b246bcb76450178a7260617cebd" ver="5.4.3.11"
sz="95456" is="0"
gfp="">c:\progra~1\symnet~1\sndmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ISUSPM Startup"
dat="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
-startup" nam="InstallShield Update Service Update Manager
(isuspm.exe)" pub="InstallShield Software Corporation"
md5="b4b4eb2f8849e93fe5fece11e52c5930" ver="3, 10, 100,
1146" sz="221184" is="0"
gfp="">c:\progra~1\common~1\instal~1\update~1\isuspm.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="LifeScape Media Detector" dat="C:\Program
Files\Picasa\PicasaMediaDetector.exe"
nam="(picasamediadetector.exe)" pub=""
md5="c9099d9036c0a63df5b81656eb865a5c" ver="" sz="151552"
is="0" gfp="">c:\program
files\picasa\picasamediadetector.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QuickTime Task" dat=""C:\Program
Files\QuickTime\qttask.exe" -atboottime" nam="qttask.exe"
pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1"
sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="iTunesHelper" dat="C:\Program
Files\iTunes\iTunesHelper.exe" nam="iTunesHelper Module
(ituneshelper.exe)" pub="Apple Computer, Inc."
md5="2e0e2be7bd6614ea4c86b9ece793e31e" ver="4.7.1.30"
sz="278528" is="0" gfp="">c:\program
files\itunes\ituneshelper.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="UserFaultCheck" dat="%systemroot%\system32\dumprep 0
-u" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AIM" dat="C:\Program Files\aim\aim.exe -cnetwait.odl"
nam="AOL Instant Messenger (aim.exe)" pub="America Online,
Inc." md5="d160472d7a8dbadd35dfe34d525f1cbc" ver="5.9.3702"
sz="67160" is="0" gfp="">c:\program
files\aim\aim.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ctfmon.exe" dat="C:\WINDOWS\system32\ctfmon.exe"
nam="CTF Loader (ctfmon.exe)" pub="Microsoft Corporation"
md5="24232996a38c0b0cf151c2140ae29fc8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Google Desktop Search" dat=""C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe"
/startup" nam="(googledesktop.exe)" pub=""
md5="cd2a59af4f534799a6f3a98902c00e0e" ver="" sz="85504"
is="0" gfp="">c:\program files\google\google desktop
search\googledesktop.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2900.2180">
- <BrowserHelperObjects>
<BHO ex="1"
clsid="{02478D38-C3F9-4efb-9B51-7695ECA05670}"
prog="YBIOCtrl.CompanionBHO.4" val="Yahoo! Companion BHO"
nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_5_0.dll)" pub="Yahoo! Inc."
md5="fb4c0b82155dea703821a3aac37b813e" ver="2004, 7, 19, 1"
sz="292947" is="0" gfp="">c:\program
files\yahoo!\companion\installs\cpn\ycomp5_5_5_0.dll</BHO>
<BHO ex="1"
clsid="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"
prog="AcroIEHelper.AcroIEHlprObj.1" val="AcroIEHlprObj
Class" nam="Adobe Acrobat IE Helper Version 6.0 for
ActivieX (acroiehelper.dll)" pub="Adobe Systems
Incorporated" md5="fc7850324464e4d19a24a03d882b5cc4"
ver="6.0.1.2003110300" sz="54248" is="0" gfp="">c:\program
files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll</BHO>
<BHO ex="1"
clsid="{53707962-6F74-2D53-2644-206D7942484F}" prog=""
val="" nam="Bad download blocker (sdhelper.dll)" pub="Safer
Networking Limited" md5="abf5ba518c6a5ed104496ff42d19ad88"
ver="1, 3, 0, 12" sz="744960" is="0"
gfp="">c:\progra~1\spybot~1\sdhelper.dll</BHO>
<BHO ex="0"
clsid="{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}" prog=""
val="PCTools Site Guard" nam="" pub="" md5="" ver="" sz=""
is="0" gfp="" />
<BHO ex="1"
clsid="{7c1ce531-09e9-4fc5-9803-1c2956615786}"
prog="GoogleDesktop.IeBho.1" val="IeCaptureBho Object"
nam="(googledesktopie.dll)" pub=""
md5="54115db4df1d0aeb4ccc2fe892e51744" ver="" sz="61952"
is="0" gfp="">c:\program files\google\google desktop
search\googledesktopie.dll</BHO>
<BHO ex="1"
clsid="{AA58ED58-01DD-4d91-8333-CF10577473F7}" prog=""
val="Google Toolbar Helper" nam="Google IE Client Toolbar
(googletoolbar2.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar2.dll</BHO>
<BHO ex="1"
clsid="{BDF3E430-B101-42AD-A544-FADC6B084872}"
prog="Navbho.CNavExtBho.1" val="CNavExtBho Class"
nam="Norton AntiVirusNAVShellExt Module (navshext.dll)"
pub="Symantec Corporation"
md5="0694ef9849a5397e38422d9e5e9216a3" ver="11.0.6.1"
sz="218240" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1"
clsid="{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
prog="ToolbarAOLToolbar.1" val="AOL Toolbar" nam="IE
Toolbar (toolbar.dll)" pub="IE Toolbar"
md5="924eae29d7e0db93f26e0fc53733a160" ver="1, 0, 0, 4"
sz="390256" is="0" gfp="">c:\program files\aol
toolbar\toolbar.dll</IEToolbar>
<IEToolbar ex="1"
clsid="{40D41A8B-D79B-43d7-99A7-9EE0F344C385}"
prog="DKIBand.DKIBandObj.1" val="AIM Search" nam="AIM
Search Toolbar (aimbar.dll)" pub="America Online, Inc"
md5="9bc0b8e6dd2fdb3a6b1c4301e8482f8f" ver="2004.00.003"
sz="172032" is="0" gfp="">c:\program files\aim
toolbar\aimbar.dll</IEToolbar>
<IEToolbar ex="1"
clsid="{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo! Companion"
nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_5_0.dll)" pub="Yahoo! Inc."
md5="fb4c0b82155dea703821a3aac37b813e" ver="2004, 7, 19, 1"
sz="292947" is="0" gfp="">c:\program
files\yahoo!\companion\installs\cpn\ycomp5_5_5_0.dll</IEToolbar>
<IEToolbar ex="1"
clsid="{2318C2B1-4965-11d4-9B18-009027A5CD4F}" prog=""
val="&Google" nam="Google IE Client Toolbar
(googletoolbar2.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar2.dll</IEToolbar>
<IEToolbar ex="1"
clsid="{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="0694ef9849a5397e38422d9e5e9216a3" ver="11.0.6.1"
sz="218240" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1"
clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}" prog=""
val="&Tip of the Day" nam="Shell Doc Object and Control
Library (shdocvw.dll)" pub="Microsoft Corporation"
md5="68346bc7fa4ccd81248a2c7d728644a4" ver="6.00.2900.2573
(xpsp_sp2_gdr.041130-1729)" sz="1483264" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="1"
clsid="{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}" prog=""
val="Real.com" nam="Shell Doc Object and Control Library
(shdocvw.dll)" pub="Microsoft Corporation"
md5="68346bc7fa4ccd81248a2c7d728644a4" ver="6.00.2900.2573
(xpsp_sp2_gdr.041130-1729)" sz="1483264" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1"
clsid="{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="0694ef9849a5397e38422d9e5e9216a3" ver="11.0.6.1"
sz="218240" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEShellBrowser ex="1"
clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Address" nam="Shell Browser UI Library
(browseui.dll)" pub="Microsoft Corporation"
md5="691b1420ada790e9cda5356ee752f3a3" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="1016832" is="0"
gfp="">c:\windows\system32\browseui.dll</IEShellBrowser>
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1"
clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Address" nam="Shell Browser UI Library
(browseui.dll)" pub="Microsoft Corporation"
md5="691b1420ada790e9cda5356ee752f3a3" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="1016832" is="0"
gfp="">c:\windows\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1"
clsid="{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
prog="ToolbarAOLToolbar.1" val="AOL Toolbar" nam="IE
Toolbar (toolbar.dll)" pub="IE Toolbar"
md5="924eae29d7e0db93f26e0fc53733a160" ver="1, 0, 0, 4"
sz="390256" is="0" gfp="">c:\program files\aol
toolbar\toolbar.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1"
clsid="{2318C2B1-4965-11D4-9B18-009027A5CD4F}" prog=""
val="&Google" nam="Google IE Client Toolbar
(googletoolbar2.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar2.dll</IEWebBrowser>
<IEWebBrowser ex="1"
clsid="{40D41A8B-D79B-43D7-99A7-9EE0F344C385}"
prog="DKIBand.DKIBandObj.1" val="AIM Search" nam="AIM
Search Toolbar (aimbar.dll)" pub="America Online, Inc"
md5="9bc0b8e6dd2fdb3a6b1c4301e8482f8f" ver="2004.00.003"
sz="172032" is="0" gfp="">c:\program files\aim
toolbar\aimbar.dll</IEWebBrowser>
<IEWebBrowser ex="1"
clsid="{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo! Companion"
nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_5_0.dll)" pub="Yahoo! Inc."
md5="fb4c0b82155dea703821a3aac37b813e" ver="2004, 7, 19, 1"
sz="292947" is="0" gfp="">c:\program
files\yahoo!\companion\installs\cpn\ycomp5_5_5_0.dll</IEWebBrowser>
<IEWebBrowser ex="1"
clsid="{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="0694ef9849a5397e38422d9e5e9216a3" ver="11.0.6.1"
sz="218240" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</IEWebBrowser>
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&AIM Search">res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm</IEMenuExt>
<IEMenuExt val="&AOL Toolbar search">res://C:\Program
Files\AOL Toolbar\toolbar.dll/SEARCH.HTML</IEMenuExt>
<IEMenuExt val="&Google Search">res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html</IEMenuExt>
<IEMenuExt val="Backward Links">res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html</IEMenuExt>
<IEMenuExt val="Cached Snapshot of Page">res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html</IEMenuExt>
<IEMenuExt val="E&xport to Microsoft
Excel">res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000</IEMenuExt>
<IEMenuExt val="Similar Pages">res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html</IEMenuExt>
<IEMenuExt val="Translate into English">res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="0"
clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">http://my.yahoo.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search Page" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search
Bar">http://channels.aimtoday.com/search/aimtoolbar.jsp</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start
Page">http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.emachines.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">%SystemRoot%\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust..htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http://channels.aimtoday.com/search/aimtoolbar.jsp</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1"
clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}" prog=""
val="URL Exec Hook" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">C:\WINDOWS\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1"
clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand
val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\System32\mshta.exe
"%1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE"
-c IPM.Note /m "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe"
-nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall
clsid="{02BCC737-B171-4746-94C9-0D8A0B2C0089}"
prog="Office.awsdc.1" nam="Microsoft Office Template and
Media Control"
codebase="http://office.microsoft.com/templates/ieawsdc.cab">
- <Files>
<File ex="1" nam="IEAWSDC.DLL" pub="Unavailable"
md5="4a693868d8fa24258fe3800d94d7629e" ver="Unavailable"
sz="87240" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\IEAWSDC.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{166B1BCA-3F9C-11CF-8075-444553540000}"
prog="SWCtl.SWCtl.8.5.1" nam="Shockwave ActiveX Control"
codebase="http://active.macromedia.com/director/cabs/sw.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall
clsid="{17492023-C23A-453E-A040-C7C580BBF700}"
prog="LegitCheckControl.LegitCheck.1" nam="Windows Genuine
Advantage Validation Tool"
codebase="http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)"
pub="Microsoft" md5="0244da7bc93595d90e801f9caa338c2f"
ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="40fc24cef49eaf0ebc7c51c67f89a952" ver="1.0.0058.6"
sz="346888" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}"
prog="WindowsSecurityAdvisor.WindowsSecurityAdvisor.1"
nam="MSSecurityAdvisor Class"
codebase="http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1097893716984">
- <Files>
<File ex="1" nam="Windows Security Advisor
(mssecadv.dll)" pub="Microsoft Corporation"
md5="df203de80e2e1c9d38492b590b00bb1d" ver="5.4.3790.14
built by: lab04_n" sz="36960" is="0"
gfp="">C:\WINDOWS\System32\mssecadv.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}"
prog="OPUCatalog.OPUCatalog11.1" nam="Office Update
Installation Engine"
codebase="http://office.microsoft.com/officeupdate/content/opuc.cab">
- <Files>
<File ex="1" nam="Microsoft Office Update Detection
Engine (opuc.dll)" pub="Microsoft Corporation"
md5="1e32ec4a8a17b19926b49ea5f6b79a76" ver="11.0.5626"
sz="314368" is="0" gfp="">C:\WINDOWS\opuc.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}"
prog="QDiagAOLCCUpdateObj.QDiagAOLCCUpdateObj.1"
nam="QDiagAOLCCUpdateObj Class"
codebase="http://aolcc.aol.com/computercheckup/qdiagcc.cab">
- <Files>
<File ex="1" nam="(DAntivirus.cfg)" pub=""
md5="2a04a98a0bca57220765ea874ac5d8b2" ver="" sz="19033"
is="0" gfp="">C:\WINDOWS\system32\DAntivirus.cfg</File>
<File ex="1" nam="(DView.cfg)" pub=""
md5="9e3527a2da5413fbaaca929e29f662b8" ver="" sz="36904"
is="0" gfp="">C:\WINDOWS\system32\DView.cfg</File>
<File ex="1" nam="(DProg.ini)" pub=""
md5="b6c5fdb21ac468c7c723055aa777d0f9" ver="" sz="4955"
is="0" gfp="">C:\WINDOWS\system32\DProg.ini</File>
<File ex="1" nam="DLPT Service (DLPT.sys)" pub="Gteko
Ltd." md5="bb3efed6d60db120c8ab22d94300575b" ver="1, 0, 0,
10" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\DLPT.sys</File>
<File ex="1" nam="(DDMI.VXD)" pub=""
md5="c76d66d1c6c4ac280b3ceb30b80b8abe" ver="" sz="9833"
is="0" gfp="">C:\WINDOWS\system32\DDMI.VXD</File>
<File ex="1" nam="(DLPT.VXD)" pub=""
md5="c499dd1c5270c88c9e64645a901b0247" ver="" sz="9321"
is="0" gfp="">C:\WINDOWS\system32\DLPT.VXD</File>
<File ex="1" nam="DDMI Service (DDMI2.sys)" pub="Gteko
Ltd." md5="8edd7b9e4a4b4c16e2dab9188caa861b" ver="1, 0, 0,
7" sz="6977" is="0"
gfp="">C:\WINDOWS\system32\DDMI2.sys</File>
<File ex="1" nam="QDiag Module (qdiagcc.ocx)" pub="Gteko
Ltd." md5="a2d58c24cf9d7176ebed6a4339c52843" ver="1, 0, 1,
374" sz="1355776" is="0"
gfp="">C:\WINDOWS\system32\qdiagcc.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{6632A7E9-FE1F-43D2-A04A-A15951ED63E0}" prog=""
nam=""
codebase="http://mediaplayer.walmart.com/installer/install.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall
clsid="{8AD9C840-044E-11D1-B3E9-00805F499D93}" prog=""
nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall
clsid="{A8658086-E6AC-4957-BC8E-8D54A7E8A790}"
prog="GDIChk.FileChk.0" nam="GDIChk Object"
codebase="http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB">
- <Files>
<File ex="1" nam="Microsoft GDI+ Detection Tool.
(GDIChk.dll)" pub="Microsoft Corporation"
md5="56af5ff66a5f8f927411b59b66107c84" ver="1.0.0.0"
sz="65272" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\GDIChk.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}" prog=""
nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall
clsid="{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}"
prog="PopCapLoader.PopCapLoaderCtrl2.1" nam="PopCapLoader
Object"
codebase="http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab">
- <Files>
<File ex="1" nam="PopCapLoader Module (popcaploader.dll)"
pub="PopCap Games" md5="57f868a52b9d4153658dc0db5062e536"
ver="1, 0, 0, 6" sz="126976" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\popcaploader.dll</File>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" prog=""
filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)" sz="607744"
is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="deflate"
val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)" sz="607744"
is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="lzdhtml"
val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)" sz="607744"
is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" prog=""
filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1"
clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" prog=""
filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
prog="CDO.KnowledgePluggable.1" filter="cdo"
val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}" nam="Microsoft
SharePoint Portal Server Object Model (pkmcdo.dll)"
pub="Microsoft Corporation"
md5="623d03d48a2da1bc03764d6d7fc88542" ver="10.145.7329.0"
sz="868352" is="0" gfp="">c:\program files\common
files\microsoft shared\web
folders\pkmcdo.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" prog=""
filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
nam="ActiveX control for streaming video (msvidctl.dll)"
pub="Microsoft Corporation"
md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="gopher"
val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)" sz="607744"
is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="a00b287bb6f78bdd3589b7e75a86a6fa"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="javascript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="mailto"
val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" prog=""
filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
nam="Microsoft Internet Messaging API (inetcomm.dll)"
pub="Microsoft Corporation"
md5="ad83a2a04f68db2dff500c30536fcd6b" ver="6.00.2900.2527
(xpsp_sp2_gdr.040919-1056)" sz="679424" is="0"
gfp="">c:\windows\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="a00b287bb6f78bdd3589b7e75a86a6fa"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{0A9007C0-4076-11D3-8789-0000F8105754}"
prog="Microsoft.ITSS.URLProtocol" filter="ms-itss"
val="{0A9007C0-4076-11D3-8789-0000F8105754}" nam="Microsoft
InfoTech Storage System Library (msitss.dll)"
pub="Microsoft Corporation"
md5="10dccc0270637294a0a148e2a6720490" ver="05.02.9336.01"
sz="520117" is="0" gfp="">c:\program files\common
files\microsoft shared\information
retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3D9F03FA-7A94-11D3-BE81-0050048385D1}" prog=""
filter="mso-offdap"
val="{3D9F03FA-7A94-11D3-BE81-0050048385D1}" nam="Microsoft
Office XP Web Components (owc10.dll)" pub="Microsoft
Corporation" md5="9211fe0255a62db0a51c94acfcf5670b"
ver="10.0.6619" sz="7334592" is="0"
gfp="">c:\progra~1\common~1\micros~1\webcom~1\10\owc10.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{76E67A63-06E9-11D2-A840-006008059382}" prog=""
filter="sysimage"
val="{76E67A63-06E9-11D2-A840-006008059382}" nam="Microsoft
(R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" prog=""
filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
nam="ActiveX control for streaming video (msvidctl.dll)"
pub="Microsoft Corporation"
md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="vbscript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA
Scripting Layer (wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" namespace="mk" namespacefilter="NameSpace
Filter for MK
MSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="a00b287bb6f78bdd3589b7e75a86a6fa"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater
val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">1835</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1"
clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog=""
val="CDBurn" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog=""
val="WebCheck" nam="Web Site Monitor (webcheck.dll)"
pub="Microsoft Corporation"
md5="6501db5182d5a8c0f1f1707286161d66" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="276480" is="0"
gfp="">c:\windows\system32\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog=""
val="SysTray" nam="Systray shell service object
(stobject.dll)" pub="Microsoft Corporation"
md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway Service"
desc="Provides support for 3rd party protocol plug-ins for
Internet Connection Sharing and the Windows Firewall."
nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="AOL Connectivity Service" desc=""
nam="AOL Connectivity Service (AOLacsd.exe)" pub="America
Online, Inc." md5="8fa646f0e639d9a8c8b98e217d471dc0"
ver="2.0.20.1.US.1" sz="1135728" is="0"
gfp="">C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe</Service>
<Service ex="1" disp="AOL Spyware Protection Service"
desc="Removes spyware found by ASP that cannot be removed
without a reboot." nam="(aolserv.exe)" pub=""
md5="78e3b3fda2c1f721bc74364952ab902a" ver="" sz="184373"
is="0"
gfp="">C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\aolserv.exe</Service>
<Service ex="1" disp="ASP.NET State Service"
desc="Provides support for out-of-process session states
for ASP.NET. If this service is stopped, out-of-process
requests will not be processed. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="aspnet_state.exe (aspnet_state.exe)"
pub="Microsoft Corporation"
md5="e1a1206a4fb19b675e947b29ccd25fba" ver="1.1.4322.2032"
sz="32768" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe</Service>
<Service ex="1" disp="Symantec Event Manager"
desc="Symantec Event Manager" nam="Symantec Event Manager
Service (ccEvtMgr.exe)" pub="Symantec Corporation"
md5="69637eb41f3467dda6ccceba7c320e0a" ver="103.0.3.8"
sz="198256" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe</Service>
<Service ex="1" disp="Symantec Password Validation"
desc="Symantec Password Validation Service" nam="Symantec
Password Validation (ccPwdSvc.exe)" pub="Symantec
Corporation" md5="c007b1b36c4803a735b30b5af86d268c"
ver="103.0.3.8" sz="79472" is="0" gfp="">C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe</Service>
<Service ex="1" disp="Symantec Settings Manager"
desc="Symantec Settings Manager" nam="Symantec Settings
Manager Service (ccSetMgr.exe)" pub="Symantec Corporation"
md5="bb98479c3135c05291d54debd7b310d5" ver="103.0.3.8"
sz="165488" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes
contents and properties of files on local and remote
computers; provides rapid access to files through flexible
querying language." nam="Content Index service (cisvc.exe)"
pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook
Viewer to store information and share it with remote
computers. If the service is stopped, ClipBook Viewer will
not be able to share information with remote computers. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="Windows NT DDE
Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application"
desc="Manages the configuration and tracking of Component
Object Model (COM)+-based components. If the service is
stopped, most COM+-based components will not function
properly. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Logical Disk Manager Administrative
Service" desc="Configures hard disk drives and volumes. The
service only runs for configuration processes and then
stops." nam="Logical Disk Manager service process
(dmadmin.exe)" pub="Microsoft Corp., Veritas Software"
md5="554c7cb178fe3bd12450b81ad63adbc3"
ver="2600.2180.503.0" sz="224768" is="0"
gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event log
messages issued by Windows-based programs and components to
be viewed in Event Viewer. This service cannot be stopped."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service"
desc="Manages CD recording using Image Mastering
Applications Programming Interface (IMAPI). If this service
is stopped, this computer will be unable to record CDs. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="Image Mastering API
(imapi.exe)" pub="Microsoft Corporation"
md5="fa788520bcac0f5d9d5cde5615c0d931" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="150016" is="0"
gfp="">C:\WINDOWS\System32\imapi.exe</Service>
<Service ex="1" disp="iPod Service" desc="iPod hardware
management services" nam="iPodService Module
(iPodService.exe)" pub="Apple Computer, Inc."
md5="3ac9f355ecce7d6bb8ff184e9b2229a9" ver="4.7.1.30"
sz="327680" is="0" gfp="">C:\Program
Files\iPod\bin\iPodService.exe</Service>
<Service ex="1" disp="Machine Debug Manager"
desc="Supports local and remote debugging for Visual Studio
and script debuggers. If this service is stopped, the
debuggers will not function properly." nam="Machine Debug
Manager (mdm.exe)" pub="Microsoft Corporation"
md5="11f714f85530a2bd134074dc30e99fca" ver="7.00.9466"
sz="322120" is="0" gfp="">C:\Program Files\Common
Files\Microsoft Shared\VS7Debug\mdm.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Enables an authorized user to access this computer
remotely by using NetMeeting over a corporate intranet. If
this service is stopped, remote desktop sharing will be
unavailable. If this service is disabled, any services that
explicitly depend on it will fail to start."
nam="NetMeeting Remote Desktop Sharing (mnmsrvc.exe)"
pub="Microsoft Corporation"
md5="f6415361201915b9fe3896b0e4e724ff" ver="5.1.2600.2180"
sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that span
multiple resource managers, such as databases, message
queues, and file systems. If this service is stopped, these
transactions will not occur. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="c7c3d89eb0a6f3dba622ea737fa335b1"
ver="2001.12.4414.258" sz="6144" is="0"
gfp="">C:\WINDOWS\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds,
modifies, and removes applications provided as a Windows
Installer (*.msi) package. If this service is disabled, any
services that explicitly depend on it will fail to start."
nam="Windows installer (msiexec.exe)" pub="Microsoft
Corporation" md5="4236ae241f193f58adab141ceccfd5f4"
ver="3.0.3790.2180" sz="77312" is="0"
gfp="">C:\WINDOWS\System32\msiexec.exe</Service>
<Service ex="1" disp="Norton AntiVirus Auto-Protect
Service" desc="Handles Norton AntiVirus Auto-Protect
events." nam="Norton AntiVirus Auto-Protect Service
(navapsvc.exe)" pub="Symantec Corporation"
md5="3b20d6bfd76ca45454c2ee51c6096172" ver="11.0.6.1"
sz="176768" is="0" gfp="">C:\Program Files\Norton
AntiVirus\navapsvc.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides network
transport and security for Dynamic Data Exchange (DDE) for
programs running on the same computer or on different
computers. If this service is stopped, DDE transport and
security will be unavailable. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
Dynamic Data Exchange (DDE) network shares. If this service
is stopped, DDE network shares will be unavailable. If this
service is disabled, any services that explicitly depend on
it will fail to start." nam="Network DDE - DDE
Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports
pass-through authentication of account logon events for
computers in a domain." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Norton AntiVirus Firewall Monitor
Service" desc="Detects installation of Symantec Firewall
clients" nam="Norton AntiVirus Firewall Install Monitor
(NPFMntor.exe)" pub="Symantec Corporation"
md5="1a6f1d5f7d05ea5cb3750270bccfd5c5" ver="11.0.6.1"
sz="46208" is="0" gfp="">C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a
computer to recognize and adapt to hardware changes with
little or no user input. Stopping or disabling this service
will result in system instability." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP
security policy and starts the ISAKMP/Oakley (IKE) and the
IP security driver." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private keys,
to prevent access by unauthorized services, processes, or
users." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session
Manager" desc="Manages and controls Remote Assistance. If
this service is stopped, Remote Assistance will be
unavailable. Before stopping this service, see the
Dependencies tab of the Properties dialog box."
nam="Microsoft Remote Desktop Help Session Manager
(sessmgr.exe)" pub="Microsoft Corporation"
md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="140800" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft Corporation"
md5="793f04a09b15e7c6c11dbdffaf06c0ab" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75264" is="0"
gfp="">C:\WINDOWS\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality for
QoS-aware programs and control applets." nam="Microsoft
RSVP (rsvp.exe)" pub="Microsoft Corporation"
md5="471b3f9741d762abe75e9deea4787e47" ver="5.1.2600.0
(xpclient.010817-1148)" sz="132608" is="0"
gfp="">C:\WINDOWS\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user accounts."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="SAVScan" desc="Handles Norton
AntiVirus Auto-Protect Archive Scanning" nam="AutoProtect
(SAVScan.exe)" pub="Symantec Corporation"
md5="cf3235d1d5bc8f1e7bef28fc0bdbcdc9" ver="9.4.0.53"
sz="197864" is="0" gfp="">C:\Program Files\Norton
AntiVirus\SAVScan.exe</Service>
<Service ex="1" disp="ScriptBlocking Service" desc=""
nam="Norton AntiVirus ScripBlocking Service (SBServ.exe)"
pub="Symantec Corporation"
md5="c5bdcf8edb8935350e23f104dac59b33" ver="11.0.6.1"
sz="66688" is="0"
gfp="">C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access to
smart cards read by this computer. If this service is
stopped, this computer will be unable to read smart cards.
If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft
Corporation" md5="25d8de134df108e3dbc8d7d23b1aa58e"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="95744"
is="0" gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Symantec Network Drivers Service"
desc="Symantec Network Drivers Service" nam="Network Driver
Service (SNDSrvc.exe)" pub="Symantec Corporation"
md5="62a1a3da43a806c6a43537f262619f30" ver="5.4.3.11"
sz="206048" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe</Service>
<Service ex="1" disp="SNMP Service" desc="Includes agents
that monitor the activity in network devices and report to
the network console workstation." nam="SNMP Service
(snmp.exe)" pub="Microsoft Corporation"
md5="d923bf27723e28e3c121b77f52db4bce" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\snmp.exe</Service>
<Service ex="1" disp="SNMP Trap Service" desc="Receives
trap messages generated by local or remote SNMP agents and
forwards the messages to SNMP management programs running
on this computer." nam="SNMP Trap Service (snmptrap.exe)"
pub="Microsoft Corporation"
md5="6f591dbefd11f7697042907b516f1212" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="8704" is="0"
gfp="">C:\WINDOWS\System32\snmptrap.exe</Service>
<Service ex="1" disp="Symantec SPBBCSvc" desc="Symantec
SPBBC" nam="SPBBC Service (SPBBCSvc.exe)" pub="Symantec
Corporation" md5="08fa56b7c13b4cbf0e5d351aecad92b1"
ver="1,0,1,47" sz="173160" is="0" gfp="">C:\Program
Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files to
memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Manages software-based volume shadow copies taken by
the Volume Shadow Copy service. If this service is stopped,
software-based volume shadow copies cannot be managed. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="COM Surrogate
(dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Symantec Core LC" desc="Symantec
Core LC" nam="Symantec Core Component (symlcsvc.exe)"
pub="Symantec Corporation"
md5="b6bf7dd619d045d0f999310882551b7d" ver="1, 8, 54, 534"
sz="822424" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe</Service>
<Service ex="1" disp="SymWMI Service" desc="Symantec WMI
Service" nam="Norton Security Center Service (SymWSC.exe)"
pub="Symantec Corporation"
md5="67c5af84809468061121fbcbecb19285" ver="2005.1.2.20"
sz="316544" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\Security Center\SymWSC.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Collects performance data from local or remote
computers based on preconfigured schedule parameters, then
writes the data to a log or triggers an alert. If this
service is stopped, performance information will not be
collected. If this service is disabled, any services that
explicitly depend on it will fail to start."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="8b54aa346d1b1b113ffaa75501b8b1b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Windows User Mode Driver Framework"
desc="Enables Windows user mode drivers." nam="Windows User
Mode Driver Manager (wdfmgr.exe)" pub="Microsoft
Corporation" md5="c81b8635dee0d3ef5f64b3dd643023a5"
ver="5.2.3790.1230 built by: DNSRV(bld4act)" sz="38912"
is="0" gfp="">C:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages
and implements Volume Shadow Copies used for backup and
other purposes. If this service is stopped, shadow copies
will be unavailable for backup and the backup may fail. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="Microsoft Volume
Shadow Copy Service (vssvc.exe)" pub="Microsoft
Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="289792"
is="0" gfp="">C:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC)"
desc="Serves shared multimedia content to Universal Plug
and Play devices" nam="Windows Media Connect
(mswmccds.exe)" pub="Microsoft Corporation"
md5="20263dafd033d30f151bb87568386769" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="483328" is="0"
gfp="">c:\program files\windows media
connect\mswmccds.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC) Helper"
desc="Monitors the network for new UPnP Media Renderer
devices." nam="Windows Media Connect (mswmcls.exe)"
pub="Microsoft Corporation"
md5="1dd015a69235dcfae18b5f98fb50be23" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="28160" is="0"
gfp="">C:\Program Files\Windows Media
Connect\mswmcls.exe</Service>
<Service ex="1" disp="WMI Performance Adapter"
desc="Provides performance library information from WMI
HiPerf providers." nam="WMI Performance Adapter Service
(wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="432" nam="Windows NT Session Manager
(smss.exe)" pub="Microsoft Corporation"
md5="bd7fb0957c716f1a60333aee04de2178" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="480" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="f12b178b1678d778cfd3ff1fc38c71fb" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\csrss.exe</Process>
<Process ex="1" pid="504" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="01c3346c241652f43aed8e2149881bfe" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="548" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="560" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="772" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="816" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="884" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="964" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1036" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1124" nam="Symantec Settings Manager
Service (ccsetmgr.exe)" pub="Symantec Corporation"
md5="bb98479c3135c05291d54debd7b310d5" ver="103.0.3.8"
sz="165488" is="0" gfp="">c:\program files\common
files\symantec shared\ccsetmgr.exe</Process>
<Process ex="1" pid="1140" nam="Network Driver Service
(sndsrvc.exe)" pub="Symantec Corporation"
md5="62a1a3da43a806c6a43537f262619f30" ver="5.4.3.11"
sz="206048" is="0" gfp="">c:\program files\common
files\symantec shared\sndsrvc.exe</Process>
<Process ex="1" pid="1156" nam="SPBBC Service
(spbbcsvc.exe)" pub="Symantec Corporation"
md5="08fa56b7c13b4cbf0e5d351aecad92b1" ver="1,0,1,47"
sz="173160" is="0" gfp="">c:\program files\common
files\symantec shared\spbbc\spbbcsvc.exe</Process>
<Process ex="1" pid="1200" nam="Symantec Event Manager
Service (ccevtmgr.exe)" pub="Symantec Corporation"
md5="69637eb41f3467dda6ccceba7c320e0a" ver="103.0.3.8"
sz="198256" is="0" gfp="">c:\program files\common
files\symantec shared\ccevtmgr.exe</Process>
<Process ex="1" pid="1588" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="1700" nam="AOL Connectivity Service
(aolacsd.exe)" pub="America Online, Inc."
md5="8fa646f0e639d9a8c8b98e217d471dc0" ver="2.0.20.1.US.1"
sz="1135728" is="0"
gfp="">c:\progra~1\common~1\aol\acs\aolacsd.exe</Process>
<Process ex="1" pid="1744" nam="Machine Debug Manager
(mdm.exe)" pub="Microsoft Corporation"
md5="11f714f85530a2bd134074dc30e99fca" ver="7.00.9466"
sz="322120" is="0" gfp="">c:\program files\common
files\microsoft shared\vs7debug\mdm.exe</Process>
<Process ex="1" pid="1772" nam="Norton AntiVirus
Auto-Protect Service (navapsvc.exe)" pub="Symantec
Corporation" md5="3b20d6bfd76ca45454c2ee51c6096172"
ver="11.0.6.1" sz="176768" is="0" gfp="">c:\program
files\norton antivirus\navapsvc.exe</Process>
<Process ex="1" pid="1848" nam="Norton AntiVirus Firewall
Install Monitor (npfmntor.exe)" pub="Symantec Corporation"
md5="1a6f1d5f7d05ea5cb3750270bccfd5c5" ver="11.0.6.1"
sz="46208" is="0" gfp="">c:\program files\norton
antivirus\iwp\npfmntor.exe</Process>
<Process ex="1" pid="1948" nam="SNMP Service (snmp.exe)"
pub="Microsoft Corporation"
md5="d923bf27723e28e3c121b77f52db4bce" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="32768" is="0"
gfp="">c:\windows\system32\snmp.exe</Process>
<Process ex="1" pid="1992" nam="Symantec Core Component
(symlcsvc.exe)" pub="Symantec Corporation"
md5="b6bf7dd619d045d0f999310882551b7d" ver="1, 8, 54, 534"
sz="822424" is="0" gfp="">c:\program files\common
files\symantec shared\ccpd-lc\symlcsvc.exe</Process>
<Process ex="1" pid="2028" nam="Windows User Mode Driver
Manager (wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Process>
<Process ex="1" pid="864" nam="AutoProtect (savscan.exe)"
pub="Symantec Corporation"
md5="cf3235d1d5bc8f1e7bef28fc0bdbcdc9" ver="9.4.0.53"
sz="197864" is="0" gfp="">c:\program files\norton
antivirus\savscan.exe</Process>
<Process ex="1" pid="1092" nam="Application Layer Gateway
Service (alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\system32\alg.exe</Process>
<Process ex="1" pid="2004" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="3632" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="a0732187050030ae399b241436565e64" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="920" nam="PowerDVD RC Service
(pdvdserv.exe)" pub="Cyberlink Corp."
md5="915a106a2fb87292cef0ad4f36adf313" ver="5.00.0000"
sz="32768" is="0" gfp="">c:\program
files\cyberlink\powerdvd\pdvdserv.exe</Process>
<Process ex="1" pid="3680" nam="None (shwiconem.exe)"
pub="Alcor Micro, Corp."
md5="06a6145cddf7db1efbe6280a57880111" ver="1, 4, 0, 8"
sz="135168" is="0" gfp="">c:\program files\emachines bay
reader\shwiconem.exe</Process>
<Process ex="1" pid="240" nam="AOLSP Scheduler (aolsp
scheduler.exe)" pub="Unavailable"
md5="217697c43bff8d740cfbb9ad87621519" ver="1, 0, 0, 74"
sz="79448" is="0"
gfp="">c:\progra~1\common~1\aol\aolspy~1\aolsp
scheduler.exe</Process>
<Process ex="1" pid="2964" nam="None (hpztsb03.exe)"
pub="HP" md5="ebee1e613e526663a6ea4b52335f1e34"
ver="2,40,0,0" sz="196608" is="0"
gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe</Process>
<Process ex="1" pid="1032" nam="Direct Access Component
(tfswctrl.exe)" pub="VERITAS Software, Inc."
md5="98fcf964dd54996a2005c7a081147313" ver="1.00.15a"
sz="32821" is="0"
gfp="">c:\windows\system32\dla\tfswctrl.exe</Process>
<Process ex="1" pid="2220" nam="HP CD Tray
(hpcdtray.exe)" pub="Hewlett-Packard Company"
md5="e646a8cc7b99885ae27a053c49d67613" ver="1.1" sz="49152"
is="0" gfp="">c:\program files\hp
cd-dvd\umbrella\hpcdtray.exe</Process>
<Process ex="1" pid="3288" nam="Symantec User Session
(ccapp.exe)" pub="Symantec Corporation"
md5="84ec0b55bcbe872f999acdce58e3f67d" ver="103.0.3.8"
sz="58992" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</Process>
<Process ex="1" pid="2620" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="2584" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft Corporation"
md5="255ca546f8e187c41ebed2aabbeee07c" ver="1.00.0501"
sz="748352" is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="3820"
nam="(picasamediadetector.exe)" pub=""
md5="c9099d9036c0a63df5b81656eb865a5c" ver="" sz="151552"
is="0" gfp="">c:\program
files\picasa\picasamediadetector.exe</Process>
<Process ex="1" pid="3764" nam="qttask.exe" pub="Apple
Computer, Inc." md5="76a3a30b58405c2c6d833895253a51a9"
ver="6.5.1" sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</Process>
<Process ex="1" pid="4072" nam="iTunesHelper Module
(ituneshelper.exe)" pub="Apple Computer, Inc."
md5="2e0e2be7bd6614ea4c86b9ece793e31e" ver="4.7.1.30"
sz="278528" is="0" gfp="">c:\program
files\itunes\ituneshelper.exe</Process>
<Process ex="1" pid="2708" nam="AOL Instant Messenger
(aim.exe)" pub="America Online, Inc."
md5="d160472d7a8dbadd35dfe34d525f1cbc" ver="5.9.3702"
sz="67160" is="0" gfp="">c:\program
files\aim\aim.exe</Process>
<Process ex="1" pid="2532" nam="CTF Loader (ctfmon.exe)"
pub="Microsoft Corporation"
md5="24232996a38c0b0cf151c2140ae29fc8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</Process>
<Process ex="1" pid="1636" nam="(googledesktop.exe)"
pub="" md5="cd2a59af4f534799a6f3a98902c00e0e" ver=""
sz="85504" is="0" gfp="">c:\program files\google\google
desktop search\googledesktop.exe</Process>
<Process ex="1" pid="2592" nam="iPodService Module
(ipodservice.exe)" pub="Apple Computer, Inc."
md5="3ac9f355ecce7d6bb8ff184e9b2229a9" ver="4.7.1.30"
sz="327680" is="0" gfp="">c:\program
files\ipod\bin\ipodservice.exe</Process>
<Process ex="1" pid="2792" nam="CleanCache
(cleancache.exe)" pub="ButtUglySoftware"
md5="a9da7d2009b96d27cf52360d4570ff99"
ver="2.14.1742.36048" sz="282624" is="0" gfp="">c:\program
files\cleancache 2.0\cleancache.exe</Process>
<Process ex="1" pid="2284" nam="(googledesktopindex.exe)"
pub="" md5="441924894d48ccefafbbb8caa54728c7" ver=""
sz="431104" is="0" gfp="">c:\program files\google\google
desktop search\googledesktopindex.exe</Process>
<Process ex="1" pid="1628" nam="(googledesktopcrawl.exe)"
pub="" md5="16b084f2619d85f944a14327312f256a" ver=""
sz="73216" is="0" gfp="">c:\program files\google\google
desktop search\googledesktopcrawl.exe</Process>
<Process ex="1" pid="2040" nam="Norton AntiVirus Scanner
Module (navw32.exe)" pub="Symantec Corporation"
md5="6b88177e32f54f9fb1e4a8fae416185f" ver="11.0.6.1"
sz="201856" is="0"
gfp="">c:\progra~1\norton~1\navw32.exe</Process>
<Process ex="1" pid="1756" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="1f652552465f84e09d548b499139fe2e"
ver="1.00.0501" sz="4561736" is="0" gfp="">c:\program
files\microsoft antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="460" nam="AOL (waol.exe)"
pub="America Online, Inc."
md5="4a24d593e1cf46f70cb828c02b1dc567" ver="9.00.001"
sz="259184" is="0" gfp="">c:\program files\america online
9.0a\waol.exe</Process>
<Process ex="1" pid="2460" nam="setupdb (shellmon.exe)"
pub="America Online, Inc."
md5="bc20cbc80073037a52eef7951eab79c9" ver="9.00.001"
sz="38512" is="0" gfp="">c:\program files\america online
9.0a\shellmon.exe</Process>
<Process ex="1" pid="284" nam="AOL TopSpeed(TM)
(aoltpspd.exe)" pub="America Online Inc"
md5="355896ba2d3fa4d93c4e947bff2dd0c2" ver="1, 1, 0, 0"
sz="492752" is="0" gfp="">c:\program files\common
files\aol\aoltpspd.exe</Process>
<Process ex="1" pid="4048" nam="Automatic Updates
(wuauclt.exe)" pub="Microsoft Corporation"
md5="4fe41a819f5a1ff0923f12b34830a6ca" ver="5.4.3790.2182
built by: srv03_rtm(ntvbl04)" sz="113944" is="0"
gfp="">c:\windows\system32\wuauclt.exe</Process>
<Process ex="1" pid="360" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="464528294c858e175e8f82371117e8e1"
ver="1.00.0501" sz="400184" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
remove it. MSs Spyware Removal product didn't catch it. I
tried MSs report tool and it died on me. Tried to send the
a manual report and of course the contact us link went no
where (except for a phojn number). Here's what Norton said:
"The file C:\Documents and Settings\Diane\Local
Settings\Temporary Internet
Files\Content.IE5\2BINATYN\dontwannatry[2].htm is a Adware
threat."
When submitting the report it said: "An error occured
submitting the scan results. Please check you Internet
proxy settings and try again." Yes, it said "you" not your.
Here's the manual scan report if anyone can determine how
to get this to the right people.
- <MSSSRT version="1.0.501" createdate="2/17/2005 4:04:59
AM" os="XP.2600" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\America Online Tray
Icon.lnk" nam="AOL Tray Icon (aoltray.exe)" pub="America
Online, Inc." md5="d3e103e5b79a6e8ba5b58e0a7c21523b"
ver="9.00.001" sz="156784" is="0" gfp="">c:\program
files\america online 9.0a\aoltray.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Microsoft Office.lnk"
nam="Microsoft Office XP component (osa.exe)"
pub="Microsoft Corporation"
md5="5bc65464354a9fd3beaa28e18839734a" ver="10.0.2609"
sz="83360" is="0" gfp="">c:\program files\microsoft
office\office10\osa.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="RemoteControl" dat=""C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"" nam="PowerDVD RC
Service (pdvdserv.exe)" pub="Cyberlink Corp."
md5="915a106a2fb87292cef0ad4f36adf313" ver="5.00.0000"
sz="32768" is="0" gfp="">c:\program
files\cyberlink\powerdvd\pdvdserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SunKistEM" dat="C:\Program Files\eMachines Bay
Reader\shwiconem.exe" nam="None (shwiconem.exe)" pub="Alcor
Micro, Corp." md5="06a6145cddf7db1efbe6280a57880111"
ver="1, 4, 0, 8" sz="135168" is="0" gfp="">c:\program
files\emachines bay reader\shwiconem.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AOL Spyware Protection"
dat=""C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP
Scheduler.exe"" nam="AOLSP Scheduler (aolsp scheduler.exe)"
pub="Unavailable" md5="217697c43bff8d740cfbb9ad87621519"
ver="1, 0, 0, 74" sz="79448" is="0"
gfp="">c:\progra~1\common~1\aol\aolspy~1\aolsp
scheduler.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="HPDJ Taskbar Utility"
dat="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe"
nam="None (hpztsb03.exe)" pub="HP"
md5="ebee1e613e526663a6ea4b52335f1e34" ver="2,40,0,0"
sz="196608" is="0"
gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Pure Networks Port Magic"
dat=""C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run"
nam="Port Magic Application (portaol.exe)" pub="Pure
Networks, Inc." md5="ba99c608a075c44026720d5383f3d75b"
ver="1.2.1393.0" sz="99480" is="0"
gfp="">c:\progra~1\purene~1\portma~1\portaol.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="dla" dat="C:\WINDOWS\system32\dla\tfswctrl.exe"
nam="Direct Access Component (tfswctrl.exe)" pub="VERITAS
Software, Inc." md5="98fcf964dd54996a2005c7a081147313"
ver="1.00.15a" sz="32821" is="0"
gfp="">c:\windows\system32\dla\tfswctrl.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="HP CD-DVD" dat="C:\Program Files\HP
CD-DVD\Umbrella\hpcdtray.exe" nam="HP CD Tray
(hpcdtray.exe)" pub="Hewlett-Packard Company"
md5="e646a8cc7b99885ae27a053c49d67613" ver="1.1" sz="49152"
is="0" gfp="">c:\program files\hp
cd-dvd\umbrella\hpcdtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ccApp" dat=""C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"" nam="Symantec User Session (ccapp.exe)"
pub="Symantec Corporation"
md5="84ec0b55bcbe872f999acdce58e3f67d" ver="103.0.3.8"
sz="58992" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Symantec NetDriver Monitor"
dat="C:\PROGRA~1\SYMNET~1\SNDMon.exe" nam="Symantec
Security Drivers Install Monitor (sndmon.exe)"
pub="Symantec Corporation"
md5="46462b246bcb76450178a7260617cebd" ver="5.4.3.11"
sz="95456" is="0"
gfp="">c:\progra~1\symnet~1\sndmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ISUSPM Startup"
dat="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
-startup" nam="InstallShield Update Service Update Manager
(isuspm.exe)" pub="InstallShield Software Corporation"
md5="b4b4eb2f8849e93fe5fece11e52c5930" ver="3, 10, 100,
1146" sz="221184" is="0"
gfp="">c:\progra~1\common~1\instal~1\update~1\isuspm.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="LifeScape Media Detector" dat="C:\Program
Files\Picasa\PicasaMediaDetector.exe"
nam="(picasamediadetector.exe)" pub=""
md5="c9099d9036c0a63df5b81656eb865a5c" ver="" sz="151552"
is="0" gfp="">c:\program
files\picasa\picasamediadetector.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QuickTime Task" dat=""C:\Program
Files\QuickTime\qttask.exe" -atboottime" nam="qttask.exe"
pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1"
sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="iTunesHelper" dat="C:\Program
Files\iTunes\iTunesHelper.exe" nam="iTunesHelper Module
(ituneshelper.exe)" pub="Apple Computer, Inc."
md5="2e0e2be7bd6614ea4c86b9ece793e31e" ver="4.7.1.30"
sz="278528" is="0" gfp="">c:\program
files\itunes\ituneshelper.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="UserFaultCheck" dat="%systemroot%\system32\dumprep 0
-u" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AIM" dat="C:\Program Files\aim\aim.exe -cnetwait.odl"
nam="AOL Instant Messenger (aim.exe)" pub="America Online,
Inc." md5="d160472d7a8dbadd35dfe34d525f1cbc" ver="5.9.3702"
sz="67160" is="0" gfp="">c:\program
files\aim\aim.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ctfmon.exe" dat="C:\WINDOWS\system32\ctfmon.exe"
nam="CTF Loader (ctfmon.exe)" pub="Microsoft Corporation"
md5="24232996a38c0b0cf151c2140ae29fc8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Google Desktop Search" dat=""C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe"
/startup" nam="(googledesktop.exe)" pub=""
md5="cd2a59af4f534799a6f3a98902c00e0e" ver="" sz="85504"
is="0" gfp="">c:\program files\google\google desktop
search\googledesktop.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2900.2180">
- <BrowserHelperObjects>
<BHO ex="1"
clsid="{02478D38-C3F9-4efb-9B51-7695ECA05670}"
prog="YBIOCtrl.CompanionBHO.4" val="Yahoo! Companion BHO"
nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_5_0.dll)" pub="Yahoo! Inc."
md5="fb4c0b82155dea703821a3aac37b813e" ver="2004, 7, 19, 1"
sz="292947" is="0" gfp="">c:\program
files\yahoo!\companion\installs\cpn\ycomp5_5_5_0.dll</BHO>
<BHO ex="1"
clsid="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"
prog="AcroIEHelper.AcroIEHlprObj.1" val="AcroIEHlprObj
Class" nam="Adobe Acrobat IE Helper Version 6.0 for
ActivieX (acroiehelper.dll)" pub="Adobe Systems
Incorporated" md5="fc7850324464e4d19a24a03d882b5cc4"
ver="6.0.1.2003110300" sz="54248" is="0" gfp="">c:\program
files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll</BHO>
<BHO ex="1"
clsid="{53707962-6F74-2D53-2644-206D7942484F}" prog=""
val="" nam="Bad download blocker (sdhelper.dll)" pub="Safer
Networking Limited" md5="abf5ba518c6a5ed104496ff42d19ad88"
ver="1, 3, 0, 12" sz="744960" is="0"
gfp="">c:\progra~1\spybot~1\sdhelper.dll</BHO>
<BHO ex="0"
clsid="{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}" prog=""
val="PCTools Site Guard" nam="" pub="" md5="" ver="" sz=""
is="0" gfp="" />
<BHO ex="1"
clsid="{7c1ce531-09e9-4fc5-9803-1c2956615786}"
prog="GoogleDesktop.IeBho.1" val="IeCaptureBho Object"
nam="(googledesktopie.dll)" pub=""
md5="54115db4df1d0aeb4ccc2fe892e51744" ver="" sz="61952"
is="0" gfp="">c:\program files\google\google desktop
search\googledesktopie.dll</BHO>
<BHO ex="1"
clsid="{AA58ED58-01DD-4d91-8333-CF10577473F7}" prog=""
val="Google Toolbar Helper" nam="Google IE Client Toolbar
(googletoolbar2.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar2.dll</BHO>
<BHO ex="1"
clsid="{BDF3E430-B101-42AD-A544-FADC6B084872}"
prog="Navbho.CNavExtBho.1" val="CNavExtBho Class"
nam="Norton AntiVirusNAVShellExt Module (navshext.dll)"
pub="Symantec Corporation"
md5="0694ef9849a5397e38422d9e5e9216a3" ver="11.0.6.1"
sz="218240" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1"
clsid="{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
prog="ToolbarAOLToolbar.1" val="AOL Toolbar" nam="IE
Toolbar (toolbar.dll)" pub="IE Toolbar"
md5="924eae29d7e0db93f26e0fc53733a160" ver="1, 0, 0, 4"
sz="390256" is="0" gfp="">c:\program files\aol
toolbar\toolbar.dll</IEToolbar>
<IEToolbar ex="1"
clsid="{40D41A8B-D79B-43d7-99A7-9EE0F344C385}"
prog="DKIBand.DKIBandObj.1" val="AIM Search" nam="AIM
Search Toolbar (aimbar.dll)" pub="America Online, Inc"
md5="9bc0b8e6dd2fdb3a6b1c4301e8482f8f" ver="2004.00.003"
sz="172032" is="0" gfp="">c:\program files\aim
toolbar\aimbar.dll</IEToolbar>
<IEToolbar ex="1"
clsid="{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo! Companion"
nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_5_0.dll)" pub="Yahoo! Inc."
md5="fb4c0b82155dea703821a3aac37b813e" ver="2004, 7, 19, 1"
sz="292947" is="0" gfp="">c:\program
files\yahoo!\companion\installs\cpn\ycomp5_5_5_0.dll</IEToolbar>
<IEToolbar ex="1"
clsid="{2318C2B1-4965-11d4-9B18-009027A5CD4F}" prog=""
val="&Google" nam="Google IE Client Toolbar
(googletoolbar2.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar2.dll</IEToolbar>
<IEToolbar ex="1"
clsid="{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="0694ef9849a5397e38422d9e5e9216a3" ver="11.0.6.1"
sz="218240" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1"
clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}" prog=""
val="&Tip of the Day" nam="Shell Doc Object and Control
Library (shdocvw.dll)" pub="Microsoft Corporation"
md5="68346bc7fa4ccd81248a2c7d728644a4" ver="6.00.2900.2573
(xpsp_sp2_gdr.041130-1729)" sz="1483264" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="1"
clsid="{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}" prog=""
val="Real.com" nam="Shell Doc Object and Control Library
(shdocvw.dll)" pub="Microsoft Corporation"
md5="68346bc7fa4ccd81248a2c7d728644a4" ver="6.00.2900.2573
(xpsp_sp2_gdr.041130-1729)" sz="1483264" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1"
clsid="{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="0694ef9849a5397e38422d9e5e9216a3" ver="11.0.6.1"
sz="218240" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEShellBrowser ex="1"
clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Address" nam="Shell Browser UI Library
(browseui.dll)" pub="Microsoft Corporation"
md5="691b1420ada790e9cda5356ee752f3a3" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="1016832" is="0"
gfp="">c:\windows\system32\browseui.dll</IEShellBrowser>
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1"
clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Address" nam="Shell Browser UI Library
(browseui.dll)" pub="Microsoft Corporation"
md5="691b1420ada790e9cda5356ee752f3a3" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="1016832" is="0"
gfp="">c:\windows\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1"
clsid="{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
prog="ToolbarAOLToolbar.1" val="AOL Toolbar" nam="IE
Toolbar (toolbar.dll)" pub="IE Toolbar"
md5="924eae29d7e0db93f26e0fc53733a160" ver="1, 0, 0, 4"
sz="390256" is="0" gfp="">c:\program files\aol
toolbar\toolbar.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1"
clsid="{2318C2B1-4965-11D4-9B18-009027A5CD4F}" prog=""
val="&Google" nam="Google IE Client Toolbar
(googletoolbar2.dll)" pub="Google Inc."
md5="d4e9b7b696e8c40a0e5cb76621a03ee4" ver="2, 0, 114, 9"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar2.dll</IEWebBrowser>
<IEWebBrowser ex="1"
clsid="{40D41A8B-D79B-43D7-99A7-9EE0F344C385}"
prog="DKIBand.DKIBandObj.1" val="AIM Search" nam="AIM
Search Toolbar (aimbar.dll)" pub="America Online, Inc"
md5="9bc0b8e6dd2fdb3a6b1c4301e8482f8f" ver="2004.00.003"
sz="172032" is="0" gfp="">c:\program files\aim
toolbar\aimbar.dll</IEWebBrowser>
<IEWebBrowser ex="1"
clsid="{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo! Companion"
nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_5_0.dll)" pub="Yahoo! Inc."
md5="fb4c0b82155dea703821a3aac37b813e" ver="2004, 7, 19, 1"
sz="292947" is="0" gfp="">c:\program
files\yahoo!\companion\installs\cpn\ycomp5_5_5_0.dll</IEWebBrowser>
<IEWebBrowser ex="1"
clsid="{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="0694ef9849a5397e38422d9e5e9216a3" ver="11.0.6.1"
sz="218240" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</IEWebBrowser>
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&AIM Search">res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm</IEMenuExt>
<IEMenuExt val="&AOL Toolbar search">res://C:\Program
Files\AOL Toolbar\toolbar.dll/SEARCH.HTML</IEMenuExt>
<IEMenuExt val="&Google Search">res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html</IEMenuExt>
<IEMenuExt val="Backward Links">res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html</IEMenuExt>
<IEMenuExt val="Cached Snapshot of Page">res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html</IEMenuExt>
<IEMenuExt val="E&xport to Microsoft
Excel">res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000</IEMenuExt>
<IEMenuExt val="Similar Pages">res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html</IEMenuExt>
<IEMenuExt val="Translate into English">res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="0"
clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">http://my.yahoo.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search Page" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search
Bar">http://channels.aimtoday.com/search/aimtoolbar.jsp</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start
Page">http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Page">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.emachines.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">%SystemRoot%\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust..htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http://channels.aimtoday.com/search/aimtoolbar.jsp</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1"
clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}" prog=""
val="URL Exec Hook" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">C:\WINDOWS\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1"
clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand
val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\System32\mshta.exe
"%1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE"
-c IPM.Note /m "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe"
-nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
-url "%1"</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall
clsid="{02BCC737-B171-4746-94C9-0D8A0B2C0089}"
prog="Office.awsdc.1" nam="Microsoft Office Template and
Media Control"
codebase="http://office.microsoft.com/templates/ieawsdc.cab">
- <Files>
<File ex="1" nam="IEAWSDC.DLL" pub="Unavailable"
md5="4a693868d8fa24258fe3800d94d7629e" ver="Unavailable"
sz="87240" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\IEAWSDC.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{166B1BCA-3F9C-11CF-8075-444553540000}"
prog="SWCtl.SWCtl.8.5.1" nam="Shockwave ActiveX Control"
codebase="http://active.macromedia.com/director/cabs/sw.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall
clsid="{17492023-C23A-453E-A040-C7C580BBF700}"
prog="LegitCheckControl.LegitCheck.1" nam="Windows Genuine
Advantage Validation Tool"
codebase="http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)"
pub="Microsoft" md5="0244da7bc93595d90e801f9caa338c2f"
ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="40fc24cef49eaf0ebc7c51c67f89a952" ver="1.0.0058.6"
sz="346888" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}"
prog="WindowsSecurityAdvisor.WindowsSecurityAdvisor.1"
nam="MSSecurityAdvisor Class"
codebase="http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1097893716984">
- <Files>
<File ex="1" nam="Windows Security Advisor
(mssecadv.dll)" pub="Microsoft Corporation"
md5="df203de80e2e1c9d38492b590b00bb1d" ver="5.4.3790.14
built by: lab04_n" sz="36960" is="0"
gfp="">C:\WINDOWS\System32\mssecadv.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}"
prog="OPUCatalog.OPUCatalog11.1" nam="Office Update
Installation Engine"
codebase="http://office.microsoft.com/officeupdate/content/opuc.cab">
- <Files>
<File ex="1" nam="Microsoft Office Update Detection
Engine (opuc.dll)" pub="Microsoft Corporation"
md5="1e32ec4a8a17b19926b49ea5f6b79a76" ver="11.0.5626"
sz="314368" is="0" gfp="">C:\WINDOWS\opuc.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}"
prog="QDiagAOLCCUpdateObj.QDiagAOLCCUpdateObj.1"
nam="QDiagAOLCCUpdateObj Class"
codebase="http://aolcc.aol.com/computercheckup/qdiagcc.cab">
- <Files>
<File ex="1" nam="(DAntivirus.cfg)" pub=""
md5="2a04a98a0bca57220765ea874ac5d8b2" ver="" sz="19033"
is="0" gfp="">C:\WINDOWS\system32\DAntivirus.cfg</File>
<File ex="1" nam="(DView.cfg)" pub=""
md5="9e3527a2da5413fbaaca929e29f662b8" ver="" sz="36904"
is="0" gfp="">C:\WINDOWS\system32\DView.cfg</File>
<File ex="1" nam="(DProg.ini)" pub=""
md5="b6c5fdb21ac468c7c723055aa777d0f9" ver="" sz="4955"
is="0" gfp="">C:\WINDOWS\system32\DProg.ini</File>
<File ex="1" nam="DLPT Service (DLPT.sys)" pub="Gteko
Ltd." md5="bb3efed6d60db120c8ab22d94300575b" ver="1, 0, 0,
10" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\DLPT.sys</File>
<File ex="1" nam="(DDMI.VXD)" pub=""
md5="c76d66d1c6c4ac280b3ceb30b80b8abe" ver="" sz="9833"
is="0" gfp="">C:\WINDOWS\system32\DDMI.VXD</File>
<File ex="1" nam="(DLPT.VXD)" pub=""
md5="c499dd1c5270c88c9e64645a901b0247" ver="" sz="9321"
is="0" gfp="">C:\WINDOWS\system32\DLPT.VXD</File>
<File ex="1" nam="DDMI Service (DDMI2.sys)" pub="Gteko
Ltd." md5="8edd7b9e4a4b4c16e2dab9188caa861b" ver="1, 0, 0,
7" sz="6977" is="0"
gfp="">C:\WINDOWS\system32\DDMI2.sys</File>
<File ex="1" nam="QDiag Module (qdiagcc.ocx)" pub="Gteko
Ltd." md5="a2d58c24cf9d7176ebed6a4339c52843" ver="1, 0, 1,
374" sz="1355776" is="0"
gfp="">C:\WINDOWS\system32\qdiagcc.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{6632A7E9-FE1F-43D2-A04A-A15951ED63E0}" prog=""
nam=""
codebase="http://mediaplayer.walmart.com/installer/install.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall
clsid="{8AD9C840-044E-11D1-B3E9-00805F499D93}" prog=""
nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall
clsid="{A8658086-E6AC-4957-BC8E-8D54A7E8A790}"
prog="GDIChk.FileChk.0" nam="GDIChk Object"
codebase="http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB">
- <Files>
<File ex="1" nam="Microsoft GDI+ Detection Tool.
(GDIChk.dll)" pub="Microsoft Corporation"
md5="56af5ff66a5f8f927411b59b66107c84" ver="1.0.0.0"
sz="65272" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\GDIChk.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall
clsid="{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}" prog=""
nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall
clsid="{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}"
prog="PopCapLoader.PopCapLoaderCtrl2.1" nam="PopCapLoader
Object"
codebase="http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab">
- <Files>
<File ex="1" nam="PopCapLoader Module (popcaploader.dll)"
pub="PopCap Games" md5="57f868a52b9d4153658dc0db5062e536"
ver="1, 0, 0, 6" sz="126976" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\popcaploader.dll</File>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1"
filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft
..NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4"
ver="1.1.4322.2032" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" prog=""
filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)" sz="607744"
is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="deflate"
val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)" sz="607744"
is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog=""
filter="lzdhtml"
val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)" sz="607744"
is="0" gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1"
clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" prog=""
filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1"
clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" prog=""
filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
prog="CDO.KnowledgePluggable.1" filter="cdo"
val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}" nam="Microsoft
SharePoint Portal Server Object Model (pkmcdo.dll)"
pub="Microsoft Corporation"
md5="623d03d48a2da1bc03764d6d7fc88542" ver="10.145.7329.0"
sz="868352" is="0" gfp="">c:\program files\common
files\microsoft shared\web
folders\pkmcdo.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" prog=""
filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
nam="ActiveX control for streaming video (msvidctl.dll)"
pub="Microsoft Corporation"
md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="gopher"
val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)" sz="607744"
is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="a00b287bb6f78bdd3589b7e75a86a6fa"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="javascript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="mailto"
val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" prog=""
filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
nam="Microsoft Internet Messaging API (inetcomm.dll)"
pub="Microsoft Corporation"
md5="ad83a2a04f68db2dff500c30536fcd6b" ver="6.00.2900.2527
(xpsp_sp2_gdr.040919-1056)" sz="679424" is="0"
gfp="">c:\windows\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" prog=""
filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)"
pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="a00b287bb6f78bdd3589b7e75a86a6fa"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{0A9007C0-4076-11D3-8789-0000F8105754}"
prog="Microsoft.ITSS.URLProtocol" filter="ms-itss"
val="{0A9007C0-4076-11D3-8789-0000F8105754}" nam="Microsoft
InfoTech Storage System Library (msitss.dll)"
pub="Microsoft Corporation"
md5="10dccc0270637294a0a148e2a6720490" ver="05.02.9336.01"
sz="520117" is="0" gfp="">c:\program files\common
files\microsoft shared\information
retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3D9F03FA-7A94-11D3-BE81-0050048385D1}" prog=""
filter="mso-offdap"
val="{3D9F03FA-7A94-11D3-BE81-0050048385D1}" nam="Microsoft
Office XP Web Components (owc10.dll)" pub="Microsoft
Corporation" md5="9211fe0255a62db0a51c94acfcf5670b"
ver="10.0.6619" sz="7334592" is="0"
gfp="">c:\progra~1\common~1\micros~1\webcom~1\10\owc10.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft
Corporation" md5="fae3ca9b2459581c45b3a8845be3077c"
ver="6.00.2900.2604 (xpsp_sp2_gdr.041130-1729)"
sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{76E67A63-06E9-11D2-A840-006008059382}" prog=""
filter="sysimage"
val="{76E67A63-06E9-11D2-A840-006008059382}" nam="Microsoft
(R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" prog=""
filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
nam="ActiveX control for streaming video (msvidctl.dll)"
pub="Microsoft Corporation"
md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog=""
filter="vbscript"
val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft
(R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1"
clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA
Scripting Layer (wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" namespace="mk" namespacefilter="NameSpace
Filter for MK
MSITStore:..."val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft
InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="a00b287bb6f78bdd3589b7e75a86a6fa"
ver="5.2.3790.1221 (dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater
val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">1835</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1"
clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog=""
val="CDBurn" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog=""
val="WebCheck" nam="Web Site Monitor (webcheck.dll)"
pub="Microsoft Corporation"
md5="6501db5182d5a8c0f1f1707286161d66" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="276480" is="0"
gfp="">c:\windows\system32\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog=""
val="SysTray" nam="Systray shell service object
(stobject.dll)" pub="Microsoft Corporation"
md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway Service"
desc="Provides support for 3rd party protocol plug-ins for
Internet Connection Sharing and the Windows Firewall."
nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="AOL Connectivity Service" desc=""
nam="AOL Connectivity Service (AOLacsd.exe)" pub="America
Online, Inc." md5="8fa646f0e639d9a8c8b98e217d471dc0"
ver="2.0.20.1.US.1" sz="1135728" is="0"
gfp="">C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe</Service>
<Service ex="1" disp="AOL Spyware Protection Service"
desc="Removes spyware found by ASP that cannot be removed
without a reboot." nam="(aolserv.exe)" pub=""
md5="78e3b3fda2c1f721bc74364952ab902a" ver="" sz="184373"
is="0"
gfp="">C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\aolserv.exe</Service>
<Service ex="1" disp="ASP.NET State Service"
desc="Provides support for out-of-process session states
for ASP.NET. If this service is stopped, out-of-process
requests will not be processed. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="aspnet_state.exe (aspnet_state.exe)"
pub="Microsoft Corporation"
md5="e1a1206a4fb19b675e947b29ccd25fba" ver="1.1.4322.2032"
sz="32768" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe</Service>
<Service ex="1" disp="Symantec Event Manager"
desc="Symantec Event Manager" nam="Symantec Event Manager
Service (ccEvtMgr.exe)" pub="Symantec Corporation"
md5="69637eb41f3467dda6ccceba7c320e0a" ver="103.0.3.8"
sz="198256" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe</Service>
<Service ex="1" disp="Symantec Password Validation"
desc="Symantec Password Validation Service" nam="Symantec
Password Validation (ccPwdSvc.exe)" pub="Symantec
Corporation" md5="c007b1b36c4803a735b30b5af86d268c"
ver="103.0.3.8" sz="79472" is="0" gfp="">C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe</Service>
<Service ex="1" disp="Symantec Settings Manager"
desc="Symantec Settings Manager" nam="Symantec Settings
Manager Service (ccSetMgr.exe)" pub="Symantec Corporation"
md5="bb98479c3135c05291d54debd7b310d5" ver="103.0.3.8"
sz="165488" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes
contents and properties of files on local and remote
computers; provides rapid access to files through flexible
querying language." nam="Content Index service (cisvc.exe)"
pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook
Viewer to store information and share it with remote
computers. If the service is stopped, ClipBook Viewer will
not be able to share information with remote computers. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="Windows NT DDE
Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application"
desc="Manages the configuration and tracking of Component
Object Model (COM)+-based components. If the service is
stopped, most COM+-based components will not function
properly. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Logical Disk Manager Administrative
Service" desc="Configures hard disk drives and volumes. The
service only runs for configuration processes and then
stops." nam="Logical Disk Manager service process
(dmadmin.exe)" pub="Microsoft Corp., Veritas Software"
md5="554c7cb178fe3bd12450b81ad63adbc3"
ver="2600.2180.503.0" sz="224768" is="0"
gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event log
messages issued by Windows-based programs and components to
be viewed in Event Viewer. This service cannot be stopped."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service"
desc="Manages CD recording using Image Mastering
Applications Programming Interface (IMAPI). If this service
is stopped, this computer will be unable to record CDs. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="Image Mastering API
(imapi.exe)" pub="Microsoft Corporation"
md5="fa788520bcac0f5d9d5cde5615c0d931" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="150016" is="0"
gfp="">C:\WINDOWS\System32\imapi.exe</Service>
<Service ex="1" disp="iPod Service" desc="iPod hardware
management services" nam="iPodService Module
(iPodService.exe)" pub="Apple Computer, Inc."
md5="3ac9f355ecce7d6bb8ff184e9b2229a9" ver="4.7.1.30"
sz="327680" is="0" gfp="">C:\Program
Files\iPod\bin\iPodService.exe</Service>
<Service ex="1" disp="Machine Debug Manager"
desc="Supports local and remote debugging for Visual Studio
and script debuggers. If this service is stopped, the
debuggers will not function properly." nam="Machine Debug
Manager (mdm.exe)" pub="Microsoft Corporation"
md5="11f714f85530a2bd134074dc30e99fca" ver="7.00.9466"
sz="322120" is="0" gfp="">C:\Program Files\Common
Files\Microsoft Shared\VS7Debug\mdm.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Enables an authorized user to access this computer
remotely by using NetMeeting over a corporate intranet. If
this service is stopped, remote desktop sharing will be
unavailable. If this service is disabled, any services that
explicitly depend on it will fail to start."
nam="NetMeeting Remote Desktop Sharing (mnmsrvc.exe)"
pub="Microsoft Corporation"
md5="f6415361201915b9fe3896b0e4e724ff" ver="5.1.2600.2180"
sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that span
multiple resource managers, such as databases, message
queues, and file systems. If this service is stopped, these
transactions will not occur. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="c7c3d89eb0a6f3dba622ea737fa335b1"
ver="2001.12.4414.258" sz="6144" is="0"
gfp="">C:\WINDOWS\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds,
modifies, and removes applications provided as a Windows
Installer (*.msi) package. If this service is disabled, any
services that explicitly depend on it will fail to start."
nam="Windows installer (msiexec.exe)" pub="Microsoft
Corporation" md5="4236ae241f193f58adab141ceccfd5f4"
ver="3.0.3790.2180" sz="77312" is="0"
gfp="">C:\WINDOWS\System32\msiexec.exe</Service>
<Service ex="1" disp="Norton AntiVirus Auto-Protect
Service" desc="Handles Norton AntiVirus Auto-Protect
events." nam="Norton AntiVirus Auto-Protect Service
(navapsvc.exe)" pub="Symantec Corporation"
md5="3b20d6bfd76ca45454c2ee51c6096172" ver="11.0.6.1"
sz="176768" is="0" gfp="">C:\Program Files\Norton
AntiVirus\navapsvc.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides network
transport and security for Dynamic Data Exchange (DDE) for
programs running on the same computer or on different
computers. If this service is stopped, DDE transport and
security will be unavailable. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
Dynamic Data Exchange (DDE) network shares. If this service
is stopped, DDE network shares will be unavailable. If this
service is disabled, any services that explicitly depend on
it will fail to start." nam="Network DDE - DDE
Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports
pass-through authentication of account logon events for
computers in a domain." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Norton AntiVirus Firewall Monitor
Service" desc="Detects installation of Symantec Firewall
clients" nam="Norton AntiVirus Firewall Install Monitor
(NPFMntor.exe)" pub="Symantec Corporation"
md5="1a6f1d5f7d05ea5cb3750270bccfd5c5" ver="11.0.6.1"
sz="46208" is="0" gfp="">C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a
computer to recognize and adapt to hardware changes with
little or no user input. Stopping or disabling this service
will result in system instability." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP
security policy and starts the ISAKMP/Oakley (IKE) and the
IP security driver." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private keys,
to prevent access by unauthorized services, processes, or
users." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session
Manager" desc="Manages and controls Remote Assistance. If
this service is stopped, Remote Assistance will be
unavailable. Before stopping this service, see the
Dependencies tab of the Properties dialog box."
nam="Microsoft Remote Desktop Help Session Manager
(sessmgr.exe)" pub="Microsoft Corporation"
md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="140800" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft Corporation"
md5="793f04a09b15e7c6c11dbdffaf06c0ab" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75264" is="0"
gfp="">C:\WINDOWS\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality for
QoS-aware programs and control applets." nam="Microsoft
RSVP (rsvp.exe)" pub="Microsoft Corporation"
md5="471b3f9741d762abe75e9deea4787e47" ver="5.1.2600.0
(xpclient.010817-1148)" sz="132608" is="0"
gfp="">C:\WINDOWS\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user accounts."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="SAVScan" desc="Handles Norton
AntiVirus Auto-Protect Archive Scanning" nam="AutoProtect
(SAVScan.exe)" pub="Symantec Corporation"
md5="cf3235d1d5bc8f1e7bef28fc0bdbcdc9" ver="9.4.0.53"
sz="197864" is="0" gfp="">C:\Program Files\Norton
AntiVirus\SAVScan.exe</Service>
<Service ex="1" disp="ScriptBlocking Service" desc=""
nam="Norton AntiVirus ScripBlocking Service (SBServ.exe)"
pub="Symantec Corporation"
md5="c5bdcf8edb8935350e23f104dac59b33" ver="11.0.6.1"
sz="66688" is="0"
gfp="">C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access to
smart cards read by this computer. If this service is
stopped, this computer will be unable to read smart cards.
If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft
Corporation" md5="25d8de134df108e3dbc8d7d23b1aa58e"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="95744"
is="0" gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Symantec Network Drivers Service"
desc="Symantec Network Drivers Service" nam="Network Driver
Service (SNDSrvc.exe)" pub="Symantec Corporation"
md5="62a1a3da43a806c6a43537f262619f30" ver="5.4.3.11"
sz="206048" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe</Service>
<Service ex="1" disp="SNMP Service" desc="Includes agents
that monitor the activity in network devices and report to
the network console workstation." nam="SNMP Service
(snmp.exe)" pub="Microsoft Corporation"
md5="d923bf27723e28e3c121b77f52db4bce" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\snmp.exe</Service>
<Service ex="1" disp="SNMP Trap Service" desc="Receives
trap messages generated by local or remote SNMP agents and
forwards the messages to SNMP management programs running
on this computer." nam="SNMP Trap Service (snmptrap.exe)"
pub="Microsoft Corporation"
md5="6f591dbefd11f7697042907b516f1212" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="8704" is="0"
gfp="">C:\WINDOWS\System32\snmptrap.exe</Service>
<Service ex="1" disp="Symantec SPBBCSvc" desc="Symantec
SPBBC" nam="SPBBC Service (SPBBCSvc.exe)" pub="Symantec
Corporation" md5="08fa56b7c13b4cbf0e5d351aecad92b1"
ver="1,0,1,47" sz="173160" is="0" gfp="">C:\Program
Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files to
memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Manages software-based volume shadow copies taken by
the Volume Shadow Copy service. If this service is stopped,
software-based volume shadow copies cannot be managed. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="COM Surrogate
(dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Symantec Core LC" desc="Symantec
Core LC" nam="Symantec Core Component (symlcsvc.exe)"
pub="Symantec Corporation"
md5="b6bf7dd619d045d0f999310882551b7d" ver="1, 8, 54, 534"
sz="822424" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe</Service>
<Service ex="1" disp="SymWMI Service" desc="Symantec WMI
Service" nam="Norton Security Center Service (SymWSC.exe)"
pub="Symantec Corporation"
md5="67c5af84809468061121fbcbecb19285" ver="2005.1.2.20"
sz="316544" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\Security Center\SymWSC.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Collects performance data from local or remote
computers based on preconfigured schedule parameters, then
writes the data to a log or triggers an alert. If this
service is stopped, performance information will not be
collected. If this service is disabled, any services that
explicitly depend on it will fail to start."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="8b54aa346d1b1b113ffaa75501b8b1b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Windows User Mode Driver Framework"
desc="Enables Windows user mode drivers." nam="Windows User
Mode Driver Manager (wdfmgr.exe)" pub="Microsoft
Corporation" md5="c81b8635dee0d3ef5f64b3dd643023a5"
ver="5.2.3790.1230 built by: DNSRV(bld4act)" sz="38912"
is="0" gfp="">C:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages
and implements Volume Shadow Copies used for backup and
other purposes. If this service is stopped, shadow copies
will be unavailable for backup and the backup may fail. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="Microsoft Volume
Shadow Copy Service (vssvc.exe)" pub="Microsoft
Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="289792"
is="0" gfp="">C:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC)"
desc="Serves shared multimedia content to Universal Plug
and Play devices" nam="Windows Media Connect
(mswmccds.exe)" pub="Microsoft Corporation"
md5="20263dafd033d30f151bb87568386769" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="483328" is="0"
gfp="">c:\program files\windows media
connect\mswmccds.exe</Service>
<Service ex="1" disp="Windows Media Connect (WMC) Helper"
desc="Monitors the network for new UPnP Media Renderer
devices." nam="Windows Media Connect (mswmcls.exe)"
pub="Microsoft Corporation"
md5="1dd015a69235dcfae18b5f98fb50be23" ver="5.1.2600.1
built by: DNSRV(bld4act)" sz="28160" is="0"
gfp="">C:\Program Files\Windows Media
Connect\mswmcls.exe</Service>
<Service ex="1" disp="WMI Performance Adapter"
desc="Provides performance library information from WMI
HiPerf providers." nam="WMI Performance Adapter Service
(wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="432" nam="Windows NT Session Manager
(smss.exe)" pub="Microsoft Corporation"
md5="bd7fb0957c716f1a60333aee04de2178" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="480" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="f12b178b1678d778cfd3ff1fc38c71fb" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\csrss.exe</Process>
<Process ex="1" pid="504" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="01c3346c241652f43aed8e2149881bfe" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="548" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="560" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="772" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="816" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="884" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="964" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1036" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1124" nam="Symantec Settings Manager
Service (ccsetmgr.exe)" pub="Symantec Corporation"
md5="bb98479c3135c05291d54debd7b310d5" ver="103.0.3.8"
sz="165488" is="0" gfp="">c:\program files\common
files\symantec shared\ccsetmgr.exe</Process>
<Process ex="1" pid="1140" nam="Network Driver Service
(sndsrvc.exe)" pub="Symantec Corporation"
md5="62a1a3da43a806c6a43537f262619f30" ver="5.4.3.11"
sz="206048" is="0" gfp="">c:\program files\common
files\symantec shared\sndsrvc.exe</Process>
<Process ex="1" pid="1156" nam="SPBBC Service
(spbbcsvc.exe)" pub="Symantec Corporation"
md5="08fa56b7c13b4cbf0e5d351aecad92b1" ver="1,0,1,47"
sz="173160" is="0" gfp="">c:\program files\common
files\symantec shared\spbbc\spbbcsvc.exe</Process>
<Process ex="1" pid="1200" nam="Symantec Event Manager
Service (ccevtmgr.exe)" pub="Symantec Corporation"
md5="69637eb41f3467dda6ccceba7c320e0a" ver="103.0.3.8"
sz="198256" is="0" gfp="">c:\program files\common
files\symantec shared\ccevtmgr.exe</Process>
<Process ex="1" pid="1588" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="1700" nam="AOL Connectivity Service
(aolacsd.exe)" pub="America Online, Inc."
md5="8fa646f0e639d9a8c8b98e217d471dc0" ver="2.0.20.1.US.1"
sz="1135728" is="0"
gfp="">c:\progra~1\common~1\aol\acs\aolacsd.exe</Process>
<Process ex="1" pid="1744" nam="Machine Debug Manager
(mdm.exe)" pub="Microsoft Corporation"
md5="11f714f85530a2bd134074dc30e99fca" ver="7.00.9466"
sz="322120" is="0" gfp="">c:\program files\common
files\microsoft shared\vs7debug\mdm.exe</Process>
<Process ex="1" pid="1772" nam="Norton AntiVirus
Auto-Protect Service (navapsvc.exe)" pub="Symantec
Corporation" md5="3b20d6bfd76ca45454c2ee51c6096172"
ver="11.0.6.1" sz="176768" is="0" gfp="">c:\program
files\norton antivirus\navapsvc.exe</Process>
<Process ex="1" pid="1848" nam="Norton AntiVirus Firewall
Install Monitor (npfmntor.exe)" pub="Symantec Corporation"
md5="1a6f1d5f7d05ea5cb3750270bccfd5c5" ver="11.0.6.1"
sz="46208" is="0" gfp="">c:\program files\norton
antivirus\iwp\npfmntor.exe</Process>
<Process ex="1" pid="1948" nam="SNMP Service (snmp.exe)"
pub="Microsoft Corporation"
md5="d923bf27723e28e3c121b77f52db4bce" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="32768" is="0"
gfp="">c:\windows\system32\snmp.exe</Process>
<Process ex="1" pid="1992" nam="Symantec Core Component
(symlcsvc.exe)" pub="Symantec Corporation"
md5="b6bf7dd619d045d0f999310882551b7d" ver="1, 8, 54, 534"
sz="822424" is="0" gfp="">c:\program files\common
files\symantec shared\ccpd-lc\symlcsvc.exe</Process>
<Process ex="1" pid="2028" nam="Windows User Mode Driver
Manager (wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Process>
<Process ex="1" pid="864" nam="AutoProtect (savscan.exe)"
pub="Symantec Corporation"
md5="cf3235d1d5bc8f1e7bef28fc0bdbcdc9" ver="9.4.0.53"
sz="197864" is="0" gfp="">c:\program files\norton
antivirus\savscan.exe</Process>
<Process ex="1" pid="1092" nam="Application Layer Gateway
Service (alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\system32\alg.exe</Process>
<Process ex="1" pid="2004" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="3632" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="a0732187050030ae399b241436565e64" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="920" nam="PowerDVD RC Service
(pdvdserv.exe)" pub="Cyberlink Corp."
md5="915a106a2fb87292cef0ad4f36adf313" ver="5.00.0000"
sz="32768" is="0" gfp="">c:\program
files\cyberlink\powerdvd\pdvdserv.exe</Process>
<Process ex="1" pid="3680" nam="None (shwiconem.exe)"
pub="Alcor Micro, Corp."
md5="06a6145cddf7db1efbe6280a57880111" ver="1, 4, 0, 8"
sz="135168" is="0" gfp="">c:\program files\emachines bay
reader\shwiconem.exe</Process>
<Process ex="1" pid="240" nam="AOLSP Scheduler (aolsp
scheduler.exe)" pub="Unavailable"
md5="217697c43bff8d740cfbb9ad87621519" ver="1, 0, 0, 74"
sz="79448" is="0"
gfp="">c:\progra~1\common~1\aol\aolspy~1\aolsp
scheduler.exe</Process>
<Process ex="1" pid="2964" nam="None (hpztsb03.exe)"
pub="HP" md5="ebee1e613e526663a6ea4b52335f1e34"
ver="2,40,0,0" sz="196608" is="0"
gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe</Process>
<Process ex="1" pid="1032" nam="Direct Access Component
(tfswctrl.exe)" pub="VERITAS Software, Inc."
md5="98fcf964dd54996a2005c7a081147313" ver="1.00.15a"
sz="32821" is="0"
gfp="">c:\windows\system32\dla\tfswctrl.exe</Process>
<Process ex="1" pid="2220" nam="HP CD Tray
(hpcdtray.exe)" pub="Hewlett-Packard Company"
md5="e646a8cc7b99885ae27a053c49d67613" ver="1.1" sz="49152"
is="0" gfp="">c:\program files\hp
cd-dvd\umbrella\hpcdtray.exe</Process>
<Process ex="1" pid="3288" nam="Symantec User Session
(ccapp.exe)" pub="Symantec Corporation"
md5="84ec0b55bcbe872f999acdce58e3f67d" ver="103.0.3.8"
sz="58992" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</Process>
<Process ex="1" pid="2620" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="2584" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft Corporation"
md5="255ca546f8e187c41ebed2aabbeee07c" ver="1.00.0501"
sz="748352" is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="3820"
nam="(picasamediadetector.exe)" pub=""
md5="c9099d9036c0a63df5b81656eb865a5c" ver="" sz="151552"
is="0" gfp="">c:\program
files\picasa\picasamediadetector.exe</Process>
<Process ex="1" pid="3764" nam="qttask.exe" pub="Apple
Computer, Inc." md5="76a3a30b58405c2c6d833895253a51a9"
ver="6.5.1" sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</Process>
<Process ex="1" pid="4072" nam="iTunesHelper Module
(ituneshelper.exe)" pub="Apple Computer, Inc."
md5="2e0e2be7bd6614ea4c86b9ece793e31e" ver="4.7.1.30"
sz="278528" is="0" gfp="">c:\program
files\itunes\ituneshelper.exe</Process>
<Process ex="1" pid="2708" nam="AOL Instant Messenger
(aim.exe)" pub="America Online, Inc."
md5="d160472d7a8dbadd35dfe34d525f1cbc" ver="5.9.3702"
sz="67160" is="0" gfp="">c:\program
files\aim\aim.exe</Process>
<Process ex="1" pid="2532" nam="CTF Loader (ctfmon.exe)"
pub="Microsoft Corporation"
md5="24232996a38c0b0cf151c2140ae29fc8" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="15360" is="0"
gfp="">c:\windows\system32\ctfmon.exe</Process>
<Process ex="1" pid="1636" nam="(googledesktop.exe)"
pub="" md5="cd2a59af4f534799a6f3a98902c00e0e" ver=""
sz="85504" is="0" gfp="">c:\program files\google\google
desktop search\googledesktop.exe</Process>
<Process ex="1" pid="2592" nam="iPodService Module
(ipodservice.exe)" pub="Apple Computer, Inc."
md5="3ac9f355ecce7d6bb8ff184e9b2229a9" ver="4.7.1.30"
sz="327680" is="0" gfp="">c:\program
files\ipod\bin\ipodservice.exe</Process>
<Process ex="1" pid="2792" nam="CleanCache
(cleancache.exe)" pub="ButtUglySoftware"
md5="a9da7d2009b96d27cf52360d4570ff99"
ver="2.14.1742.36048" sz="282624" is="0" gfp="">c:\program
files\cleancache 2.0\cleancache.exe</Process>
<Process ex="1" pid="2284" nam="(googledesktopindex.exe)"
pub="" md5="441924894d48ccefafbbb8caa54728c7" ver=""
sz="431104" is="0" gfp="">c:\program files\google\google
desktop search\googledesktopindex.exe</Process>
<Process ex="1" pid="1628" nam="(googledesktopcrawl.exe)"
pub="" md5="16b084f2619d85f944a14327312f256a" ver=""
sz="73216" is="0" gfp="">c:\program files\google\google
desktop search\googledesktopcrawl.exe</Process>
<Process ex="1" pid="2040" nam="Norton AntiVirus Scanner
Module (navw32.exe)" pub="Symantec Corporation"
md5="6b88177e32f54f9fb1e4a8fae416185f" ver="11.0.6.1"
sz="201856" is="0"
gfp="">c:\progra~1\norton~1\navw32.exe</Process>
<Process ex="1" pid="1756" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="1f652552465f84e09d548b499139fe2e"
ver="1.00.0501" sz="4561736" is="0" gfp="">c:\program
files\microsoft antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="460" nam="AOL (waol.exe)"
pub="America Online, Inc."
md5="4a24d593e1cf46f70cb828c02b1dc567" ver="9.00.001"
sz="259184" is="0" gfp="">c:\program files\america online
9.0a\waol.exe</Process>
<Process ex="1" pid="2460" nam="setupdb (shellmon.exe)"
pub="America Online, Inc."
md5="bc20cbc80073037a52eef7951eab79c9" ver="9.00.001"
sz="38512" is="0" gfp="">c:\program files\america online
9.0a\shellmon.exe</Process>
<Process ex="1" pid="284" nam="AOL TopSpeed(TM)
(aoltpspd.exe)" pub="America Online Inc"
md5="355896ba2d3fa4d93c4e947bff2dd0c2" ver="1, 1, 0, 0"
sz="492752" is="0" gfp="">c:\program files\common
files\aol\aoltpspd.exe</Process>
<Process ex="1" pid="4048" nam="Automatic Updates
(wuauclt.exe)" pub="Microsoft Corporation"
md5="4fe41a819f5a1ff0923f12b34830a6ca" ver="5.4.3790.2182
built by: srv03_rtm(ntvbl04)" sz="113944" is="0"
gfp="">c:\windows\system32\wuauclt.exe</Process>
<Process ex="1" pid="360" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="464528294c858e175e8f82371117e8e1"
ver="1.00.0501" sz="400184" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>