Here is a spyware which cannot be removed by this tool

  • Thread starter Thread starter Ramesh Krishnan
  • Start date Start date
R

Ramesh Krishnan

1. Second Thought (Trojan)
2. Toprebates (Browser Plug-in)
3. Surfsidekick (Search Hijacker)

I have tried everything to get rid of this but nothing
helps. Add this to you Database.

Here is a scan result:

- <MSSSRT version="1.0.501" createdate="1/7/2005 3:24:01
PM" os="2000.2195" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Microsoft Office.lnk"
nam="Microsoft Office 2000 component (osa9.exe)"
pub="Microsoft Corporation"
md5="2760b7860a385c9e840b6d854f3bf6cb" ver="9.0.3720"
sz="65588" is="0" gfp="">c:\program files\microsoft
office\office\osa9.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk"
nam="WinZip Executable (wzqkpick.exe)" pub="WinZip
Computing, Inc." md5="bb272e4a58c563ebf40f8cb1173da1da"
ver="1.0 (32-bit)" sz="118784" is="0" gfp="">c:\program
files\winzip\wzqkpick.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Synchronization Manager" dat="mobsync.exe /logon"
nam="Microsoft Synchronization Manager (mobsync.exe)"
pub="Microsoft Corporation"
md5="9b2f5b9e745deaaa57fb78329ed03061"
ver="5.00.2195.6627" sz="111376" is="0"
gfp="">c:\winnt\system32\mobsync.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="stcloader" dat="C:\WINNT\system32\stcloader.exe"
nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="imtgpcgymeo" dat="C:\WINNT\system32\ydizlqb.exe"
nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="VBundleOuterDL" dat="C:\Program
Files\VBouncer\BundleOuter.EXE" nam="" pub="" md5=""
ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="winupdtl" dat="C:\WINNT\system32\winupdtl.exe" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SurfSideKick 2" dat="C:\Program Files\SurfSideKick 2
\Ssk.exe" nam="" pub="" md5="" ver="" sz="" is="0"
gfp="" />
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="saie" dat="c:\winnt\system32\saie.exe" nam="" pub=""
md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="WebRebates0" dat="C:\Program
Files\Web_Rebates\WebRebates0.exe" nam="" pub="" md5=""
ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="C" dat="\WINNT\ilnxx.exe:C:\WINNT\ilnxx.exe" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="nclixwd" dat="C:\WINNT\nclixwd.exe" nam="" pub=""
md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SStb.exe" dat="SStb.exe" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Free Download Manager" dat="C:\Program Files\Free
Download Manager\fdm.exe -autorun" nam="" pub="" md5=""
ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ew02RkH9h" dat="crtfiles.exe" nam="(crtfiles.exe)"
pub="" md5="344b6198103aa903bc7e176d67b68500" ver=""
sz="114688" is="0" gfp="">c:\winnt\system32
\crtfiles.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="bf179c5b8a722cc79aef1ca90d6c7d48"
ver="5.00.2195.6612" sz="17680" is="0"
gfp="">c:\winnt\system32
\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2800.1106">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{02478D38-C3F9-4efb-9B51-
7695ECA05670}" prog="YBIOCtrl.CompanionBHO.4" val="Yahoo!
Companion BHO" nam="Yahoo! Toolbar 5.5 for Internet
Explorer (ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn2\ycomp5_5_7_0.dll</BHO>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3}" prog="AcroIEHelper.AcroIEHlprObj.1"
val="AcroIEHlprObj Class" nam="Adobe Acrobat IE Helper
Version 6.0 for ActivieX (acroiehelper.dll)" pub="Adobe
Systems Incorporated"
md5="fc7850324464e4d19a24a03d882b5cc4"
ver="6.0.1.2003110300" sz="54248" is="0" gfp="">c:\program
files\adobe\acrobat 6.0
\reader\activex\acroiehelper.dll</BHO>
<BHO ex="0" clsid="{521E5169-BC1A-4646-857C-
CA6E8359D616}" prog="SWin32.SDWin32.1" val="SDWin32 Class"
nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<BHO ex="1" clsid="{7FC56022-4EDA-472E-8830-
7CA92CCBD025}" prog="ServerSide.SSInternal.1"
val="SSInternal Class" nam="TODO: <File description>
(serverside.dll)" pub="TODO: <Company name>"
md5="a3ac9ead58ea486ac9c81a35bdcc2bd0" ver="1.0.0.1"
sz="208896" is="0" gfp="">c:\program
files\netmeeting\ss\serverside.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{8E718888-423F-11D2-876E-
00A0C9082467}" prog="Mmedia.RadioBand.1" val="&Radio"
nam="msdxm.ocx" pub="Unavailable"
md5="24f67cf644b7d6526a5b3786e79c47f7" ver="Unavailable"
sz="842268" is="0" gfp="">c:\winnt\system32
\msdxm.ocx</IEToolbar>
<IEToolbar ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn2\ycomp5_5_7_0.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="0" clsid="{4528BBE0-4E08-11D5-AD55-
00010333D0AD}" prog="" val="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-
00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="7d89e0216917a6f233735902f649e8d1"
ver="6.00.2800.1106" sz="1338368" is="0"
gfp="">c:\winnt\system32\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="e3f453543365d0864ea8e62f671b6696"
ver="6.00.2800.1106" sz="1026048" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEShellBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="e3f453543365d0864ea8e62f671b6696"
ver="6.00.2800.1106" sz="1026048" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn2\ycomp5_5_7_0.dll</IEWebBrowser>
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&Yahoo! Search">file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm</IEMenuExt>
<IEMenuExt val="E&xport to Microsoft
Excel">res://C:\PROGRA~1\MICROS~2\OFFICE11
\EXCEL.EXE/3000</IEMenuExt>
<IEMenuExt val="Yahoo! &Dictionary">file:///C:\Program
Files\Yahoo!\Common/ycdict.htm</IEMenuExt>
<IEMenuExt val="Yahoo! &Maps">file:///C:\Program
Files\Yahoo!\Common/ycdict.htm</IEMenuExt>
</IEMenuExts>
<IEURLSearchHooks />
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">http://www.ccsinet.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore
Local Page">C:\WINNT\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search Bar" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start Page">http://www.ccsinet.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?
prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">C:\WINNT\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dl
l?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search CustomizeSearch">http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search SearchAssistant" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/customi
ze/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/customi
ze/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.ht
m</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
mozilla">res://mshtml.dll/about.moz</IEURL>
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-
00C04FD91972}" prog="" val="URL Exec Hook" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="b6d8f7b18a50619e201b53f1f9d49c44"
ver="5.00.3700.6705" sz="2383632" is="0"
gfp="">C:\WINNT\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-
04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="08cee315ea2a24e77d68b2b055f73a94" ver="1.00.0501"
sz="93408" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINNT\System32
\mshta.exe "%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%
SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media Player\wmplayer.exe" /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~2
\Office\OUTLOOK.EXE" -c IPM.Note /m "%
1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %
1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="DirectAnimation Java Classes"
prog="" nam=""
codebase="file://C:\WINNT\Java\classes\dajava.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="Microsoft XML Parser for Java"
prog="" nam=""
codebase="file://C:\WINNT\Java\classes\xmldso.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{0246ECA8-0000-0000-0000-
000000000000}" prog="" nam=""
codebase="http://www.kumudam.com/wfplayer/tdserver.cab">
- <Files>
<File ex="1" nam="TDServer ActiveX Control Module
(tdserver.ocx)" pub="Bitstream, Inc."
md5="f12185f5c22e911520cbd9f4029d9fe1" ver="1, 0, 0, 11"
sz="356352" is="0" gfp="">C:\WINNT\Downloaded Program
Files\tdserver.ocx</File>
<File ex="1" nam="Microsoft (R) C Runtime Library
(msvcrt.dll)" pub="Microsoft Corporation"
md5="ba7be6f92680b28b9031170659fd222d" ver="6.10.9844.0"
sz="286773" is="0" gfp="">C:\WINNT\system32
\msvcrt.dll</File>
<File ex="1" nam="MFCDLL Shared Library - Retail Version
(mfc42.dll)" pub="Microsoft Corporation"
md5="8d0dbf25d91aa1be1e4e348434fd12e4" ver="6.00.9586.0"
sz="1015859" is="0" gfp="">C:\WINNT\system32
\mfc42.dll</File>
<File ex="1" nam="olepro32.dll" pub="Microsoft
Corporation" md5="6a8e009f98dd75553066c17b43afb0a5"
ver="5.0.4522" sz="164112" is="0" gfp="">C:\WINNT\system32
\olepro32.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{0246ECA8-996F-11D1-BE2F-
00A0C9037DFE}" prog="TDSERVER.TDServerCtrl.1"
nam="TDServer Control" codebase="http://www.xpres-
net.com/wfplayer/tdserver.cab">
- <Files>
<File ex="1" nam="Microsoft (R) C Runtime Library
(msvcrt.dll)" pub="Microsoft Corporation"
md5="ba7be6f92680b28b9031170659fd222d" ver="6.10.9844.0"
sz="286773" is="0" gfp="">C:\WINNT\system32
\msvcrt.dll</File>
<File ex="1" nam="MFCDLL Shared Library - Retail Version
(mfc42.dll)" pub="Microsoft Corporation"
md5="8d0dbf25d91aa1be1e4e348434fd12e4" ver="6.00.9586.0"
sz="1015859" is="0" gfp="">C:\WINNT\system32
\mfc42.dll</File>
<File ex="1" nam="olepro32.dll" pub="Microsoft
Corporation" md5="6a8e009f98dd75553066c17b43afb0a5"
ver="5.0.4522" sz="164112" is="0" gfp="">C:\WINNT\system32
\olepro32.dll</File>
<File ex="1" nam="TDServer ActiveX Control Module
(tdserver.ocx)" pub="Bitstream, Inc."
md5="f12185f5c22e911520cbd9f4029d9fe1" ver="1, 0, 0, 11"
sz="356352" is="0" gfp="">C:\WINNT\Downloaded Program
Files\tdserver.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{17492023-C23A-453E-A040-
C7C580BBF700}" prog="LegitCheckControl.LegitCheck.1"
nam="Windows Genuine Advantage Validation Tool"
codebase="http://go.microsoft.com/fwlink/?
linkid=34738&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)"
pub="Microsoft" md5="0244da7bc93595d90e801f9caa338c2f"
ver="1, 5, 0, 42" sz="23304" is="0"
gfp="">C:\WINNT\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation
(LegitCheckControl.DLL)" pub="Microsoft Corporation"
md5="40fc24cef49eaf0ebc7c51c67f89a952" ver="1.0.0058.6"
sz="346888" is="0" gfp="">C:\WINNT\Downloaded Program
Files\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{30528230-99F7-4BB4-88D8-
FA1D4F56A2AB}" prog="YInstHelper.YInstStarter.1"
nam="YInstStarter Class"
codebase="http://us.dl1.yimg.com/download.yahoo.com/dl/yins
t/yinst_current.cab">
- <Files>
<File ex="1" nam="YInstHelper Module (yinsthelper.dll)"
pub="Yahoo! Inc." md5="4c0658e518fa9d08e884db717a7087ae"
ver="2004, 11, 7, 1" sz="173168" is="0"
gfp="">C:\WINNT\Downloaded Program
Files\yinsthelper.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{31564D57-0000-0010-8000-
00AA00389B71}" prog="" nam=""
codebase="http://codecs.microsoft.com/codecs/i386/wmvax.cab
">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{32564D57-0000-0010-8000-
00AA00389B71}" prog="" nam=""
codebase="http://codecs.microsoft.com/codecs/i386/wmv8ax.ca
b">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{33564D57-9980-0010-8000-
00AA00389B71}" prog="" nam=""
codebase="http://codecs.microsoft.com/codecs/i386/wmv9dmo.c
ab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{9F1C11AA-197B-4942-BA54-
47A8489BB47F}" prog="IUCtl.Update.1" nam="Update Class"
codebase="http://v4.windowsupdate.microsoft.com/CAB/x86/uni
code/iuctl.CAB?38121.2490972222">
- <Files>
<File ex="1" nam="Windows Update Control Engine
(iuengine.dll)" pub="Microsoft Corporation"
md5="6b43e283af93d9823d7b69d9766ab4e9" ver="5.4.3790.14
built by: lab04_n" sz="182880" is="0"
gfp="">C:\WINNT\System32\iuengine.dll</File>
<File ex="1" nam="Windows Update Client Control
(iuctl.dll)" pub="Microsoft Corporation"
md5="8757e24d6b002fd7e9ef3a6df697ba57" ver="5.4.3790.14
built by: lab04_n" sz="115808" is="0"
gfp="">C:\WINNT\System32\iuctl.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{B9191F79-5613-4C76-AA2A-
398534BB8999}" prog="" nam=""
codebase="http://us.dl1.yimg.com/download.yahoo.com/dl/inst
alls/suite/autocomplete.cab">
- <Files>
<File ex="1" nam="YAddBook Module (yaddbook.dll)"
pub="Yahoo! Inc." md5="fc6c56b920f523fffd554f10ac50b9b6"
ver="2004, 1, 26, 1" sz="212992" is="0" gfp="">C:\Program
Files\Yahoo!\Common\yaddbook.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-
444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1"
nam="Shockwave Flash Object"
codebase="http://download.macromedia.com/pub/shockwave/cabs
/flash/swflash.cab">
<Files />
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-
00AA00B92AF1}" prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="deflate" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-
11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-
00A0C90312E1}" prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="b6d8f7b18a50619e201b53f1f9d49c44"
ver="5.00.3700.6705" sz="2383632" is="0"
gfp="">c:\winnt\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="about" val="{3050F406-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="3bc7fa2b92fa3eee796b8198e84a9795"
ver="6.00.2800.1106" sz="2786816" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-
00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-7b8b-
11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="file" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="gopher" val="{79eac9e4-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="http" val="{79eac9e2-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="https" val="{79eac9e5-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="6c4d5200d2bfaf42310c96759711706c" ver="5.2.3644.0"
sz="122368" is="0" gfp="">c:\winnt\system32
\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="javascript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="3bc7fa2b92fa3eee796b8198e84a9795"
ver="6.00.2800.1106" sz="2786816" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="local" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="mailto" val="{3050f3DA-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="3bc7fa2b92fa3eee796b8198e84a9795"
ver="6.00.2800.1106" sz="2786816" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-
00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-BCBC-
11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet Messaging
API (inetcomm.dll)" pub="Microsoft Corporation"
md5="8873fb4cc29ed246b52ada6c685c5d36"
ver="6.00.2800.1106" sz="593408" is="0"
gfp="">c:\winnt\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="54023abfe163804297f6dc05badf6668"
ver="6.00.2800.1106" sz="482816" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="6c4d5200d2bfaf42310c96759711706c" ver="5.2.3644.0"
sz="122368" is="0" gfp="">c:\winnt\system32
\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="3bc7fa2b92fa3eee796b8198e84a9795"
ver="6.00.2800.1106" sz="2786816" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-
006008059382}" prog="" filter="sysimage" val="{76E67A63-
06E9-11D2-A840-006008059382}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="3bc7fa2b92fa3eee796b8198e84a9795"
ver="6.00.2800.1106" sz="2786816" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="vbscript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="3bc7fa2b92fa3eee796b8198e84a9795"
ver="6.00.2800.1106" sz="2786816" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020}" prog="Mmedia.AsyncPProt.1"
filter="vnd.ms.radio" val="{3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020}" nam="msdxm.ocx" pub="Unavailable"
md5="24f67cf644b7d6526a5b3786e79c47f7" ver="Unavailable"
sz="842268" is="0" gfp="">c:\winnt\system32
\msdxm.ocx</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-
11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk"
namespacefilter="NameSpace Filter for MK:@MSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="6c4d5200d2bfaf42310c96759711706c" ver="5.2.3644.0"
sz="122368" is="0" gfp="">c:\winnt\system32
\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32
\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain">ccsi.local</TCPIPParamater>
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">16</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7007ACCF-
3202-11D1-AAD2-00805FC1270E}" prog=""
val="Network.ConnectionTray" nam="Network Connections
Shell (netshell.dll)" pub="Microsoft Corporation"
md5="fc1783b19a718444de5f6fe5c9143079"
ver="5.00.2195.6604" sz="477456" is="0"
gfp="">c:\winnt\system32
\netshell.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-
DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft
Corporation" md5="f2786dc35401fceb401a0f5810e22ab6"
ver="6.00.2800.1106" sz="258048" is="0"
gfp="">c:\winnt\system32
\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-
2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)"
pub="Microsoft Corporation"
md5="34660338069fd5665b921ecffc96e0ce"
ver="5.00.2195.6601" sz="81168" is="0"
gfp="">C:\WINNT\system32
\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Alerter" desc="Notifies selected
users and computers of administrative alerts."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="Application Management"
desc="Provides software installation services such as
Assign, Publish, and Remove." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe</Service>
<Service ex="1" disp="" desc="" nam="Ati2evxx.exe"
pub="Unavailable" md5="fbc566675fbfa5248ebfa4492b167240"
ver="Unavailable" sz="294912" is="0"
gfp="">C:\WINNT\System32\Ati2evxx.exe</Service>
<Service ex="1" disp="Computer Browser" desc="Maintains
an up-to-date list of computers on your network and
supplies the list to programs that request it."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="Indexing Service" desc=""
nam="Content Index service (cisvc.exe)" pub="Microsoft
Corporation" md5="2830a2c82270f387265dfa658656eb99"
ver="5.00.2134.1" sz="5392" is="0" gfp="">C:\WINNT\System32
\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Supports ClipBook
Viewer, which allows pages to be seen by remote
ClipBooks." nam="Windows NT DDE Server (clipsrv.exe)"
pub="Microsoft Corporation"
md5="804212b6b82354cf4f0c2d567575688a" ver="5.00.2134.1"
sz="31504" is="0" gfp="">C:\WINNT\system32
\clipsrv.exe</Service>
<Service ex="1" disp="DHCP Client" desc="Manages network
configuration by registering and updating IP addresses and
DNS names." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative Service" desc="Administrative service for
disk management requests" nam="Logical Disk Manager
service process (dmadmin.exe)" pub="VERITAS Software
Corp." md5="7b080c0ac30884e981221342da197c1e"
ver="2195.6624.297.3" sz="147728" is="0"
gfp="">C:\WINNT\System32\dmadmin.exe</Service>
<Service ex="1" disp="Logical Disk Manager"
desc="Logical Disk Manager Watchdog Service" nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="DNS Client" desc="Resolves and
caches Domain Name System (DNS) names." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="Event Log" desc="Logs event
messages issued by programs and Windows. Event Log reports
contain information that can be useful in diagnosing
problems. Reports are viewed in Event Viewer."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe</Service>
<Service ex="1" disp="Fax Service" desc="Helps you send
and receive faxes" nam="Fax Service (faxsvc.exe)"
pub="Microsoft Corporation"
md5="c63946c8124a58a6c86efb0ebec7ccf9"
ver="5.00.2195.6612" sz="94992" is="0"
gfp="">C:\WINNT\system32\faxsvc.exe</Service>
<Service ex="1" disp="Server" desc="Provides RPC support
and file, print, and named pipe sharing." nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="Workstation" desc="Provides
network connections and communications." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="TCP/IP NetBIOS Helper Service"
desc="Enables support for NetBIOS over TCP/IP (NetBT)
service and NetBIOS name resolution." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="Messenger" desc="Sends and
receives messages transmitted by administrators or by the
Alerter service." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Allows authorized people to remotely access your
Windows desktop using NetMeeting." nam="NetMeeting Remote
Desktop Sharing (mnmsrvc.exe)" pub="Microsoft Corporation"
md5="eeee63b92ca888ac9fb3d13581751ec2" ver="4.4.3385"
sz="21776" is="0" gfp="">C:\WINNT\System32
\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that are
distributed across two or more databases, message queues,
file systems, or other transaction protected resource
managers." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="edc54e17cdf1811a472d518a82182449" ver="1999.9.3421.3"
sz="6928" is="0" gfp="">C:\WINNT\System32
\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Installs,
repairs and removes software according to instructions
contained in .MSI files." nam="Windows installer
(msiexec.exe)" pub="Microsoft Corporation"
md5="ca1900f0ba173b76ef752b467075154b" ver="2.0.2600.1183"
sz="64512" is="0" gfp="">C:\WINNT\System32
\msiexec.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides
network transport and security for dynamic data exchange
(DDE)." nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="c237423a8fcb4fd24523feeca620717c"
ver="5.00.2195.6601" sz="108816" is="0"
gfp="">C:\WINNT\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
shared dynamic data exchange and is used by Network DDE"
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="c237423a8fcb4fd24523feeca620717c"
ver="5.00.2195.6601" sz="108816" is="0"
gfp="">C:\WINNT\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-
through authentication of account logon events for
computers in a domain." nam="LSA Executable and Server DLL
(lsass.exe)" pub="Microsoft Corporation"
md5="271229760cced993e9e7cab1c7274134"
ver="5.00.2195.6695" sz="33552" is="0"
gfp="">C:\WINNT\System32\lsass.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Executable and Server DLL (lsass.exe)"
pub="Microsoft Corporation"
md5="271229760cced993e9e7cab1c7274134"
ver="5.00.2195.6695" sz="33552" is="0"
gfp="">C:\WINNT\System32\lsass.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Manages
device installation and configuration and notifies
programs of device changes." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe</Service>
<Service ex="1" disp="IPSEC Policy Agent" desc="Manages
IP security policy and starts the ISAKMP/Oakley (IKE) and
the IP security driver." nam="LSA Executable and Server
DLL (lsass.exe)" pub="Microsoft Corporation"
md5="271229760cced993e9e7cab1c7274134"
ver="5.00.2195.6695" sz="33552" is="0"
gfp="">C:\WINNT\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private
keys, to prevent access by unauthorized services,
processes, or users." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe</Service>
<Service ex="1" disp="Remote Registry Service"
desc="Allows remote registry manipulation." nam="Remote
Registry Service (regsvc.exe)" pub="Microsoft Corporation"
md5="250c4ce389783fa2398e3afa4317008c"
ver="5.00.2195.6701" sz="68368" is="0"
gfp="">C:\WINNT\system32\regsvc.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="ad57e33f4f7f404d9aba97e8b33fa21b"
ver="5.00.2195.6619" sz="72464" is="0"
gfp="">C:\WINNT\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality
for QoS-aware programs and control applets."
nam="Microsoft RSVP 1.0 (rsvp.exe)" pub="Microsoft
Corporation" md5="2a21bddb1ba9b5cd776949380ab46a76"
ver="5.00.2195.6663" sz="176912" is="0"
gfp="">C:\WINNT\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user
accounts." nam="LSA Executable and Server DLL (lsass.exe)"
pub="Microsoft Corporation"
md5="271229760cced993e9e7cab1c7274134"
ver="5.00.2195.6695" sz="33552" is="0"
gfp="">C:\WINNT\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card Helper" desc="Provides
support for legacy smart card readers attached to the
computer." nam="Smart Card Resource Management Server
(SCardSvr.exe)" pub="Microsoft Corporation"
md5="13c381e66cda8d4d80e84bf18307551f"
ver="5.00.2195.6609" sz="100112" is="0"
gfp="">C:\WINNT\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages and
controls access to a smart card inserted into a smart card
reader attached to the computer." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft
Corporation" md5="13c381e66cda8d4d80e84bf18307551f"
ver="5.00.2195.6609" sz="100112" is="0"
gfp="">C:\WINNT\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Task Scheduler" desc="Enables a
program to run at a designated time." nam="Task Scheduler
Engine (MSTask.exe)" pub="Microsoft Corporation"
md5="00d8c428b2d6dffcabeb859bc69f632b"
ver="4.71.2195.6704" sz="119568" is="0"
gfp="">C:\WINNT\system32\MSTask.exe</Service>
<Service ex="1" disp="RunAs Service" desc="Enables
starting processes under alternate credentials"
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files
to memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="987daf317b917cfc973de8364d62a76c"
ver="5.00.2195.6659" sz="45328" is="0"
gfp="">C:\WINNT\system32\spoolsv.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Configures performance logs and alerts."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="f4f35fe5f46262d45491822d8a66bf62"
ver="5.00.2195.6608" sz="85776" is="0"
gfp="">C:\WINNT\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Telnet" desc="Allows a remote user
to log on to the system and run console programs using the
command line." nam="Microsoft Telnet Service
(tlntsvr.exe)" pub="Microsoft Corporation"
md5="fa57d2175f4978e2f32cb1b02781d76a" ver="5.00.99206.1"
sz="186128" is="0" gfp="">C:\WINNT\system32
\tlntsvr.exe</Service>
<Service ex="1" disp="Distributed Link Tracking Client"
desc="Sends notifications of files moving between NTFS
volumes in a network domain." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="222a997aa4c7f7a2b3453b556afa4406" ver="5.00.2158.1"
sz="17680" is="0" gfp="">C:\WINNT\System32
\ups.exe</Service>
<Service ex="1" disp="Utility Manager" desc="Starts and
configures accessibility tools from one window"
nam="UtilMan EXE (UtilMan.exe)" pub="Microsoft
Corporation" md5="7a960f1e9a0b2f7d14f1d0eddd74375c"
ver="1, 0, 0, 3" sz="22800" is="0" gfp="">C:\WINNT\System32
\UtilMan.exe</Service>
<Service ex="1" disp="Windows Time" desc="Sets the
computer clock." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\System32\services.exe</Service>
<Service ex="1" disp="Windows Management
Instrumentation" desc="Provides system management
information." nam="Windows Management Instrumentation
(WinMgmt.exe)" pub="Microsoft Corporation"
md5="05b2001e1bc653fd6091e741b46f71b4"
ver="1.50.1085.0100" sz="196706" is="0"
gfp="">C:\WINNT\System32\WBEM\WinMgmt.exe</Service>
<Service ex="1" disp="Windows Management Instrumentation
Driver Extensions" desc="Provides systems management
information to and from drivers." nam="Services and
Controller app (Services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\Services.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="140" nam="Windows NT Session
Manager (smss.exe)" pub="Microsoft Corporation"
md5="f07c69367770a1c129a22f9158afaa2b"
ver="5.00.2195.6601" sz="45840" is="0"
gfp="">C:\WINNT\system32\smss.exe</Process>
<Process ex="1" pid="164" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="6533392c5af4bf5c7ff12e453dd59ae5"
ver="5.00.2195.6601" sz="5392" is="0"
gfp="">C:\WINNT\system32\csrss.exe</Process>
<Process ex="1" pid="184" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="3980c28d116d438bbb36fb38526fde1a"
ver="5.00.2195.6714" sz="181008" is="0"
gfp="">C:\WINNT\system32\winlogon.exe</Process>
<Process ex="1" pid="212" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="cfed2d28f5b8a24127e9e06043070643"
ver="5.00.2195.6700" sz="89360" is="0"
gfp="">C:\WINNT\system32\services.exe</Process>
<Process ex="1" pid="224" nam="LSA Executable and Server
DLL (lsass.exe)" pub="Microsoft Corporation"
md5="271229760cced993e9e7cab1c7274134"
ver="5.00.2195.6695" sz="33552" is="0"
gfp="">C:\WINNT\system32\lsass.exe</Process>
<Process ex="1" pid="400" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">C:\WINNT\system32
\svchost.exe</Process>
<Process ex="1" pid="428" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="987daf317b917cfc973de8364d62a76c"
ver="5.00.2195.6659" sz="45328" is="0"
gfp="">C:\WINNT\system32\spoolsv.exe</Process>
<Process ex="1" pid="488" nam="ati2evxx.exe"
pub="Unavailable" md5="fbc566675fbfa5248ebfa4492b167240"
ver="Unavailable" sz="294912" is="0"
gfp="">C:\WINNT\system32\ati2evxx.exe</Process>
<Process ex="1" pid="508" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">C:\WINNT\system32
\svchost.exe</Process>
<Process ex="1" pid="556" nam="Remote Registry Service
(regsvc.exe)" pub="Microsoft Corporation"
md5="250c4ce389783fa2398e3afa4317008c"
ver="5.00.2195.6701" sz="68368" is="0"
gfp="">C:\WINNT\system32\regsvc.exe</Process>
<Process ex="1" pid="584" nam="Task Scheduler Engine
(mstask.exe)" pub="Microsoft Corporation"
md5="00d8c428b2d6dffcabeb859bc69f632b"
ver="4.71.2195.6704" sz="119568" is="0"
gfp="">C:\WINNT\system32\mstask.exe</Process>
<Process ex="0" pid="660" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<Process ex="1" pid="680" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">C:\WINNT\system32
\svchost.exe</Process>
<Process ex="1" pid="844" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="59cf2b7dced9111f48f51b4b570e672d"
ver="5.00.3700.6690" sz="243472" is="0"
gfp="">c:\winnt\explorer.exe</Process>
<Process ex="1" pid="1016" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="70c5a9c9cf9e65a9073a2a43da822841" ver="1.00.0501"
sz="469824" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="1024" nam="(crtfiles.exe)" pub=""
md5="344b6198103aa903bc7e176d67b68500" ver="" sz="114688"
is="0" gfp="">c:\winnt\system32\crtfiles.exe</Process>
<Process ex="1" pid="1060" nam="WinZip Executable
(wzqkpick.exe)" pub="WinZip Computing, Inc."
md5="bb272e4a58c563ebf40f8cb1173da1da" ver="1.0 (32-bit)"
sz="118784" is="0" gfp="">c:\program
files\winzip\wzqkpick.exe</Process>
<Process ex="1" pid="1076" nam="HotSync Manager
Application (hotsync.exe)" pub="Palm Computing, Inc."
md5="01e43cf35fceda1604036c517f5deee3" ver="3.1.0"
sz="282624" is="0" gfp="">c:\palm\hotsync.exe</Process>
<Process ex="1" pid="1096" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft Corporation"
md5="255ca546f8e187c41ebed2aabbeee07c" ver="1.00.0501"
sz="748352" is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="604" nam="Microsoft Outlook
(outlook.exe)" pub="Microsoft Corporation"
md5="ea1de471a820c81796afca3167b69f04" ver="9.0.2416"
sz="57393" is="0" gfp="">c:\progra~1\micros~2
\office\outlook.exe</Process>
<Process ex="1" pid="996" nam="Microsoft Windows(TM)
Messaging Subsystem Spooler (mapisp32.exe)" pub="Microsoft
Corporation" md5="b68fcef534e0670c257da7cd6bbb9a96"
ver="5.5.3121.0" sz="35328" is="0" gfp="">c:\program
files\common files\system\mapi\1033
\nt\mapisp32.exe</Process>
<Process ex="1" pid="780" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="1f652552465f84e09d548b499139fe2e"
ver="1.00.0501" sz="4561736" is="0" gfp="">c:\program
files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="1268" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="464528294c858e175e8f82371117e8e1"
ver="1.00.0501" sz="400184" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
 
Spyware Report doesn't work. I was playing with the
software (Hey, it's a Beta, we're supposed to test it)
and tried to create a report to tell whomever that
Microsoft Spyware thinks MSN is spyware. (I found that
quite amusing)

Anyway, after running the scan, and viewing it I click
the "Send Report" button, and it says, "An error occurred
submitting the scan results. Please check you Internet
proxy settings and try again."

Since I don't use proxy, thi could be a problem. The
error message is a verbatum quote, including missing
the "r" in your.

Puck
-----Original Message-----
Please send a suspected spyware report from the infected machine.

(Tools, Suspected Spyware report)

Even better, try this:

Send the report from the infected machine.

shut down and restart in safe mode
Scan and repair as much as possible
Restart normally and send another report.

Let us know whether the safe mode scan helped.
Click to expand...
3:24:01

--- Deleted because...well there's no point in sending it
yet again.
 
My I ask Bill....how could you make such a report?
I can't find it any where in the program despite searching all around
and testing all things.

On the Tools option I have something called "Summary" but clicking
there didn't help so much, if that is the place?

Thanks.....Gunilla.
 
It is a little strange.

This is the result of Tools, Suspected Spyware Report.

I made a submission labelled TEST clearly, just to see whether the reporting
mechanism was working, and this is a result visible at the link which was
returned.

I think all of this information is probably visible locally by using the
advanced tools system explorers, but I don't know how to see it in this form
otherwise--and that's too bad.
 
Thanks Bill. :-))

I couldn't submitt the report and it said I should check my proxy settings
but I have no proxy server.
However, you got it right because I saw all (I think) in the "System
Explorers".
Too bad though that I could not submitt the report in case I ever want to
sometime.

Regards...Gunilla.
 
You might try re-submitting. I think there were problems yesterday at the
far end of the connection that prevented some submissions.

In addition, there's a link to "view the raw results" which I haven't tried.
I have one report of an undesirable interaction with the Security Center
when that link is pressed--so I'm going to check it out myself.
 
Nope..trying to re-submit didn't help and when clicking that "view the raw
results" I just get a message that says something like "can't view the
xml-side", and something about invalid sign in the text and it could not
handle the resource-file C:/Program/Microsoft AntiSpyware...and then it
refers to IEShellBrowser and a CLSID.

Okay...at least I tried and I know it is just a Beta version so I guess all
will be good in the end when everything is evaluated.

Thanks for you attention Bill and good luck testing. :-))

Gunilla.
 
Interesting--I must have downloaded the version which works!

The raw report isn't very interesting--it's raw XML. Has all that stuff in
it, but isn't interpreted--not easy to read.

And, it does evoke a warning about "active content that could access your
computer" which is scary. And once you allow that control, I don't see any
significant change to the XML display--so I don't know what it's about.

I don't know whether yours is having trouble with the actual XML content in
some way, or whether its a bad install, or what. I have seen a number of
posts from folks who can't send, but haven't tried to dig further--I don't
think I know enough to learn much from the reports here on that issue.
 
I just had to try to see what you meant about XML because I wasn't sure but
somehow I recognize it...silly I am but at the first I couldn't remember
what XML was. Hehe. Now I saw that I do have XML files on my PC, in my user
account in the TEMP folder.

I can open them and read what it says, but it is as you say...just raw text
and no significant change by allowing that active content but I also saw
that some few of those XML files displayed a similar message as the MS
AntiSpyware, so something is having trouble then....with some it works and
with some not. If I could interpret that error message it would be easier to
know why it didn't work, I suppose.

I am going to do a clean install again and see what developes.

Gunilla.
 
Just some info. that it didn't help uninstalling and clearing all references
both in windows and the registry,
d/l:ed a new copy and installed but same thing happened again with proxy and
XML when trying to send a report.

Cheers and thanks...Gunilla.
 
Thanks for the report, and sorry that it isn't working for you. I'm not
sure whether your symptoms have a single root cause or separate causes (i.e.
the XML and the inability to send)

If I get any insights as the beta proceeds, I can try to get back to you!
 
Thanks...that's kind of you. :o))

Bill Sanderson said:
Thanks for the report, and sorry that it isn't working for you. I'm not
sure whether your symptoms have a single root cause or separate causes
(i.e. the XML and the inability to send)

If I get any insights as the beta proceeds, I can try to get back to you!
Click to expand...
 
Back
Top