New signature from my computer, but not able to send it to MS

H

Hari

<MSSSRT version="1.0.509" createdate="5//10//2005 9:20:33
PM" os="2000.2195" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Microsoft Office.lnk"
nam="Microsoft Office XP component (osa.exe)"
pub="Microsoft Corporation"
md5="5bc65464354a9fd3beaa28e18839734a" ver="10.0.2609"
sz="83360" is="0" gfp="">c:\program files\microsoft
office\office10\osa.exe<//StartupFile>
<//StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Synchronization Manager" dat="mobsync.exe //logon"
nam="Microsoft Synchronization Manager (mobsync.exe)"
pub="Microsoft Corporation"
md5="9b2f5b9e745deaaa57fb78329ed03061"
ver="5.00.2195.6627" sz="111376" is="0"
gfp="">c:\winnt\system32
\mobsync.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Client Access Service" dat=""c:\PROGRA~1\IBM\CLIENT~1
\cwbsvstr.exe"" nam="cwbsvstr.exe (cwbsvstr.exe)" pub="IBM
Corporation" md5="1f603af703278f5130dd957daba2423e"
ver="08.000" sz="20480" is="0" gfp="">c:\progra~1
\ibm\client~1\cwbsvstr.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Client Access Check Version" dat=""c:\PROGRA~1
\IBM\CLIENT~1\cwbckver.exe" LOGIN" nam="Service Level
Detection (cwbckver.exe)" pub="IBM Corporation"
md5="59a93d1ae493525e2b5affd05982420c" ver="08.001"
sz="49202" is="0" gfp="">c:\progra~1\ibm\client~1
\cwbckver.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NaimAgent_UI" dat="C:\EPOAgent\naimag32.exe" nam="NAI
ePolicy Orchestrator Agent GUI (naimag32.exe)"
pub="Network Associates, Inc."
md5="f6a2b8966823ebb5b3fb9d38410ffe5a" ver="2.0.0.376"
sz="61518" is="0"
gfp="">c:\epoagent\naimag32.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ChkAdmin" dat="C:\PROGRA~1\Compaq\COMPAQ~1
\CHKADMIN.EXE" nam="CHKADMIN MFC Application
(chkadmin.exe)" pub="Compaq Computer Corporation"
md5="b9b3626c7b73d0cfe20ca095e6662207" ver="5.0.3.4"
sz="81920" is="0" gfp="">c:\progra~1\compaq\compaq~1
\chkadmin.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="TkBellExe" dat=""C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot"
nam="RealNetworks Scheduler (realsched.exe)"
pub="RealNetworks, Inc."
md5="d09a5f5c4dbd5d4dff09ab1a69812062" ver="0.1.0.3249"
sz="180269" is="0" gfp="">c:\program files\common
files\real\update_ob\realsched.exe<//StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="checkrun" dat="C:\winnt\system32\elitexoc32.exe"
nam="" pub="" md5="" ver="" sz="" is="0" gfp="" //>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="e519945deb3875341d36db0ea141e0c5" ver="1.00.0509"
sz="473920" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="bvmbvetq" dat="c:\winnt\system32\bvmbvetq.exe"
nam="TODO: <File description> (bvmbvetq.exe)" pub="TODO:
<Company name>" md5="8bc56c0c8bef50bf5bea291db43f41ed"
ver="1, 0, 2, 17" sz="80896" is="0"
gfp="">c:\winnt\system32
\bvmbvetq.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="farmmext" dat="C:\WINNT\farmmext.exe"
nam="www.farmmext.com (farmmext.exe)" pub="FarmMext"
md5="5591b534b82133a5d12d821daf5d3040" ver="0, 4, 1, 3"
sz="34816" is="15209"
gfp="">c:\winnt\farmmext.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
" val="MicrosoftAntiSpywareCleaner" dat="C:\Program
Files\Microsoft AntiSpyware\gcASCleaner.exe" nam="Threat
Cleaner Helper (gcascleaner.exe)" pub="Microsoft
Corporation" md5="5b1d49b266345921d58918634c613e40"
ver="1.00.0509" sz="39752" is="0" gfp="">c:\program
files\microsoft
antispyware\gcascleaner.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Yahoo! Pager" dat=""C:\Program Files\Yahoo!
\Messenger\ypager.exe" -quiet" nam="Yahoo! Messenger
(ypager.exe)" pub="Yahoo! Inc."
md5="17e7de7786f19003aaa222f1ed47cafc" ver="6,0,0,1922"
sz="2506752" is="0" gfp="">c:\program files\yahoo!
\messenger\ypager.exe<//StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ctfmon.exe" dat="ctfmon.exe" nam="Cicero Loader
(ctfmon.exe)" pub="Microsoft Corporation"
md5="d36a33c21eeed5a6c1daecb7c80a1909" ver="1.00.2409.7
built by: Lab06_N" sz="8192" is="0"
gfp="">c:\winnt\system32\ctfmon.exe<//StartupFileRegistry>
<//StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="bf179c5b8a722cc79aef1ca90d6c7d48"
ver="5.00.2195.6612" sz="17680" is="0"
gfp="">c:\winnt\system32
\userinit.exe<//WinlogonUserinitFile>
<//WinlogonUserinitFiles>
<StartupWinIniFiles //>
<StartupSysIniFiles //>
<//AutoRunAudit>
- <InternetExplorerAudit version="6.0.2800.1106">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{00000049-8F91-4D9C-9573-
F016E7626484}" prog="Ceres.CeresObj.1" val="CeresObj
Class" nam="www.abetterinternet.com (ceres.dll)"
pub="Ceres" md5="81b5b903052646a79406eb54c01e8bd3" ver="0,
12, 4, 74" sz="327680" is="15251"
gfp="">c:\winnt\ceres.dll<//BHO>
<//BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="0" clsid="{2CDE1A7D-A478-4291-BF31-
E1B4C16F92EB}" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" //>
<//IEToolbars>
<IEExtensions //>
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4528BBE0-4E08-11D5-AD55-
00010333D0AD}" prog="" val="&Yahoo! Messenger"
nam="YhExBMes (yhexbmes0411.dll)" pub="Yahoo! Inc."
md5="c97bc13a36444da7ee0c8cd45dc0ee1b" ver="2003, 4, 11,
1" sz="296120" is="0" gfp="">c:\program files\yahoo!
\messenger\yhexbmes0411.dll<//IEExplorerBar>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-
00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="f6c732e7b9d7c18adfc10ee4de36b37a" ver="6.00.2800.1622
(xpsp2.050218-1437)" sz="1337344" is="0"
gfp="">c:\winnt\system32\shdocvw.dll<//IEExplorerBar>
<//IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="1a0ec72677da744b60f45ac38e196b24" ver="6.00.2800.1622
(xpsp2.050218-1437)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll<//IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" //>
<//IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="1a0ec72677da744b60f45ac38e196b24" ver="6.00.2800.1622
(xpsp2.050218-1437)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll<//IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" //>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" //>
<//IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="E&xport to Microsoft
Excel">res:////C:\PROGRA~1\MICROS~2\Office10
\EXCEL.EXE//3000<//IEMenuExt>
<//IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-
00C04FD64497}" prog="" val="Microsoft Url Search Hook"
nam="Shell Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="f6c732e7b9d7c18adfc10ee4de36b37a" ver="6.00.2800.1622
(xpsp2.050218-1437)" sz="1337344" is="0"
gfp="">c:\winnt\system32\shdocvw.dll<//IEURLSearchHook>
<//IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">about:blank<//IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search
Page">http:////websearch.drsnsrch.com//sidesearch.cgi?
id=<//IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL" //>
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">C:\WINNT\system32\blank.htm<//IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search
Bar">http:////websearch.drsnsrch.com//sidesearch.cgi?
id=<//IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" //>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" //>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start Page">http:////www.microsoft.com//isapi//redir.dll?
prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}
&ar=home<//IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Page">http:////websearch.drsnsrch.com//sidesearch.cgi?
id=<//IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http:////www.microsoft.com//isapi//redir.
dll?prd=ie&pver=6&ar=msnhome<//IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">%SystemRoot%\system32\blank.htm<//IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Bar">http:////websearch.drsnsrch.com//sidesearch.cgi?
id=<//IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http:////www.microsoft.com//isapi//redi
r.dll?prd=ie&ar=iesearch<//IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" //>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" //>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search SearchAssistant" //>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
CustomizeSearch">http:////websearch.drsnsrch.com//sidesearc
h.cgi?id=<//IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http:////websearch.drsnsrch.com//sidesearc
h.cgi?id=<//IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">websearch.drsnsrch.com//q.cgi?
q=<//IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl" //>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
blank">res:////mshtml.dll//blank.htm<//IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res:////shdoclc.dll//navcancl
..htm<//IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res:////shdoclc.dll//navcancl.htm<//IEU
RL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res:////shdoclc.dll//navcancl.htm<//IEUR
L>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res:////shdoclc.dll//offcancl.htm<//IEU
RL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res:////mshtml.dll//repost.htm<//IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
mozilla">res:////mshtml.dll//about.moz<//IEURL>
<//IEURLs>
<//InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-
00C04FD91972}" prog="" val="URL Exec Hook" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="810a97458d84acf5009859835622857a"
ver="5.00.3900.7032" sz="2359056" is="0"
gfp="">C:\WINNT\system32\shell32.dll<//ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-
04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="f3a7b87726c87c8e5653df0e7da15a47" ver="1.00.0509"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll<//ShellExecuteHook>
<//ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%
1" %*<//ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%
1" %*<//ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%
1" %*<//ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINNT\System32
\mshta.exe "%1" %*<//ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%
1" %*<//ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%
SystemRoot%\system32\NOTEPAD.EXE %1<//ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" //prefetch:6 //Open "%
L"<//ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" //prefetch:9 //Open "%
L"<//ShellOpenCommand>
<ShellOpenCommand val="HCR\mailto\shell\open\command">"%
ProgramFiles%\Outlook Express\msimn.exe" //mailurl:%
1<//ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome<//ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">C:\PROGRA~1\MOZILL~1
\FIREFOX.EXE -url "%1"<//ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">C:\PROGRA~1\MOZILL~1
\FIREFOX.EXE -url "%1"<//ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">C:\PROGRA~1\MOZILL~1
\FIREFOX.EXE -url "%1"<//ShellOpenCommand>
<//ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="DirectAnimation Java Classes"
prog="" nam=""
codebase="file:////C:\WINNT\Java\classes\dajava.cab">
<Files //>
<//ActiveXInstall>
- <ActiveXInstall clsid="JavaConnect" prog="" nam=""
codebase="http:////im.cwinsider.com//sametime//javaconnect/
/JavaConnect.cab">
<Files //>
<//ActiveXInstall>
- <ActiveXInstall clsid="Microsoft XML Parser for Java"
prog="" nam=""
codebase="file:////C:\WINNT\Java\classes\xmldso.cab">
<Files //>
<//ActiveXInstall>
- <ActiveXInstall clsid="{0246ECA8-996F-11D1-BE2F-
00A0C9037DFE}" prog="TDSERVER.TDServerCtrl.1"
nam="TDServer Control"
codebase="http:////www.kumudam.com//wfplayer//tdserver.cab"- <Files>
<File ex="1" nam="Microsoft (R) C Runtime Library
(msvcrt.dll)" pub="Microsoft Corporation"
md5="ba7be6f92680b28b9031170659fd222d" ver="6.10.9844.0"
sz="286773" is="0" gfp="">C:\WINNT\system32
\msvcrt.dll<//File>
<File ex="1" nam="MFCDLL Shared Library - Retail Version
(mfc42.dll)" pub="Microsoft Corporation"
md5="8d0dbf25d91aa1be1e4e348434fd12e4" ver="6.00.9586.0"
sz="1015859" is="0" gfp="">C:\WINNT\system32
\mfc42.dll<//File>
<File ex="1" nam="olepro32.dll" pub="Microsoft
Corporation" md5="6a8e009f98dd75553066c17b43afb0a5"
ver="5.0.4522" sz="164112" is="0" gfp="">C:\WINNT\system32
\olepro32.dll<//File>
<File ex="1" nam="TDServer ActiveX Control Module
(tdserver.ocx)" pub="Bitstream, Inc."
md5="f12185f5c22e911520cbd9f4029d9fe1" ver="1, 0, 0, 11"
sz="356352" is="0" gfp="">C:\WINNT\Downloaded Program
Files\tdserver.ocx<//File>
<//Files>
<//ActiveXInstall>
- <ActiveXInstall clsid="{17492023-C23A-453E-A040-
C7C580BBF700}" prog="LegitCheckControl.LegitCheck.1"
nam="Windows Genuine Advantage Validation Tool"
codebase="http:////go.microsoft.com//fwlink//?
linkid=36467&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)"
pub="Microsoft" md5="76cfe0b49089af874d3d135efc38bf3a"
ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINNT\system32\GWFSPidGen.DLL<//File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="c3c3864da698f0cc1be56f9695534dd8" ver="1.0.0132.4"
sz="421128" is="0" gfp="">C:\WINNT\system32
\LegitCheckControl.DLL<//File>
<//Files>
<//ActiveXInstall>
- <ActiveXInstall clsid="{2226ED4E-6E9A-472E-97ED-
B6D54F3B620B}"
prog="STURLCONNECTION.STURLConnectionCtrl.1"
nam="STURLConnection Control"
codebase="http:////im.cwinsider.com//sametime//javaconnect/
/STUrlConLoader.cab">
- <Files>
<File ex="1" nam="sturlcon10 (sturlcon10.dll)" pub="IBM"
md5="6efbcddb6a447d807533adff196f1a35" ver="6, 5, 1, 0"
sz="53248" is="0" gfp="">C:\WINNT\system32
\sturlcon10.dll<//File>
<File ex="1" nam="STURLConnection ActiveX Control Module
(STURLConnection.ocx)" pub="ibm hrl"
md5="80d7d6cc98641a0e2f625fbe8dbaf7bd" ver="6, 5, 1, 0"
sz="32768" is="0" gfp="">C:\WINNT\Downloaded Program
Files\STURLConnection.ocx<//File>
<//Files>
<//ActiveXInstall>
- <ActiveXInstall clsid="{30528230-99F7-4BB4-88D8-
FA1D4F56A2AB}" prog="YInstHelper.YInstStarter.1"
nam="YInstStarter Class"
codebase="http:////download.yahoo.com//dl//installs//yinst0
309.cab">
- <Files>
<File ex="1" nam="YInstHelper Module (yinsthelper.dll)"
pub="Yahoo! Inc." md5="a74ab5def14cc298cc8821ce80a62405"
ver="2003, 9, 9, 1" sz="124352" is="0"
gfp="">C:\WINNT\Downloaded Program
Files\yinsthelper.dll<//File>
<//Files>
<//ActiveXInstall>
- <ActiveXInstall clsid="{53F92AF2-3C1E-4A63-B2EA-
2E33DA6286B7}" prog="STAUTOAWAY.STAutoAwayCtrl.1"
nam="STAutoAway Control"
codebase="http:////im.cwinsider.com//sametime//javaconnect/
/STAutoAwayLoader.cab">
- <Files>
<File ex="1" nam="provides autoaway services
(imautoaway.dll)" pub="IBM"
md5="d4a3f066b047ba2b16480a3fffb41ea2" ver="6, 5, 1, 0"
sz="114688" is="0" gfp="">C:\WINNT\system32
\imautoaway.dll<//File>
<File ex="1" nam="STAutoAway ActiveX Control Module
(STAutoAway.ocx)" pub="ibm hrl"
md5="ce5d84b043b29d8d89cde26e4cdb43c7" ver="6, 5, 1, 0"
sz="32768" is="0" gfp="">C:\WINNT\Downloaded Program
Files\STAutoAway.ocx<//File>
<//Files>
<//ActiveXInstall>
- <ActiveXInstall clsid="{56336BCB-3D8A-11D6-A00B-
0050DA18DE71}" prog="RealDownloadExpress.IE.1" nam="RdxIE
Class" codebase="http:////software-
dl.real.com//29d840e2b5a4eef8fb04//netzip//RdxIE601.cab">
- <Files>
<File ex="1" nam="RdxIE Module (RdxIE.dll)"
pub="RealNetworks, Inc."
md5="2dbb57fdb7d3bff88b21924187b3ee02" ver="6.0.0.11"
sz="520349" is="0" gfp="">C:\WINNT\Downloaded Program
Files\RdxIE.dll<//File>
<//Files>
<//ActiveXInstall>
- <ActiveXInstall clsid="{9F1C11AA-197B-4942-BA54-
47A8489BB47F}" prog="IUCtl.Update.1" nam="Update Class"
codebase="http:////v4.windowsupdate.microsoft.com//CAB//x86
//unicode//iuctl.CAB?37892.6657291667">
- <Files>
<File ex="1" nam="Windows Update Control Engine
(iuengine.dll)" pub="Microsoft Corporation"
md5="6b43e283af93d9823d7b69d9766ab4e9" ver="5.4.3790.14
built by: lab04_n" sz="182880" is="0"
gfp="">C:\WINNT\System32\iuengine.dll<//File>
<File ex="1" nam="Windows Update Client Control
(iuctl.dll)" pub="Microsoft Corporation"
md5="8757e24d6b002fd7e9ef3a6df697ba57" ver="5.4.3790.14
built by: lab04_n" sz="115808" is="0"
gfp="">C:\WINNT\System32\iuctl.dll<//File>
<//Files>
<//ActiveXInstall>
- <ActiveXInstall clsid="{B38870E4-7ECB-40DA-8C6A-
595F0A5519FF}"
prog="MsnMessengerSetupDownloader.MsnMessen.1"
nam="MsnMessengerSetupDownloadControl Class"
codebase="http:////messenger.msn.com//download//MsnMessenge
rSetupDownloader.cab">
- <Files>
<File ex="1" nam="Setup downloader for Msn Messenger
(MsnMessengerSetupDownloader.ocx)" pub="Microsoft
Corporation" md5="92d24b6643919005213f60d5b537196a"
ver="1.0.0.2" sz="113152" is="0"
gfp="">C:\WINNT\Downloaded Program
Files\MsnMessengerSetupDownloader.ocx<//File>
<//Files>
<//ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-
444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1"
nam="Shockwave Flash Object"
codebase="http:////download.macromedia.com//pub//shockwave/
/cabs//flash//swflash.cab">
<Files //>
<//ActiveXInstall>
<//ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application//octet-stream" val="{1E66F26B-79EE-
11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="728872974b29f2c688073eca7101221a"
ver="1.0.3705.6018" sz="131072" is="0"
gfp="">c:\winnt\system32\mscoree.dll<//PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application//x-complus" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="728872974b29f2c688073eca7101221a" ver="1.0.3705.6018"
sz="131072" is="0" gfp="">c:\winnt\system32
\mscoree.dll<//PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application//x-msdownload" val="{1E66F26B-79EE-
11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft
Corporation" md5="728872974b29f2c688073eca7101221a"
ver="1.0.3705.6018" sz="131072" is="0"
gfp="">c:\winnt\system32\mscoree.dll<//PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-
00AA00B92AF1}" prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="deflate" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-
11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-
00A0C90312E1}" prog="" filter="text//webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="810a97458d84acf5009859835622857a"
ver="5.00.3900.7032" sz="2359056" is="0"
gfp="">c:\winnt\system32\shell32.dll<//PROTOCOLSFilter>
<//PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="about" val="{3050F406-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="6eaea2e84481e597096fac8408f2161e"
ver="6.00.2800.1498" sz="2811904" is="0"
gfp="">c:\winnt\system32\mshtml.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-
00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-7b8b-
11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CD00020A-8B95-11D1-82DB-
00C04FB1625D}" prog="CDO.KnowledgePluggable.1"
filter="cdo" val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
nam="Microsoft SharePoint Portal Server Object Model
(pkmcdo.dll)" pub="Microsoft Corporation"
md5="a5944428a77ce0e5337b40f5fc12e327" ver="10.145.3722.0"
sz="872448" is="0" gfp="">c:\program files\common
files\microsoft shared\web
folders\pkmcdo.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="file" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="gopher" val="{79eac9e4-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="http" val="{79eac9e2-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="https" val="{79eac9e5-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="5639361ffdaccff19b0bbaeb74564ab1" ver="5.2.3790.185
(srv03_gdr.040410-1234)" sz="123392" is="0"
gfp="">c:\winnt\system32\itss.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="javascript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="6eaea2e84481e597096fac8408f2161e"
ver="6.00.2800.1498" sz="2811904" is="0"
gfp="">c:\winnt\system32\mshtml.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="local" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="mailto" val="{3050f3DA-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="6eaea2e84481e597096fac8408f2161e"
ver="6.00.2800.1498" sz="2811904" is="0"
gfp="">c:\winnt\system32\mshtml.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-
00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-BCBC-
11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet Messaging
API (inetcomm.dll)" pub="Microsoft Corporation"
md5="2f7a3fabad14675868a381c64df1222b"
ver="6.00.2800.1478" sz="596480" is="0"
gfp="">c:\winnt\system32\inetcomm.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="5639361ffdaccff19b0bbaeb74564ab1" ver="5.2.3790.185
(srv03_gdr.040410-1234)" sz="123392" is="0"
gfp="">c:\winnt\system32\itss.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3D9F03FA-7A94-11D3-BE81-
0050048385D1}" prog="" filter="mso-offdap" val="{3D9F03FA-
7A94-11D3-BE81-0050048385D1}" nam="Microsoft Office XP Web
Components (owc10.dll)" pub="Microsoft Corporation"
md5="cd078156b5517de81576ba25a9bc3d90" ver="10.0.2621"
sz="7436272" is="0" gfp="">c:\progra~1\common~1\micros~1
\webcom~1\10\owc10.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="6eaea2e84481e597096fac8408f2161e"
ver="6.00.2800.1498" sz="2811904" is="0"
gfp="">c:\winnt\system32\mshtml.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-
006008059382}" prog="" filter="sysimage" val="{76E67A63-
06E9-11D2-A840-006008059382}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="6eaea2e84481e597096fac8408f2161e"
ver="6.00.2800.1498" sz="2811904" is="0"
gfp="">c:\winnt\system32\mshtml.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="vbscript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="6eaea2e84481e597096fac8408f2161e"
ver="6.00.2800.1498" sz="2811904" is="0"
gfp="">c:\winnt\system32\mshtml.dll<//PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020}" prog="Mmedia.AsyncPProt.1"
filter="vnd.ms.radio" val="{3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020}" nam="msdxm.ocx" pub="Unavailable"
md5="71b4ec7ee27a6935d3c20b98f0d8ddf9" ver="Unavailable"
sz="844048" is="0" gfp="">c:\winnt\system32
\msdxm.ocx<//PROTOCOLSHandler>
<//PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-
11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk"
namespacefilter="NameSpace Filter for MK:mad:MSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="5639361ffdaccff19b0bbaeb74564ab1" ver="5.2.3790.185
(srv03_gdr.040410-1234)" sz="123392" is="0"
gfp="">c:\winnt\system32
\itss.dll<//PROTOCOLSNameSpaceHandler>
<//PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32
\drivers\etc<//TCPIPParamater>
<TCPIPParamater val="Domain" //>
<TCPIPParamater val="NameServer" //>
<TCPIPParamater val="SearchList" //>
<TCPIPParamater val="VXD MSTCP: NameServer" //>
<//TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0<//InternetSetting>
<InternetSetting
val="ProxyServer">SIMPROXY:80<//InternetSetting>
<InternetSetting
val="ProxyOverride">10.*;*.chlweb.net;*.ten-
net.net;172.17.*;172.18.2*;172.18.12.*;63.166.*;63.167.*;*.
cwinsider.com;*.<//InternetSetting>
<InternetSetting val="User Agent">Mozilla//4.0
(compatible; MSIE 6.0; Win32)<//InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">0<//InternetSetting>
<//InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" //>
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" //>
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" //>
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" //>
<//IESettings>
<AppInitDLLs val="" //>
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7007ACCF-3202-
11D1-AAD2-00805FC1270E}" prog=""
val="Network.ConnectionTray" nam="Network Connections
Shell (netshell.dll)" pub="Microsoft Corporation"
md5="fc1783b19a718444de5f6fe5c9143079"
ver="5.00.2195.6604" sz="477456" is="0"
gfp="">c:\winnt\system32
\netshell.dll<//ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-DE35-
11CF-9C87-00AA005127ED}" prog="" val="WebCheck" nam="Web
Site Monitor (webcheck.dll)" pub="Microsoft Corporation"
md5="f2786dc35401fceb401a0f5810e22ab6"
ver="6.00.2800.1106" sz="258048" is="0"
gfp="">c:\winnt\system32
\webcheck.dll<//ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-2BE6-
11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)"
pub="Microsoft Corporation"
md5="34660338069fd5665b921ecffc96e0ce"
ver="5.00.2195.6601" sz="81168" is="0"
gfp="">C:\WINNT\system32
\stobject.dll<//ShellServiceObjectDelayLoad>
<//ShellServiceObjectDelayLoads>
<ScheduledTasks //>
- <Services>
<Service ex="1" disp="Alerter" desc="Notifies selected
users and computers of administrative alerts."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="Application Management"
desc="Provides software installation services such as
Assign, Publish, and Remove." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe<//Service>
<Service ex="1" disp="AVSync Manager" desc="McAfee AVSync
Manager" nam="avsynmgr.exe" pub="Unavailable"
md5="85be72c03da8ff4b8b0950ddf9fbb395" ver="Unavailable"
sz="155665" is="0" gfp="">C:\Program Files\Network
Associates\VirusScan\avsynmgr.exe<//Service>
<Service ex="1" disp="Computer Browser" desc="Maintains
an up-to-date list of computers on your network and
supplies the list to programs that request it."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="Indexing Service" desc=""
nam="Content Index service (cisvc.exe)" pub="Microsoft
Corporation" md5="2830a2c82270f387265dfa658656eb99"
ver="5.00.2134.1" sz="5392" is="0" gfp="">C:\WINNT\System32
\cisvc.exe<//Service>
<Service ex="1" disp="ClipBook" desc="Supports ClipBook
Viewer, which allows pages to be seen by remote
ClipBooks." nam="Windows NT DDE Server (clipsrv.exe)"
pub="Microsoft Corporation"
md5="804212b6b82354cf4f0c2d567575688a" ver="5.00.2134.1"
sz="31504" is="0" gfp="">C:\WINNT\system32
\clipsrv.exe<//Service>
<Service ex="1" disp="Compaq Local Alerter" desc=""
nam="Compaq Local Alert Service (cpqalert.exe)"
pub="Compaq Computer Corporation"
md5="686cd7cea63199f6b716ed582b816166" ver="5.0.3.4"
sz="512000" is="0" gfp="">C:\Program Files\Compaq\Compaq
Management Agents\cpqalert.exe<//Service>
<Service ex="1" disp="cpqdmi" desc="" nam="Compaq DMI
Service Extension (cpqdmi.exe)" pub="Compaq Computer
Corporation" md5="93548d17bb4e6b74e26a022c10927457"
ver="5.0.3.4" sz="20480" is="0" gfp="">C:\PROGRA~1
\Compaq\COMPAQ~1\cpqdmi.exe<//Service>
<Service ex="1" disp="Compaq DMI Web Agent" desc=""
nam="Compaq DMI Web Management Service (WebDmi.exe)"
pub="Compaq Computer Corporation"
md5="f50b7638c124c26fea4cb7fccbb5fcf4" ver="5.0.3.4"
sz="24576" is="0" gfp="">C:\PROGRA~1\Compaq\COMPAQ~1
\CPQWEB~1\WebDmi.exe<//Service>
<Service ex="1" disp="Client Access Express Remote
Command" desc="" nam="TCP//IP Incoming Remote Command
server (cwbrxd.exe)" pub="IBM Corporation"
md5="ea121cb1f4f1a8d5a88d578030aa9e21" ver="08.000"
sz="53248" is="0" gfp="">c:\WINNT\cwbrxd.exe<//Service>
<Service ex="0" disp="Visual Studio Debugger Proxy
Service" desc="Provides detach capability for debuggers"
nam="(dbgproxy.exe)" pub="" md5="" ver="" sz="" is="0"
gfp="">C:\Program Files\Microsoft Visual
Studio .NET\Common7
\Packages\Debugger\dbgproxy.exe<//Service>
<Service ex="1" disp="DHCP Client" desc="Manages network
configuration by registering and updating IP addresses and
DNS names." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="Logical Disk Manager Administrative
Service" desc="Administrative service for disk management
requests" nam="Logical Disk Manager service process
(dmadmin.exe)" pub="VERITAS Software Corp."
md5="7b080c0ac30884e981221342da197c1e"
ver="2195.6624.297.3" sz="147728" is="0"
gfp="">C:\WINNT\System32\dmadmin.exe<//Service>
<Service ex="1" disp="Logical Disk Manager" desc="Logical
Disk Manager Watchdog Service" nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="DNS Client" desc="Resolves and
caches Domain Name System (DNS) names." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="Event Log" desc="Logs event
messages issued by programs and Windows. Event Log reports
contain information that can be useful in diagnosing
problems. Reports are viewed in Event Viewer."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe<//Service>
<Service ex="1" disp="Fax Service" desc="Helps you send
and receive faxes" nam="Fax Service (faxsvc.exe)"
pub="Microsoft Corporation"
md5="c63946c8124a58a6c86efb0ebec7ccf9"
ver="5.00.2195.6612" sz="94992" is="0"
gfp="">C:\WINNT\system32\faxsvc.exe<//Service>
<Service ex="1" disp="Server" desc="Provides RPC support
and file, print, and named pipe sharing." nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="Workstation" desc="Provides network
connections and communications." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="TCP//IP NetBIOS Helper Service"
desc="Enables support for NetBIOS over TCP//IP (NetBT)
service and NetBIOS name resolution." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="McShield" desc="McAfee On Access
Scanner" nam="mcshield.exe" pub="Unavailable"
md5="2b65363f3ecd711acd2f375e70532d30" ver="Unavailable"
sz="225403" is="0" gfp="">C:\Program Files\Common
Files\Network Associates\McShield\mcshield.exe<//Service>
<Service ex="1" disp="Machine Debug Manager"
desc="Supports local and remote debugging for Visual
Studio and script debuggers. If this service is stopped,
the debuggers will not function properly." nam="Machine
Debug Manager (mdm.exe)" pub="Microsoft Corporation"
md5="f607fcb49cd98d4215304e314fd24b4d" ver="7.00.9466"
sz="315392" is="0" gfp="">C:\Program Files\Common
Files\Microsoft Shared\VS7Debug\mdm.exe<//Service>
<Service ex="1" disp="Messenger" desc="Sends and receives
messages transmitted by administrators or by the Alerter
service." nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Allows authorized people to remotely access your
Windows desktop using NetMeeting." nam="NetMeeting Remote
Desktop Sharing (mnmsrvc.exe)" pub="Microsoft Corporation"
md5="eeee63b92ca888ac9fb3d13581751ec2" ver="4.4.3385"
sz="21776" is="0" gfp="">C:\WINNT\System32
\mnmsrvc.exe<//Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that are
distributed across two or more databases, message queues,
file systems, or other transaction protected resource
managers." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="edc54e17cdf1811a472d518a82182449" ver="1999.9.3421.3"
sz="6928" is="0" gfp="">C:\WINNT\System32
\msdtc.exe<//Service>
<Service ex="1" disp="Windows Installer" desc="Installs,
repairs and removes software according to instructions
contained in .MSI files." nam="Windows installer
(MsiExec.exe)" pub="Microsoft Corporation"
md5="ca1900f0ba173b76ef752b467075154b" ver="2.0.2600.1183"
sz="64512" is="0" gfp="">C:\WINNT\System32
\MsiExec.exe<//Service>
<Service ex="1" disp="NAI ePolicy Orchestrator Agent"
desc="Policy management for Network Associates products"
nam="NAI ePolicy Orchestrator Agent (naimas32.exe)"
pub="Network Associates, Inc."
md5="0c72fb60ef16d72b0ccc880940bbfe4a" ver="2.0.0.376"
sz="208974" is="0"
gfp="">C:\EPOAgent\naimas32.exe<//Service>
<Service ex="1" disp="Network DDE" desc="Provides network
transport and security for dynamic data exchange (DDE)."
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="eb3c37cc584bef731091143026685155"
ver="5.00.2195.6952" sz="110352" is="0"
gfp="">C:\WINNT\system32\netdde.exe<//Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
shared dynamic data exchange and is used by Network DDE"
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="eb3c37cc584bef731091143026685155"
ver="5.00.2195.6952" sz="110352" is="0"
gfp="">C:\WINNT\system32\netdde.exe<//Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-
through authentication of account logon events for
computers in a domain." nam="LSA Executable and Server DLL
(lsass.exe)" pub="Microsoft Corporation"
md5="0c13d582edaf90cbea454a1ac535b913"
ver="5.00.2195.6902" sz="33552" is="0"
gfp="">C:\WINNT\System32\lsass.exe<//Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Executable and Server DLL (lsass.exe)"
pub="Microsoft Corporation"
md5="0c13d582edaf90cbea454a1ac535b913"
ver="5.00.2195.6902" sz="33552" is="0"
gfp="">C:\WINNT\System32\lsass.exe<//Service>
<Service ex="1" disp="Plug and Play" desc="Manages device
installation and configuration and notifies programs of
device changes." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe<//Service>
<Service ex="1" disp="IPSEC Policy Agent" desc="Manages
IP security policy and starts the ISAKMP//Oakley (IKE) and
the IP security driver." nam="LSA Executable and Server
DLL (lsass.exe)" pub="Microsoft Corporation"
md5="0c13d582edaf90cbea454a1ac535b913"
ver="5.00.2195.6902" sz="33552" is="0"
gfp="">C:\WINNT\System32\lsass.exe<//Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private
keys, to prevent access by unauthorized services,
processes, or users." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe<//Service>
<Service ex="1" disp="Remote Registry Service"
desc="Allows remote registry manipulation." nam="Remote
Registry Service (regsvc.exe)" pub="Microsoft Corporation"
md5="250c4ce389783fa2398e3afa4317008c"
ver="5.00.2195.6701" sz="68368" is="0"
gfp="">C:\WINNT\system32\regsvc.exe<//Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="ad57e33f4f7f404d9aba97e8b33fa21b"
ver="5.00.2195.6619" sz="72464" is="0"
gfp="">C:\WINNT\System32\locator.exe<//Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality
for QoS-aware programs and control applets."
nam="Microsoft RSVP 1.0 (rsvp.exe)" pub="Microsoft
Corporation" md5="2a21bddb1ba9b5cd776949380ab46a76"
ver="5.00.2195.6663" sz="176912" is="0"
gfp="">C:\WINNT\System32\rsvp.exe<//Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user
accounts." nam="LSA Executable and Server DLL (lsass.exe)"
pub="Microsoft Corporation"
md5="0c13d582edaf90cbea454a1ac535b913"
ver="5.00.2195.6902" sz="33552" is="0"
gfp="">C:\WINNT\system32\lsass.exe<//Service>
<Service ex="1" disp="Smart Card Helper" desc="Provides
support for legacy smart card readers attached to the
computer." nam="Smart Card Resource Management Server
(SCardSvr.exe)" pub="Microsoft Corporation"
md5="13c381e66cda8d4d80e84bf18307551f"
ver="5.00.2195.6609" sz="100112" is="0"
gfp="">C:\WINNT\System32\SCardSvr.exe<//Service>
<Service ex="1" disp="Smart Card" desc="Manages and
controls access to a smart card inserted into a smart card
reader attached to the computer." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft
Corporation" md5="13c381e66cda8d4d80e84bf18307551f"
ver="5.00.2195.6609" sz="100112" is="0"
gfp="">C:\WINNT\System32\SCardSvr.exe<//Service>
<Service ex="1" disp="Task Scheduler" desc="Enables a
program to run at a designated time." nam="Task Scheduler
Engine (MSTask.exe)" pub="Microsoft Corporation"
md5="37d7411389a10d7f3abfe12b247b1ac5"
ver="4.71.2195.6920" sz="119568" is="0"
gfp="">C:\WINNT\system32\MSTask.exe<//Service>
<Service ex="1" disp="RunAs Service" desc="Enables
starting processes under alternate credentials"
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe<//Service>
<Service ex="1" disp="Simple TCP//IP Services"
desc="Supports the following TCP//IP services: Character
Generator, Daytime, Discard, Echo, and Quote of the Day."
nam="TCP//IP Services Application (tcpsvcs.exe)"
pub="Microsoft Corporation"
md5="aff80a02d36896473184a0654cc3e505" ver="5.00.2134.1"
sz="25360" is="0" gfp="">C:\WINNT\System32
\tcpsvcs.exe<//Service>
<Service ex="1" disp="SNMP Service" desc="Includes agents
that monitor the activity in network devices and report to
the network console workstation." nam="SNMP Service
(snmp.exe)" pub="Microsoft Corporation"
md5="818385a214ad365ea42c72d578e0c625"
ver="5.00.2195.6605" sz="30480" is="0"
gfp="">C:\WINNT\System32\snmp.exe<//Service>
<Service ex="1" disp="SNMP Trap Service" desc="Receives
trap messages generated by local or remote SNMP agents and
forwards the messages to SNMP management programs running
on this computer." nam="SNMP Trap Service (snmptrap.exe)"
pub="Microsoft Corporation"
md5="2d07f09dae1e3ece69af0471a553a33a"
ver="5.00.2195.6601" sz="7952" is="0"
gfp="">C:\WINNT\System32\snmptrap.exe<//Service>
<Service ex="1" disp="Print Spooler" desc="Loads files to
memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="987daf317b917cfc973de8364d62a76c"
ver="5.00.2195.6659" sz="45328" is="0"
gfp="">C:\WINNT\system32\spoolsv.exe<//Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Configures performance logs and alerts."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="f4f35fe5f46262d45491822d8a66bf62"
ver="5.00.2195.6608" sz="85776" is="0"
gfp="">C:\WINNT\system32\smlogsvc.exe<//Service>
<Service ex="1" disp="Telnet" desc="Allows a remote user
to log on to the system and run console programs using the
command line." nam="Microsoft Telnet Service
(tlntsvr.exe)" pub="Microsoft Corporation"
md5="fa57d2175f4978e2f32cb1b02781d76a" ver="5.00.99206.1"
sz="186128" is="0" gfp="">C:\WINNT\system32
\tlntsvr.exe<//Service>
<Service ex="1" disp="Distributed Link Tracking Client"
desc="Sends notifications of files moving between NTFS
volumes in a network domain." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe<//Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="222a997aa4c7f7a2b3453b556afa4406" ver="5.00.2158.1"
sz="17680" is="0" gfp="">C:\WINNT\System32
\ups.exe<//Service>
<Service ex="1" disp="Utility Manager" desc="Starts and
configures accessibility tools from one window"
nam="UtilMan EXE (UtilMan.exe)" pub="Microsoft
Corporation" md5="7a960f1e9a0b2f7d14f1d0eddd74375c"
ver="1, 0, 0, 3" sz="22800" is="0" gfp="">C:\WINNT\System32
\UtilMan.exe<//Service>
<Service ex="1" disp="Windows Time" desc="Sets the
computer clock." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe<//Service>
<Service ex="1" disp="Win32Sl" desc="" nam="WIN32SL
(Win32sl.exe)" pub="Intel"
md5="5d2cf23e26e7a8bb83fbcc2a3603390b" ver="2, 0, 0, 54"
sz="215552" is="0" gfp="">C:\Program Files\Compaq\Compaq
Management Agents\Dmi\Win32\bin\Win32sl.exe<//Service>
<Service ex="1" disp="Windows Management Instrumentation"
desc="Provides system management information."
nam="Windows Management Instrumentation (WinMgmt.exe)"
pub="Microsoft Corporation"
md5="05b2001e1bc653fd6091e741b46f71b4"
ver="1.50.1085.0100" sz="196706" is="0"
gfp="">C:\WINNT\System32\WBEM\WinMgmt.exe<//Service>
<Service ex="1" disp="Windows Management Instrumentation
Driver Extensions" desc="Provides systems management
information to and from drivers." nam="Services and
Controller app (Services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\Services.exe<//Service>
<//Services>
<//SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="144" nam="Windows NT Session Manager
(smss.exe)" pub="Microsoft Corporation"
md5="f07c69367770a1c129a22f9158afaa2b"
ver="5.00.2195.6601" sz="45840" is="0"
gfp="">c:\winnt\system32\smss.exe<//Process>
<Process ex="1" pid="168" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="6533392c5af4bf5c7ff12e453dd59ae5"
ver="5.00.2195.6601" sz="5392" is="0"
gfp="">C:\WINNT\system32\csrss.exe<//Process>
<Process ex="1" pid="164" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="5922e8055eb439a58ef29530d8567a40"
ver="5.00.2195.6970" sz="182544" is="0"
gfp="">c:\winnt\system32\winlogon.exe<//Process>
<Process ex="1" pid="216" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">c:\winnt\system32\services.exe<//Process>
<Process ex="1" pid="228" nam="LSA Executable and Server
DLL (lsass.exe)" pub="Microsoft Corporation"
md5="0c13d582edaf90cbea454a1ac535b913"
ver="5.00.2195.6902" sz="33552" is="0"
gfp="">c:\winnt\system32\lsass.exe<//Process>
<Process ex="1" pid="412" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe<//Process>
<Process ex="1" pid="440" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="987daf317b917cfc973de8364d62a76c"
ver="5.00.2195.6659" sz="45328" is="0"
gfp="">c:\winnt\system32\spoolsv.exe<//Process>
<Process ex="1" pid="468" nam="avsynmgr.exe"
pub="Unavailable" md5="85be72c03da8ff4b8b0950ddf9fbb395"
ver="Unavailable" sz="155665" is="0" gfp="">c:\program
files\network associates\virusscan\avsynmgr.exe<//Process>
<Process ex="1" pid="480" nam="Compaq DMI Web Management
Service (webdmi.exe)" pub="Compaq Computer Corporation"
md5="f50b7638c124c26fea4cb7fccbb5fcf4" ver="5.0.3.4"
sz="24576" is="0" gfp="">c:\progra~1\compaq\compaq~1
\cpqweb~1\webdmi.exe<//Process>
<Process ex="1" pid="500" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe<//Process>
<Process ex="1" pid="568" nam="Machine Debug Manager
(mdm.exe)" pub="Microsoft Corporation"
md5="f607fcb49cd98d4215304e314fd24b4d" ver="7.00.9466"
sz="315392" is="0" gfp="">c:\program files\common
files\microsoft shared\vs7debug\mdm.exe<//Process>
<Process ex="1" pid="588" nam="NAI ePolicy Orchestrator
Agent (naimas32.exe)" pub="Network Associates, Inc."
md5="0c72fb60ef16d72b0ccc880940bbfe4a" ver="2.0.0.376"
sz="208974" is="0"
gfp="">c:\epoagent\naimas32.exe<//Process>
<Process ex="1" pid="660" nam="Remote Registry Service
(regsvc.exe)" pub="Microsoft Corporation"
md5="250c4ce389783fa2398e3afa4317008c"
ver="5.00.2195.6701" sz="68368" is="0"
gfp="">c:\winnt\system32\regsvc.exe<//Process>
<Process ex="1" pid="680" nam="Task Scheduler Engine
(mstask.exe)" pub="Microsoft Corporation"
md5="37d7411389a10d7f3abfe12b247b1ac5"
ver="4.71.2195.6920" sz="119568" is="0"
gfp="">c:\winnt\system32\mstask.exe<//Process>
<Process ex="1" pid="688" nam="TCP//IP Services
Application (tcpsvcs.exe)" pub="Microsoft Corporation"
md5="aff80a02d36896473184a0654cc3e505" ver="5.00.2134.1"
sz="25360" is="0" gfp="">c:\winnt\system32
\tcpsvcs.exe<//Process>
<Process ex="1" pid="728" nam="SNMP Service (snmp.exe)"
pub="Microsoft Corporation"
md5="818385a214ad365ea42c72d578e0c625"
ver="5.00.2195.6605" sz="30480" is="0"
gfp="">c:\winnt\system32\snmp.exe<//Process>
<Process ex="1" pid="788" nam="vsstat.exe"
pub="Unavailable" md5="3afbb6a3f0ac04b6e46eccf84ad7b56c"
ver="Unavailable" sz="98321" is="0" gfp="">c:\program
files\network associates\virusscan\vsstat.exe<//Process>
<Process ex="1" pid="816" nam="WIN32SL (win32sl.exe)"
pub="Intel" md5="5d2cf23e26e7a8bb83fbcc2a3603390b" ver="2,
0, 0, 54" sz="215552" is="0" gfp="">c:\program
files\compaq\compaq management agents\dmi\win32
\bin\win32sl.exe<//Process>
<Process ex="1" pid="840" nam="Windows Management
Instrumentation (winmgmt.exe)" pub="Microsoft Corporation"
md5="05b2001e1bc653fd6091e741b46f71b4"
ver="1.50.1085.0100" sz="196706" is="0"
gfp="">c:\winnt\system32\wbem\winmgmt.exe<//Process>
<Process ex="1" pid="860" nam="vshwin32.exe"
pub="Unavailable" md5="ab82ecc76902564412afb2013bd0415a"
ver="Unavailable" sz="118801" is="0" gfp="">c:\program
files\network associates\virusscan\vshwin32.exe<//Process>
<Process ex="1" pid="872" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe<//Process>
<Process ex="1" pid="968" nam="Compaq DMI Service
Extension (cpqdmi.exe)" pub="Compaq Computer Corporation"
md5="93548d17bb4e6b74e26a022c10927457" ver="5.0.3.4"
sz="20480" is="0" gfp="">c:\progra~1\compaq\compaq~1
\cpqdmi.exe<//Process>
<Process ex="1" pid="980" nam="avconsol.exe"
pub="Unavailable" md5="f86a74136d325a35597c9056fa4e75f1"
ver="Unavailable" sz="163857" is="0" gfp="">c:\program
files\network associates\virusscan\avconsol.exe<//Process>
<Process ex="1" pid="1008" nam="webscanx.exe"
pub="Unavailable" md5="b8f50fb8655162c1073c5c5349b224a7"
ver="Unavailable" sz="143377" is="0" gfp="">c:\program
files\network associates\virusscan\webscanx.exe<//Process>
<Process ex="1" pid="1048" nam="mcshield.exe"
pub="Unavailable" md5="2b65363f3ecd711acd2f375e70532d30"
ver="Unavailable" sz="225403" is="0" gfp="">c:\program
files\common files\network
associates\mcshield\mcshield.exe<//Process>
<Process ex="1" pid="1212" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="59cf2b7dced9111f48f51b4b570e672d"
ver="5.00.3700.6690" sz="243472" is="0"
gfp="">c:\winnt\explorer.exe<//Process>
<Process ex="1" pid="1308" nam="NAI ePolicy Orchestrator
Agent GUI (naimag32.exe)" pub="Network Associates, Inc."
md5="f6a2b8966823ebb5b3fb9d38410ffe5a" ver="2.0.0.376"
sz="61518" is="0"
gfp="">c:\epoagent\naimag32.exe<//Process>
<Process ex="1" pid="1332" nam="CHKADMIN MFC Application
(chkadmin.exe)" pub="Compaq Computer Corporation"
md5="b9b3626c7b73d0cfe20ca095e6662207" ver="5.0.3.4"
sz="81920" is="0" gfp="">c:\progra~1\compaq\compaq~1
\chkadmin.exe<//Process>
<Process ex="1" pid="1436" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="e519945deb3875341d36db0ea141e0c5" ver="1.00.0509"
sz="473920" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe<//Process>
<Process ex="1" pid="1424" nam="TODO: <File description>
(bvmbvetq.exe)" pub="TODO: <Company name>"
md5="8bc56c0c8bef50bf5bea291db43f41ed" ver="1, 0, 2, 17"
sz="80896" is="0" gfp="">c:\winnt\system32
\bvmbvetq.exe<//Process>
<Process ex="1" pid="632" nam="Cicero Loader
(ctfmon.exe)" pub="Microsoft Corporation"
md5="d36a33c21eeed5a6c1daecb7c80a1909" ver="1.00.2409.7
built by: Lab06_N" sz="8192" is="0"
gfp="">c:\winnt\system32\ctfmon.exe<//Process>
<Process ex="1" pid="1468" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft Corporation"
md5="ebb4d674ec5c5b34ef8a1ba14676de8e" ver="1.00.0509"
sz="752456" is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe<//Process>
<Process ex="1" pid="1516" nam="Windows Calculator
application file (calc.exe)" pub="Microsoft Corporation"
md5="29bac78bb5f8aa8c5c815f992928cfc6" ver="5.00.2134.1"
sz="91408" is="0" gfp="">c:\winnt\system32
\calc.exe<//Process>
<Process ex="1" pid="916" nam="Microsoft AntiSpyware Main
(giantantispywaremain.exe)" pub="Microsoft Corporation"
md5="f0b4af2924697573e893d76229ff48d8" ver="1.00.0509"
sz="4586320" is="0" gfp="">c:\program files\microsoft
antispyware\giantantispywaremain.exe<//Process>
<Process ex="1" pid="740" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="7ed5a4f71d669274adceeca2338ab28d"
ver="1.00.0509" sz="400192" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe<//Process>
<//Processes>
<//ProcessesAudit>
<//Audit>
<//MSSSRT>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top