D
Dave Q
I am plagued by popups for Winfixer, Regcleaner and Win Anti Virus Pro.
Nothing helps the problem and I've spent too much moey on spayware, adware
and anit-virus programs that aren't even touching this problem.
Here is my MAS beta report. Maybe somebody out there can hep me.
<MSSSRT version="1.0.615" createdate="10/9/2005 11:40:16 AM" os="XP.2600"
user=""><Audit><AutoRunAudit>
<StartupFiles>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Adobe Gamma Loader.lnk" nam="Adobe Gamma Loader (adobe
gamma loader.exe)" pub="Adobe Systems, Inc."
md5="c2ff17734176cd15221c10044ef0ba1a" ver="1, 0, 0, 1" sz="113664" is="0"
gfp="">c:\program files\common files\adobe\calibration\adobe gamma
loader.exe</StartupFile>
</StartupFiles>
<StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Sunkist2k"
dat="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" nam="Sunkist
(shwicon2k.exe)" pub="Alcor Micro, Corp."
md5="334e242417b1e66ecaf45d9dc62b288a" ver="1, 0, 0, 7" sz="139264" is="0"
gfp="">c:\program files\multimedia card
reader\shwicon2k.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Recguard"
dat="C:\WINDOWS\SMINST\RECGUARD.EXE" nam="Recguard MFC Application
(recguard.exe)" pub="None" md5="d3cc7a3813123e955b3a497c04b404e2" ver="1, 0,
0, 1" sz="212992" is="0"
gfp="">c:\windows\sminst\recguard.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NeroFilterCheck" dat="C:\WINDOWS\system32\NeroCheck.exe" nam="NeroCheck
(nerocheck.exe)" pub="Ahead Software Gmbh"
md5="3e4c03cefad8de135263236b61a49c90" ver="1, 0, 0, 2" sz="155648" is="0"
gfp="">c:\windows\system32\nerocheck.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="MediaFace
Integration" dat="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe"
nam="MediaFACE Hook Application (sethook.exe)" pub="Fellowes, Inc."
md5="c108e71530073dda128b9998be00acf9" ver="4,0,1,27" sz="53248" is="0"
gfp="">c:\program files\fellowes\mediaface
4.0\sethook.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="LTMSG"
dat="LTMSG.exe 7" nam="ltmsg (ltmsg.exe)" pub="Agere Systems"
md5="4d3f3641aa76a48964102856fd7b955f" ver="3, 0, 0, 4" sz="40960" is="0"
gfp="">c:\windows\ltmsg.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="IgfxTray"
dat="C:\WINDOWS\system32\igfxtray.exe" nam="igfxTray Module (igfxtray.exe)"
pub="Intel Corporation" md5="8bbbada96ffe1449edd39256eda99cd8"
ver="3.0.0.3889" sz="155648" is="0"
gfp="">c:\windows\system32\igfxtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="hpsysdrv"
dat="c:\windows\system\hpsysdrv.exe" nam="hpsysdrv (hpsysdrv.exe)"
pub="Hewlett-Packard Company" md5="06a1ecb63df139ec639e084d4ab3c9d7" ver="1,
7, 0, 0" sz="52736" is="0"
gfp="">c:\windows\system\hpsysdrv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="HotKeysCmds"
dat="C:\WINDOWS\system32\hkcmd.exe" nam="hkcmd Module (hkcmd.exe)"
pub="Intel Corporation" md5="ea5dd164296f66241bead39e12fa69f2"
ver="3.0.0.3889" sz="118784" is="0"
gfp="">c:\windows\system32\hkcmd.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AutoTKit"
dat="C:\hp\bin\AUTOTKIT.EXE" nam=" (autotkit.exe)" pub=""
md5="6d013ba4120ab87d8694aaf12bd5d1c1" ver="" sz="53248" is="0"
gfp="">c:\hp\bin\autotkit.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="QuickTime
Task" dat=""C:\Program Files\QuickTime\qttask.exe" -atboottime"
nam="qttask.exe" pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1" sz="98304" is="0"
gfp="">c:\program files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="HP Component
Manager" dat=""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe""
nam="HP Framework Component Manager Service (hpcmpmgr.exe)"
pub="Hewlett-Packard Company" md5="b75b654ee1da99876461b24597ae3ff3"
ver="2.1.1.0" sz="241664" is="0" gfp="">c:\program
files\hp\hpcoretech\hpcmpmgr.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="HPDJ Taskbar
Utility" dat="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
nam="None (hpztsb10.exe)" pub="HP" md5="fd32127449af0b96ebeca3caab74e423"
ver="2.323.0.0" sz="172032" is="0"
gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AVG7_CC"
dat="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" nam="AVG Control
Center (avgcc.exe)" pub="GRISOFT, s.r.o."
md5="6e74941e3e14cb67fb1648b45a041f0d" ver="7,1,0,338" sz="352256" is="0"
gfp="">c:\progra~1\grisoft\avgfre~1\avgcc.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="gcasServ"
dat=""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe""
nam="Microsoft AntiSpyware Service (gcasserv.exe)" pub="Microsoft
Corporation" md5="263740ede788a60a6c0a47249fc410bf" ver="1.00.0615"
sz="473928" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NVIEW"
dat="rundll32.exe nview.dll,nViewLoadHook" nam="NVIDIA nView Desktop and
Window Manager 45.28 (nview.dll)" pub="NVIDIA Corporation"
md5="26b3de625fe075f43a61be19155220e6" ver="6.14.10.4528" sz="852038" is="0"
gfp="">c:\windows\system32\nview.dll</StartupFileRegistry>
</StartupFilesRegistry>
<WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon Application (userinit.exe)"
pub="Microsoft Corporation" md5="39b1ffb03c2296323832acbae50d2aff"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles>
</StartupWinIniFiles>
<StartupSysIniFiles>
</StartupSysIniFiles>
</AutoRunAudit>
<InternetExplorerAudit version="6.0.2900.2180">
<BrowserHelperObjects>
<BHO ex="1" clsid="{15F4D456-5BAA-4076-8486-EECB38CD3E57}"
prog="ElnkScamBlocker.ElnkScamBHO.1" val="ElnkScamBHO Class" nam="Earthlink
ScamBlocker (escamblk.dll)" pub="EarthLink, Inc."
md5="545c561abbea44f88e7fe028d82d7b17" ver="2.2.59.0" sz="181328" is="0"
gfp="">c:\program files\earthlink totalaccess\toolbar\escamblk.dll</BHO>
<BHO ex="1" clsid="{512ACF1B-64D9-4928-B382-A80556F28DB4}"
prog="ELNK.ElnkPubBHO.1" val="ElnkPubBHO Class" nam="Earthlink PopupBlocker
(elnkpub.dll)" pub="EarthLink, Inc." md5="5d05e2c28d677e45bdb7105f4331b3dd"
ver="2.2.59.0" sz="197712" is="0" gfp="">c:\program files\earthlink
totalaccess\toolbar\elnkpub.dll</BHO>
<BHO ex="1" clsid="{656EC4B7-072B-4698-B504-2A414C1F0037}"
prog="Prpl_IePopupBlocker.IE_PopupBlocker.1" val="IE_PopupBlocker Class"
nam="prpl_IePopupBlocker Module (prpl_iepopupblocker.dll)" pub="Propel
Software Corporation" md5="7d4dce216a71d935fad9fbe4b29be00a"
ver="5.0.1.1054" sz="49152" is="0" gfp="">c:\program files\earthlink
totalaccess\accelerator\prpl_iepopupblocker.dll</BHO>
<BHO ex="1" clsid="{827DC836-DD9F-4A68-A602-5812EB50A834}"
prog="MSEvents.MSEvents.1" val="MSEvents Object" nam=" (wincr.dll)" pub=""
md5="02f0b37ab98887ab3600af69507cfad8" ver="" sz="516116" is="0"
gfp="">c:\windows\servicepackfiles\i386\wincr.dll</BHO>
<BHO ex="1" clsid="{9579D574-D4D8-4335-9560-FE8641A013BD}"
prog="ProtctIE.ElnkProtectionBHO.1" val="ElnkProtectionBHO Class"
nam="ProtcIE (protctie.dll)" pub="EarthLink, Inc."
md5="a91009a20d29895537c338ba5966511a" ver="2.2.59.0" sz="238672" is="0"
gfp="">c:\program files\earthlink totalaccess\toolbar\protctie.dll</BHO>
<BHO ex="1" clsid="{E713904C-DF05-4C79-BBAD-02DB923253BE}"
prog="uninsttb.ElnkLegacyUninstBHO.1" val="ElnkLegacyUninstBHO Class"
nam="uninsttb (uninsttb.dll)" pub="EarthLink, Inc."
md5="c02180535889c6de2a85b8570d79beb2" ver="2.2.59.0" sz="95312" is="0"
gfp="">c:\program files\earthlink totalaccess\toolbar\uninsttb.dll</BHO>
</BrowserHelperObjects>
<IEToolbars>
<IEToolbar ex="1" clsid="{C7768536-96F8-4001-B1A2-90EE21279187}"
prog="Toolbar.ElnkToolbar.1" val="EarthLink Toolbar" nam="Toolbar
(toolbar.dll)" pub="EarthLink, Inc." md5="d18c931184da46e5ac31022a755f635a"
ver="2.2.60.0" sz="173136" is="0" gfp="">c:\program files\earthlink
totalaccess\toolbar\toolbar.dll</IEToolbar>
</IEToolbars>
<IEExtensions>
</IEExtensions>
<IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}" prog=""
val="&Tip of the Day" nam="Shell Doc Object and Control Library
(shdocvw.dll)" pub="Microsoft Corporation"
md5="47a418daae87e73814fa449ef32d0e0e" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="1483776" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="0" clsid="{8F4902B6-6C04-4ade-8052-AA58578A21BD}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEExplorerBar>
</IEExplorerBars>
<IEShellBrowsers>
<IEShellBrowser ex="0" clsid="{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEShellBrowser>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="33e419191b4b92face6d6d3cf17b656f"
ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="1019904" is="0"
gfp="">c:\windows\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
prog="" val="HP View" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEShellBrowser>
<IEShellBrowser ex="0" clsid="
" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEShellBrowser>
</IEShellBrowsers>
<IEWebBrowsers>
<IEWebBrowser ex="0" clsid="{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" prog=""
val="HP View" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
<IEWebBrowser ex="0" clsid="
" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="33e419191b4b92face6d6d3cf17b656f"
ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="1019904" is="0"
gfp="">c:\windows\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="{2318C2B1-4965-11D4-9B18-009027A5CD4F}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEWebBrowser>
<IEWebBrowser ex="0" clsid="{D7F30B62-8269-41AF-9539-B2697FA7D77E}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEWebBrowser>
<IEWebBrowser ex="0" clsid="
" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
</IEWebBrowsers>
<IEMenuExts>
<IEMenuExt val="Refresh Pa&ge with Full Quality">C:\Program
Files\EarthLink TotalAccess\Accelerator\\pac-page.html</IEMenuExt>
<IEMenuExt val="Refresh Pi&cture with Full Quality">C:\Program
Files\EarthLink TotalAccess\Accelerator\\pac-image.html</IEMenuExt>
</IEMenuExts>
<IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"
prog="" val="Microsoft Url Search Hook" nam="Shell Doc Object and Control
Library (shdocvw.dll)" pub="Microsoft Corporation"
md5="47a418daae87e73814fa449ef32d0e0e" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="1483776" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEURLSearchHook>
</IEURLSearchHooks>
<IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start
Page">http://www.google.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search Page"> <G
..?AVCW</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL">http://start.earthlink.net</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search Bar"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer HomeOldSP"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start
Page">http://www.google.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Page"> <G
..?AVCW</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local
Page">%SystemRoot%\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Bar"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer HomeOldSP"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
CustomizeSearch"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">http://www.google.com/keyword/%s</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\SearchUrl"></IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
mozilla"></IEURL>
</IEURLs>
</InternetExplorerAudit>
<SystemAudit>
<ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1" nam="Microsoft AntiSpyware
Shell Extension (shellextension.dll)" pub="Microsoft Corporation"
md5="4b202fff9eb43fdc8d3290deaab7487e" ver="1.0.0614.10" sz="101080" is="0"
gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
<ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\System32\mshta.exe
"%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mailto\shell\open\command">"C:\PROGRAM
FILES\OUTLOOK EXPRESS\MSIMN.EXE" /mailurl:%1</ShellOpenCommand>
<ShellOpenCommand val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %1</ShellOpenCommand>
</ShellOpenCommands>
<ActiveXInstalls>
<ActiveXInstall clsid="{02BCC737-B171-4746-94C9-0D8A0B2C0089}"
prog="Office.awsdc.1" nam="Microsoft Office Template and Media Control"
codebase="http://office.microsoft.com/templates/ieawsdc.cab">
<Files>
<File ex="1" nam="IEAWSDC.DLL" pub="Unavailable"
md5="50804f20a0e541d9a0dbad1d56019ada" ver="Unavailable" sz="87240" is="0"
gfp="">C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL</File>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}"
prog="QuickTime.QuickTime.4" nam="QuickTime Object"
codebase="http://www.apple.com/qtactivex/qtplugin.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{166B1BCA-3F9C-11CF-8075-444553540000}"
prog="SWCtl.SWCtl.8.5.1" nam="Shockwave ActiveX Control"
codebase="http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{17492023-C23A-453E-A040-C7C580BBF700}"
prog="LegitCheckControl.LegitCheck.1" nam="Windows Genuine Advantage
Validation Tool" codebase="http://go.microsoft.com/fwlink/?linkid=39204">
<Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)" pub="Microsoft"
md5="76cfe0b49089af874d3d135efc38bf3a" ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="679088dd42afb105a6da3f5e876d69b6" ver="1.3.0272.0" sz="520968" is="0"
gfp="">C:\WINDOWS\system32\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{8AD9C840-044E-11D1-B3E9-00805F499D93}" prog=""
nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}" prog=""
nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-444553540000}"
prog="ShockwaveFlash.ShockwaveFlash.1" nam="Shockwave Flash Object"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
<Files>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
<PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="deflate" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="lzdhtml" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
<PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
prog="" filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CF184AD3-CDCB-4168-A3F7-8E447D129300}"
prog="HPCETI.UIZipProtocol.1" filter="cetihpz"
val="{CF184AD3-CDCB-4168-A3F7-8E447D129300}" nam="HPCETIUI Protocol Handler
Module (hpuiprot.dll)" pub="Hewlett-Packard Company"
md5="25709aea0b57a61e67c35ddd7994c9ed" ver="2.1.4" sz="81920" is="0"
gfp="">c:\program files\hp\hpcoretech\comp\hpuiprot.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
prog="" filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="gopher" val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453
(srv03_sp1_gdr.050525-1542)" sz="137216" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="javascript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="mailto" val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
prog="" filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
nam="Microsoft Internet Messaging API (inetcomm.dll)" pub="Microsoft
Corporation" md5="64528cdf39d8bc19d800be60039bb7e4" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="678400" is="0"
gfp="">c:\windows\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft InfoTech Storage
System Library (itss.dll)" pub="Microsoft Corporation"
md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453
(srv03_sp1_gdr.050525-1542)" sz="137216" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-006008059382}"
prog="" filter="sysimage" val="{76E67A63-06E9-11D2-A840-006008059382}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
prog="" filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="vbscript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA Scripting Layer
(wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
<PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0"
namespace="mk" namespacefilter="NameSpace Filter for MK
MSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft InfoTech Storage
System Library (itss.dll)" pub="Microsoft Corporation"
md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453
(srv03_sp1_gdr.050525-1542)" sz="137216" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
<TCPIPParamaters>
<TCPIPParamater
val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain"></TCPIPParamater>
<TCPIPParamater val="NameServer"></TCPIPParamater>
<TCPIPParamater val="SearchList"></TCPIPParamater>
<TCPIPParamater val="VXD MSTCP: NameServer"></TCPIPParamater>
</TCPIPParamaters>
<InternetSettings>
<InternetSetting val="ProxyEnable">1</InternetSetting>
<InternetSetting val="ProxyServer">http=localhost:8080</InternetSetting>
<InternetSetting val="ProxyOverride"><local></InternetSetting>
<InternetSetting val="User Agent">Mozilla/4.0 (compatible; MSIE 6.0;
Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain Count">0</InternetSetting>
</InternetSettings>
<IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
</IESettings>
<AppInitDLLs val="">
</AppInitDLLs>
<ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1"
clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation" md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft Corporation"
md5="6501db5182d5a8c0f1f1707286161d66" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="276480" is="0"
gfp="">c:\windows\system32\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)" pub="Microsoft
Corporation" md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks>
</ScheduledTasks>
<Services>
<Service ex="1" disp="Adobe LM Service" desc="Adobe LM Service" nam="System
Level Service Utilty (Adobelmsvc.exe)" pub="Unavailable"
md5="3dca27d49522aacf37a4a3e2aca8e0b2" ver="2.43.000" sz="68096" is="0"
gfp="">C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe</Service>
<Service ex="1" disp="Application Layer Gateway Service" desc="Provides
support for 3rd party protocol plug-ins for Internet Connection Sharing and
the Windows Firewall." nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation" md5="f1958fbf86d5c004cf19a5951a9514b7"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="ASP.NET State Service" desc="Provides support for
out-of-process session states for ASP.NET. If this service is stopped,
out-of-process requests will not be processed. If this service is disabled,
any services that explicitly depend on it will fail to start."
nam="aspnet_state.exe (aspnet_state.exe)" pub="Microsoft Corporation"
md5="a986fcfdac587e68478db51547b90800" ver="1.1.4322.573" sz="32768" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe</Service>
<Service ex="1" disp="AVG7 Alert Manager Server" desc="" nam="AVG Alert
Manager (avgamsvr.exe)" pub="GRISOFT, s.r.o."
md5="9dbd26d7d7967d918c507b1e2a93a37e" ver="7,1,0,321" sz="330240" is="0"
gfp="">C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe</Service>
<Service ex="1" disp="AVG7 Update Service" desc="" nam="AVG Update Service
(avgupsvc.exe)" pub="GRISOFT, s.r.o." md5="62e6b23b906b213836470740fe449b43"
ver="7,1,0,321" sz="84480" is="0"
gfp="">C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes contents and
properties of files on local and remote computers; provides rapid access to
files through flexible querying language." nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook Viewer to store
information and share it with remote computers. If the service is stopped,
ClipBook Viewer will not be able to share information with remote computers.
If this service is disabled, any services that explicitly depend on it will
fail to start." nam="Windows NT DDE Server (clipsrv.exe)" pub="Microsoft
Corporation" md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application" desc="Manages the
configuration and tracking of Component Object Model (COM)+-based
components. If the service is stopped, most COM+-based components will not
function properly. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="COM Surrogate (dllhost.exe)"
pub="Microsoft Corporation" md5="dd87db7387b9eb441c5674888a0d840c"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Logical Disk Manager Administrative Service"
desc="Configures hard disk drives and volumes. The service only runs for
configuration processes and then stops." nam="Logical Disk Manager service
process (dmadmin.exe)" pub="Microsoft Corp., Veritas Software"
md5="554c7cb178fe3bd12450b81ad63adbc3" ver="2600.2180.503.0" sz="224768"
is="0" gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="EarthLink Monitor Service" desc="" nam="wmonitor
Module (wmonitor.exe)" pub="Boingo Wireless, Inc."
md5="80a5870b25b47e0a018cb42505e6ada0" ver="1, 4, 1220, 0" sz="65604" is="0"
gfp="">C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event log messages issued by
Windows-based programs and components to be viewed in Event Viewer. This
service cannot be stopped." nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="Fax" desc="Enables you to send and receive faxes,
utilizing fax resources available on this computer or on the network."
nam="Fax Service (fxssvc.exe)" pub="Microsoft Corporation"
md5="fcbd571fa0ee8dc238944ae5fab74461" ver="5.2.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="267776" is="0"
gfp="">C:\WINDOWS\system32\fxssvc.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service" desc="Manages CD
recording using Image Mastering Applications Programming Interface (IMAPI).
If this service is stopped, this computer will be unable to record CDs. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="Image Mastering API (imapi.exe)" pub="Microsoft
Corporation" md5="fa788520bcac0f5d9d5cde5615c0d931" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="150016" is="0"
gfp="">C:\WINDOWS\System32\imapi.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing" desc="Enables an
authorized user to access this computer remotely by using NetMeeting over a
corporate intranet. If this service is stopped, remote desktop sharing will
be unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="NetMeeting Remote Desktop Sharing
(mnmsrvc.exe)" pub="Microsoft Corporation"
md5="f6415361201915b9fe3896b0e4e724ff" ver="5.1.2600.2180" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction Coordinator" desc="Coordinates
transactions that span multiple resource managers, such as databases,
message queues, and file systems. If this service is stopped, these
transactions will not occur. If this service is disabled, any services that
explicitly depend on it will fail to start. " nam="MS DTC console program
(msdtc.exe)" pub="Microsoft Corporation"
md5="c7c3d89eb0a6f3dba622ea737fa335b1" ver="2001.12.4414.258" sz="6144"
is="0" gfp="">C:\WINDOWS\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds, modifies, and removes
applications provided as a Windows Installer (*.msi) package. If this
service is disabled, any services that explicitly depend on it will fail to
start." nam="Windows installer (msiexec.exe)" pub="Microsoft Corporation"
md5="f5f0146580e7023adb963879840777f8" ver="3.1.4000.1823" sz="78848" is="0"
gfp="">C:\WINDOWS\system32\msiexec.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides network transport and
security for Dynamic Data Exchange (DDE) for programs running on the same
computer or on different computers. If this service is stopped, DDE
transport and security will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start." nam="Network
DDE - DDE Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages Dynamic Data Exchange
(DDE) network shares. If this service is stopped, DDE network shares will be
unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start. " nam="Network DDE - DDE Communication
(netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-through authentication
of account logon events for computers in a domain." nam="LSA Shell
(lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider" desc="Provides
security to remote procedure call (RPC) programs that use transports other
than named pipes." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NVIDIA Driver Helper Service" desc="" nam="NVIDIA
Driver Helper Service, Version 45.28 (nvsvc32.exe)" pub="NVIDIA Corporation"
md5="88a8cfcd2bc3ff1484901ce985782e6e" ver="6.14.10.4528" sz="77824" is="0"
gfp="">C:\WINDOWS\System32\nvsvc32.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a computer to recognize
and adapt to hardware changes with little or no user input. Stopping or
disabling this service will result in system instability." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP security policy and
starts the ISAKMP/Oakley (IKE) and the IP security driver." nam="LSA Shell
(lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides protected storage
for sensitive data, such as private keys, to prevent access by unauthorized
services, processes, or users." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session Manager" desc="Manages and
controls Remote Assistance. If this service is stopped, Remote Assistance
will be unavailable. Before stopping this service, see the Dependencies tab
of the Properties dialog box." nam="Microsoft Remote Desktop Help Session
Manager (sessmgr.exe)" pub="Microsoft Corporation"
md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="140800" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC) Locator" desc="Manages the
RPC name service database." nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="793f04a09b15e7c6c11dbdffaf06c0ab" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75264" is="0"
gfp="">C:\WINDOWS\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network signaling and local
traffic control setup functionality for QoS-aware programs and control
applets." nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft Corporation"
md5="471b3f9741d762abe75e9deea4787e47" ver="5.1.2600.0
(xpclient.010817-1148)" sz="132608" is="0"
gfp="">C:\WINDOWS\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager" desc="Stores security
information for local user accounts." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access to smart cards read
by this computer. If this service is stopped, this computer will be unable
to read smart cards. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft Corporation"
md5="25d8de134df108e3dbc8d7d23b1aa58e" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="95744" is="0"
gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files to memory for later
printing." nam="Spooler SubSystem App (spoolsv.exe)" pub="Microsoft
Corporation" md5="da81ec57acd4cdc3d4c51cf3d409af9f" ver="5.1.2600.2696
(xpsp_sp2_gdr.050610-1519)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider" desc="Manages
software-based volume shadow copies taken by the Volume Shadow Copy service.
If this service is stopped, software-based volume shadow copies cannot be
managed. If this service is disabled, any services that explicitly depend on
it will fail to start." nam="COM Surrogate (dllhost.exe)" pub="Microsoft
Corporation" md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts" desc="Collects
performance data from local or remote computers based on preconfigured
schedule parameters, then writes the data to a log or triggers an alert. If
this service is stopped, performance information will not be collected. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation" md5="8b54aa346d1b1b113ffaa75501b8b1b2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Windows User Mode Driver Framework" desc="Enables
Windows user mode drivers." nam="Windows User Mode Driver Manager
(wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230 built by:
DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\System32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply" desc="Manages an
uninterruptible power supply (UPS) connected to the computer." nam="UPS
Service (ups.exe)" pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages and implements
Volume Shadow Copies used for backup and other purposes. If this service is
stopped, shadow copies will be unavailable for backup and the backup may
fail. If this service is disabled, any services that explicitly depend on it
will fail to start." nam="Microsoft Volume Shadow Copy Service (vssvc.exe)"
pub="Microsoft Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="289792" is="0"
gfp="">C:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="1" disp="WMI Performance Adapter" desc="Provides performance
library information from WMI HiPerf providers." nam="WMI Performance Adapter
Service (wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service>
</Services>
</SystemAudit>
<ProcessesAudit>
<Processes>
<Process ex="1" pid="384" nam="Windows NT Session Manager (smss.exe)"
pub="Microsoft Corporation" md5="bd7fb0957c716f1a60333aee04de2178"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="456" nam="Client Server Runtime Process (csrss.exe)"
pub="Microsoft Corporation" md5="f12b178b1678d778cfd3ff1fc38c71fb"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\csrss.exe</Process>
<Process ex="1" pid="480" nam="Windows NT Logon Application (winlogon.exe)"
pub="Microsoft Corporation" md5="01c3346c241652f43aed8e2149881bfe"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="524" nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="536" nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="680" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="748" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="792" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="852" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="932" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1100" nam="Windows Explorer (explorer.exe)"
pub="Microsoft Corporation" md5="a0732187050030ae399b241436565e64"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="1136" nam="Spooler SubSystem App (spoolsv.exe)"
pub="Microsoft Corporation" md5="da81ec57acd4cdc3d4c51cf3d409af9f"
ver="5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="1264" nam="AVG Alert Manager (avgamsvr.exe)"
pub="GRISOFT, s.r.o." md5="9dbd26d7d7967d918c507b1e2a93a37e" ver="7,1,0,321"
sz="330240" is="0"
gfp="">c:\progra~1\grisoft\avgfre~1\avgamsvr.exe</Process>
<Process ex="1" pid="1284" nam="AVG Update Service (avgupsvc.exe)"
pub="GRISOFT, s.r.o." md5="62e6b23b906b213836470740fe449b43" ver="7,1,0,321"
sz="84480" is="0" gfp="">c:\progra~1\grisoft\avgfre~1\avgupsvc.exe</Process>
<Process ex="1" pid="1332" nam="wmonitor Module (wmonitor.exe)" pub="Boingo
Wireless, Inc." md5="80a5870b25b47e0a018cb42505e6ada0" ver="1, 4, 1220, 0"
sz="65604" is="0" gfp="">c:\program files\earthlink
totalaccess\wengine\wmonitor.exe</Process>
<Process ex="1" pid="1480" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1508" nam="Windows User Mode Driver Manager
(wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230 built by:
DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Process>
<Process ex="1" pid="1884" nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation" md5="f1958fbf86d5c004cf19a5951a9514b7"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\system32\alg.exe</Process>
<Process ex="1" pid="1916" nam="Sunkist (shwicon2k.exe)" pub="Alcor Micro,
Corp." md5="334e242417b1e66ecaf45d9dc62b288a" ver="1, 0, 0, 7" sz="139264"
is="0" gfp="">c:\program files\multimedia card
reader\shwicon2k.exe</Process>
<Process ex="1" pid="1960" nam="ltmsg (ltmsg.exe)" pub="Agere Systems"
md5="4d3f3641aa76a48964102856fd7b955f" ver="3, 0, 0, 4" sz="40960" is="0"
gfp="">c:\windows\ltmsg.exe</Process>
<Process ex="1" pid="1996" nam="hpsysdrv (hpsysdrv.exe)"
pub="Hewlett-Packard Company" md5="06a1ecb63df139ec639e084d4ab3c9d7" ver="1,
7, 0, 0" sz="52736" is="0" gfp="">c:\windows\system\hpsysdrv.exe</Process>
<Process ex="1" pid="2008" nam="hkcmd Module (hkcmd.exe)" pub="Intel
Corporation" md5="ea5dd164296f66241bead39e12fa69f2" ver="3.0.0.3889"
sz="118784" is="0" gfp="">c:\windows\system32\hkcmd.exe</Process>
<Process ex="1" pid="152" nam="HP Framework Component Manager Service
(hpcmpmgr.exe)" pub="Hewlett-Packard Company"
md5="b75b654ee1da99876461b24597ae3ff3" ver="2.1.1.0" sz="241664" is="0"
gfp="">c:\program files\hp\hpcoretech\hpcmpmgr.exe</Process>
<Process ex="1" pid="180" nam="None (hpztsb10.exe)" pub="HP"
md5="fd32127449af0b96ebeca3caab74e423" ver="2.323.0.0" sz="172032" is="0"
gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe</Process>
<Process ex="1" pid="240" nam="AVG Control Center (avgcc.exe)" pub="GRISOFT,
s.r.o." md5="6e74941e3e14cb67fb1648b45a041f0d" ver="7,1,0,338" sz="352256"
is="0" gfp="">c:\progra~1\grisoft\avgfre~1\avgcc.exe</Process>
<Process ex="1" pid="260" nam="Microsoft AntiSpyware Service (gcasserv.exe)"
pub="Microsoft Corporation" md5="263740ede788a60a6c0a47249fc410bf"
ver="1.00.0615" sz="473928" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="1012" nam="Microsoft AntiSpyware Data Service
(gcasdtserv.exe)" pub="Microsoft Corporation"
md5="21bd4696317a4a6383f86cdc5e026bfd" ver="1.00.0615" sz="756552" is="0"
gfp="">c:\program files\microsoft antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="2356" nam="Internet Explorer (iexplore.exe)"
pub="Microsoft Corporation" md5="e7484514c0464642be7b4dc2689354c8"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="93184" is="0"
gfp="">c:\program files\internet explorer\iexplore.exe</Process>
<Process ex="1" pid="2580" nam="None (taskpanl.exe)" pub="EarthLink, Inc."
md5="031da5f6f0625b7db3c9629180de440c" ver="2005.2.98.0" sz="942080" is="0"
gfp="">c:\program files\earthlink totalaccess\taskpanl.exe</Process>
<Process ex="1" pid="3028" nam="IP Session Statistics (ipclient.exe)"
pub="Visual Networks" md5="a454402ec7ee565c0ed225ed6cfb452f"
ver="5.5.100.115" sz="364544" is="0" gfp="">c:\program files\earthlink
totalaccess\fastlane\ipclient.exe</Process>
<Process ex="1" pid="3152" nam="elinkacc.exe" pub="Unavailable"
md5="a0007fe4c1d8bc9b50d03792084f8f75" ver="Unavailable" sz="1007159" is="0"
gfp="">c:\program files\earthlink
totalaccess\accelerator\elinkacc.exe</Process>
<Process ex="1" pid="3648" nam="Outlook Express (msimn.exe)" pub="Microsoft
Corporation" md5="091c14f4c71328d4316248a2421190de" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="60416" is="0" gfp="">c:\program
files\outlook express\msimn.exe</Process>
<Process ex="1" pid="1760" nam="Microsoft AntiSpyware Main
(giantantispywaremain.exe)" pub="Microsoft Corporation"
md5="2f92f172d6f47c28b048e6899985bb4b" ver="1.00.0615" sz="4598608" is="0"
gfp="">c:\program files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="2096" nam="Microsoft Suspected Spyware Reporting Tool
(msssrt.exe)" pub="Microsoft Corporation"
md5="1d3fc56e8adb2e911390c775a4de94dd" ver="1.00.0615" sz="400200" is="0"
gfp="">c:\program files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
Nothing helps the problem and I've spent too much moey on spayware, adware
and anit-virus programs that aren't even touching this problem.
Here is my MAS beta report. Maybe somebody out there can hep me.
<MSSSRT version="1.0.615" createdate="10/9/2005 11:40:16 AM" os="XP.2600"
user=""><Audit><AutoRunAudit>
<StartupFiles>
<StartupFile path="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Adobe Gamma Loader.lnk" nam="Adobe Gamma Loader (adobe
gamma loader.exe)" pub="Adobe Systems, Inc."
md5="c2ff17734176cd15221c10044ef0ba1a" ver="1, 0, 0, 1" sz="113664" is="0"
gfp="">c:\program files\common files\adobe\calibration\adobe gamma
loader.exe</StartupFile>
</StartupFiles>
<StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Sunkist2k"
dat="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" nam="Sunkist
(shwicon2k.exe)" pub="Alcor Micro, Corp."
md5="334e242417b1e66ecaf45d9dc62b288a" ver="1, 0, 0, 7" sz="139264" is="0"
gfp="">c:\program files\multimedia card
reader\shwicon2k.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Recguard"
dat="C:\WINDOWS\SMINST\RECGUARD.EXE" nam="Recguard MFC Application
(recguard.exe)" pub="None" md5="d3cc7a3813123e955b3a497c04b404e2" ver="1, 0,
0, 1" sz="212992" is="0"
gfp="">c:\windows\sminst\recguard.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NeroFilterCheck" dat="C:\WINDOWS\system32\NeroCheck.exe" nam="NeroCheck
(nerocheck.exe)" pub="Ahead Software Gmbh"
md5="3e4c03cefad8de135263236b61a49c90" ver="1, 0, 0, 2" sz="155648" is="0"
gfp="">c:\windows\system32\nerocheck.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="MediaFace
Integration" dat="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe"
nam="MediaFACE Hook Application (sethook.exe)" pub="Fellowes, Inc."
md5="c108e71530073dda128b9998be00acf9" ver="4,0,1,27" sz="53248" is="0"
gfp="">c:\program files\fellowes\mediaface
4.0\sethook.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="LTMSG"
dat="LTMSG.exe 7" nam="ltmsg (ltmsg.exe)" pub="Agere Systems"
md5="4d3f3641aa76a48964102856fd7b955f" ver="3, 0, 0, 4" sz="40960" is="0"
gfp="">c:\windows\ltmsg.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="IgfxTray"
dat="C:\WINDOWS\system32\igfxtray.exe" nam="igfxTray Module (igfxtray.exe)"
pub="Intel Corporation" md5="8bbbada96ffe1449edd39256eda99cd8"
ver="3.0.0.3889" sz="155648" is="0"
gfp="">c:\windows\system32\igfxtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="hpsysdrv"
dat="c:\windows\system\hpsysdrv.exe" nam="hpsysdrv (hpsysdrv.exe)"
pub="Hewlett-Packard Company" md5="06a1ecb63df139ec639e084d4ab3c9d7" ver="1,
7, 0, 0" sz="52736" is="0"
gfp="">c:\windows\system\hpsysdrv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="HotKeysCmds"
dat="C:\WINDOWS\system32\hkcmd.exe" nam="hkcmd Module (hkcmd.exe)"
pub="Intel Corporation" md5="ea5dd164296f66241bead39e12fa69f2"
ver="3.0.0.3889" sz="118784" is="0"
gfp="">c:\windows\system32\hkcmd.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AutoTKit"
dat="C:\hp\bin\AUTOTKIT.EXE" nam=" (autotkit.exe)" pub=""
md5="6d013ba4120ab87d8694aaf12bd5d1c1" ver="" sz="53248" is="0"
gfp="">c:\hp\bin\autotkit.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="QuickTime
Task" dat=""C:\Program Files\QuickTime\qttask.exe" -atboottime"
nam="qttask.exe" pub="Apple Computer, Inc."
md5="76a3a30b58405c2c6d833895253a51a9" ver="6.5.1" sz="98304" is="0"
gfp="">c:\program files\quicktime\qttask.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="HP Component
Manager" dat=""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe""
nam="HP Framework Component Manager Service (hpcmpmgr.exe)"
pub="Hewlett-Packard Company" md5="b75b654ee1da99876461b24597ae3ff3"
ver="2.1.1.0" sz="241664" is="0" gfp="">c:\program
files\hp\hpcoretech\hpcmpmgr.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="HPDJ Taskbar
Utility" dat="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
nam="None (hpztsb10.exe)" pub="HP" md5="fd32127449af0b96ebeca3caab74e423"
ver="2.323.0.0" sz="172032" is="0"
gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AVG7_CC"
dat="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" nam="AVG Control
Center (avgcc.exe)" pub="GRISOFT, s.r.o."
md5="6e74941e3e14cb67fb1648b45a041f0d" ver="7,1,0,338" sz="352256" is="0"
gfp="">c:\progra~1\grisoft\avgfre~1\avgcc.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="gcasServ"
dat=""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe""
nam="Microsoft AntiSpyware Service (gcasserv.exe)" pub="Microsoft
Corporation" md5="263740ede788a60a6c0a47249fc410bf" ver="1.00.0615"
sz="473928" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="NVIEW"
dat="rundll32.exe nview.dll,nViewLoadHook" nam="NVIDIA nView Desktop and
Window Manager 45.28 (nview.dll)" pub="NVIDIA Corporation"
md5="26b3de625fe075f43a61be19155220e6" ver="6.14.10.4528" sz="852038" is="0"
gfp="">c:\windows\system32\nview.dll</StartupFileRegistry>
</StartupFilesRegistry>
<WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon Application (userinit.exe)"
pub="Microsoft Corporation" md5="39b1ffb03c2296323832acbae50d2aff"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="24576" is="0"
gfp="">c:\windows\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles>
</StartupWinIniFiles>
<StartupSysIniFiles>
</StartupSysIniFiles>
</AutoRunAudit>
<InternetExplorerAudit version="6.0.2900.2180">
<BrowserHelperObjects>
<BHO ex="1" clsid="{15F4D456-5BAA-4076-8486-EECB38CD3E57}"
prog="ElnkScamBlocker.ElnkScamBHO.1" val="ElnkScamBHO Class" nam="Earthlink
ScamBlocker (escamblk.dll)" pub="EarthLink, Inc."
md5="545c561abbea44f88e7fe028d82d7b17" ver="2.2.59.0" sz="181328" is="0"
gfp="">c:\program files\earthlink totalaccess\toolbar\escamblk.dll</BHO>
<BHO ex="1" clsid="{512ACF1B-64D9-4928-B382-A80556F28DB4}"
prog="ELNK.ElnkPubBHO.1" val="ElnkPubBHO Class" nam="Earthlink PopupBlocker
(elnkpub.dll)" pub="EarthLink, Inc." md5="5d05e2c28d677e45bdb7105f4331b3dd"
ver="2.2.59.0" sz="197712" is="0" gfp="">c:\program files\earthlink
totalaccess\toolbar\elnkpub.dll</BHO>
<BHO ex="1" clsid="{656EC4B7-072B-4698-B504-2A414C1F0037}"
prog="Prpl_IePopupBlocker.IE_PopupBlocker.1" val="IE_PopupBlocker Class"
nam="prpl_IePopupBlocker Module (prpl_iepopupblocker.dll)" pub="Propel
Software Corporation" md5="7d4dce216a71d935fad9fbe4b29be00a"
ver="5.0.1.1054" sz="49152" is="0" gfp="">c:\program files\earthlink
totalaccess\accelerator\prpl_iepopupblocker.dll</BHO>
<BHO ex="1" clsid="{827DC836-DD9F-4A68-A602-5812EB50A834}"
prog="MSEvents.MSEvents.1" val="MSEvents Object" nam=" (wincr.dll)" pub=""
md5="02f0b37ab98887ab3600af69507cfad8" ver="" sz="516116" is="0"
gfp="">c:\windows\servicepackfiles\i386\wincr.dll</BHO>
<BHO ex="1" clsid="{9579D574-D4D8-4335-9560-FE8641A013BD}"
prog="ProtctIE.ElnkProtectionBHO.1" val="ElnkProtectionBHO Class"
nam="ProtcIE (protctie.dll)" pub="EarthLink, Inc."
md5="a91009a20d29895537c338ba5966511a" ver="2.2.59.0" sz="238672" is="0"
gfp="">c:\program files\earthlink totalaccess\toolbar\protctie.dll</BHO>
<BHO ex="1" clsid="{E713904C-DF05-4C79-BBAD-02DB923253BE}"
prog="uninsttb.ElnkLegacyUninstBHO.1" val="ElnkLegacyUninstBHO Class"
nam="uninsttb (uninsttb.dll)" pub="EarthLink, Inc."
md5="c02180535889c6de2a85b8570d79beb2" ver="2.2.59.0" sz="95312" is="0"
gfp="">c:\program files\earthlink totalaccess\toolbar\uninsttb.dll</BHO>
</BrowserHelperObjects>
<IEToolbars>
<IEToolbar ex="1" clsid="{C7768536-96F8-4001-B1A2-90EE21279187}"
prog="Toolbar.ElnkToolbar.1" val="EarthLink Toolbar" nam="Toolbar
(toolbar.dll)" pub="EarthLink, Inc." md5="d18c931184da46e5ac31022a755f635a"
ver="2.2.60.0" sz="173136" is="0" gfp="">c:\program files\earthlink
totalaccess\toolbar\toolbar.dll</IEToolbar>
</IEToolbars>
<IEExtensions>
</IEExtensions>
<IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}" prog=""
val="&Tip of the Day" nam="Shell Doc Object and Control Library
(shdocvw.dll)" pub="Microsoft Corporation"
md5="47a418daae87e73814fa449ef32d0e0e" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="1483776" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="0" clsid="{8F4902B6-6C04-4ade-8052-AA58578A21BD}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEExplorerBar>
</IEExplorerBars>
<IEShellBrowsers>
<IEShellBrowser ex="0" clsid="{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEShellBrowser>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="33e419191b4b92face6d6d3cf17b656f"
ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="1019904" is="0"
gfp="">c:\windows\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
prog="" val="HP View" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEShellBrowser>
<IEShellBrowser ex="0" clsid="
" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEShellBrowser>
</IEShellBrowsers>
<IEWebBrowsers>
<IEWebBrowser ex="0" clsid="{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" prog=""
val="HP View" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
<IEWebBrowser ex="0" clsid="
" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog=""
val="&Address" nam="Shell Browser UI Library (browseui.dll)"
pub="Microsoft Corporation" md5="33e419191b4b92face6d6d3cf17b656f"
ver="6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)" sz="1019904" is="0"
gfp="">c:\windows\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="{2318C2B1-4965-11D4-9B18-009027A5CD4F}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEWebBrowser>
<IEWebBrowser ex="0" clsid="{D7F30B62-8269-41AF-9539-B2697FA7D77E}" prog=""
val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp=""></IEWebBrowser>
<IEWebBrowser ex="0" clsid="
" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp=""></IEWebBrowser>
</IEWebBrowsers>
<IEMenuExts>
<IEMenuExt val="Refresh Pa&ge with Full Quality">C:\Program
Files\EarthLink TotalAccess\Accelerator\\pac-page.html</IEMenuExt>
<IEMenuExt val="Refresh Pi&cture with Full Quality">C:\Program
Files\EarthLink TotalAccess\Accelerator\\pac-image.html</IEMenuExt>
</IEMenuExts>
<IEURLSearchHooks>
<IEURLSearchHook ex="1" clsid="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"
prog="" val="Microsoft Url Search Hook" nam="Shell Doc Object and Control
Library (shdocvw.dll)" pub="Microsoft Corporation"
md5="47a418daae87e73814fa449ef32d0e0e" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="1483776" is="0"
gfp="">c:\windows\system32\shdocvw.dll</IEURLSearchHook>
</IEURLSearchHooks>
<IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start
Page">http://www.google.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search Page"> <G
..?AVCW</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL">http://start.earthlink.net</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Local
Page">C:\WINDOWS\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search Bar"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer HomeOldSP"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start
Page">http://www.google.com/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Page"> <G
..?AVCW</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local
Page">%SystemRoot%\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Bar"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer HomeOldSP"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
CustomizeSearch"></IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search
SearchAssistant"></IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
CustomizeSearch">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search
SearchAssistant">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">http://www.google.com/keyword/%s</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\SearchUrl"></IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
mozilla"></IEURL>
</IEURLs>
</InternetExplorerAudit>
<SystemAudit>
<ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1" nam="Microsoft AntiSpyware
Shell Extension (shellextension.dll)" pub="Microsoft Corporation"
md5="4b202fff9eb43fdc8d3290deaab7487e" ver="1.0.0614.10" sz="101080" is="0"
gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
<ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINDOWS\System32\mshta.exe
"%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%1"
%*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE
%1</ShellOpenCommand>
<ShellOpenCommand val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open
"%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mailto\shell\open\command">"C:\PROGRAM
FILES\OUTLOOK EXPRESS\MSIMN.EXE" /mailurl:%1</ShellOpenCommand>
<ShellOpenCommand val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %1</ShellOpenCommand>
</ShellOpenCommands>
<ActiveXInstalls>
<ActiveXInstall clsid="{02BCC737-B171-4746-94C9-0D8A0B2C0089}"
prog="Office.awsdc.1" nam="Microsoft Office Template and Media Control"
codebase="http://office.microsoft.com/templates/ieawsdc.cab">
<Files>
<File ex="1" nam="IEAWSDC.DLL" pub="Unavailable"
md5="50804f20a0e541d9a0dbad1d56019ada" ver="Unavailable" sz="87240" is="0"
gfp="">C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL</File>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}"
prog="QuickTime.QuickTime.4" nam="QuickTime Object"
codebase="http://www.apple.com/qtactivex/qtplugin.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{166B1BCA-3F9C-11CF-8075-444553540000}"
prog="SWCtl.SWCtl.8.5.1" nam="Shockwave ActiveX Control"
codebase="http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{17492023-C23A-453E-A040-C7C580BBF700}"
prog="LegitCheckControl.LegitCheck.1" nam="Windows Genuine Advantage
Validation Tool" codebase="http://go.microsoft.com/fwlink/?linkid=39204">
<Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)" pub="Microsoft"
md5="76cfe0b49089af874d3d135efc38bf3a" ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINDOWS\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="679088dd42afb105a6da3f5e876d69b6" ver="1.3.0272.0" sz="520968" is="0"
gfp="">C:\WINDOWS\system32\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{8AD9C840-044E-11D1-B3E9-00805F499D93}" prog=""
nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}" prog=""
nam="Java Plug-in 1.4.2"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab">
<Files>
</Files>
</ActiveXInstall>
<ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-444553540000}"
prog="ShockwaveFlash.ShockwaveFlash.1" nam="Shockwave Flash Object"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
<Files>
</Files>
</ActiveXInstall>
</ActiveXInstalls>
<PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/octet-stream"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-complus"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
prog="CorRegistration.CorFltr.1" filter="application/x-msdownload"
val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime
Execution Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="4c702aea1c11d15c176c2c276d0907dd" ver="1.1.4322.573" sz="155648" is="0"
gfp="">c:\windows\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="deflate" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}"
prog="" filter="lzdhtml" val="{8f6b0360-b80d-11d0-a9b3-006097942311}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows Shell Common Dll
(shell32.dll)" pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
<PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
prog="" filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CF184AD3-CDCB-4168-A3F7-8E447D129300}"
prog="HPCETI.UIZipProtocol.1" filter="cetihpz"
val="{CF184AD3-CDCB-4168-A3F7-8E447D129300}" nam="HPCETIUI Protocol Handler
Module (hpuiprot.dll)" pub="Hewlett-Packard Company"
md5="25709aea0b57a61e67c35ddd7994c9ed" ver="2.1.4" sz="81920" is="0"
gfp="">c:\program files\hp\hpcoretech\comp\hpuiprot.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
prog="" filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="gopher" val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft
Corporation" md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453
(srv03_sp1_gdr.050525-1542)" sz="137216" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="javascript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="mailto" val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
prog="" filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
nam="Microsoft Internet Messaging API (inetcomm.dll)" pub="Microsoft
Corporation" md5="64528cdf39d8bc19d800be60039bb7e4" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="678400" is="0"
gfp="">c:\windows\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
prog="" filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="d73024f1a233361b9876c9d8432e87d7" ver="6.00.2900.2713
(xpsp_sp2_gdr.050702-1513)" sz="607744" is="0"
gfp="">c:\windows\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft InfoTech Storage
System Library (itss.dll)" pub="Microsoft Corporation"
md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453
(srv03_sp1_gdr.050525-1542)" sz="137216" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-006008059382}"
prog="" filter="sysimage" val="{76E67A63-06E9-11D2-A840-006008059382}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
prog="" filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft
Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0"
gfp="">c:\windows\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
prog="" filter="vbscript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
nam="Microsoft (R) HTML Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="31e7520e58e5e4dfa93215a6d5603af2" ver="6.00.2900.2722
(xpsp_sp2_gdr.050719-1518)" sz="3014144" is="0"
gfp="">c:\windows\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
prog="Wia.WiaProtocol.1" filter="wia"
val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA Scripting Layer
(wiascr.dll)" pub="Microsoft Corporation"
md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75776" is="0"
gfp="">c:\windows\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
<PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1"
clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0"
namespace="mk" namespacefilter="NameSpace Filter for MK
MSITStore:..."val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft InfoTech Storage
System Library (itss.dll)" pub="Microsoft Corporation"
md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453
(srv03_sp1_gdr.050525-1542)" sz="137216" is="0"
gfp="">c:\windows\system32\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
<TCPIPParamaters>
<TCPIPParamater
val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain"></TCPIPParamater>
<TCPIPParamater val="NameServer"></TCPIPParamater>
<TCPIPParamater val="SearchList"></TCPIPParamater>
<TCPIPParamater val="VXD MSTCP: NameServer"></TCPIPParamater>
</TCPIPParamaters>
<InternetSettings>
<InternetSetting val="ProxyEnable">1</InternetSetting>
<InternetSetting val="ProxyServer">http=localhost:8080</InternetSetting>
<InternetSetting val="ProxyOverride"><local></InternetSetting>
<InternetSetting val="User Agent">Mozilla/4.0 (compatible; MSIE 6.0;
Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain Count">0</InternetSetting>
</InternetSettings>
<IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles"></IESetting>
</IESettings>
<AppInitDLLs val="">
</AppInitDLLs>
<ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1"
clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog=""
val="PostBootReminder" nam="Windows Shell Common Dll (shell32.dll)"
pub="Microsoft Corporation" md5="9833f278924d028414d7f89bfd4fc46b"
ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn"
nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation"
md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620
(xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0"
gfp="">c:\windows\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft Corporation"
md5="6501db5182d5a8c0f1f1707286161d66" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="276480" is="0"
gfp="">c:\windows\system32\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1"
clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)" pub="Microsoft
Corporation" md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="121856" is="0"
gfp="">c:\windows\system32\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks>
</ScheduledTasks>
<Services>
<Service ex="1" disp="Adobe LM Service" desc="Adobe LM Service" nam="System
Level Service Utilty (Adobelmsvc.exe)" pub="Unavailable"
md5="3dca27d49522aacf37a4a3e2aca8e0b2" ver="2.43.000" sz="68096" is="0"
gfp="">C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe</Service>
<Service ex="1" disp="Application Layer Gateway Service" desc="Provides
support for 3rd party protocol plug-ins for Internet Connection Sharing and
the Windows Firewall." nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation" md5="f1958fbf86d5c004cf19a5951a9514b7"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\System32\alg.exe</Service>
<Service ex="1" disp="ASP.NET State Service" desc="Provides support for
out-of-process session states for ASP.NET. If this service is stopped,
out-of-process requests will not be processed. If this service is disabled,
any services that explicitly depend on it will fail to start."
nam="aspnet_state.exe (aspnet_state.exe)" pub="Microsoft Corporation"
md5="a986fcfdac587e68478db51547b90800" ver="1.1.4322.573" sz="32768" is="0"
gfp="">C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe</Service>
<Service ex="1" disp="AVG7 Alert Manager Server" desc="" nam="AVG Alert
Manager (avgamsvr.exe)" pub="GRISOFT, s.r.o."
md5="9dbd26d7d7967d918c507b1e2a93a37e" ver="7,1,0,321" sz="330240" is="0"
gfp="">C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe</Service>
<Service ex="1" disp="AVG7 Update Service" desc="" nam="AVG Update Service
(avgupsvc.exe)" pub="GRISOFT, s.r.o." md5="62e6b23b906b213836470740fe449b43"
ver="7,1,0,321" sz="84480" is="0"
gfp="">C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes contents and
properties of files on local and remote computers; provides rapid access to
files through flexible querying language." nam="Content Index service
(cisvc.exe)" pub="Microsoft Corporation"
md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5632" is="0"
gfp="">C:\WINDOWS\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook Viewer to store
information and share it with remote computers. If the service is stopped,
ClipBook Viewer will not be able to share information with remote computers.
If this service is disabled, any services that explicitly depend on it will
fail to start." nam="Windows NT DDE Server (clipsrv.exe)" pub="Microsoft
Corporation" md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="33280" is="0"
gfp="">C:\WINDOWS\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application" desc="Manages the
configuration and tracking of Component Object Model (COM)+-based
components. If the service is stopped, most COM+-based components will not
function properly. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="COM Surrogate (dllhost.exe)"
pub="Microsoft Corporation" md5="dd87db7387b9eb441c5674888a0d840c"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Logical Disk Manager Administrative Service"
desc="Configures hard disk drives and volumes. The service only runs for
configuration processes and then stops." nam="Logical Disk Manager service
process (dmadmin.exe)" pub="Microsoft Corp., Veritas Software"
md5="554c7cb178fe3bd12450b81ad63adbc3" ver="2600.2180.503.0" sz="224768"
is="0" gfp="">C:\WINDOWS\System32\dmadmin.exe</Service>
<Service ex="1" disp="EarthLink Monitor Service" desc="" nam="wmonitor
Module (wmonitor.exe)" pub="Boingo Wireless, Inc."
md5="80a5870b25b47e0a018cb42505e6ada0" ver="1, 4, 1220, 0" sz="65604" is="0"
gfp="">C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event log messages issued by
Windows-based programs and components to be viewed in Event Viewer. This
service cannot be stopped." nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="Fax" desc="Enables you to send and receive faxes,
utilizing fax resources available on this computer or on the network."
nam="Fax Service (fxssvc.exe)" pub="Microsoft Corporation"
md5="fcbd571fa0ee8dc238944ae5fab74461" ver="5.2.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="267776" is="0"
gfp="">C:\WINDOWS\system32\fxssvc.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service" desc="Manages CD
recording using Image Mastering Applications Programming Interface (IMAPI).
If this service is stopped, this computer will be unable to record CDs. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="Image Mastering API (imapi.exe)" pub="Microsoft
Corporation" md5="fa788520bcac0f5d9d5cde5615c0d931" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="150016" is="0"
gfp="">C:\WINDOWS\System32\imapi.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing" desc="Enables an
authorized user to access this computer remotely by using NetMeeting over a
corporate intranet. If this service is stopped, remote desktop sharing will
be unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start." nam="NetMeeting Remote Desktop Sharing
(mnmsrvc.exe)" pub="Microsoft Corporation"
md5="f6415361201915b9fe3896b0e4e724ff" ver="5.1.2600.2180" sz="32768" is="0"
gfp="">C:\WINDOWS\System32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction Coordinator" desc="Coordinates
transactions that span multiple resource managers, such as databases,
message queues, and file systems. If this service is stopped, these
transactions will not occur. If this service is disabled, any services that
explicitly depend on it will fail to start. " nam="MS DTC console program
(msdtc.exe)" pub="Microsoft Corporation"
md5="c7c3d89eb0a6f3dba622ea737fa335b1" ver="2001.12.4414.258" sz="6144"
is="0" gfp="">C:\WINDOWS\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds, modifies, and removes
applications provided as a Windows Installer (*.msi) package. If this
service is disabled, any services that explicitly depend on it will fail to
start." nam="Windows installer (msiexec.exe)" pub="Microsoft Corporation"
md5="f5f0146580e7023adb963879840777f8" ver="3.1.4000.1823" sz="78848" is="0"
gfp="">C:\WINDOWS\system32\msiexec.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides network transport and
security for Dynamic Data Exchange (DDE) for programs running on the same
computer or on different computers. If this service is stopped, DDE
transport and security will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start." nam="Network
DDE - DDE Communication (netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages Dynamic Data Exchange
(DDE) network shares. If this service is stopped, DDE network shares will be
unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start. " nam="Network DDE - DDE Communication
(netdde.exe)" pub="Microsoft Corporation"
md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="111104" is="0"
gfp="">C:\WINDOWS\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-through authentication
of account logon events for computers in a domain." nam="LSA Shell
(lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider" desc="Provides
security to remote procedure call (RPC) programs that use transports other
than named pipes." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="NVIDIA Driver Helper Service" desc="" nam="NVIDIA
Driver Helper Service, Version 45.28 (nvsvc32.exe)" pub="NVIDIA Corporation"
md5="88a8cfcd2bc3ff1484901ce985782e6e" ver="6.14.10.4528" sz="77824" is="0"
gfp="">C:\WINDOWS\System32\nvsvc32.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a computer to recognize
and adapt to hardware changes with little or no user input. Stopping or
disabling this service will result in system instability." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">C:\WINDOWS\system32\services.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP security policy and
starts the ISAKMP/Oakley (IKE) and the IP security driver." nam="LSA Shell
(lsass.exe)" pub="Microsoft Corporation"
md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides protected storage
for sensitive data, such as private keys, to prevent access by unauthorized
services, processes, or users." nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session Manager" desc="Manages and
controls Remote Assistance. If this service is stopped, Remote Assistance
will be unavailable. Before stopping this service, see the Dependencies tab
of the Properties dialog box." nam="Microsoft Remote Desktop Help Session
Manager (sessmgr.exe)" pub="Microsoft Corporation"
md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="140800" is="0"
gfp="">C:\WINDOWS\system32\sessmgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC) Locator" desc="Manages the
RPC name service database." nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="793f04a09b15e7c6c11dbdffaf06c0ab" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="75264" is="0"
gfp="">C:\WINDOWS\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network signaling and local
traffic control setup functionality for QoS-aware programs and control
applets." nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft Corporation"
md5="471b3f9741d762abe75e9deea4787e47" ver="5.1.2600.0
(xpclient.010817-1148)" sz="132608" is="0"
gfp="">C:\WINDOWS\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager" desc="Stores security
information for local user accounts." nam="LSA Shell (lsass.exe)"
pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">C:\WINDOWS\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access to smart cards read
by this computer. If this service is stopped, this computer will be unable
to read smart cards. If this service is disabled, any services that
explicitly depend on it will fail to start." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft Corporation"
md5="25d8de134df108e3dbc8d7d23b1aa58e" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="95744" is="0"
gfp="">C:\WINDOWS\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files to memory for later
printing." nam="Spooler SubSystem App (spoolsv.exe)" pub="Microsoft
Corporation" md5="da81ec57acd4cdc3d4c51cf3d409af9f" ver="5.1.2600.2696
(xpsp_sp2_gdr.050610-1519)" sz="57856" is="0"
gfp="">C:\WINDOWS\system32\spoolsv.exe</Service>
<Service ex="1" disp="MS Software Shadow Copy Provider" desc="Manages
software-based volume shadow copies taken by the Volume Shadow Copy service.
If this service is stopped, software-based volume shadow copies cannot be
managed. If this service is disabled, any services that explicitly depend on
it will fail to start." nam="COM Surrogate (dllhost.exe)" pub="Microsoft
Corporation" md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="5120" is="0"
gfp="">C:\WINDOWS\System32\dllhost.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts" desc="Collects
performance data from local or remote computers based on preconfigured
schedule parameters, then writes the data to a log or triggers an alert. If
this service is stopped, performance information will not be collected. If
this service is disabled, any services that explicitly depend on it will
fail to start." nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation" md5="8b54aa346d1b1b113ffaa75501b8b1b2"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="89600" is="0"
gfp="">C:\WINDOWS\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Windows User Mode Driver Framework" desc="Enables
Windows user mode drivers." nam="Windows User Mode Driver Manager
(wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230 built by:
DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\System32\wdfmgr.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply" desc="Manages an
uninterruptible power supply (UPS) connected to the computer." nam="UPS
Service (ups.exe)" pub="Microsoft Corporation"
md5="3f5df65b0758675f95a2d43918a740a3" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="18432" is="0"
gfp="">C:\WINDOWS\System32\ups.exe</Service>
<Service ex="1" disp="Volume Shadow Copy" desc="Manages and implements
Volume Shadow Copies used for backup and other purposes. If this service is
stopped, shadow copies will be unavailable for backup and the backup may
fail. If this service is disabled, any services that explicitly depend on it
will fail to start." nam="Microsoft Volume Shadow Copy Service (vssvc.exe)"
pub="Microsoft Corporation" md5="3ee00364ae0fd8d604f46cbaf512838a"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="289792" is="0"
gfp="">C:\WINDOWS\System32\vssvc.exe</Service>
<Service ex="1" disp="WMI Performance Adapter" desc="Provides performance
library information from WMI HiPerf providers." nam="WMI Performance Adapter
Service (wmiapsrv.exe)" pub="Microsoft Corporation"
md5="ba8cecc3e813e1f7c441b20393d4f86c" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="126464" is="0"
gfp="">C:\WINDOWS\System32\wbem\wmiapsrv.exe</Service>
</Services>
</SystemAudit>
<ProcessesAudit>
<Processes>
<Process ex="1" pid="384" nam="Windows NT Session Manager (smss.exe)"
pub="Microsoft Corporation" md5="bd7fb0957c716f1a60333aee04de2178"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="50688" is="0"
gfp="">c:\windows\system32\smss.exe</Process>
<Process ex="1" pid="456" nam="Client Server Runtime Process (csrss.exe)"
pub="Microsoft Corporation" md5="f12b178b1678d778cfd3ff1fc38c71fb"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="6144" is="0"
gfp="">C:\WINDOWS\system32\csrss.exe</Process>
<Process ex="1" pid="480" nam="Windows NT Logon Application (winlogon.exe)"
pub="Microsoft Corporation" md5="01c3346c241652f43aed8e2149881bfe"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="502272" is="0"
gfp="">c:\windows\system32\winlogon.exe</Process>
<Process ex="1" pid="524" nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032" is="0"
gfp="">c:\windows\system32\services.exe</Process>
<Process ex="1" pid="536" nam="LSA Shell (lsass.exe)" pub="Microsoft
Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="13312" is="0"
gfp="">c:\windows\system32\lsass.exe</Process>
<Process ex="1" pid="680" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="748" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="792" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="852" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="932" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">C:\WINDOWS\system32\svchost.exe</Process>
<Process ex="1" pid="1100" nam="Windows Explorer (explorer.exe)"
pub="Microsoft Corporation" md5="a0732187050030ae399b241436565e64"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="1032192" is="0"
gfp="">c:\windows\explorer.exe</Process>
<Process ex="1" pid="1136" nam="Spooler SubSystem App (spoolsv.exe)"
pub="Microsoft Corporation" md5="da81ec57acd4cdc3d4c51cf3d409af9f"
ver="5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)" sz="57856" is="0"
gfp="">c:\windows\system32\spoolsv.exe</Process>
<Process ex="1" pid="1264" nam="AVG Alert Manager (avgamsvr.exe)"
pub="GRISOFT, s.r.o." md5="9dbd26d7d7967d918c507b1e2a93a37e" ver="7,1,0,321"
sz="330240" is="0"
gfp="">c:\progra~1\grisoft\avgfre~1\avgamsvr.exe</Process>
<Process ex="1" pid="1284" nam="AVG Update Service (avgupsvc.exe)"
pub="GRISOFT, s.r.o." md5="62e6b23b906b213836470740fe449b43" ver="7,1,0,321"
sz="84480" is="0" gfp="">c:\progra~1\grisoft\avgfre~1\avgupsvc.exe</Process>
<Process ex="1" pid="1332" nam="wmonitor Module (wmonitor.exe)" pub="Boingo
Wireless, Inc." md5="80a5870b25b47e0a018cb42505e6ada0" ver="1, 4, 1220, 0"
sz="65604" is="0" gfp="">c:\program files\earthlink
totalaccess\wengine\wmonitor.exe</Process>
<Process ex="1" pid="1480" nam="Generic Host Process for Win32 Services
(svchost.exe)" pub="Microsoft Corporation"
md5="8f078ae4ed187aaabc0a305146de6716" ver="5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)" sz="14336" is="0"
gfp="">c:\windows\system32\svchost.exe</Process>
<Process ex="1" pid="1508" nam="Windows User Mode Driver Manager
(wdfmgr.exe)" pub="Microsoft Corporation"
md5="c81b8635dee0d3ef5f64b3dd643023a5" ver="5.2.3790.1230 built by:
DNSRV(bld4act)" sz="38912" is="0"
gfp="">C:\WINDOWS\system32\wdfmgr.exe</Process>
<Process ex="1" pid="1884" nam="Application Layer Gateway Service (alg.exe)"
pub="Microsoft Corporation" md5="f1958fbf86d5c004cf19a5951a9514b7"
ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="44544" is="0"
gfp="">C:\WINDOWS\system32\alg.exe</Process>
<Process ex="1" pid="1916" nam="Sunkist (shwicon2k.exe)" pub="Alcor Micro,
Corp." md5="334e242417b1e66ecaf45d9dc62b288a" ver="1, 0, 0, 7" sz="139264"
is="0" gfp="">c:\program files\multimedia card
reader\shwicon2k.exe</Process>
<Process ex="1" pid="1960" nam="ltmsg (ltmsg.exe)" pub="Agere Systems"
md5="4d3f3641aa76a48964102856fd7b955f" ver="3, 0, 0, 4" sz="40960" is="0"
gfp="">c:\windows\ltmsg.exe</Process>
<Process ex="1" pid="1996" nam="hpsysdrv (hpsysdrv.exe)"
pub="Hewlett-Packard Company" md5="06a1ecb63df139ec639e084d4ab3c9d7" ver="1,
7, 0, 0" sz="52736" is="0" gfp="">c:\windows\system\hpsysdrv.exe</Process>
<Process ex="1" pid="2008" nam="hkcmd Module (hkcmd.exe)" pub="Intel
Corporation" md5="ea5dd164296f66241bead39e12fa69f2" ver="3.0.0.3889"
sz="118784" is="0" gfp="">c:\windows\system32\hkcmd.exe</Process>
<Process ex="1" pid="152" nam="HP Framework Component Manager Service
(hpcmpmgr.exe)" pub="Hewlett-Packard Company"
md5="b75b654ee1da99876461b24597ae3ff3" ver="2.1.1.0" sz="241664" is="0"
gfp="">c:\program files\hp\hpcoretech\hpcmpmgr.exe</Process>
<Process ex="1" pid="180" nam="None (hpztsb10.exe)" pub="HP"
md5="fd32127449af0b96ebeca3caab74e423" ver="2.323.0.0" sz="172032" is="0"
gfp="">c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe</Process>
<Process ex="1" pid="240" nam="AVG Control Center (avgcc.exe)" pub="GRISOFT,
s.r.o." md5="6e74941e3e14cb67fb1648b45a041f0d" ver="7,1,0,338" sz="352256"
is="0" gfp="">c:\progra~1\grisoft\avgfre~1\avgcc.exe</Process>
<Process ex="1" pid="260" nam="Microsoft AntiSpyware Service (gcasserv.exe)"
pub="Microsoft Corporation" md5="263740ede788a60a6c0a47249fc410bf"
ver="1.00.0615" sz="473928" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="1012" nam="Microsoft AntiSpyware Data Service
(gcasdtserv.exe)" pub="Microsoft Corporation"
md5="21bd4696317a4a6383f86cdc5e026bfd" ver="1.00.0615" sz="756552" is="0"
gfp="">c:\program files\microsoft antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="2356" nam="Internet Explorer (iexplore.exe)"
pub="Microsoft Corporation" md5="e7484514c0464642be7b4dc2689354c8"
ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="93184" is="0"
gfp="">c:\program files\internet explorer\iexplore.exe</Process>
<Process ex="1" pid="2580" nam="None (taskpanl.exe)" pub="EarthLink, Inc."
md5="031da5f6f0625b7db3c9629180de440c" ver="2005.2.98.0" sz="942080" is="0"
gfp="">c:\program files\earthlink totalaccess\taskpanl.exe</Process>
<Process ex="1" pid="3028" nam="IP Session Statistics (ipclient.exe)"
pub="Visual Networks" md5="a454402ec7ee565c0ed225ed6cfb452f"
ver="5.5.100.115" sz="364544" is="0" gfp="">c:\program files\earthlink
totalaccess\fastlane\ipclient.exe</Process>
<Process ex="1" pid="3152" nam="elinkacc.exe" pub="Unavailable"
md5="a0007fe4c1d8bc9b50d03792084f8f75" ver="Unavailable" sz="1007159" is="0"
gfp="">c:\program files\earthlink
totalaccess\accelerator\elinkacc.exe</Process>
<Process ex="1" pid="3648" nam="Outlook Express (msimn.exe)" pub="Microsoft
Corporation" md5="091c14f4c71328d4316248a2421190de" ver="6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)" sz="60416" is="0" gfp="">c:\program
files\outlook express\msimn.exe</Process>
<Process ex="1" pid="1760" nam="Microsoft AntiSpyware Main
(giantantispywaremain.exe)" pub="Microsoft Corporation"
md5="2f92f172d6f47c28b048e6899985bb4b" ver="1.00.0615" sz="4598608" is="0"
gfp="">c:\program files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="2096" nam="Microsoft Suspected Spyware Reporting Tool
(msssrt.exe)" pub="Microsoft Corporation"
md5="1d3fc56e8adb2e911390c775a4de94dd" ver="1.00.0615" sz="400200" is="0"
gfp="">c:\program files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>