spyware report

P

pickel

since i cant seem to send a report i figure i will post
the information here. can someone help?

- <MSSSRT version="1.0.509" createdate="4/10/2005 10:11:41
AM" os="XP.2600" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Lotus Organizer
EasyClip.lnk" nam="EasyClip (easyclip.exe)" pub="Lotus
Development Corporation"
md5="d3a6ec09365c105a32e23e24afcd640f" ver="4.1.0.0"
sz="77824" is="0"
gfp="">c:\lotus\organize\easyclip.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Alarm Manager.LNK"
nam="Alarm Application (alarmapp.exe)" pub="Palm, Inc."
md5="c2f5ca53f60d1feb3bfde3c91d6b3560" ver="4.1.0"
sz="274432" is="0" gfp="">c:\program
files\palm\alarmapp.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Adobe Reader Speed
Launch.lnk" nam="Adobe Acrobat SpeedLauncher
(reader_sl.exe)" pub="Adobe Systems Incorporated"
md5="deb88aef013dd1eefb462d7cad642166" ver="7.0.0.0"
sz="29696" is="0" gfp="">c:\program files\adobe\acrobat 7.0
\reader\reader_sl.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="IgfxTray" dat="C:\WINDOWS\System32\igfxtray.exe"
nam="igfxTray Module (igfxtray.exe)" pub="Intel
Corporation" md5="d5b0032cba0584d7102ac66aaf61e2ef"
ver="3,0,0,1915" sz="155648" is="0"
gfp="">c:\windows\system32
\igfxtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="HotKeysCmds" dat="C:\WINDOWS\System32\hkcmd.exe"
nam="hkcmd Module (hkcmd.exe)" pub="Intel Corporation"
md5="b0dc78a721bc9639d77a146ee2dca30e" ver="3,0,0,1915"
sz="114688" is="0" gfp="">c:\windows\system32
\hkcmd.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NAV CfgWiz" dat="C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R"
nam="Norton AntiVirus Information Wizard (cfgwiz.exe)"
pub="Symantec Corporation"
md5="e2c9eeb408831aea2b9356fdb46e98ee" ver="9.05.15"
sz="476792" is="0" gfp="">c:\progra~1\norton~1
\cfgwiz.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ccApp" dat=""C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"" nam="Common Client CC App (ccapp.exe)"
pub="Symantec Corporation"
md5="cba64668da072be6ef93305647ee02b3" ver="1.0.9.002"
sz="54520" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ccRegVfy" dat=""C:\Program Files\Common
Files\Symantec Shared\ccRegVfy.exe"" nam="Common Client
Registry Integrity Verifier (ccregvfy.exe)" pub="Symantec
Corporation" md5="759682024a574effcfcbe16e303fa06a"
ver="1.0.9.002" sz="58616" is="0" gfp="">c:\program
files\common files\symantec
shared\ccregvfy.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Promon.exe" dat="Promon.exe" nam="Intel(R) PROSet
Tray Icon (promon.exe)" pub="Intel Corporation"
md5="e464385c6c280e614dfcad0bd7a3f321" ver="5.3.42.0"
sz="73728" is="0" gfp="">c:\windows\system32
\promon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="dla" dat="C:\WINDOWS\system32\dla\tfswctrl.exe"
nam="Direct Access Component (tfswctrl.exe)" pub="VERITAS
Software, Inc." md5="64f798ded350964216ca139537a29749"
ver="1.03.37a" sz="106549" is="0"
gfp="">c:\windows\system32
\dla\tfswctrl.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Net-It Launcher" dat="C:\WINDOWS\System32
\NILaunch.exe" nam="(nilaunch.exe)" pub=""
md5="ca7add387b276901d50c1ff145842c7c" ver="" sz="24576"
is="0" gfp="">c:\windows\system32
\nilaunch.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NvCplDaemon" dat="RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup" nam="NVIDIA Display Properties
Extension (nvcpl.dll)" pub="NVIDIA Corporation"
md5="7920d21c81f9894a160848b643be29b9" ver="6.14.10.6573"
sz="4493312" is="0" gfp="">c:\windows\system32
\nvcpl.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="nwiz" dat="nwiz.exe /install" nam="NVIDIA nView
Wizard, Version 65.73 (nwiz.exe)" pub="NVIDIA Corporation"
md5="ec64d074902302d0f7422af4506bb5ab" ver="6.14.10.6573"
sz="917504" is="0" gfp="">c:\windows\system32
\nwiz.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NvMediaCenter" dat="RunDLL32.exe
NvMCTray.dll,NvTaskbarInit" nam="NVIDIA Media Center
Library (nvmctray.dll)" pub="NVIDIA Corporation"
md5="598723a8ec0562deaac76f6b2447509a" ver="6.14.10.6573"
sz="86016" is="0" gfp="">c:\windows\system32
\nvmctray.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AVG7_CC" dat="C:\PROGRA~1\Grisoft\AVGFRE~1
\avgcc.exe /STARTUP" nam="AVG Control Center (avgcc.exe)"
pub="GRISOFT, s.r.o."
md5="7f0c2657b39969d424b6604443992352" ver="7,1,0,307"
sz="347136" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgcc.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AVG7_EMC" dat="C:\PROGRA~1\Grisoft\AVGFRE~1
\avgemc.exe" nam="AVG E-Mail Scanner (avgemc.exe)"
pub="GRISOFT, s.r.o."
md5="af9354bef717bd60e04f5bf5b9c9eaa2" ver="7,1,0,307"
sz="271872" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgemc.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ADUserMon" dat="C:\Program
Files\Iomega\AutoDisk\ADUserMon.exe" nam="Active Disk User
Monitor (adusermon.exe)" pub="Iomega Corporation"
md5="d6e82206798f57521805bbb46d79c3a8" ver="3, 2, 1, 5"
sz="147456" is="0" gfp="">c:\program
files\iomega\autodisk\adusermon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Iomega Drive Icons" dat="C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe" nam="IMGICON
(imgicon.exe)" pub="Iomega Corp."
md5="8bb8b8d1150c344586c46752953c2da6" ver="6, 3, 0, 56"
sz="86016" is="0" gfp="">c:\program
files\iomega\driveicons\imgicon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Deskup" dat="C:\Program
Files\Iomega\DriveIcons\deskup.exe /IMGSTART"
nam="deskup.exe (deskup.exe)" pub="Iomega"
md5="68ebc55f843bd47a2eb30fc95cfd55e5" ver="4, 0, 1, 0"
sz="32768" is="0" gfp="">c:\program
files\iomega\driveicons\deskup.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="q32X36W" dat="wuwtcli.exe" nam="" pub="" md5=""
ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Zone Labs Client" dat=""C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"" nam="Zone Labs Client
(zlclient.exe)" pub="Zone Labs LLC"
md5="073f29e364b0d66dc267b38676824f88" ver="5.5.062.011"
sz="902936" is="0" gfp="">c:\program files\zone
labs\zonealarm\zlclient.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QuickTime Task" dat=""C:\Program
Files\QuickTime\qttask.exe" -atboottime" nam="qttask.exe"
pub="Apple Computer, Inc."
md5="c341ccfbe98bc7df6e0b856bb9fc265a" ver="6.5"
sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="e519945deb3875341d36db0ea141e0c5" ver="1.00.0509"
sz="473920" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
" val="MicrosoftAntiSpywareCleaner" dat="C:\Program
Files\Microsoft AntiSpyware\gcASCleaner.exe" nam="Threat
Cleaner Helper (gcascleaner.exe)" pub="Microsoft
Corporation" md5="5b1d49b266345921d58918634c613e40"
ver="1.00.0509" sz="39752" is="0" gfp="">c:\program
files\microsoft
antispyware\gcascleaner.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ICQ Plus" dat=""C:\Program Files\ICQPlus\vplus.exe""
nam="Customize ICQ appearance (vplus.exe)" pub="Vadim
Eremeev" md5="7b415891a596fab6a734f15044dea4e9" ver="3.5"
sz="11776" is="0" gfp="">c:\program
files\icqplus\vplus.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Weather" dat="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1"
nam="WeatherBug (weather.exe)" pub="AWS Convergence
Technologies, Inc." md5="6333a383725917eeacdb09cd8d960340"
ver="6, 4, 0, 5" sz="1593344" is="0" gfp="">c:\progra~1
\aws\weathe~1\weather.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SpybotSD TeaTimer" dat="C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe" nam="System settings
protector (teatimer.exe)" pub="Safer Networking Limited"
md5="58f7e6434d285f4c98ad3621e0bd8c8d" ver="1, 3, 0, 12"
sz="1038336" is="0" gfp="">c:\program files\spybot -
search & destroy\teatimer.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Steam" dat=""c:\program files\valve\steam\steam.exe" -
silent" nam="Steam (steam.exe)" pub="Valve Corporation"
md5="fa755c189128bd1e32461d635beaf0d8" ver="1.0.0.0"
sz="1241088" is="0" gfp="">c:\program
files\valve\steam\steam.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="b0t7RWapQ" dat="wuatmled.exe" nam="" pub="" md5=""
ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="MSMSGS" dat=""C:\Program Files\Messenger\msmsgs.exe""
nam="Windows Messenger (msmsgs.exe)" pub="Microsoft
Corporation" md5="74e6e96c6f0e2eca4edbb7f7a468f259"
ver="4.7.3001" sz="1694208" is="0" gfp="">c:\program
files\messenger\msmsgs.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AIM" dat="C:\Program Files\AIM95\aim.exe -
cnetwait.odl" nam="AOL Instant Messenger (aim.exe)"
pub="America Online, Inc."
md5="1c4429c1aa8f638b55508c90ec4402ba" ver="5.9.3690"
sz="66672" is="0" gfp="">c:\program files\aim95
\aim.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32
\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2900.2180">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3}" prog="AcroIEHelper.AcroIEHlprObj.1"
val="AcroIEHlprObj Class" nam="Adobe Acrobat IE Helper
Version 7.0 for ActiveX (acroiehelper.dll)" pub="Adobe
Systems Incorporated"
md5="42729c3de75a7a51fc6f9ef6546c9199"
ver="7.0.0.2004121400" sz="63136" is="0" gfp="">c:\program
files\adobe\acrobat 7.0\activex\acroiehelper.dll</BHO>
<BHO ex="1" clsid="{53707962-6F74-2D53-2644-
206D7942484F}" prog="" val="" nam="Bad download blocker
(sdhelper.dll)" pub="Safer Networking Limited"
md5="abf5ba518c6a5ed104496ff42d19ad88" ver="1, 3, 0, 12"
sz="744960" is="0" gfp="">c:\progra~1\spybot~1
\sdhelper.dll</BHO>
<BHO ex="1" clsid="{BDF3E430-B101-42AD-A544-
FADC6B084872}" prog="Navbho.CNavExtBho.1" val="CNavExtBho
Class" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="988409ce6ed638aafdbecfb6ec863f4f" ver="9.05.15"
sz="112248" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="988409ce6ed638aafdbecfb6ec863f4f" ver="9.05.15"
sz="112248" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</IEToolbar>
<IEToolbar ex="0" clsid="{4982D40A-C53B-4615-B15B-
B5B5E98D167C}" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-
00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="68346bc7fa4ccd81248a2c7d728644a4" ver="6.00.2900.2573
(xpsp_sp2_gdr.041130-1729)" sz="1483264" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{FE54FA40-D68C-11d2-98FA-
00C0F0318AFE}" prog="" val="Real.com" nam="Shell Doc
Object and Control Library (shdocvw.dll)" pub="Microsoft
Corporation" md5="68346bc7fa4ccd81248a2c7d728644a4"
ver="6.00.2900.2573 (xpsp_sp2_gdr.041130-1729)"
sz="1483264" is="0" gfp="">c:\windows\system32
\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="691b1420ada790e9cda5356ee752f3a3" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="1016832" is="0"
gfp="">c:\windows\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="1" clsid="{42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="988409ce6ed638aafdbecfb6ec863f4f" ver="9.05.15"
sz="112248" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEShellBrowser ex="0" clsid="{FE6BC4EF-5676-484B-88AE-
883323913256}" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="691b1420ada790e9cda5356ee752f3a3" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="1016832" is="0"
gfp="">c:\windows\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="988409ce6ed638aafdbecfb6ec863f4f" ver="9.05.15"
sz="112248" is="0" gfp="">c:\program files\norton
antivirus\navshext.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="{4982D40A-C53B-4615-B15B-
B5B5E98D167C}" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&AOL Toolbar search">res://C:\Program
Files\AOL Toolbar\toolbar.dll/SEARCH.HTML</IEMenuExt>
</IEMenuExts>
- <IEURLSearchHooks>
<IEURLSearchHook ex="0" clsid="{CFBFAE00-17A6-11D0-99CB-
00C04FD64497}" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
</IEURLSearchHooks>
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">http://www.microsoft.com/isapi/redir.dll?
prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search Page">http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore
Local Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search
Bar">http://home.microsoft.com/search/lobby/search.asp</IEU
RL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start Page">http://www.microsoft.com/isapi/redir.dll?
prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search Page">http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?
prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Bar">http://home.microsoft.com/search/lobby/search.asp</IEU
RL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dl
l?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search CustomizeSearch">http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search SearchAssistant">http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchasst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.ht
m</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-
00C04FD91972}" prog="" val="URL Exec Hook" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="5db5f53f801b616f4b4b7cae6ee7d1c6"
ver="6.00.2900.2578 (xpsp_sp2_gdr.041130-1729)"
sz="8450048" is="0" gfp="">C:\WINDOWS\system32
\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{FBF23B40-E3F0-101B-8488-
00AA003E56F8}" prog="" val="Internet Shortcut" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="68346bc7fa4ccd81248a2c7d728644a4" ver="6.00.2900.2573
(xpsp_sp2_gdr.041130-1729)" sz="1483264" is="0"
gfp="">C:\WINDOWS\system32\shdocvw.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-
04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="f3a7b87726c87c8e5653df0e7da15a47" ver="1.00.0509"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\System32
\mshta.exe "%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%
SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:6 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:9 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mailto\shell\open\command">"%
ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%
1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %
1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="DirectAnimation Java Classes"
prog="" nam=""
codebase="file://C:\WINDOWS\Java\classes\dajava.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="Microsoft XML Parser for Java"
prog="" nam=""
codebase="file://C:\WINDOWS\Java\classes\xmldso.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{166B1BCA-3F9C-11CF-8075-
444553540000}" prog="SWCtl.SWCtl.8.5.1" nam="Shockwave
ActiveX Control"
codebase="http://download.macromedia.com/pub/shockwave/cabs
/director/sw.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{17492023-C23A-453E-A040-
C7C580BBF700}" prog="LegitCheckControl.LegitCheck.1"
nam="Windows Genuine Advantage Validation Tool"
codebase="http://go.microsoft.com/fwlink/?
linkid=36467&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)"
pub="Microsoft" md5="76cfe0b49089af874d3d135efc38bf3a"
ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="c3c3864da698f0cc1be56f9695534dd8" ver="1.0.0132.4"
sz="421128" is="0" gfp="">C:\WINDOWS\system32
\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{2253F320-AB68-4A07-917D-
4F12D8884A06}" prog="" nam="" codebase="">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{2B96D5CC-C5B5-49A5-A69D-
CC0A30F9028C}" prog="" nam="" codebase="">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{2FC9A21E-2069-4E47-8235-
36318989DB13}" prog="PPSDKActiveXScanner.MainScreen"
nam="PPSDKActiveXScanner.MainScreen"
codebase="http://www.pestscan.com/scanner/axscanner.cab">
- <Files>
<File ex="1" nam="Windows Common Controls ActiveX
Control DLL (mscomctl.ocx)" pub="Microsoft Corporation"
md5="714cf24fc19a20ae0dc701b48ded2cf6" ver="6.00.8862"
sz="1066176" is="0" gfp="">C:\WINDOWS\System32
\mscomctl.ocx</File>
<File ex="1" nam="Visual Basic Virtual Machine
(msvbvm60.dll)" pub="Microsoft Corporation"
md5="e949eee7d1be07e32267fe10d9992c38" ver="6.00.9690"
sz="1392671" is="0" gfp="">C:\WINDOWS\System32
\msvbvm60.dll</File>
<File ex="1" nam="An ActiveX implementation of Pest
Patrol's PPSDK scanning functionality.
(PPSDKActiveXScanner.ocx)" pub="Pest Patrol Inc."
md5="6ea60eceba1d024ce2106c7d9db78ab1" ver="1.05.0001"
sz="170608" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\PPSDKActiveXScanner.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{4A3CF76B-EC7A-405D-A67D-
8DC6B52AB35B}"
prog="QDiagAOLCCUpdateObj.QDiagAOLCCUpdateObj.1"
nam="QDiagAOLCCUpdateObj Class"
codebase="http://aolcc.aol.com/computercheckup/qdiagcc.cab"- <Files>
<File ex="1" nam="(DAntivirus.ini)" pub=""
md5="b0422d12bc850cb4f2a8fd3142ebfdd7" ver="" sz="12635"
is="0" gfp="">C:\WINDOWS\System32\DAntivirus.ini</File>
<File ex="1" nam="(DView.cfg)" pub=""
md5="605d829ba172718dc35488f04df402d9" ver="" sz="37497"
is="0" gfp="">C:\WINDOWS\System32\DView.cfg</File>
<File ex="1" nam="(DProg.ini)" pub=""
md5="b6c5fdb21ac468c7c723055aa777d0f9" ver="" sz="4955"
is="0" gfp="">C:\WINDOWS\System32\DProg.ini</File>
<File ex="1" nam="DLPT Service (DLPT.sys)" pub="Gteko
Ltd." md5="bb3efed6d60db120c8ab22d94300575b" ver="1, 0, 0,
10" sz="6144" is="0" gfp="">C:\WINDOWS\System32
\DLPT.sys</File>
<File ex="1" nam="(DDMI.VXD)" pub=""
md5="c76d66d1c6c4ac280b3ceb30b80b8abe" ver="" sz="9833"
is="0" gfp="">C:\WINDOWS\System32\DDMI.VXD</File>
<File ex="1" nam="(DLPT.VXD)" pub=""
md5="c499dd1c5270c88c9e64645a901b0247" ver="" sz="9321"
is="0" gfp="">C:\WINDOWS\System32\DLPT.VXD</File>
<File ex="1" nam="DDMI Service (DDMI2.sys)" pub="Gteko
Ltd." md5="8edd7b9e4a4b4c16e2dab9188caa861b" ver="1, 0, 0,
7" sz="6977" is="0" gfp="">C:\WINDOWS\System32
\DDMI2.sys</File>
<File ex="1" nam="QDiag Module (qdiagcc.ocx)" pub="Gteko
Ltd." md5="6bd1f54aab2b4bedf6df7de7a4ea6d57" ver="1, 0, 1,
375" sz="1352816" is="0" gfp="">C:\WINDOWS\System32
\qdiagcc.ocx</File>
<File ex="1" nam="(DAntivirus.cfg)" pub=""
md5="1a8f5fd7d85f1281991fcf649f604d72" ver="" sz="33652"
is="0" gfp="">C:\WINDOWS\system32\DAntivirus.cfg</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{4ED9DDF0-7479-4BBE-9335-
5A1EDB1D8A21}" prog="mcinstall.mcos.1" nam="McAfee.com
Operating System Class"
codebase="http://download.av.aol.com/molbin/shared/mcinsctl
/en-us/4,0,0,83/mcinsctl.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{74D05D43-3236-11D4-BDCD-
00C04F9A3B61}" prog="XSCAN.XscanCtrl.2" nam="HouseCall
Control"
codebase="http://a840.g.akamai.net/7/840/537/2004061001/hou
secall.trendmicro.com/housecall/xscan53.cab">
- <Files>
<File ex="1" nam="Windows NT CRT DLL (msvcrt.dll)"
pub="Microsoft Corporation"
md5="b0fefa816d61ec66aa765ddf534eab5e" ver="7.0.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="343040" is="0"
gfp="">C:\WINDOWS\system32\msvcrt.dll</File>
<File ex="1" nam="MFCDLL Shared Library - Retail Version
(mfc42.dll)" pub="Microsoft Corporation"
md5="4602907535fd682195dfff9117365826" ver="6.02.4131.0"
sz="1028096" is="0" gfp="">C:\WINDOWS\system32
\mfc42.dll</File>
<File ex="1" nam="loadhttp Application (loadhttp.dll)"
pub="Trend Micro Inc."
md5="a91762435edbe0b0c9e6b19512934319" ver="1.32.0.1000"
sz="77824" is="0" gfp="">C:\WINDOWS\loadhttp.dll</File>
<File ex="1" nam="(aucfg.ini)" pub=""
md5="af03b6da00b295f2b2dfd949b7290f53" ver="" sz="256"
is="0" gfp="">C:\WINDOWS\aucfg.ini</File>
<File ex="1" nam="(tmupdate.ini)" pub=""
md5="787089a662510400220211ad5a431f06" ver="" sz="269"
is="0" gfp="">C:\WINDOWS\tmupdate.ini</File>
<File ex="1" nam="RunTSCKL (runtsckl.exe)" pub="Trend
Micro Inc." md5="7b6fce9028fc24c8305394e48b8f088a" ver=""
sz="99328" is="0" gfp="">C:\WINDOWS\runtsckl.exe</File>
<File ex="1" nam="patchw32.dll" pub="Unavailable"
md5="6c6cac2d5f122cf24b92ee12cb87d8a6" ver="Unavailable"
sz="164864" is="0" gfp="">C:\WINDOWS\patchw32.dll</File>
<File ex="1" nam="xscan OLE Control Module
(xscan53.ocx)" pub="Trend Micro Inc."
md5="dcffca7f818b4cf4df29b8932907735d" ver="5, 70, 0,
1086" sz="435712" is="0" gfp="">C:\WINDOWS\Downloaded
Program Files\xscan53.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{74FFE28D-2378-11D5-990C-
006094235084}" prog="IbmEgath.IbmEgathCtl.1" nam="IBM
Access Support"
codebase="https://www.pc.ibm.com/egather/IbmEgath.cab">
- <Files>
<File ex="1" nam="(egathvxd.vxd)" pub=""
md5="9f5330fc56776773a2c26ce489ae34b0" ver="" sz="5759"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\egathvxd.vxd</File>
<File ex="1" nam="IBM eGatherer Kernel Module
(egathdrv.sys)" pub="IBM Corporation"
md5="7f220875288944c9c7856e2bc8613b1f" ver="2.04"
sz="5120" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\egathdrv.sys</File>
<File ex="1" nam="IBM eGatherer Kernel Module
(egathdrv.sys)" pub="IBM Corporation"
md5="7f220875288944c9c7856e2bc8613b1f" ver="2.04"
sz="5120" is="0" gfp="">C:\WINDOWS\system32
\egathdrv.sys</File>
<File ex="1" nam="(egathvxd.vxd)" pub=""
md5="9f5330fc56776773a2c26ce489ae34b0" ver="" sz="5759"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\egathvxd.vxd</File>
<File ex="1" nam="IBM Access Support Plugin EN
(IbmEgath.dll)" pub="IBM Corporation"
md5="ca8f8c026b3e82234f5f997407cd3675" ver="3, 0, 0, 4"
sz="167936" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\IbmEgath.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{8714912E-380D-11D5-B8AA-
00D0B78F3D48}" prog="UplApp.UplDlg.1" nam="Yahoo! Webcam
Upload Wrapper"
codebase="http://chat.yahoo.com/cab/yuplapp.cab">
- <Files>
<File ex="1" nam="kdu_v32 -- Kakadu core DLL
(kdu_v32r.dll)" pub="The University of New South Wales"
md5="1da76880df3814afd6f66d71704b23e3" ver="3, 2, 0, 1"
sz="348160" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\kdu_v32r.dll</File>
<File ex="1" nam="Webcam Upload Networking and Imaging
(ywcupl.dll)" pub="Yahoo! Inc."
md5="0aff21da874d5982884af30c7b18c881" ver="2, 0, 0, 17"
sz="253952" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\ywcupl.dll</File>
<File ex="1" nam="Webcam Upload UI (yuplapp.dll)"
pub="Yahoo! Inc." md5="c9a7906090449a70f7135c5af16438ee"
ver="2, 0, 0, 17" sz="204800" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\yuplapp.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{9B03C5F1-F5AB-47EE-937D-
A8EDA626F876}" prog="WebSWK.WebSpyWareKiller.1"
nam="Anonymizer Anti-Spyware Scanner"
codebase="http://download.zonelabs.com/bin/promotions/spywa
redetector/WebAAS.cab">
- <Files>
<File ex="1" nam="MFCDLL Shared Library - Retail Version
(mfc71.dll)" pub="Microsoft Corporation"
md5="f35a584e947a5b401feb0fe01db4a0d7" ver="7.10.3077.0"
sz="1060864" is="0" gfp="">C:\WINDOWS\system32
\mfc71.dll</File>
<File ex="1" nam="Microsoft C Runtime Library
(msvcr71.dll)" pub="Microsoft Corporation"
md5="86f1895ae8c5e8b17d99ece768a70732" ver="7.10.3052.4"
sz="348160" is="0" gfp="">C:\WINDOWS\system32
\msvcr71.dll</File>
<File ex="1" nam="Multiple Provider Router DLL
(mpr.dll)" pub="Microsoft Corporation"
md5="2cfe80aa3428c09e6de67fac50da65cf" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="59904" is="0"
gfp="">C:\WINDOWS\system32\mpr.dll</File>
<File ex="1" nam="Microsoft C++ Runtime Library
(msvcp71.dll)" pub="Microsoft Corporation"
md5="561fa2abb31dfa8fab762145f81667c2" ver="7.10.3077.0"
sz="499712" is="0" gfp="">C:\WINDOWS\system32
\msvcp71.dll</File>
<File ex="1" nam="(swksig.dat)" pub=""
md5="e1515cfa4260cc116d7c8c1e2c959d60" ver="" sz="28683"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\swksig.dat</File>
<File ex="1" nam="(SpyWareKillerBKGD.jpg)" pub=""
md5="40f4f78f113b8f33bf66526373c6b049" ver="" sz="97593"
is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\SpyWareKillerBKGD.jpg</File>
<File ex="1" nam="Spyware Detection and Removal Engine
(spweng.dll)" pub="Anonymizer, Inc."
md5="11a0f42397f83cfc622c870656b30211" ver="1, 0, 0, 0"
sz="126976" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\spweng.dll</File>
<File ex="1" nam="ActiveX GUI control for Anti-Spyware
Engine (WebAAS.dll)" pub="Anonymizer.com"
md5="05ce1f289570dc4337d615b6669e065d" ver="1, 0, 0, 23"
sz="151552" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\WebAAS.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{9F1C11AA-197B-4942-BA54-
47A8489BB47F}" prog="" nam="" codebase="">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{A8658086-E6AC-4957-BC8E-
7D54A7E8A78D}" prog="DoomChk.FileChk.6" nam="DoomCln
Object"
codebase="http://www.microsoft.com/security/controls/DoomCl
n.CAB">
- <Files>
<File ex="1" nam="Mydoom (A, B, E, F, G, J, L, O) Zindos
(A) and Doomjuice (A, B) Worm Removal Tool. (DoomCln.dll)"
pub="Microsoft Corporation"
md5="818c1ae10ee8693cd278c8f7b9a9afc8" ver="1.0.0.12"
sz="115448" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\DoomCln.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{AE1C01E3-0283-11D3-9B3F-
00C04F8EF466}" prog="HeartbeatCtl.HeartbeatCtl.1"
nam="HeartbeatCtl Class"
codebase="http://fdl.msn.com/zone/datafiles/heartbeat.cab">
- <Files>
<File ex="1" nam="zsetup.exe" pub="Unavailable"
md5="b72e2fd099b43d8d0c220390cd9974b2" ver="Unavailable"
sz="134734" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\zsetup.exe</File>
<File ex="1" nam="hrtbeat.ocx" pub="Unavailable"
md5="06ddd56bb43cb6fda26c9d65396eda78" ver="Unavailable"
sz="101451" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\hrtbeat.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{B8BE5E93-A60C-4D26-A2DC-
220313175592}" prog="ZIntro.ZoneIntro.1" nam="ZoneIntro
Class"
codebase="http://zone.msn.com/binFramework/v10/ZIntro.cab34
246.cab">
- <Files>
<File ex="1" nam="ZoneIntro (ZIntro.ocx)" pub="Microsoft
Corporation" md5="9ea94132e01979f0867243de7d151a26"
ver="9.3.4246.1" sz="117800" is="0"
gfp="">C:\WINDOWS\Downloaded Program
Files\ZIntro.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{BCC0FF27-31D9-4614-A68E-
C18E1ADA4389}" prog="McGDMgr.DwnldGroupMgr.1"
nam="DwnldGroupMgr Class"
codebase="http://download.av.aol.com/molbin/shared/mcgdmgr/
en-us/1,0,0,20/mcgdmgr.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-
444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1"
nam="Shockwave Flash Object"
codebase="http://active.macromedia.com/flash2/cabs/swflash.
cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{DE22A7AB-A739-4C58-AD52-
21F9CD6306B7}" prog="ClearAdjust.CTAdjust.1" nam="CTAdjust
Class"
codebase="http://download.microsoft.com/download/Typography
/Utility/1/WXP/EN-US/clearadj.CAB">
- <Files>
<File ex="1" nam="ClearAdjust Module (clearadjust.dll)"
pub="None" md5="0c0aa1afcf906aebd11d07962c9b4190" ver="1,
0, 0, 1" sz="40960" is="0" gfp="">C:\WINDOWS\Downloaded
Program Files\clearadjust.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{E598AC61-4C6F-4F4D-877F-
FAC49CA91FA3}" prog="AcpController.acpRunner.1"
nam="acpRunner Class" codebase="https://www-
3.ibm.com/pc/support/access/aslibmain/content/AcpControl.ca
b">
- <Files>
<File ex="1" nam="AcpController Module
(acpController.dll)" pub="None"
md5="f6919bf834ebbd5b3bd68a2a46471bb5" ver="1, 2, 6, 2"
sz="204800" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\acpController.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{E5D419D6-A846-4514-9FAD-
97E826C84822}" prog="HeartbeatCtl.HeartbeatCtl.1"
nam="HeartbeatCtl Class"
codebase="http://fdl.msn.com/zone/datafiles/heartbeat.cab">
- <Files>
<File ex="1" nam="zsetup.exe" pub="Unavailable"
md5="8ea28fd993edc7e7a373b7e79234facd" ver="Unavailable"
sz="134747" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\zsetup.exe</File>
<File ex="1" nam="hrtbeat.ocx" pub="Unavailable"
md5="4bb1d03dfdfbbc51a7ec5d65d269ef42" ver="Unavailable"
sz="101464" is="0" gfp="">C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\hrtbeat.ocx</File>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-
00AA00B92AF1}" prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="7e0a6b4005a271c1fd1d82dd08fa884f"
ver="6.00.2900.2574 (xpsp_sp2_gdr.041130-1729)"
sz="607744" is="0" gfp="">c:\windows\system32
\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="deflate" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-
11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-
00A0C90312E1}" prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="5db5f53f801b616f4b4b7cae6ee7d1c6"
ver="6.00.2900.2578 (xpsp_sp2_gdr.041130-1729)"
sz="8450048" is="0" gfp="">c:\windows\system32
\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="about" val="{3050F406-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-
00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-7b8b-
11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-A120-
47A3D7D937CC}" prog="" filter="dvd" val="{12D51199-0DB5-
46FE-A120-47A3D7D937CC}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="file" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="gopher" val="{79eac9e4-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="http" val="{79eac9e2-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="https" val="{79eac9e5-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="javascript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="local" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="mailto" val="{3050f3DA-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-
00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-BCBC-
11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet Messaging
API (inetcomm.dll)" pub="Microsoft Corporation"
md5="ad83a2a04f68db2dff500c30536fcd6b" ver="6.00.2900.2527
(xpsp_sp2_gdr.040919-1056)" sz="679424" is="0"
gfp="">c:\windows\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="7e0a6b4005a271c1fd1d82dd08fa884f" ver="6.00.2900.2574
(xpsp_sp2_gdr.041130-1729)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-
006008059382}" prog="" filter="sysimage" val="{76E67A63-
06E9-11D2-A840-006008059382}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-B6D6-
00C04FBBDE6E}" prog="" filter="tv" val="{CBD30858-AF45-
11D2-B6D6-00C04FBBDE6E}" nam="ActiveX control for
streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14"
ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)"
sz="1428480" is="0" gfp="">c:\windows\system32
\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="vbscript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="fae3ca9b2459581c45b3a8845be3077c" ver="6.00.2900.2604
(xpsp_sp2_gdr.041130-1729)" sz="3006976" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-AD76-
D2853AC8BECE}" prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA
Scripting Layer (wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-
11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk"
namespacefilter="NameSpace Filter for MK:mad:MSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="a00b287bb6f78bdd3589b7e75a86a6fa" ver="5.2.3790.1221
(dnsrv.040715-2015)" sz="134144" is="0"
gfp="">c:\windows\system32
\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32
\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">1119</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7849596a-
48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{fbeb8a05-
beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation"
md5="5db5f53f801b616f4b4b7cae6ee7d1c6" ver="6.00.2900.2578
(xpsp_sp2_gdr.041130-1729)" sz="8450048" is="0"
gfp="">c:\windows\system32
\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-
DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft
Corporation" md5="6501db5182d5a8c0f1f1707286161d66"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)"
sz="276480" is="0" gfp="">c:\windows\system32
\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-
2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)"
pub="Microsoft Corporation"
md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32
\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway Service"
desc="Provides support for 3rd party protocol plug-ins for
Internet Connection Sharing and the Windows Firewall."
nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="AOL Connectivity Service" desc=""
nam="AOL Connectivity Service (AOLAcsd.exe)" pub="America
Online" md5="aa2770fd967dab91a597619c4eadc0c9"
ver="3.0.0.1" sz="10328" is="0" gfp="">C:\Program
Files\Common Files\AOL\ACS\AOLAcsd.exe</Service>
<Service ex="1" disp="AOL TopSpeed Monitor" desc=""
nam="AOL TopSpeed(TM) Monitor (aoltsmon.exe)" pub="America
Online, Inc" md5="7fb54900aa9792ab6307c699ec1859d4"
ver="2, 0, 0, 0" sz="100016" is="0" gfp="">C:\Program
Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe</Service>
<Service ex="1" disp="AOL Spyware Protection Service"
desc="Removes spyware found by ASP that cannot be removed
without a reboot." nam="(aolserv.exe)" pub=""
md5="78e3b3fda2c1f721bc74364952ab902a" ver="" sz="184373"
is="0" gfp="">C:\Program Files\Common Files\AOL\AOL
Spyware Protection\aolserv.exe</Service>
<Service ex="1" disp="AVG7 Alert Manager Server" desc=""
nam="AVG Alert Manager (avgamsvr.exe)" pub="GRISOFT,
s.r.o." md5="a98cfcb4b47be1abef98c903a6aa873e"
ver="7,1,0,307" sz="329728" is="0" gfp="">C:\PROGRA~1
\Grisoft\AVGFRE~1\avgamsvr.exe</Service>
<Service ex="1" disp="AVG7 Update Service" desc=""
nam="AVG Update Service (avgupsvc.exe)" pub="GRISOFT,
s.r.o." md5="64bd967bd30437f32a658e09b04c967a"
ver="7,1,0,285" sz="70144" is="0" gfp="">C:\PROGRA~1
\Grisoft\AVGFRE~1\avgupsvc.exe</Service>
<Service ex="1" disp="Symantec Event Manager"
desc="Symantec Event Manager" nam="Event Manager Service
(ccEvtMgr.exe)" pub="Symantec Corporation"
md5="edc5c2342e91f7a8870e17ac5a87d6ec" ver="1.03.4"
sz="317128" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe</Service>
<Service ex="1" disp="Symantec Password Validation
Service" desc="" nam="Common Client Windows Account
Validation Service (ccPwdSvc.exe)" pub="Symantec
Corporation" md5="6912cfcfc41907c4f84c5c4954f223e4"
ver="1.0.9.002" sz="99576" is="0" gfp="">C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes
contents and properties of files on local and remote
computers; provides rapid access to files through flexible
querying language." nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook
Viewer to store information and share it with remote
computers. If the service is stopped, ClipBook Viewer will
not be able to share information with remote computers. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="Windows NT DDE
Server (clipsrv.exe)" pub="Microsoft Corporation"
md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application"
desc="Manages the configuration and tracking of Component
Object Model (COM)+-based components. If the service is
stopped, most COM+-based components will not function
properly. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative Service" desc="Configures hard disk drives
and volumes. The service only runs for configuration
processes and then stops." nam="Logical Disk Manager
service process (dmadmin.exe)" pub="Microsoft Corp.,
Veritas Software" md5="554c7cb178fe3bd12450b81ad63adbc3"
ver="2600.2180.503.0" sz="224768" is="0"
gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event log
messages issued by Windows-based programs and components
to be viewed in Event Viewer. This service cannot be
stopped." nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service"
desc="Manages CD recording using Image Mastering
Applications Programming Interface (IMAPI). If this
service is stopped, this computer will be unable to record
CDs. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Image
Mastering API (imapi.exe)" pub="Microsoft Corporation"
md5="fa788520bcac0f5d9d5cde5615c0d931" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="150016" is="0"
gfp="">C:\WINDOWS\System32\imapi.exe</Service>
<Service ex="1" disp="Iomega App Services" desc=""
nam="AppServices (AppServices.exe)" pub="Iomega
Corporation" md5="19ef7fb809d3073ee60f85464e9c4c51"
ver="2, 0, 2, 5" sz="73728" is="0" gfp="">C:\PROGRA~1
\Iomega\System32\AppServices.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Enables an authorized user to access this computer
remotely by using NetMeeting over a corporate intranet. If
this service is stopped, remote desktop sharing will be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="NetMeeting Remote Desktop Sharing (mnmsrvc.exe)"
pub="Microsoft Corporation"
md5="f6415361201915b9fe3896b0e4e724ff" ver="5.1.2600.2180"
sz="32768" is="0" gfp="">C:\WINDOWS\System32
\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that span
multiple resource managers, such as databases, message
queues, and file systems. If this service is stopped,
these transactions will not occur. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="c7c3d89eb0a6f3dba622ea737fa335b1"
ver="2001.12.4414.258" sz="6144" is="0"
gfp="">C:\WINDOWS\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds,
modifies, and removes applications provided as a Windows
Installer (*.msi) package. If this service is disabled,
any services that explicitly depend on it will fail to
start." nam="Windows installer (msiexec.exe)"
pub="Microsoft Corporation"
md5="4236ae241f193f58adab141ceccfd5f4" ver="3.0.3790.2180"
sz="77312" is="0" gfp="">C:\WINDOWS\System32
\msiexec.exe</Service>
<Service ex="1" disp="Norton AntiVirus Auto Protect
Service" desc="Handles Norton AntiVirus Auto-Protect
events." nam="Norton AntiVirus Auto-Protect Service
(navapsvc.exe)" pub="Symantec Corporation"
md5="00ff9f38a83706e7605f83852171197a" ver="9.05.1015"
sz="116336" is="0" gfp="">C:\Program Files\Norton
AntiVirus\navapsvc.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides
network transport and security for Dynamic Data Exchange
(DDE) for programs running on the same computer or on
different computers. If this service is stopped, DDE
transport and security will be unavailable. If this
service is disabled, any services that explicitly depend
on it will fail to start." nam="Network DDE - DDE
Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
Dynamic Data Exchange (DDE) network shares. If this
service is stopped, DDE network shares will be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-
through authentication of account logon events for
computers in a domain." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Intel(R) NMS" desc="Intel(R) NIC
Management Service." nam="NMS Module (NMSSvc.exe)"
pub="Intel Corporation"
md5="eeea4a259891d43fec7c25e45973740d" ver="2.2.9.0"
sz="1118208" is="0" gfp="">C:\WINDOWS\System32
\NMSSvc.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NVIDIA Display Driver Service"
desc="Provides system and desktop level support to the
NVIDIA display driver" nam="NVIDIA Driver Helper Service,
Version 65.73 (nvsvc32.exe)" pub="NVIDIA Corporation"
md5="87445455aef55e3ed41d25a803c545fe" ver="6.14.10.6573"
sz="114755" is="0" gfp="">C:\WINDOWS\system32
\nvsvc32.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a
computer to recognize and adapt to hardware changes with
little or no user input. Stopping or disabling this
service will result in system instability." nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032"
is="0" gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP
security policy and starts the ISAKMP/Oakley (IKE) and the
IP security driver." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private
keys, to prevent access by unauthorized services,
processes, or users." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="793f04a09b15e7c6c11dbdffaf06c0ab"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75264"
is="0" gfp="">C:\WINDOWS\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality
for QoS-aware programs and control applets."
nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft
Corporation" md5="471b3f9741d762abe75e9deea4787e47"
ver="5.1.2600.0 (xpclient.010817-1148)" sz="132608" is="0"
gfp="">C:\WINDOWS\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user
accounts." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312"
is="0" gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="ScriptBlocking Service" desc=""
nam="ScriptBlocking registration (SBServ.exe)"
pub="Symantec Corporation"
md5="3db0459e2661531bfe88ae0a182d019a" ver="1, 1, 0, 126"
sz="54408" is="0" gfp="">C:\PROGRA~1\COMMON~1\SYMANT~1
\SCRIPT~1\SBServ.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access
to smart cards read by this computer. If this service is
stopped, this computer will be unable to read smart cards.
If this service is disabled, any services that explicitly
depend on it will fail to start." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft
Corporation" md5="25d8de134df108e3dbc8d7d23b1aa58e"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="95744"
is="0" gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files
to memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider"
desc="Manages software-based volume shadow copies taken by
the Volume Shadow Copy service. If this service is
stopped, software-based volume shadow copies cannot be
managed. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="COM
Surrogate (dllhost.exe)" pub="Microsoft Corporation"
md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Collects performance data from local or remote
computers based on preconfigured schedule parameters, then
writes the data to a log or triggers an alert. If this
service is stopped, performance information will not be
collected. If this service is disabled, any services that
explicitly depend on it will fail to start."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="8b54aa346d1b1b113ffaa75501b8b1b2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Telnet" desc="Enables a remote
user to log on to this computer and run programs, and
supports various TCP/IP Telnet clients, including UNIX-
based and Windows-based computers. If this service is
stopped, remote user access to programs might be
unavailable. If this service is disabled, any services
that explicitly depend on it will fail to start."
nam="Telnet (tlntsvr.exe)" pub="Microsoft Corporation"
md5="37db0a7d097310e8b4de803fc3119c78" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="73216" is="0"
gfp="">C:\WINDOWS\System32\tlntsvr.exe</Service>
<Service ex="1" disp="Windows User Mode Driver
Framework" desc="Enables Windows user mode drivers."
nam="Windows User Mode Driver Manager (wdfmgr.exe)"
pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="TrueVector Internet Monitor"
desc="Monitors internet traffic and generates alerts for
disallowed access." nam="TrueVector Service (vsmon.exe)"
pub="Zone Labs LLC" md5="1a18e4f7f1d29462c026611036abba36"
ver="5.5.062.011" sz="1218320" is="0"
gfp="">C:\WINDOWS\system32\ZONELABS\vsmon.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages
and implements Volume Shadow Copies used for backup and
other purposes. If this service is stopped, shadow copies
will be unavailable for backup and the backup may fail. If
this service is disabled, any services that explicitly
depend on it will fail to start." nam="Microsoft Volume
Shadow Copy Service (vssvc.exe)" pub="Microsoft
Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="289792"
is="0" gfp="">C:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="1" disp="WMI Performance Adapter"
desc="Provides performance library information from WMI
HiPerf providers." nam="WMI Performance Adapter Service
(wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service>
<Service ex="1" disp="Iomega Active Disk" desc=""
nam="Active Disk Service (ADService.exe)" pub="Iomega
Corporation" md5="b624180218bb196ad9869d5d6b454318"
ver="3, 2, 1, 5" sz="151552" is="0" gfp="">C:\Program
Files\Iomega\AutoDisk\ADService.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="604" nam="Windows NT Session
Manager (smss.exe)" pub="Microsoft Corporation"
md5="bd7fb0957c716f1a60333aee04de2178" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="672" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="f12b178b1678d778cfd3ff1fc38c71fb" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\csrss.exe</Process>
<Process ex="1" pid="696" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="01c3346c241652f43aed8e2149881bfe" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="740" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="752" nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="920" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="980" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1072" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1144" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1300" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1436" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="7435b108b935e42ea92ca94f59c8e717" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="1560" nam="AOL Connectivity Service
(aolacsd.exe)" pub="America Online"
md5="aa2770fd967dab91a597619c4eadc0c9" ver="3.0.0.1"
sz="10328" is="0" gfp="">c:\program files\common
files\aol\acs\aolacsd.exe</Process>
<Process ex="1" pid="1576" nam="AOL TopSpeed(TM) Monitor
(aoltsmon.exe)" pub="America Online, Inc"
md5="7fb54900aa9792ab6307c699ec1859d4" ver="2, 0, 0, 0"
sz="100016" is="0" gfp="">c:\program files\common
files\aol\topspeed\2.0\aoltsmon.exe</Process>
<Process ex="0" pid="1608" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<Process ex="1" pid="1616" nam="AVG Alert Manager
(avgamsvr.exe)" pub="GRISOFT, s.r.o."
md5="a98cfcb4b47be1abef98c903a6aa873e" ver="7,1,0,307"
sz="329728" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgamsvr.exe</Process>
<Process ex="1" pid="1668" nam="AVG Update Service
(avgupsvc.exe)" pub="GRISOFT, s.r.o."
md5="64bd967bd30437f32a658e09b04c967a" ver="7,1,0,285"
sz="70144" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgupsvc.exe</Process>
<Process ex="1" pid="1692" nam="Event Manager Service
(ccevtmgr.exe)" pub="Symantec Corporation"
md5="edc5c2342e91f7a8870e17ac5a87d6ec" ver="1.03.4"
sz="317128" is="0" gfp="">c:\program files\common
files\symantec shared\ccevtmgr.exe</Process>
<Process ex="1" pid="1732" nam="AppServices
(appservices.exe)" pub="Iomega Corporation"
md5="19ef7fb809d3073ee60f85464e9c4c51" ver="2, 0, 2, 5"
sz="73728" is="0" gfp="">c:\progra~1\iomega\system32
\appservices.exe</Process>
<Process ex="1" pid="1760" nam="Norton AntiVirus Auto-
Protect Service (navapsvc.exe)" pub="Symantec Corporation"
md5="00ff9f38a83706e7605f83852171197a" ver="9.05.1015"
sz="116336" is="0" gfp="">c:\program files\norton
antivirus\navapsvc.exe</Process>
<Process ex="1" pid="1808" nam="NMS Module (nmssvc.exe)"
pub="Intel Corporation"
md5="eeea4a259891d43fec7c25e45973740d" ver="2.2.9.0"
sz="1118208" is="0" gfp="">c:\windows\system32
\nmssvc.exe</Process>
<Process ex="1" pid="1864" nam="NVIDIA Driver Helper
Service, Version 65.73 (nvsvc32.exe)" pub="NVIDIA
Corporation" md5="87445455aef55e3ed41d25a803c545fe"
ver="6.14.10.6573" sz="114755" is="0"
gfp="">c:\windows\system32\nvsvc32.exe</Process>
<Process ex="1" pid="172" nam="Windows User Mode Driver
Manager (wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230
built by: DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Process>
<Process ex="1" pid="228" nam="TrueVector Service
(vsmon.exe)" pub="Zone Labs LLC"
md5="1a18e4f7f1d29462c026611036abba36" ver="5.5.062.011"
sz="1218320" is="0" gfp="">c:\windows\system32
\zonelabs\vsmon.exe</Process>
<Process ex="1" pid="408" nam="Active Disk Service
(adservice.exe)" pub="Iomega Corporation"
md5="b624180218bb196ad9869d5d6b454318" ver="3, 2, 1, 5"
sz="151552" is="0" gfp="">c:\program
files\iomega\autodisk\adservice.exe</Process>
<Process ex="1" pid="1112" nam="Application Layer
Gateway Service (alg.exe)" pub="Microsoft Corporation"
md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\system32\alg.exe</Process>
<Process ex="1" pid="956" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="a0732187050030ae399b241436565e64" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="516" nam="Common Client CC App
(ccapp.exe)" pub="Symantec Corporation"
md5="cba64668da072be6ef93305647ee02b3" ver="1.0.9.002"
sz="54520" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</Process>
<Process ex="1" pid="2024" nam="Intel(R) PROSet Tray
Icon (promon.exe)" pub="Intel Corporation"
md5="e464385c6c280e614dfcad0bd7a3f321" ver="5.3.42.0"
sz="73728" is="0" gfp="">c:\windows\system32
\promon.exe</Process>
<Process ex="1" pid="2056" nam="Direct Access Component
(tfswctrl.exe)" pub="VERITAS Software, Inc."
md5="64f798ded350964216ca139537a29749" ver="1.03.37a"
sz="106549" is="0" gfp="">c:\windows\system32
\dla\tfswctrl.exe</Process>
<Process ex="1" pid="2064" nam="(nilaunch.exe)" pub=""
md5="ca7add387b276901d50c1ff145842c7c" ver="" sz="24576"
is="0" gfp="">c:\windows\system32\nilaunch.exe</Process>
<Process ex="1" pid="2160" nam="Run a DLL as an App
(rundll32.exe)" pub="Microsoft Corporation"
md5="da285490bbd8a1d0ce6623577d5ba1ff" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">c:\windows\system32\rundll32.exe</Process>
<Process ex="1" pid="2168" nam="AVG Control Center
(avgcc.exe)" pub="GRISOFT, s.r.o."
md5="7f0c2657b39969d424b6604443992352" ver="7,1,0,307"
sz="347136" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgcc.exe</Process>
<Process ex="1" pid="2208" nam="AVG E-Mail Scanner
(avgemc.exe)" pub="GRISOFT, s.r.o."
md5="af9354bef717bd60e04f5bf5b9c9eaa2" ver="7,1,0,307"
sz="271872" is="0" gfp="">c:\progra~1\grisoft\avgfre~1
\avgemc.exe</Process>
<Process ex="1" pid="2252" nam="Active Disk User Monitor
(adusermon.exe)" pub="Iomega Corporation"
md5="d6e82206798f57521805bbb46d79c3a8" ver="3, 2, 1, 5"
sz="147456" is="0" gfp="">c:\program
files\iomega\autodisk\adusermon.exe</Process>
<Process ex="1" pid="2280" nam="IMGICON (imgicon.exe)"
pub="Iomega Corp." md5="8bb8b8d1150c344586c46752953c2da6"
ver="6, 3, 0, 56" sz="86016" is="0" gfp="">c:\program
files\iomega\driveicons\imgicon.exe</Process>
<Process ex="1" pid="2384" nam="Zone Labs Client
(zlclient.exe)" pub="Zone Labs LLC"
md5="073f29e364b0d66dc267b38676824f88" ver="5.5.062.011"
sz="902936" is="0" gfp="">c:\program files\zone
labs\zonealarm\zlclient.exe</Process>
<Process ex="1" pid="2472" nam="qttask.exe" pub="Apple
Computer, Inc." md5="c341ccfbe98bc7df6e0b856bb9fc265a"
ver="6.5" sz="98304" is="0" gfp="">c:\program
files\quicktime\qttask.exe</Process>
<Process ex="1" pid="2548" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="e519945deb3875341d36db0ea141e0c5" ver="1.00.0509"
sz="473920" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="2556" nam="Customize ICQ appearance
(vplus.exe)" pub="Vadim Eremeev"
md5="7b415891a596fab6a734f15044dea4e9" ver="3.5"
sz="11776" is="0" gfp="">c:\program
files\icqplus\vplus.exe</Process>
<Process ex="1" pid="2612" nam="WeatherBug
(weather.exe)" pub="AWS Convergence Technologies, Inc."
md5="6333a383725917eeacdb09cd8d960340" ver="6, 4, 0, 5"
sz="1593344" is="0" gfp="">c:\progra~1\aws\weathe~1
\weather.exe</Process>
<Process ex="1" pid="2640" nam="Windows Messenger
(msmsgs.exe)" pub="Microsoft Corporation"
md5="74e6e96c6f0e2eca4edbb7f7a468f259" ver="4.7.3001"
sz="1694208" is="0" gfp="">c:\program
files\messenger\msmsgs.exe</Process>
<Process ex="1" pid="2672" nam="Automatic Updates
(wuauclt.exe)" pub="Microsoft Corporation"
md5="4fe41a819f5a1ff0923f12b34830a6ca" ver="5.4.3790.2182
built by: srv03_rtm(ntvbl04)" sz="113944" is="0"
gfp="">c:\windows\system32\wuauclt.exe</Process>
<Process ex="1" pid="2700" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft Corporation"
md5="ebb4d674ec5c5b34ef8a1ba14676de8e" ver="1.00.0509"
sz="752456" is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="2708" nam="System settings
protector (teatimer.exe)" pub="Safer Networking Limited"
md5="58f7e6434d285f4c98ad3621e0bd8c8d" ver="1, 3, 0, 12"
sz="1038336" is="0" gfp="">c:\program files\spybot -
search & destroy\teatimer.exe</Process>
<Process ex="1" pid="3352" nam="Steam (steam.exe)"
pub="Valve Corporation"
md5="fa755c189128bd1e32461d635beaf0d8" ver="1.0.0.0"
sz="1241088" is="0" gfp="">c:\program
files\valve\steam\steam.exe</Process>
<Process ex="1" pid="3432" nam="AOL Instant Messenger
(aim.exe)" pub="America Online, Inc."
md5="1c4429c1aa8f638b55508c90ec4402ba" ver="5.9.3690"
sz="66672" is="0" gfp="">c:\program files\aim95
\aim.exe</Process>
<Process ex="1" pid="3636" nam="EasyClip (easyclip.exe)"
pub="Lotus Development Corporation"
md5="d3a6ec09365c105a32e23e24afcd640f" ver="4.1.0.0"
sz="77824" is="0"
gfp="">c:\lotus\organize\easyclip.exe</Process>
<Process ex="1" pid="3680" nam="Alarm Application
(alarmapp.exe)" pub="Palm, Inc."
md5="c2f5ca53f60d1feb3bfde3c91d6b3560" ver="4.1.0"
sz="274432" is="0" gfp="">c:\program
files\palm\alarmapp.exe</Process>
<Process ex="1" pid="3748" nam="(runner.exe)" pub=""
md5="4a22eaf2648c46c90f70bb46d9684de3" ver="" sz="45056"
is="0" gfp="">c:\program files\psych\runner.exe</Process>
<Process ex="1" pid="3796" nam="HotSync Manager
Application (hotsync.exe)" pub="Palm, Inc."
md5="7fb566c5816d8959c9f3ab918c00cd1f" ver="4.0.4"
sz="299008" is="0" gfp="">c:\program
files\palm\hotsync.exe</Process>
<Process ex="1" pid="3844" nam="SoundMAX System Tray
(smtray.exe)" pub="Analog Devices, Inc."
md5="c85b0a3d378c087e9acdc7201db07300" ver="3, 2, 9, 0"
sz="90112" is="0"
gfp="">c:\ibmtools\drivers\audio\soundmax\soundm~1
\sys\smtray.exe</Process>
<Process ex="1" pid="3888" nam="Windows TaskManager
(taskmgr.exe)" pub="Microsoft Corporation"
md5="fc160ace21c81837692b339d230dd4be" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="135680" is="0"
gfp="">c:\windows\system32\taskmgr.exe</Process>
<Process ex="1" pid="3608" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="f0b4af2924697573e893d76229ff48d8"
ver="1.00.0509" sz="4586320" is="0" gfp="">c:\program
files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="180" nam="Internet Explorer
(iexplore.exe)" pub="Microsoft Corporation"
md5="e7484514c0464642be7b4dc2689354c8" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="93184" is="0"
gfp="">c:\program files\internet
explorer\iexplore.exe</Process>
<Process ex="1" pid="3012" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="7ed5a4f71d669274adceeca2338ab28d"
ver="1.00.0509" sz="400192" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
 
B

Bill Sanderson

I doubt anyone here can read the XML easily. Can you just tell us what you
need help with in English? If I get a chance, I'll dig down into
this--there may well be useful details here, but a simple english
explanation would help.
 
P

pickel

well i already explained this in another post but i guess
it wont hurt to post it again in more detail.
-i have registry keys that are regenerating themselves
comet
adtools
blazefind
windupdates
adaware and spybot do not detect these.
if i scan in safe mode microsoft detects nothing.
aol detects all of these in safe mode except for the
windupdates as well as when i boot up normally.
windupdates is only detected by microsoft when i boot up
normally-i get a little red box that pops up telling me
its trying to install.
microsoft does not detect comet, blazefind or adtools no
matter what although im pretty sure windupdates is somehow
related to adtools and blazefind. microsoft did detect
comet once but since then has not.
yes i am doing deep scans.
i ran one of those online scans with trend micro and both
that and avg report no viruses.
i have norton anti virus but its not up to date but i
figure its good to keep around at least for the virus
definitions it does have albeit they are over a year old.
i have avg anti virus, adaware se, spybot s&d, ccleaner,
aol and microsoft anti spyware and they are all up to date.
computer specs- ibm, pentium 4, windows xp pro sp2, ie 6
i have system restore turned off.
i also deleted all my system restore files until i can get
rid of this crap and create a new restore point.
when i scan with aol or microsoft they do detect these
regenerating registry keys and remove them but as soon as
the computer is turned off and then on again they reappear.
all temporary files and temporary internet files have been
deleted.
if you need anymore information just ask.
thanks in advance for anyone of you smart peoples that can
help me.
 
P

pickel

well the reason i posted it here is i was kind of hoping
maybe someone would be able to forward it to the right
person or persons or maybe the right person would come
along and read it since it wont let me send the report it
creates. it says something about internet proxy settings
and i have no proxy.
 
B

Bill Sanderson

You need direct help from an expert.

The XML report from Microsoft Antispyware is not the best format for the
information needed to get your machine clean. It may be extremely useful to
Microsoft, but it doesn't do the job in the context of getting expert help
from a forum.

Find a message in these groups from Ron Kinner.

Send him your HijackThis log--
http://www.aumha.org/free.htm

find it in the left hand column.

Read the instructions for use carefully.

Alternatively, there's a forum at the aumha.org site to post HijackThis
logs--it's referenced in the information about the program.
 
B

Bill Sanderson

I understand. Unfortunately, I don't think it is a lot of use here--there's
a different log format which is a defacto standard for use in getting direct
help, see my other reply.

The proxy message seems to be a bug. I've got a machine with this symptom,
and haven't figured out a way around it or what is different on that machine
from a dozen others in the same office.
 
P

pickel

way ahead of you there-ive already been in contact with
him thru email-but as yet have to solve the problems
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top