H
Hanseat
Does anyone figured out how to get rid of this Adware...
All Spyware systems like AntiSpiware and and Ad-ware SE
find this code remove it .. but after restart/reboot it is
there again..
Help is very much appreciated..
Hanseat
<MSSSRT version="1.0.614" createdate="14/07/2005 21:45:43"
os="2000.2195" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk"
nam="Adobe Gamma Loader (adobe gamma loader.exe)"
pub="Adobe Systems, Inc."
md5="c2ff17734176cd15221c10044ef0ba1a" ver="1, 0, 0, 1"
sz="113664" is="0" gfp="">c:\program files\common
files\adobe\calibration\adobe gamma
loader.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Adobe Reader Speed
Launch.lnk" nam="Adobe Acrobat SpeedLauncher
(reader_sl.exe)" pub="Adobe Systems Incorporated"
md5="deb88aef013dd1eefb462d7cad642166" ver="7.0.0.0"
sz="29696" is="0" gfp="">c:\program files\adobe\acrobat 7.0
\reader\reader_sl.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\EPSON SMART PANEL for
Scanner.lnk" nam="SMART PANEL (espmain.exe)" pub="NewSoft"
md5="ba76338c29b6f7d4232963414dc54fe0" ver="1, 0, 0, 1"
sz="180224" is="0" gfp="">c:\program files\epson\epson
smart panel for scanner\espmain.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Logitech Desktop
Messenger.lnk" nam="LDM Configuration Application
(ldmconf.exe)" pub="Logitech"
md5="91291ca1490f952d977618544d540b87" ver="1.2.9"
sz="169472" is="0" gfp="">c:\program
files\logitech\desktop messenger\8876480
\program\ldmconf.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Microsoft Office.lnk"
nam="Microsoft Office XP component (osa.exe)"
pub="Microsoft Corporation"
md5="5bc65464354a9fd3beaa28e18839734a" ver="10.0.2609"
sz="83360" is="0" gfp="">c:\program files\microsoft
office\office10\osa.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk"
nam="NaturalColorLoad (naturalcolorload.exe)" pub="None"
md5="c0c6c793f5b3b15647a80caafe0f123d" ver="2, 0, 1, 1"
sz="155715" is="0" gfp="">c:\program files\sec\natural
color\naturalcolorload.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Quicken Scheduled
Updates.lnk" nam="Quicken Background Agent (bagent.exe)"
pub="Intuit Inc." md5="a549f602f7f9fb66d9ea59203c892463"
ver="008.000.000.000" sz="57344" is="0" gfp="">c:\program
files\quicken\bagent.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk"
nam="WinZip Executable (wzqkpick.exe)" pub="WinZip
Computing, Inc." md5="67b2e7b6ae3b400d832f0456068ea83d"
ver="1.0 (32-bit)" sz="118784" is="0" gfp="">c:\program
files\winzip\wzqkpick.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Synchronization Manager" dat="mobsync.exe /logon"
nam="Microsoft Synchronization Manager (mobsync.exe)"
pub="Microsoft Corporation"
md5="9b2f5b9e745deaaa57fb78329ed03061"
ver="5.00.2195.6627" sz="111376" is="0"
gfp="">c:\winnt\system32\mobsync.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="PMXInit" dat="C:\winnt\system32\pmxinit.exe"
nam="Card enumeration module (pmxinit.exe)"
pub="Imagination Technologies Ltd."
md5="7aa736e7384b81f46e1a89401f30a763" ver="5.13.01.4132-
3.05.01.0008" sz="720963" is="0" gfp="">c:\winnt\system32
\pmxinit.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SoundMan" dat="SOUNDMAN.EXE" nam="Avance Sound
Manager (soundman.exe)" pub="Avance Logic, Inc."
md5="04f314d0c39c32166cdbde1d20267313" ver="5.0"
sz="46592" is="0"
gfp="">c:\winnt\soundman.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="IntelliType" dat=""C:\Program Files\Microsoft
Hardware\Keyboard\type32.exe"" nam="Microsoft IntelliType
Pro (type32.exe)" pub="Microsoft Corporation"
md5="b5eca5948d7f8eaa00333231f33ea31a" ver="2.20.447.0"
sz="94208" is="0" gfp="">c:\program files\microsoft
hardware\keyboard\type32.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SymTray - Norton SystemWorks" dat="C:\Program
Files\Common Files\Symantec Shared\Symtray.exe SetReg"
nam="Norton SystemWorks SymTray (symtray.exe)"
pub="Symantec Corporation"
md5="c06a07c74e2bc59200bcd8c4c782292f" ver="2004.7.81"
sz="77824" is="0" gfp="">c:\program files\common
files\symantec shared\symtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ccApp" dat=""C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"" nam="Common Client User Session
(ccapp.exe)" pub="Symantec Corporation"
md5="5712b77158fbbb5ab5aebc396e15499d" ver="2.1.7.2"
sz="71280" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="GhostStartTrayApp" dat="C:\Program Files\Norton
SystemWorks\Norton Ghost\GhostStartTrayApp.exe"
nam="Norton Ghost Start (ghoststarttrayapp.exe)"
pub="Symantec Corporation"
md5="b9217ecc6466e87010dda424bc7ed3d5" ver="2003.789"
sz="94208" is="0" gfp="">c:\program files\norton
systemworks\norton
ghost\ghoststarttrayapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AcctMgr" dat="C:\Program Files\Norton
SystemWorks\Password Manager\AcctMgr.exe /startup"
nam="Password Manager Controller (acctmgr.exe)"
pub="Symantec Corporation"
md5="26e56bf66c221deb4be4c88ee5e31c11" ver="2004.1.406"
sz="586896" is="0" gfp="">c:\program files\norton
systemworks\password
manager\acctmgr.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SmcService" dat="C:\PROGRA~1\Sygate\SSA\Smc.exe -
startgui" nam="Sygate Personal Firewall (smc.exe)"
pub="Sygate Technologies, Inc."
md5="6a8db23de8fc41a678ecb9fc0e1eb7e0" ver="4.02.00.878"
sz="1228800" is="0" gfp="">c:\progra~1
\sygate\ssa\smc.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SSC_UserPrompt" dat="C:\Program Files\Common
Files\Symantec Shared\Security Center\UsrPrmpt.exe"
nam="Norton Security Center Helper (usrprmpt.exe)"
pub="Symantec Corporation"
md5="b96c81be7b8d11710496787e5859d768" ver="2005.1.2.20"
sz="218240" is="0" gfp="">c:\program files\common
files\symantec shared\security
center\usrprmpt.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NvCplDaemon" dat="RUNDLL32.EXE C:\WINNT\system32
\NvCpl.dll,NvStartup" nam="NVIDIA Display Properties
Extension (nvcpl.dll)" pub="NVIDIA Corporation"
md5="aa8b1b6ad9e721e2f0dbbc7d95d32ea4" ver="6.14.10.5216"
sz="5058560" is="0" gfp="">c:\winnt\system32
\nvcpl.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="nwiz" dat="nwiz.exe /install" nam="NVIDIA nView
Wizard, Version 52.16 (nwiz.exe)" pub="NVIDIA Corporation"
md5="a4ae9ba1e10cb9f6c0949c4db91a1f72" ver="6.14.10.5216"
sz="741376" is="0" gfp="">c:\winnt\system32
\nwiz.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="" dat="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NeroFilterCheck" dat="C:\winnt\system32
\NeroCheck.exe" nam="NeroCheck (nerocheck.exe)" pub="Ahead
Software Gmbh" md5="3e4c03cefad8de135263236b61a49c90"
ver="1, 0, 0, 2" sz="155648" is="0"
gfp="">c:\winnt\system32
\nerocheck.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Symantec NetDriver Monitor" dat="C:\PROGRA~1\SYMNET~1
\SNDMon.exe /Consumer" nam="Symantec Security Drivers
Install Monitor (sndmon.exe)" pub="Symantec Corporation"
md5="f9418981ee4d7e995d359833adab59d5" ver="5.5.1.6"
sz="100056" is="0" gfp="">c:\progra~1\symnet~1
\sndmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Creative WebCam Tray" dat="C:\Program
Files\Creative\PC-CAM Center\CAMTRAY.EXE" nam="PC-CAM
Center Launcher Application (camtray.exe)" pub="Creative
Technology Ltd" md5="282b566b02e46b037ed3d43433ab5449"
ver="2.30.05" sz="53248" is="0" gfp="">c:\program
files\creative\pc-cam
center\camtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="fc8fff9f2e3ebfb5b6ad8d91df6c0f23" ver="1.00.0614"
sz="473928" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="InCD" dat="C:\Program Files\Ahead\InCD\InCD.exe"
nam="InCD (incd.exe)" pub="Nero AG"
md5="1d7587a2264e94a607bc75f21dd6818f" ver="4, 3, 14, 1"
sz="1383936" is="0" gfp="">c:\program
files\ahead\incd\incd.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Logitech Utility" dat="Logi_MwX.Exe" nam="Logitech
Launcher Application (logi_mwx.exe)" pub="Logitech Inc."
md5="34a14cd6b6e9c8bfbabeaf6eed5149bb" ver="9.79.024"
sz="19968" is="0"
gfp="">c:\winnt\logi_mwx.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="zBrowser Launcher" dat="C:\Program
Files\Logitech\iTouch\iTouch.exe" nam="iTouch Application
(itouch.exe)" pub="Logitech Inc."
md5="9aee9bcb32d82bcc36474eb921f3bb49" ver="2.22.289"
sz="892928" is="0" gfp="">c:\program
files\logitech\itouch\itouch.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SunJavaUpdateSched" dat="C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe" nam="Java(TM) 2
Platform Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc." md5="1f6573d67dd5dc06dd29ec7fcf81dc6f"
ver="5.0.20.9" sz="36975" is="0" gfp="">c:\program
files\java\jre1.5.0_02
\bin\jusched.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QD FastAndSafe" dat="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ubi62ksm" dat="C:\winnt\system32\ubi62ksm.exe"
nam="None (ubi62ksm.exe)" pub="None"
md5="07ee4d73ff5f9005fbe4fa0f1d386c97" ver="4, 0, 3, 2"
sz="204288" is="0" gfp="">c:\winnt\system32
\ubi62ksm.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Media Gateway" dat="C:\Program Files\Media
Gateway\MediaGateway.exe" nam="Media Gateway
(mediagateway.exe)" pub="None"
md5="1042676fe7067bdf6b88d944f329fbcd" ver="1, 20, 0, 0"
sz="116224" is="0" gfp="">c:\program files\media
gateway\mediagateway.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Device Detector" dat="DevDetect.exe -autorun" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
" val="SymTray - Norton SystemWorks" dat="C:\Program
Files\Common Files\Symantec Shared\Symtrdr.exeinnt\system32
\cmd.exeHOMEDRIVE=C:HOMEPA"
nam="(cmd.exehomedrive=c:homepa)" pub=""
md5="f5f42b1b235bc2174c17280cb91a36a6" ver="" sz="22016"
is="0" gfp="">c:\program files\common files\symantec
shared\symtrdr.exeinnt\system32
\cmd.exehomedrive=c:homepa</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NvMediaCenter" dat="RUNDLL32.EXE C:\WINNT\system32
\NVMCTRAY.DLL,NvTaskbarInit" nam="NVIDIA Media Center
Library (nvmctray.dll)" pub="NVIDIA Corporation"
md5="e9cd7251ccc5318a45e5c908c4d35f22" ver="6.14.10.5216"
sz="49152" is="0" gfp="">c:\winnt\system32
\nvmctray.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ctfmon.exe" dat="ctfmon.exe" nam="Cicero Loader
(ctfmon.exe)" pub="Microsoft Corporation"
md5="d36a33c21eeed5a6c1daecb7c80a1909" ver="1.00.2409.7
built by: Lab06_N" sz="8192" is="0"
gfp="">c:\winnt\system32\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Copernic Desktop Search" dat=""C:\Program
Files\Copernic Desktop
Search\CopernicDesktopSearch.exe" /tray" nam="Copernic
Desktop Search (copernicdesktopsearch.exe)" pub="Copernic
Technologies Inc." md5="e297aba4526d515a6f1cb487a36685fe"
ver="1.5.0.644" sz="4689192" is="0" gfp="">c:\program
files\copernic desktop
search\copernicdesktopsearch.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="bf179c5b8a722cc79aef1ca90d6c7d48"
ver="5.00.2195.6612" sz="17680" is="0"
gfp="">c:\winnt\system32
\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2800.1106">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{02478D38-C3F9-4efb-9B51-
7695ECA05670}" prog="YBIOCtrl.CompanionBHO.4" val="Yahoo!
Companion BHO" nam="Yahoo! Toolbar 5.5 for Internet
Explorer (ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</BHO>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3}" prog="AcroIEHelper.AcroIEHlprObj.1"
val="AcroIEHlprObj Class" nam="Adobe Acrobat IE Helper
Version 7.0 for ActiveX (acroiehelper.dll)" pub="Adobe
Systems Incorporated"
md5="42729c3de75a7a51fc6f9ef6546c9199"
ver="7.0.0.2004121400" sz="63136" is="0" gfp="">c:\program
files\adobe\acrobat 7.0\activex\acroiehelper.dll</BHO>
<BHO ex="1" clsid="{9394EDE7-C8B5-483E-8773-
474BF36AF6E4}" prog="" val="ST" nam="st (stmain.dll)"
pub="Microsoft Corporation"
md5="0da1349495955cb41a5899047c5a1267"
ver="01.02.3000.1001" sz="155648" is="0" gfp="">c:\program
files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll</BHO>
<BHO ex="1" clsid="{AA58ED58-01DD-4d91-8333-
CF10577473F7}" prog="" val="Google Toolbar Helper"
nam="Google IE Client Toolbar (googletoolbar1.dll)"
pub="Google Inc." md5="ef84f3c59a075b66ca3e99c654224004"
ver="2, 0, 114, 10" sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</BHO>
<BHO ex="1" clsid="{BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0}" prog="" val="MSNToolBandBHO" nam="MSN
Toolbar extension (msntb.dll)" pub="Microsoft Corporation"
md5="0deb8b7cad01ee86d1c4062e1b587c5a"
ver="01.02.3000.1001" sz="282624" is="0" gfp="">c:\program
files\msn apps\msn toolbar\01.02.3000.1001\en-
us\msntb.dll</BHO>
<BHO ex="1" clsid="{BDF3E430-B101-42AD-A544-
FADC6B084872}" prog="Navbho.CNavExtBho.1" val="CNavExtBho
Class" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="65c8a602dfa9d5860f1e328cb8575317" ver="10.00.13"
sz="103368" is="0" gfp="">c:\program files\norton
systemworks\norton antivirus\navshext.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="65c8a602dfa9d5860f1e328cb8575317" ver="10.00.13"
sz="103368" is="0" gfp="">c:\program files\norton
systemworks\norton antivirus\navshext.dll</IEToolbar>
<IEToolbar ex="1" clsid="{BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0}" prog="" val="MSN" nam="MSN Toolbar
extension (msntb.dll)" pub="Microsoft Corporation"
md5="0deb8b7cad01ee86d1c4062e1b587c5a"
ver="01.02.3000.1001" sz="282624" is="0" gfp="">c:\program
files\msn apps\msn toolbar\01.02.3000.1001\en-
us\msntb.dll</IEToolbar>
<IEToolbar ex="1" clsid="{8E718888-423F-11D2-876E-
00A0C9082467}" prog="Mmedia.RadioBand.1" val="&Radio"
nam="msdxm.ocx" pub="Unavailable"
md5="755aa1f85e3788c3c287ffa03cf58627" ver="Unavailable"
sz="844560" is="0" gfp="">c:\winnt\system32
\msdxm.ocx</IEToolbar>
<IEToolbar ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</IEToolbar>
<IEToolbar ex="1" clsid="{2318C2B1-4965-11d4-9B18-
009027A5CD4F}" prog="" val="&Google" nam="Google IE Client
Toolbar (googletoolbar1.dll)" pub="Google Inc."
md5="ef84f3c59a075b66ca3e99c654224004" ver="2, 0, 114, 10"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-
00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="0088ee8260df3b3584648b44779dee06" ver="6.00.2800.1658
(xpsp2.050427-1138)" sz="1338368" is="0"
gfp="">c:\winnt\system32\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{92A40B0A-740A-4A11-9DDB-
70460C6DA383}" prog="" val="Copernic Desktop Search"
nam="Copernic Desktop Search
(copernicdesktopsearchintegration644.dll)" pub="Copernic
Technologies Inc." md5="01d315999a1b11b19ad714157c81d562"
ver="1.5.0.644" sz="1126184" is="0" gfp="">c:\program
files\copernic desktop
search\copernicdesktopsearchintegration644.dll</IEExplorerB
ar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="1a0ec72677da744b60f45ac38e196b24" ver="6.00.2800.1622
(xpsp2.050218-1437)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="1a0ec72677da744b60f45ac38e196b24" ver="6.00.2800.1622
(xpsp2.050218-1437)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</IEWebBrowser>
<IEWebBrowser ex="1" clsid="{42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="65c8a602dfa9d5860f1e328cb8575317" ver="10.00.13"
sz="103368" is="0" gfp="">c:\program files\norton
systemworks\norton antivirus\navshext.dll</IEWebBrowser>
<IEWebBrowser ex="1" clsid="{2318C2B1-4965-11D4-9B18-
009027A5CD4F}" prog="" val="&Google" nam="Google IE Client
Toolbar (googletoolbar1.dll)" pub="Google Inc."
md5="ef84f3c59a075b66ca3e99c654224004" ver="2, 0, 114, 10"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</IEWebBrowser>
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&Google Search">res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html</IEMenuExt>
<IEMenuExt val="Cached Snapshot of
Page">res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html</IEMenuExt>
<IEMenuExt val="E&xport to Microsoft
Excel">res://C:\PROGRA~1\MICROS~2\Office10
\EXCEL.EXE/3000</IEMenuExt>
<IEMenuExt val="Similar Pages">res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html</IEMenuExt>
<IEMenuExt val="Translate into English">res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html</IEMenuExt>
</IEMenuExts>
<IEURLSearchHooks />
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">http://www.msn.co.uk/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore
Local Page">C:\WINNT\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search Bar">http://www.google.com/ie</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start Page">http://www.msn.co.uk/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?
prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">C:\WINNT\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search Bar">http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dl
l?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search CustomizeSearch">http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http://www.google.com/ie</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/customi
ze/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/customi
ze/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.ht
m</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
mozilla">res://mshtml.dll/about.moz</IEURL>
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-
00C04FD91972}" prog="" val="URL Exec Hook" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="22d55404ce4d7e040cbcb5693630c148"
ver="5.00.3900.7032" sz="2432784" is="0"
gfp="">C:\winnt\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-
04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="4b202fff9eb43fdc8d3290deaab7487e" ver="1.0.0614.10"
sz="101080" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINNT\system32
\mshta.exe "%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%
SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:6 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:9 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~2
\Office10\OUTLOOK.EXE" -c IPM.Note /m "%
1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %
1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="DirectAnimation Java Classes"
prog="" nam=""
codebase="file://C:\WINNT\Java\classes\dajava.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="Microsoft XML Parser for Java"
prog="" nam=""
codebase="file://C:\WINNT\Java\classes\xmldso.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{02BCC737-B171-4746-94C9-
0D8A0B2C0089}" prog="Office.awsdc.1" nam="Microsoft Office
Template and Media Control"
codebase="http://office.microsoft.com/templates/ieawsdc.cab
">
- <Files>
<File ex="1" nam="IEAWSDC.DLL" pub="Unavailable"
md5="4a693868d8fa24258fe3800d94d7629e" ver="Unavailable"
sz="87240" is="0" gfp="">C:\WINNT\Downloaded Program
Files\IEAWSDC.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{1F2F4C9E-6F09-47BC-970D-
3C54734667FE}" prog="LSSupCtl.LSSupCtl.1" nam="LSSupCtl
Class" codebase="https://www-
secure.symantec.com/techsupp/asa/LSSupCtl.cab">
- <Files>
<File ex="1" nam="LiveSubscribe Components
(LSSupCtl.dll)" pub="Symantec Corporation"
md5="c8febea460aad5c1b6817f9676e03f78" ver="3.1.0.5"
sz="111752" is="0" gfp="">C:\WINNT\Downloaded Program
Files\LSSupCtl.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{2BC66F54-93A8-11D3-BEB6-
00105AA9B6AE}" prog="Symantec.NavSniff.1" nam="Symantec
AntiVirus scanner"
codebase="http://security.symantec.com/sscv6/SharedContent/
vc/bin/AvSniff.cab">
- <Files>
<File ex="1" nam="Symantec Engine Common Object Model
Loader (ecmldr32.dll)" pub="Symantec Corp."
md5="e8753779e5996465c7c50c8e988ced7b" ver="1.1.0.3"
sz="42160" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\ecmldr32.dll</File>
<File ex="1" nam="(navapi.vxd)" pub=""
md5="291f21e9e41b72bcfa0d73d97e1ca4f3" ver="" sz="6850"
is="0" gfp="">C:\WINNT\Downloaded Program
Files\navapi.vxd</File>
<File ex="1" nam="Symantec AntiVirus Engine API
(navapi32.dll)" pub="Symantec Corp."
md5="ca74a39806ecd04fd412eabcb70473c9" ver="4.2.0.8"
sz="201896" is="0" gfp="">C:\WINNT\Downloaded Program
Files\navapi32.dll</File>
<File ex="1" nam="TODO: <File description>
(avsniffdlgs.dll)" pub="TODO: <Company name>"
md5="5b5e285f25993169f5ad0c25e5c3c51c" ver="1.0.0.1"
sz="198256" is="0" gfp="">C:\WINNT\Downloaded Program
Files\avsniffdlgs.dll</File>
<File ex="1" nam="Symantec Security Check Virus
Detection Scan (avsniff.dll)" pub="Symantec Corporation"
md5="45dff1c7e50e01661e98288ef5289bc7"
ver="2004.12.14.055" sz="202352" is="0"
gfp="">C:\WINNT\Downloaded Program
Files\avsniff.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{30528230-99F7-4BB4-88D8-
FA1D4F56A2AB}" prog="YInstHelper.YInstStarter.1"
nam="YInstStarter Class"
codebase="http://us.dl1.yimg.com/download.yahoo.com/dl/inst
alls/yinst20040510.cab">
- <Files>
<File ex="1" nam="YInstHelper Module (yinsthelper.dll)"
pub="Yahoo! Inc." md5="508da8adf7be51c22d13d02845fb431e"
ver="2004, 6, 1, 1" sz="141312" is="0"
gfp="">C:\WINNT\Downloaded Program
Files\yinsthelper.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{32305793-C19A-48E7-AD2F-
D87FF7B264A4}"
prog="TENEBRILSPYWARESCANNER.TenebrilSpywareScannerCtrl.1"
nam="TenebrilSpywareScanner Control"
codebase="http://www.tenebril.com/scanner/TestScanner.ocx">
- <Files>
<File ex="1" nam="Tenebril Spyware Scanner ActiveX
Control Module (TestScanner.ocx)" pub="Tenebril Inc."
md5="9f9a1c774f6362b501f076a516326ce7" ver="1, 0, 1, 0"
sz="203400" is="0" gfp="">C:\WINNT\Downloaded Program
Files\TestScanner.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{3E68E405-C6DE-49FF-83AE-
41EE9F4C36CE}" prog="OPUCatalog.OPUCatalog11.1"
nam="Office Update Installation Engine"
codebase="http://office.microsoft.com/officeupdate/content/
opuc2.cab">
- <Files>
<File ex="1" nam="Microsoft Office Update Detection
Engine (opuc.dll)" pub="Microsoft Corporation"
md5="20393d64f69f26361a97fd9afb3c9243" ver="11.0.6466"
sz="326656" is="0" gfp="">C:\WINNT\opuc.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{4E62C4DE-627D-4604-B157-
4B7D6B09F02E}" prog="AccountTracking.ProfileManager.1"
nam="AccountTracking Profile Manager Class"
codebase="https://moneymanager.egg.com/Pinsafe/accounttrack
ing.cab">
- <Files>
<File ex="1" nam="AccountTracking Module
(accounttracking.dll)" pub="eWise Systems Pty Ltd"
md5="0b2b910088db6c781f4aa44bdee49311" ver="3,0,0,1"
sz="249936" is="0" gfp="">C:\WINNT\Downloaded Program
Files\accounttracking.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{6414512B-B978-451D-A0D8-
FCFDF33E833C}" prog="SoftwareDistribution.WebControl.1"
nam="WUWebControl Class"
codebase="http://update.microsoft.com/microsoftupdate/v6/V5
Controls/en/x86/client/wuweb_site.cab?1121014879890">
- <Files>
<File ex="1" nam="Windows Update Web Control
(wuweb.dll)" pub="Microsoft Corporation"
md5="c459f2d5e64c942f3f66e1cd7f1c4c00" ver="5.8.0.2469
built by: lab01_n(wmbla)" sz="173536" is="0"
gfp="">C:\winnt\system32\wuweb.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{644E432F-49D3-41A1-8DD5-
E099162EEEC5}" prog="RuFSI.SymUtility.1" nam="Symantec
RuFSI Utility Class"
codebase="http://security.symantec.com/sscv6/SharedContent/
common/bin/cabsa.cab">
- <Files>
<File ex="1" nam="Symantec Security Check Registry and
File Information control (rufsi.dll)" pub="Symantec
Corporation" md5="853f88ccff543f75bdd10e4064c1d6a0"
ver="2004.06.23.042" sz="161432" is="0"
gfp="">C:\WINNT\Downloaded Program Files\rufsi.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{6E32070A-766D-4EE6-879C-
DC1FA91D2FC3}"
prog="SoftwareDistribution.MicrosoftUpdateWebControl.1"
nam="MUWebControl Class"
codebase="http://update.microsoft.com/microsoftupdate/v6/V5
Controls/en/x86/client/muweb_site.cab?1121014867671">
- <Files>
<File ex="1" nam="Microsoft Update Web Control
(muweb.dll)" pub="Microsoft Corporation"
md5="ee37aa2c0700221cd8b02fadcd4c7fb5" ver="5.8.0.2469
built by: lab01_n(wmbla)" sz="178408" is="0"
gfp="">C:\winnt\system32\muweb.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{8AD9C840-044E-11D1-B3E9-
00805F499D93}" prog="" nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-
1_5_0_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{9F1C11AA-197B-4942-BA54-
47A8489BB47F}" prog="" nam=""
codebase="http://v4.windowsupdate.microsoft.com/CAB/x86/uni
code/iuctl.CAB?38226.042662037">
- <Files>
<File ex="1" nam="Windows Update Control Engine
(iuengine.dll)" pub="Microsoft Corporation"
md5="57711736ecc25a00785a1b75c7b20459" ver="5.8.0.2469
built by: lab01_n(wmbla)" sz="198424" is="0"
gfp="">C:\WINNT\System32\iuengine.dll</File>
<File ex="1" nam="Windows Update Client Control
(iuctl.dll)" pub="Microsoft Corporation"
md5="ac9e42250d6e5236b6003a0ebc88de3b" ver="5.4.3790.20
built by: lab04_n" sz="115480" is="0"
gfp="">C:\WINNT\System32\iuctl.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{B38870E4-7ECB-40DA-8C6A-
595F0A5519FF}"
prog="MsnMessengerSetupDownloader.MsnMessen.1"
nam="MsnMessengerSetupDownloadControl Class"
codebase="http://messenger.msn.com/download/msnmessengerset
updownloader.cab">
- <Files>
<File ex="1" nam="Setup downloader for Msn Messenger
(MsnMessengerSetupDownloader.ocx)" pub="Microsoft
Corporation" md5="92d24b6643919005213f60d5b537196a"
ver="1.0.0.2" sz="113152" is="0"
gfp="">C:\WINNT\Downloaded Program
Files\MsnMessengerSetupDownloader.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0014-0001-0002-
ABCDEFFEDCBA}" prog="" nam="Java Plug-in 1.4.1_02"
codebase="http://java.sun.com/products/plugin/1.4/jinstall-
14_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0015-0000-0002-
ABCDEFFEDCBA}" prog="" nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-
1_5_0_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CE28D5D2-60CF-4C7D-9FE8-
0F47A3308078}" prog="SymAData.ActiveDataInfo.1"
nam="ActiveDataInfo Class" codebase="https://www-
secure.symantec.com/techsupp/asa/ctrl/SymAData.cab">
- <Files>
<File ex="1" nam="SymAData Module (SymAData.dll)"
pub="None" md5="7f8785d76b7f7a79c96e50168daf498e" ver="2,
0, 0, 3" sz="161400" is="0" gfp="">C:\WINNT\Downloaded
Program Files\SymAData.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-
444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1"
nam="Shockwave Flash Object"
codebase="http://fpdownload.macromedia.com/pub/shockwave/ca
bs/flash/swflash.cab">
<Files />
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/octet-stream" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="8c54138d0271ed4e9c16d8534ff707e4" ver="1.1.4322.2032"
sz="155648" is="0" gfp="">c:\winnt\system32
\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-complus" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="8c54138d0271ed4e9c16d8534ff707e4" ver="1.1.4322.2032"
sz="155648" is="0" gfp="">c:\winnt\system32
\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-msdownload" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="8c54138d0271ed4e9c16d8534ff707e4" ver="1.1.4322.2032"
sz="155648" is="0" gfp="">c:\winnt\system32
\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-
00AA00B92AF1}" prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="deflate" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-
11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-
00A0C90312E1}" prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="22d55404ce4d7e040cbcb5693630c148"
ver="5.00.3900.7032" sz="2432784" is="0"
gfp="">c:\winnt\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="about" val="{3050F406-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-
00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-7b8b-
11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CD00020A-8B95-11D1-82DB-
00C04FB1625D}" prog="CDO.KnowledgePluggable.1"
filter="cdo" val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
nam="Microsoft SharePoint Portal Server Object Model
(pkmcdo.dll)" pub="Microsoft Corporation"
md5="623d03d48a2da1bc03764d6d7fc88542" ver="10.145.7329.0"
sz="868352" is="0" gfp="">c:\program files\common
files\microsoft shared\web
folders\pkmcdo.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="file" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="gopher" val="{79eac9e4-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="http" val="{79eac9e2-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="https" val="{79eac9e5-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="f4e80cd6f8ae4520c066214a2364b9c2" ver="5.2.3790.309
(srv03_gdr.050413-1540)" sz="128000" is="0"
gfp="">c:\winnt\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="javascript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="local" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="mailto" val="{3050f3DA-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-
00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-BCBC-
11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet Messaging
API (inetcomm.dll)" pub="Microsoft Corporation"
md5="4dcb8bf0eaeb6308b1811d19d0f8c81f"
ver="6.00.2800.1506" sz="596480" is="0"
gfp="">c:\winnt\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="f4e80cd6f8ae4520c066214a2364b9c2" ver="5.2.3790.309
(srv03_gdr.050413-1540)" sz="128000" is="0"
gfp="">c:\winnt\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{0A9007C0-4076-11D3-8789-
0000F8105754}" prog="Microsoft.ITSS.URLProtocol"
filter="ms-itss" val="{0A9007C0-4076-11D3-8789-
0000F8105754}" nam="Microsoft InfoTech Storage System
Library (msitss.dll)" pub="Microsoft Corporation"
md5="bb67c719ccdaf8b442cc194a429079bb" ver="5.40.0358.1"
sz="217088" is="0" gfp="">c:\program files\common
files\microsoft shared\information
retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3D9F03FA-7A94-11D3-BE81-
0050048385D1}" prog="" filter="mso-offdap" val="{3D9F03FA-
7A94-11D3-BE81-0050048385D1}" nam="Microsoft Office XP Web
Components (owc10.dll)" pub="Microsoft Corporation"
md5="9211fe0255a62db0a51c94acfcf5670b" ver="10.0.6619"
sz="7334592" is="0" gfp="">c:\progra~1\common~1\micros~1
\webcom~1\10\owc10.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-
006008059382}" prog="" filter="sysimage" val="{76E67A63-
06E9-11D2-A840-006008059382}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="vbscript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020}" prog="Mmedia.AsyncPProt.1"
filter="vnd.ms.radio" val="{3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020}" nam="msdxm.ocx" pub="Unavailable"
md5="755aa1f85e3788c3c287ffa03cf58627" ver="Unavailable"
sz="844560" is="0" gfp="">c:\winnt\system32
\msdxm.ocx</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-
11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk"
namespacefilter="NameSpace Filter for MKMSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="f4e80cd6f8ae4520c066214a2364b9c2" ver="5.2.3790.309
(srv03_gdr.050413-1540)" sz="128000" is="0"
gfp="">c:\winnt\system32
\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32
\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">0</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7007ACCF-
3202-11D1-AAD2-00805FC1270E}" prog=""
val="Network.ConnectionTray" nam="Network Connections
Shell (netshell.dll)" pub="Microsoft Corporation"
md5="fc1783b19a718444de5f6fe5c9143079"
ver="5.00.2195.6604" sz="477456" is="0"
gfp="">c:\winnt\system32
\netshell.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-
DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft
Corporation" md5="f2786dc35401fceb401a0f5810e22ab6"
ver="6.00.2800.1106" sz="258048" is="0"
gfp="">c:\winnt\system32
\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-
2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)"
pub="Microsoft Corporation"
md5="34660338069fd5665b921ecffc96e0ce"
ver="5.00.2195.6601" sz="81168" is="0"
gfp="">C:\winnt\system32
\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Adobe Active File Monitor"
desc="Tracks files that are managed by Adobe Photoshop
Album" nam="(PhotoshopElementsFileAgent.exe)" pub=""
md5="e42f7b36b4d8866184e8df9776ca4226" ver="" sz="98304"
is="0" gfp="">C:\Program Files\Adobe\Photoshop Elements 3.0
\PhotoshopElementsFileAgent.exe</Service>
<Service ex="1" disp="Alerter" desc="Notifies selected
users and computers of administrative alerts."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Application Management"
desc="Provides software installation services such as
Assign, Publish, and Remove." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="ASP.NET State Service"
desc="Provides support for out-of-process session states
for ASP.NET. If this service is stopped, out-of-process
requests will not be processed. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="aspnet_state.exe (aspnet_state.exe)"
pub="Microsoft Corporation"
md5="e1a1206a4fb19b675e947b29ccd25fba" ver="1.1.4322.2032"
sz="32768" is="0"
gfp="">C:\winnt\Microsoft.NET\Framework\v1.1.4322
\aspnet_state.exe</Service>
<Service ex="1" disp="Computer Browser" desc="Maintains
an up-to-date list of computers on your network and
supplies the list to programs that request it."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Symantec Event Manager"
desc="Symantec Event Manager" nam="Common Client Event
Manager Service (ccEvtMgr.exe)" pub="Symantec Corporation"
md5="620cc860890d50fd18d5d9508c5551b2" ver="2.1.7.2"
sz="255600" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe</Service>
<Service ex="1" disp="Symantec Password Validation"
desc="Symantec Password Validation Service" nam="Common
Client Password Validation (ccPwdSvc.exe)" pub="Symantec
Corporation" md5="2ae05429a4ebcfb28a19896cb9fe86b7"
ver="2.1.7.2" sz="87664" is="0" gfp="">C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe</Service>
<Service ex="1" disp="Symantec Settings Manager"
desc="Symantec Settings Manager" nam="Common Client
Settings Manager Service (ccSetMgr.exe)" pub="Symantec
Corporation" md5="cdab825c28154669ab35ea731b8e452b"
ver="2.1.7.2" sz="235120" is="0" gfp="">C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe</Service>
<Service ex="1" disp="Indexing Service" desc=""
nam="Content Index service (cisvc.exe)" pub="Microsoft
Corporation" md5="2830a2c82270f387265dfa658656eb99"
ver="5.00.2134.1" sz="5392" is="0" gfp="">C:\WINNT\System32
\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Supports ClipBook
Viewer, which allows pages to be seen by remote
ClipBooks." nam="Windows NT DDE Server (clipsrv.exe)"
pub="Microsoft Corporation"
md5="804212b6b82354cf4f0c2d567575688a" ver="5.00.2134.1"
sz="31504" is="0" gfp="">C:\winnt\system32
\clipsrv.exe</Service>
<Service ex="1" disp="DHCP Client" desc="Manages network
configuration by registering and updating IP addresses and
DNS names." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative Service" desc="Administrative service for
disk management requests" nam="Logical Disk Manager
service process (dmadmin.exe)" pub="VERITAS Software
Corp." md5="7b080c0ac30884e981221342da197c1e"
ver="2195.6624.297.3" sz="147728" is="0"
gfp="">C:\winnt\System32\dmadmin.exe</Service>
<Service ex="1" disp="Logical Disk Manager"
desc="Logical Disk Manager Watchdog Service" nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="DNS Client" desc="Resolves and
caches Domain Name System (DNS) names." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Event Log" desc="Logs event
messages issued by programs and Windows. Event Log reports
contain information that can be useful in diagnosing
problems. Reports are viewed in Event Viewer."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="Fax Service" desc="Helps you send
and receive faxes" nam="Fax Service (faxsvc.exe)"
pub="Microsoft Corporation"
md5="c63946c8124a58a6c86efb0ebec7ccf9"
ver="5.00.2195.6612" sz="94992" is="0"
gfp="">C:\winnt\system32\faxsvc.exe</Service>
<Service ex="1" disp="GhostStartService"
desc="Background service to allow Norton Ghost to perform
priviledged operations" nam="Norton Ghost Start
(GHOSTS~2.EXE)" pub="Symantec Corporation"
md5="bd98f4d6ccaa81f422316b587c7da8c1" ver="2003.789"
sz="200704" is="0" gfp="">C:\PROGRA~1\NORTON~1\NORTON~4
\GHOSTS~2.EXE</Service>
<Service ex="1" disp="InCD Helper" desc="Helper service
for the InCD filesystem driver" nam="incdsrv
(InCDsrv.exe)" pub="Nero AG"
md5="e30aa40b2fcdb0b8818c4521de7e2cdc" ver="4, 3, 14, 1"
sz="869376" is="0" gfp="">C:\Program
Files\Ahead\InCD\InCDsrv.exe</Service>
<Service ex="1" disp="Server" desc="Provides RPC support
and file, print, and named pipe sharing." nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Workstation" desc="Provides
network connections and communications." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="TCP/IP NetBIOS Helper Service"
desc="Enables support for NetBIOS over TCP/IP (NetBT)
service and NetBIOS name resolution." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Messenger" desc="Sends and
receives messages transmitted by administrators or by the
Alerter service." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Allows authorized people to remotely access your
Windows desktop using NetMeeting." nam="NetMeeting Remote
Desktop Sharing (mnmsrvc.exe)" pub="Microsoft Corporation"
md5="eeee63b92ca888ac9fb3d13581751ec2" ver="4.4.3385"
sz="21776" is="0" gfp="">C:\WINNT\System32
\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that are
distributed across two or more databases, message queues,
file systems, or other transaction protected resource
managers." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="edc54e17cdf1811a472d518a82182449" ver="1999.9.3421.3"
sz="6928" is="0" gfp="">C:\WINNT\System32
\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Installs,
repairs and removes software according to instructions
contained in .MSI files." nam="Windows installer
(msiexec.exe)" pub="Microsoft Corporation"
md5="f5f0146580e7023adb963879840777f8" ver="3.1.4000.1823"
sz="78848" is="0" gfp="">C:\winnt\system32
\msiexec.exe</Service>
<Service ex="1" disp="Norton AntiVirus Auto Protect
Service" desc="Handles Norton AntiVirus Auto-Protect
events." nam="Norton AntiVirus Auto-Protect Service
(navapsvc.exe)" pub="Symantec Corporation"
md5="106188ee7fce8c769defec27c1edb67c" ver="10.00.2"
sz="158848" is="0" gfp="">C:\Program Files\Norton
SystemWorks\Norton Antivirus\navapsvc.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides
network transport and security for dynamic data exchange
(DDE)." nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="f9b001cb9573d32433e051ec9f4ff203"
ver="5.00.2195.6958" sz="110352" is="0"
gfp="">C:\winnt\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
shared dynamic data exchange and is used by Network DDE"
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="f9b001cb9573d32433e051ec9f4ff203"
ver="5.00.2195.6958" sz="110352" is="0"
gfp="">C:\winnt\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-
through authentication of account logon events for
computers in a domain." nam="LSA Executable and Server DLL
(lsass.exe)" pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">C:\winnt\System32\lsass.exe</Service>
<Service ex="1" disp="Norton Unerase Protection" desc=""
nam="Norton Protection Status (NPROTECT.EXE)"
pub="Symantec Corporation"
md5="360f93496fd1664b6e2d318d3e76882a" ver="17.0.0.82"
sz="81920" is="0" gfp="">C:\PROGRA~1\NORTON~1\NORTON~2
\NPROTECT.EXE</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Executable and Server DLL (lsass.exe)"
pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">C:\winnt\System32\lsass.exe</Service>
<Service ex="1" disp="NVIDIA Display Driver Service"
desc="Provides system and desktop level support to the
NVIDIA display driver" nam="NVIDIA Driver Helper Service,
Version 52.16 (nvsvc32.exe)" pub="NVIDIA Corporation"
md5="5ed834603c36414b579979b3a9c90f54" ver="6.14.10.5216"
sz="81920" is="0" gfp="">C:\winnt\system32
\nvsvc32.exe</Service>
<Service ex="1" disp="Photoshop Elements Device Connect"
desc="Photoshop Elements Organizer launch utility on
device arrival."
nam="(PhotoshopElementsDeviceConnect.exe)" pub=""
md5="d0f9f362023bf94cf58a1c3cdbbebe06" ver="" sz="118784"
is="0" gfp="">C:\Program Files\Adobe\Photoshop Elements 3.0
\PhotoshopElementsDeviceConnect.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Manages
device installation and configuration and notifies
programs of device changes." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="IPSEC Policy Agent" desc="Manages
IP security policy and starts the ISAKMP/Oakley (IKE) and
the IP security driver." nam="LSA Executable and Server
DLL (lsass.exe)" pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">C:\winnt\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private
keys, to prevent access by unauthorized services,
processes, or users." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="Remote Registry Service"
desc="Allows remote registry manipulation." nam="Remote
Registry Service (regsvc.exe)" pub="Microsoft Corporation"
md5="250c4ce389783fa2398e3afa4317008c"
ver="5.00.2195.6701" sz="68368" is="0"
gfp="">C:\winnt\system32\regsvc.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="ad57e33f4f7f404d9aba97e8b33fa21b"
ver="5.00.2195.6619" sz="72464" is="0"
gfp="">C:\winnt\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality
for QoS-aware programs and control applets."
nam="Microsoft RSVP 1.0 (rsvp.exe)" pub="Microsoft
Corporation" md5="2a21bddb1ba9b5cd776949380ab46a76"
ver="5.00.2195.6663" sz="176912" is="0"
gfp="">C:\winnt\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user
accounts." nam="LSA Executable and Server DLL (lsass.exe)"
pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">C:\winnt\system32\lsass.exe</Service>
<Service ex="1" disp="SAVScan" desc="Handles Norton
AntiVirus Auto-Protect Archive Scanning" nam="Symantec
AntiVirus Scanner (SAVScan.exe)" pub="Symantec
Corporation" md5="de337e8649e1970c5663999457a9352f" ver=""
sz="194272" is="0" gfp="">C:\Program Files\Norton
SystemWorks\Norton Antivirus\SAVScan.exe</Service>
<Service ex="1" disp="ScriptBlocking Service" desc=""
nam="ScriptBlocking registration (SBServ.exe)"
pub="Symantec Corporation"
md5="928627472adbd58bb72d5bb9cb1448f6" ver="1, 1, 1, 131"
sz="66784" is="0" gfp="">C:\PROGRA~1\COMMON~1\SYMANT~1
\SCRIPT~1\SBServ.exe</Service>
<Service ex="1" disp="Smart Card Helper" desc="Provides
support for legacy smart card readers attached to the
computer." nam="Smart Card Resource Management Server
(SCardSvr.exe)" pub="Microsoft Corporation"
md5="13c381e66cda8d4d80e84bf18307551f"
ver="5.00.2195.6609" sz="100112" is="0"
gfp="">C:\winnt\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages and
controls access to a smart card inserted into a smart card
reader attached to the computer." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft
Corporation" md5="13c381e66cda8d4d80e84bf18307551f"
ver="5.00.2195.6609" sz="100112" is="0"
gfp="">C:\winnt\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Task Scheduler" desc="Enables a
program to run at a designated time." nam="Task Scheduler
Engine (MSTask.exe)" pub="Microsoft Corporation"
md5="b00529eae5d0ce97010b69cc677128c8"
ver="4.71.2195.6972" sz="122128" is="0"
gfp="">C:\winnt\system32\MSTask.exe</Service>
<Service ex="1" disp="ScsiAccess" desc=""
nam="(ScsiAccess.exe)" pub=""
md5="54196cdac7e1d81d71c652e100b99e77" ver="" sz="181312"
is="0" gfp="">C:\Program
Files\Photodex\ProShowGold\ScsiAccess.exe</Service>
<Service ex="1" disp="RunAs Service" desc="Enables
starting processes under alternate credentials"
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="Sygate Security Agent" desc=""
nam="Sygate Personal Firewall (Smc.exe)" pub="Sygate
Technologies, Inc." md5="6a8db23de8fc41a678ecb9fc0e1eb7e0"
ver="4.02.00.878" sz="1228800" is="0" gfp="">C:\Program
Files\Sygate\SSA\Smc.exe</Service>
<Service ex="1" disp="Symantec Network Drivers Service"
desc="Symantec Network Drivers Service" nam="Network
Driver Service (SNDSrvc.exe)" pub="Symantec Corporation"
md5="443e397643965e08c5ab6a6caa732b97" ver="5.5.1.6"
sz="206552" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe</Service>
<Service ex="1" disp="Speed Disk service" desc=""
nam="NOPDB (NOPDB.EXE)" pub="Symantec Corporation"
md5="5e71d2342b963e61f99b19cb2e462c63" ver="7.00.0.24"
sz="176193" is="0" gfp="">C:\PROGRA~1\NORTON~1\NORTON~2
\SPEEDD~1\NOPDB.EXE</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files
to memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="1f124b89aa469671821115a39c0fbd27"
ver="5.00.2195.7013" sz="48400" is="0"
gfp="">C:\winnt\system32\spoolsv.exe</Service>
<Service ex="1" disp="Still Image Service" desc=""
nam="Still Image Devices Monitor (stisvc.exe)"
pub="Microsoft Corporation"
md5="b75235626b950ff821146555c612f814"
ver="5.00.2195.6656" sz="61712" is="0"
gfp="">C:\winnt\system32\stisvc.exe</Service>
<Service ex="1" disp="Symantec Core LC" desc="Symantec
Core LC" nam="Symantec Core Component (symlcsvc.exe)"
pub="Symantec Corporation"
md5="94d3c8257776019a7a96af69f62ba509" ver="1, 8, 48, 79"
sz="585728" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe</Service>
<Service ex="1" disp="SymWMI Service" desc="Symantec WMI
Service" nam="Norton Security Center Service (SymWSC.exe)"
pub="Symantec Corporation"
md5="67c5af84809468061121fbcbecb19285" ver="2005.1.2.20"
sz="316544" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\Security Center\SymWSC.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Configures performance logs and alerts."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="f4f35fe5f46262d45491822d8a66bf62"
ver="5.00.2195.6608" sz="85776" is="0"
gfp="">C:\winnt\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Telnet" desc="Allows a remote user
to log on to the system and run console programs using the
command line." nam="Microsoft Telnet Service
(tlntsvr.exe)" pub="Microsoft Corporation"
md5="fa57d2175f4978e2f32cb1b02781d76a" ver="5.00.99206.1"
sz="186128" is="0" gfp="">C:\winnt\system32
\tlntsvr.exe</Service>
<Service ex="1" disp="Distributed Link Tracking Client"
desc="Sends notifications of files moving between NTFS
volumes in a network domain." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="222a997aa4c7f7a2b3453b556afa4406" ver="5.00.2158.1"
sz="17680" is="0" gfp="">C:\winnt\System32
\ups.exe</Service>
<Service ex="1" disp="Utility Manager" desc="Starts and
configures accessibility tools from one window"
nam="UtilMan EXE (UtilMan.exe)" pub="Microsoft
Corporation" md5="7a960f1e9a0b2f7d14f1d0eddd74375c"
ver="1, 0, 0, 3" sz="22800" is="0" gfp="">C:\winnt\System32
\UtilMan.exe</Service>
<Service ex="1" disp="Windows Time" desc="Sets the
computer clock." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Windows Management
Instrumentation" desc="Provides system management
information." nam="Windows Management Instrumentation
(WinMgmt.exe)" pub="Microsoft Corporation"
md5="05b2001e1bc653fd6091e741b46f71b4"
ver="1.50.1085.0100" sz="196706" is="0"
gfp="">C:\winnt\System32\WBEM\WinMgmt.exe</Service>
<Service ex="1" disp="WLTRYSVC" desc=""
nam="(WLTRYSVC.EXE)" pub=""
md5="516158ce60a5eeb8669fd117cec943a5" ver="" sz="45056"
is="0" gfp="">C:\winnt\System32\WLTRYSVC.EXE</Service>
<Service ex="1" disp="Windows Management Instrumentation
Driver Extensions" desc="Provides systems management
information to and from drivers." nam="Services and
Controller app (Services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\Services.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="160" nam="Windows NT Session
Manager (smss.exe)" pub="Microsoft Corporation"
md5="f07c69367770a1c129a22f9158afaa2b"
ver="5.00.2195.6601" sz="45840" is="0"
gfp="">c:\winnt\system32\smss.exe</Process>
<Process ex="1" pid="188" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="6533392c5af4bf5c7ff12e453dd59ae5"
ver="5.00.2195.6601" sz="5392" is="0"
gfp="">C:\winnt\system32\csrss.exe</Process>
<Process ex="1" pid="184" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="bb1daf6a5737652646d52665251a0265"
ver="5.00.2195.6997" sz="186640" is="0"
gfp="">c:\winnt\system32\winlogon.exe</Process>
<Process ex="1" pid="236" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">c:\winnt\system32\services.exe</Process>
<Process ex="1" pid="248" nam="LSA Executable and Server
DLL (lsass.exe)" pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">c:\winnt\system32\lsass.exe</Process>
<Process ex="1" pid="500" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe</Process>
<Process ex="1" pid="532" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="1f124b89aa469671821115a39c0fbd27"
ver="5.00.2195.7013" sz="48400" is="0"
gfp="">c:\winnt\system32\spoolsv.exe</Process>
<Process ex="1" pid="560"
nam="(photoshopelementsfileagent.exe)" pub=""
md5="e42f7b36b4d8866184e8df9776ca4226" ver="" sz="98304"
is="0" gfp="">c:\program files\adobe\photoshop elements 3.0
\photoshopelementsfileagent.exe</Process>
<Process ex="1" pid="588" nam="Common Client Settings
Manager Service (ccsetmgr.exe)" pub="Symantec Corporation"
md5="cdab825c28154669ab35ea731b8e452b" ver="2.1.7.2"
sz="235120" is="0" gfp="">c:\program files\common
files\symantec shared\ccsetmgr.exe</Process>
<Process ex="1" pid="604" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe</Process>
<Process ex="1" pid="620" nam="Norton Ghost Start
(ghosts~2.exe)" pub="Symantec Corporation"
md5="bd98f4d6ccaa81f422316b587c7da8c1" ver="2003.789"
sz="200704" is="0" gfp="">c:\progra~1\norton~1\norton~4
\ghosts~2.exe</Process>
<Process ex="1" pid="688" nam="incdsrv (incdsrv.exe)"
pub="Nero AG" md5="e30aa40b2fcdb0b8818c4521de7e2cdc"
ver="4, 3, 14, 1" sz="869376" is="0" gfp="">c:\program
files\ahead\incd\incdsrv.exe</Process>
<Process ex="1" pid="724" nam="Norton AntiVirus Auto-
Protect Service (navapsvc.exe)" pub="Symantec Corporation"
md5="106188ee7fce8c769defec27c1edb67c" ver="10.00.2"
sz="158848" is="0" gfp="">c:\program files\norton
systemworks\norton antivirus\navapsvc.exe</Process>
<Process ex="1" pid="808" nam="Norton Protection Status
(nprotect.exe)" pub="Symantec Corporation"
md5="360f93496fd1664b6e2d318d3e76882a" ver="17.0.0.82"
sz="81920" is="0" gfp="">c:\progra~1\norton~1\norton~2
\nprotect.exe</Process>
<Process ex="1" pid="836" nam="NVIDIA Driver Helper
Service, Version 52.16 (nvsvc32.exe)" pub="NVIDIA
Corporation" md5="5ed834603c36414b579979b3a9c90f54"
ver="6.14.10.5216" sz="81920" is="0"
gfp="">c:\winnt\system32\nvsvc32.exe</Process>
<Process ex="1" pid="848"
nam="(photoshopelementsdeviceconnect.exe)" pub=""
md5="d0f9f362023bf94cf58a1c3cdbbebe06" ver="" sz="118784"
is="0" gfp="">c:\program files\adobe\photoshop elements 3.0
\photoshopelementsdeviceconnect.exe</Process>
<Process ex="1" pid="876" nam="Remote Registry Service
(regsvc.exe)" pub="Microsoft Corporation"
md5="250c4ce389783fa2398e3afa4317008c"
ver="5.00.2195.6701" sz="68368" is="0"
gfp="">c:\winnt\system32\regsvc.exe</Process>
<Process ex="1" pid="904" nam="Symantec AntiVirus
Scanner (savscan.exe)" pub="Symantec Corporation"
md5="de337e8649e1970c5663999457a9352f" ver="" sz="194272"
is="0" gfp="">c:\program files\norton systemworks\norton
antivirus\savscan.exe</Process>
<Process ex="1" pid="936" nam="Task Scheduler Engine
(mstask.exe)" pub="Microsoft Corporation"
md5="b00529eae5d0ce97010b69cc677128c8"
ver="4.71.2195.6972" sz="122128" is="0"
gfp="">c:\winnt\system32\mstask.exe</Process>
<Process ex="1" pid="972" nam="(scsiaccess.exe)" pub=""
md5="54196cdac7e1d81d71c652e100b99e77" ver="" sz="181312"
is="0" gfp="">c:\program
files\photodex\proshowgold\scsiaccess.exe</Process>
<Process ex="1" pid="1024" nam="Sygate Personal Firewall
(smc.exe)" pub="Sygate Technologies, Inc."
md5="6a8db23de8fc41a678ecb9fc0e1eb7e0" ver="4.02.00.878"
sz="1228800" is="0" gfp="">c:\program
files\sygate\ssa\smc.exe</Process>
<Process ex="1" pid="1052" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="59cf2b7dced9111f48f51b4b570e672d"
ver="5.00.3700.6690" sz="243472" is="0"
gfp="">c:\winnt\explorer.exe</Process>
<Process ex="1" pid="1124" nam="Norton SystemWorks
SymTray (symtray.exe)" pub="Symantec Corporation"
md5="c06a07c74e2bc59200bcd8c4c782292f" ver="2004.7.81"
sz="77824" is="0" gfp="">c:\program files\common
files\symantec shared\symtray.exe</Process>
<Process ex="1" pid="1060" nam="NOPDB (nopdb.exe)"
pub="Symantec Corporation"
md5="5e71d2342b963e61f99b19cb2e462c63" ver="7.00.0.24"
sz="176193" is="0" gfp="">c:\progra~1\norton~1\norton~2
\speedd~1\nopdb.exe</Process>
<Process ex="1" pid="1136" nam="Still Image Devices
Monitor (stisvc.exe)" pub="Microsoft Corporation"
md5="b75235626b950ff821146555c612f814"
ver="5.00.2195.6656" sz="61712" is="0"
gfp="">c:\winnt\system32\stisvc.exe</Process>
<Process ex="1" pid="1176" nam="Symantec Core Component
(symlcsvc.exe)" pub="Symantec Corporation"
md5="94d3c8257776019a7a96af69f62ba509" ver="1, 8, 48, 79"
sz="585728" is="0" gfp="">c:\program files\common
files\symantec shared\ccpd-lc\symlcsvc.exe</Process>
<Process ex="1" pid="1200" nam="Windows Management
Instrumentation (winmgmt.exe)" pub="Microsoft Corporation"
md5="05b2001e1bc653fd6091e741b46f71b4"
ver="1.50.1085.0100" sz="196706" is="0"
gfp="">c:\winnt\system32\wbem\winmgmt.exe</Process>
<Process ex="1" pid="1212" nam="(wltrysvc.exe)" pub=""
md5="516158ce60a5eeb8669fd117cec943a5" ver="" sz="45056"
is="0" gfp="">c:\winnt\system32\wltrysvc.exe</Process>
<Process ex="1" pid="1056" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe</Process>
<Process ex="1" pid="1268" nam="BCM 802.11g Network
Adapter Wireless Network Tray Applet (bcmwltry.exe)"
pub="Broadcom Corporation"
md5="87e53e4c576c509a0d4869f49025ebdc" ver="3.50.21.10"
sz="610304" is="0" gfp="">c:\winnt\system32
\bcmwltry.exe</Process>
<Process ex="1" pid="1276" nam="Common Client Event
Manager Service (ccevtmgr.exe)" pub="Symantec Corporation"
md5="620cc860890d50fd18d5d9508c5551b2" ver="2.1.7.2"
sz="255600" is="0" gfp="">c:\program files\common
files\symantec shared\ccevtmgr.exe</Process>
<Process ex="1" pid="1412" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe</Process>
<Process ex="1" pid="916" nam="Avance Sound Manager
(soundman.exe)" pub="Avance Logic, Inc."
md5="04f314d0c39c32166cdbde1d20267313" ver="5.0"
sz="46592" is="0" gfp="">c:\winnt\soundman.exe</Process>
<Process ex="1" pid="1572" nam="Microsoft IntelliType
Pro (type32.exe)" pub="Microsoft Corporation"
md5="b5eca5948d7f8eaa00333231f33ea31a" ver="2.20.447.0"
sz="94208" is="0" gfp="">c:\program files\microsoft
hardware\keyboard\type32.exe</Process>
<Process ex="1" pid="1576" nam="Common Client User
Session (ccapp.exe)" pub="Symantec Corporation"
md5="5712b77158fbbb5ab5aebc396e15499d" ver="2.1.7.2"
sz="71280" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</Process>
<Process ex="1" pid="1596" nam="Norton Ghost Start
(ghoststarttrayapp.exe)" pub="Symantec Corporation"
md5="b9217ecc6466e87010dda424bc7ed3d5" ver="2003.789"
sz="94208" is="0" gfp="">c:\program files\norton
systemworks\norton ghost\ghoststarttrayapp.exe</Process>
<Process ex="1" pid="1620" nam="Password Manager
Controller (acctmgr.exe)" pub="Symantec Corporation"
md5="26e56bf66c221deb4be4c88ee5e31c11" ver="2004.1.406"
sz="586896" is="0" gfp="">c:\program files\norton
systemworks\password manager\acctmgr.exe</Process>
<Process ex="1" pid="1764" nam="wpctrl.exe"
pub="Unavailable" md5="ba0312c4b70178044b28c0d5082be754"
ver="Unavailable" sz="558312" is="0" gfp="">c:\program
files\winportrait\wpctrl.exe</Process>
<Process ex="1" pid="1792" nam="PC-CAM Center Launcher
Application (camtray.exe)" pub="Creative Technology Ltd"
md5="282b566b02e46b037ed3d43433ab5449" ver="2.30.05"
sz="53248" is="0" gfp="">c:\program files\creative\pc-cam
center\camtray.exe</Process>
<Process ex="1" pid="1808" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="fc8fff9f2e3ebfb5b6ad8d91df6c0f23" ver="1.00.0614"
sz="473928" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="1836" nam="InCD (incd.exe)"
pub="Nero AG" md5="1d7587a2264e94a607bc75f21dd6818f"
ver="4, 3, 14, 1" sz="1383936" is="0" gfp="">c:\program
files\ahead\incd\incd.exe</Process>
<Process ex="1" pid="1724" nam="Logitech Events Handler
Application (em_exec.exe)" pub="Logitech Inc."
md5="7d325ec9b9b1589df12d0874700bc59e" ver="9.79.025"
sz="37888" is="0" gfp="">c:\program
files\logitech\mouseware\system\em_exec.exe</Process>
<Process ex="1" pid="1868" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft Corporation"
md5="644f843dadf77a1a85da19edd5a5fc07" ver="1.00.0614"
sz="756552" is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="1920" nam="iTouch Application
(itouch.exe)" pub="Logitech Inc."
md5="9aee9bcb32d82bcc36474eb921f3bb49" ver="2.22.289"
sz="892928" is="0" gfp="">c:\program
files\logitech\itouch\itouch.exe</Process>
<Process ex="1" pid="1992" nam="Java(TM) 2 Platform
Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc." md5="1f6573d67dd5dc06dd29ec7fcf81dc6f"
ver="5.0.20.9" sz="36975" is="0" gfp="">c:\program
files\java\jre1.5.0_02\bin\jusched.exe</Process>
<Process ex="1" pid="2108" nam="None (ubi62ksm.exe)"
pub="None" md5="07ee4d73ff5f9005fbe4fa0f1d386c97" ver="4,
0, 3, 2" sz="204288" is="0" gfp="">c:\winnt\system32
\ubi62ksm.exe</Process>
<Process ex="1" pid="1180" nam="Media Gateway
(mediagateway.exe)" pub="None"
md5="1042676fe7067bdf6b88d944f329fbcd" ver="1, 20, 0, 0"
sz="116224" is="0" gfp="">c:\program files\media
gateway\mediagateway.exe</Process>
<Process ex="1" pid="2240" nam="Device Detector
(devdetect.exe)" pub="ACD Systems, Ltd."
md5="f242af7a557b47bc26456994ad74dd16" ver="3,0,9,0"
sz="282624" is="0" gfp="">c:\program files\common
files\acd systems\en\devdetect.exe</Process>
<Process ex="1" pid="2184" nam="Run a DLL as an App
(rundll32.exe)" pub="Microsoft Corporation"
md5="1ed5274825cd1eebbe102b9ff7c9ec31" ver="5.00.2134.1"
sz="10000" is="0" gfp="">c:\winnt\system32
\rundll32.exe</Process>
<Process ex="1" pid="2136" nam="Cicero Loader
(ctfmon.exe)" pub="Microsoft Corporation"
md5="d36a33c21eeed5a6c1daecb7c80a1909" ver="1.00.2409.7
built by: Lab06_N" sz="8192" is="0"
gfp="">c:\winnt\system32\ctfmon.exe</Process>
<Process ex="1" pid="2116" nam="Copernic Desktop Search
(copernicdesktopsearch.exe)" pub="Copernic Technologies
Inc." md5="e297aba4526d515a6f1cb487a36685fe"
ver="1.5.0.644" sz="4689192" is="0" gfp="">c:\program
files\copernic desktop
search\copernicdesktopsearch.exe</Process>
<Process ex="1" pid="2104" nam="SMART PANEL
(espmain.exe)" pub="NewSoft"
md5="ba76338c29b6f7d4232963414dc54fe0" ver="1, 0, 0, 1"
sz="180224" is="0" gfp="">c:\program files\epson\epson
smart panel for scanner\espmain.exe</Process>
<Process ex="1" pid="1744" nam="NaturalColorLoad
(naturalcolorload.exe)" pub="None"
md5="c0c6c793f5b3b15647a80caafe0f123d" ver="2, 0, 1, 1"
sz="155715" is="0" gfp="">c:\program files\sec\natural
color\naturalcolorload.exe</Process>
<Process ex="1" pid="1728" nam="WinZip Executable
(wzqkpick.exe)" pub="WinZip Computing, Inc."
md5="67b2e7b6ae3b400d832f0456068ea83d" ver="1.0 (32-bit)"
sz="118784" is="0" gfp="">c:\program
files\winzip\wzqkpick.exe</Process>
<Process ex="1" pid="276" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="a77cffe35c39c693fcc7d5cf7709c3da"
ver="1.00.0614" sz="4598608" is="0" gfp="">c:\program
files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="2128" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="df81029e6477eddbc3623463df7a2b29"
ver="1.00.0614" sz="400200" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
<Process ex="1" pid="1404" nam="Internet Explorer
(iexplore.exe)" pub="Microsoft Corporation"
md5="eb9eaf627f705525d01de5fa07ea1818"
ver="6.00.2800.1106" sz="91136" is="0" gfp="">c:\program
files\internet explorer\iexplore.exe</Process>
<Process ex="1" pid="1496" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="df81029e6477eddbc3623463df7a2b29"
ver="1.00.0614" sz="400200" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>
All Spyware systems like AntiSpiware and and Ad-ware SE
find this code remove it .. but after restart/reboot it is
there again..
Help is very much appreciated..
Hanseat
<MSSSRT version="1.0.614" createdate="14/07/2005 21:45:43"
os="2000.2195" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk"
nam="Adobe Gamma Loader (adobe gamma loader.exe)"
pub="Adobe Systems, Inc."
md5="c2ff17734176cd15221c10044ef0ba1a" ver="1, 0, 0, 1"
sz="113664" is="0" gfp="">c:\program files\common
files\adobe\calibration\adobe gamma
loader.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Adobe Reader Speed
Launch.lnk" nam="Adobe Acrobat SpeedLauncher
(reader_sl.exe)" pub="Adobe Systems Incorporated"
md5="deb88aef013dd1eefb462d7cad642166" ver="7.0.0.0"
sz="29696" is="0" gfp="">c:\program files\adobe\acrobat 7.0
\reader\reader_sl.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\EPSON SMART PANEL for
Scanner.lnk" nam="SMART PANEL (espmain.exe)" pub="NewSoft"
md5="ba76338c29b6f7d4232963414dc54fe0" ver="1, 0, 0, 1"
sz="180224" is="0" gfp="">c:\program files\epson\epson
smart panel for scanner\espmain.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Logitech Desktop
Messenger.lnk" nam="LDM Configuration Application
(ldmconf.exe)" pub="Logitech"
md5="91291ca1490f952d977618544d540b87" ver="1.2.9"
sz="169472" is="0" gfp="">c:\program
files\logitech\desktop messenger\8876480
\program\ldmconf.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Microsoft Office.lnk"
nam="Microsoft Office XP component (osa.exe)"
pub="Microsoft Corporation"
md5="5bc65464354a9fd3beaa28e18839734a" ver="10.0.2609"
sz="83360" is="0" gfp="">c:\program files\microsoft
office\office10\osa.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk"
nam="NaturalColorLoad (naturalcolorload.exe)" pub="None"
md5="c0c6c793f5b3b15647a80caafe0f123d" ver="2, 0, 1, 1"
sz="155715" is="0" gfp="">c:\program files\sec\natural
color\naturalcolorload.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\Quicken Scheduled
Updates.lnk" nam="Quicken Background Agent (bagent.exe)"
pub="Intuit Inc." md5="a549f602f7f9fb66d9ea59203c892463"
ver="008.000.000.000" sz="57344" is="0" gfp="">c:\program
files\quicken\bagent.exe</StartupFile>
<StartupFile path="C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk"
nam="WinZip Executable (wzqkpick.exe)" pub="WinZip
Computing, Inc." md5="67b2e7b6ae3b400d832f0456068ea83d"
ver="1.0 (32-bit)" sz="118784" is="0" gfp="">c:\program
files\winzip\wzqkpick.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Synchronization Manager" dat="mobsync.exe /logon"
nam="Microsoft Synchronization Manager (mobsync.exe)"
pub="Microsoft Corporation"
md5="9b2f5b9e745deaaa57fb78329ed03061"
ver="5.00.2195.6627" sz="111376" is="0"
gfp="">c:\winnt\system32\mobsync.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="PMXInit" dat="C:\winnt\system32\pmxinit.exe"
nam="Card enumeration module (pmxinit.exe)"
pub="Imagination Technologies Ltd."
md5="7aa736e7384b81f46e1a89401f30a763" ver="5.13.01.4132-
3.05.01.0008" sz="720963" is="0" gfp="">c:\winnt\system32
\pmxinit.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SoundMan" dat="SOUNDMAN.EXE" nam="Avance Sound
Manager (soundman.exe)" pub="Avance Logic, Inc."
md5="04f314d0c39c32166cdbde1d20267313" ver="5.0"
sz="46592" is="0"
gfp="">c:\winnt\soundman.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="IntelliType" dat=""C:\Program Files\Microsoft
Hardware\Keyboard\type32.exe"" nam="Microsoft IntelliType
Pro (type32.exe)" pub="Microsoft Corporation"
md5="b5eca5948d7f8eaa00333231f33ea31a" ver="2.20.447.0"
sz="94208" is="0" gfp="">c:\program files\microsoft
hardware\keyboard\type32.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SymTray - Norton SystemWorks" dat="C:\Program
Files\Common Files\Symantec Shared\Symtray.exe SetReg"
nam="Norton SystemWorks SymTray (symtray.exe)"
pub="Symantec Corporation"
md5="c06a07c74e2bc59200bcd8c4c782292f" ver="2004.7.81"
sz="77824" is="0" gfp="">c:\program files\common
files\symantec shared\symtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ccApp" dat=""C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"" nam="Common Client User Session
(ccapp.exe)" pub="Symantec Corporation"
md5="5712b77158fbbb5ab5aebc396e15499d" ver="2.1.7.2"
sz="71280" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="GhostStartTrayApp" dat="C:\Program Files\Norton
SystemWorks\Norton Ghost\GhostStartTrayApp.exe"
nam="Norton Ghost Start (ghoststarttrayapp.exe)"
pub="Symantec Corporation"
md5="b9217ecc6466e87010dda424bc7ed3d5" ver="2003.789"
sz="94208" is="0" gfp="">c:\program files\norton
systemworks\norton
ghost\ghoststarttrayapp.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="AcctMgr" dat="C:\Program Files\Norton
SystemWorks\Password Manager\AcctMgr.exe /startup"
nam="Password Manager Controller (acctmgr.exe)"
pub="Symantec Corporation"
md5="26e56bf66c221deb4be4c88ee5e31c11" ver="2004.1.406"
sz="586896" is="0" gfp="">c:\program files\norton
systemworks\password
manager\acctmgr.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SmcService" dat="C:\PROGRA~1\Sygate\SSA\Smc.exe -
startgui" nam="Sygate Personal Firewall (smc.exe)"
pub="Sygate Technologies, Inc."
md5="6a8db23de8fc41a678ecb9fc0e1eb7e0" ver="4.02.00.878"
sz="1228800" is="0" gfp="">c:\progra~1
\sygate\ssa\smc.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SSC_UserPrompt" dat="C:\Program Files\Common
Files\Symantec Shared\Security Center\UsrPrmpt.exe"
nam="Norton Security Center Helper (usrprmpt.exe)"
pub="Symantec Corporation"
md5="b96c81be7b8d11710496787e5859d768" ver="2005.1.2.20"
sz="218240" is="0" gfp="">c:\program files\common
files\symantec shared\security
center\usrprmpt.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NvCplDaemon" dat="RUNDLL32.EXE C:\WINNT\system32
\NvCpl.dll,NvStartup" nam="NVIDIA Display Properties
Extension (nvcpl.dll)" pub="NVIDIA Corporation"
md5="aa8b1b6ad9e721e2f0dbbc7d95d32ea4" ver="6.14.10.5216"
sz="5058560" is="0" gfp="">c:\winnt\system32
\nvcpl.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="nwiz" dat="nwiz.exe /install" nam="NVIDIA nView
Wizard, Version 52.16 (nwiz.exe)" pub="NVIDIA Corporation"
md5="a4ae9ba1e10cb9f6c0949c4db91a1f72" ver="6.14.10.5216"
sz="741376" is="0" gfp="">c:\winnt\system32
\nwiz.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="" dat="" nam="" pub="" md5="" ver="" sz="" is="0"
gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NeroFilterCheck" dat="C:\winnt\system32
\NeroCheck.exe" nam="NeroCheck (nerocheck.exe)" pub="Ahead
Software Gmbh" md5="3e4c03cefad8de135263236b61a49c90"
ver="1, 0, 0, 2" sz="155648" is="0"
gfp="">c:\winnt\system32
\nerocheck.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Symantec NetDriver Monitor" dat="C:\PROGRA~1\SYMNET~1
\SNDMon.exe /Consumer" nam="Symantec Security Drivers
Install Monitor (sndmon.exe)" pub="Symantec Corporation"
md5="f9418981ee4d7e995d359833adab59d5" ver="5.5.1.6"
sz="100056" is="0" gfp="">c:\progra~1\symnet~1
\sndmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Creative WebCam Tray" dat="C:\Program
Files\Creative\PC-CAM Center\CAMTRAY.EXE" nam="PC-CAM
Center Launcher Application (camtray.exe)" pub="Creative
Technology Ltd" md5="282b566b02e46b037ed3d43433ab5449"
ver="2.30.05" sz="53248" is="0" gfp="">c:\program
files\creative\pc-cam
center\camtray.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="gcasServ" dat=""C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="fc8fff9f2e3ebfb5b6ad8d91df6c0f23" ver="1.00.0614"
sz="473928" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="InCD" dat="C:\Program Files\Ahead\InCD\InCD.exe"
nam="InCD (incd.exe)" pub="Nero AG"
md5="1d7587a2264e94a607bc75f21dd6818f" ver="4, 3, 14, 1"
sz="1383936" is="0" gfp="">c:\program
files\ahead\incd\incd.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Logitech Utility" dat="Logi_MwX.Exe" nam="Logitech
Launcher Application (logi_mwx.exe)" pub="Logitech Inc."
md5="34a14cd6b6e9c8bfbabeaf6eed5149bb" ver="9.79.024"
sz="19968" is="0"
gfp="">c:\winnt\logi_mwx.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="zBrowser Launcher" dat="C:\Program
Files\Logitech\iTouch\iTouch.exe" nam="iTouch Application
(itouch.exe)" pub="Logitech Inc."
md5="9aee9bcb32d82bcc36474eb921f3bb49" ver="2.22.289"
sz="892928" is="0" gfp="">c:\program
files\logitech\itouch\itouch.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="SunJavaUpdateSched" dat="C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe" nam="Java(TM) 2
Platform Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc." md5="1f6573d67dd5dc06dd29ec7fcf81dc6f"
ver="5.0.20.9" sz="36975" is="0" gfp="">c:\program
files\java\jre1.5.0_02
\bin\jusched.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="QD FastAndSafe" dat="" nam="" pub="" md5="" ver=""
sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ubi62ksm" dat="C:\winnt\system32\ubi62ksm.exe"
nam="None (ubi62ksm.exe)" pub="None"
md5="07ee4d73ff5f9005fbe4fa0f1d386c97" ver="4, 0, 3, 2"
sz="204288" is="0" gfp="">c:\winnt\system32
\ubi62ksm.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Media Gateway" dat="C:\Program Files\Media
Gateway\MediaGateway.exe" nam="Media Gateway
(mediagateway.exe)" pub="None"
md5="1042676fe7067bdf6b88d944f329fbcd" ver="1, 20, 0, 0"
sz="116224" is="0" gfp="">c:\program files\media
gateway\mediagateway.exe</StartupFileRegistry>
<StartupFileRegistry ex="0"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Device Detector" dat="DevDetect.exe -autorun" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<StartupFileRegistry ex="1"
path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
" val="SymTray - Norton SystemWorks" dat="C:\Program
Files\Common Files\Symantec Shared\Symtrdr.exeinnt\system32
\cmd.exeHOMEDRIVE=C:HOMEPA"
nam="(cmd.exehomedrive=c:homepa)" pub=""
md5="f5f42b1b235bc2174c17280cb91a36a6" ver="" sz="22016"
is="0" gfp="">c:\program files\common files\symantec
shared\symtrdr.exeinnt\system32
\cmd.exehomedrive=c:homepa</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="NvMediaCenter" dat="RUNDLL32.EXE C:\WINNT\system32
\NVMCTRAY.DLL,NvTaskbarInit" nam="NVIDIA Media Center
Library (nvmctray.dll)" pub="NVIDIA Corporation"
md5="e9cd7251ccc5318a45e5c908c4d35f22" ver="6.14.10.5216"
sz="49152" is="0" gfp="">c:\winnt\system32
\nvmctray.dll</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="ctfmon.exe" dat="ctfmon.exe" nam="Cicero Loader
(ctfmon.exe)" pub="Microsoft Corporation"
md5="d36a33c21eeed5a6c1daecb7c80a1909" ver="1.00.2409.7
built by: Lab06_N" sz="8192" is="0"
gfp="">c:\winnt\system32\ctfmon.exe</StartupFileRegistry>
<StartupFileRegistry ex="1"
path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
val="Copernic Desktop Search" dat=""C:\Program
Files\Copernic Desktop
Search\CopernicDesktopSearch.exe" /tray" nam="Copernic
Desktop Search (copernicdesktopsearch.exe)" pub="Copernic
Technologies Inc." md5="e297aba4526d515a6f1cb487a36685fe"
ver="1.5.0.644" sz="4689192" is="0" gfp="">c:\program
files\copernic desktop
search\copernicdesktopsearch.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon
Application (userinit.exe)" pub="Microsoft Corporation"
md5="bf179c5b8a722cc79aef1ca90d6c7d48"
ver="5.00.2195.6612" sz="17680" is="0"
gfp="">c:\winnt\system32
\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2800.1106">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{02478D38-C3F9-4efb-9B51-
7695ECA05670}" prog="YBIOCtrl.CompanionBHO.4" val="Yahoo!
Companion BHO" nam="Yahoo! Toolbar 5.5 for Internet
Explorer (ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</BHO>
<BHO ex="1" clsid="{06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3}" prog="AcroIEHelper.AcroIEHlprObj.1"
val="AcroIEHlprObj Class" nam="Adobe Acrobat IE Helper
Version 7.0 for ActiveX (acroiehelper.dll)" pub="Adobe
Systems Incorporated"
md5="42729c3de75a7a51fc6f9ef6546c9199"
ver="7.0.0.2004121400" sz="63136" is="0" gfp="">c:\program
files\adobe\acrobat 7.0\activex\acroiehelper.dll</BHO>
<BHO ex="1" clsid="{9394EDE7-C8B5-483E-8773-
474BF36AF6E4}" prog="" val="ST" nam="st (stmain.dll)"
pub="Microsoft Corporation"
md5="0da1349495955cb41a5899047c5a1267"
ver="01.02.3000.1001" sz="155648" is="0" gfp="">c:\program
files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll</BHO>
<BHO ex="1" clsid="{AA58ED58-01DD-4d91-8333-
CF10577473F7}" prog="" val="Google Toolbar Helper"
nam="Google IE Client Toolbar (googletoolbar1.dll)"
pub="Google Inc." md5="ef84f3c59a075b66ca3e99c654224004"
ver="2, 0, 114, 10" sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</BHO>
<BHO ex="1" clsid="{BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0}" prog="" val="MSNToolBandBHO" nam="MSN
Toolbar extension (msntb.dll)" pub="Microsoft Corporation"
md5="0deb8b7cad01ee86d1c4062e1b587c5a"
ver="01.02.3000.1001" sz="282624" is="0" gfp="">c:\program
files\msn apps\msn toolbar\01.02.3000.1001\en-
us\msntb.dll</BHO>
<BHO ex="1" clsid="{BDF3E430-B101-42AD-A544-
FADC6B084872}" prog="Navbho.CNavExtBho.1" val="CNavExtBho
Class" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="65c8a602dfa9d5860f1e328cb8575317" ver="10.00.13"
sz="103368" is="0" gfp="">c:\program files\norton
systemworks\norton antivirus\navshext.dll</BHO>
</BrowserHelperObjects>
- <IEToolbars>
<IEToolbar ex="1" clsid="{42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="65c8a602dfa9d5860f1e328cb8575317" ver="10.00.13"
sz="103368" is="0" gfp="">c:\program files\norton
systemworks\norton antivirus\navshext.dll</IEToolbar>
<IEToolbar ex="1" clsid="{BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0}" prog="" val="MSN" nam="MSN Toolbar
extension (msntb.dll)" pub="Microsoft Corporation"
md5="0deb8b7cad01ee86d1c4062e1b587c5a"
ver="01.02.3000.1001" sz="282624" is="0" gfp="">c:\program
files\msn apps\msn toolbar\01.02.3000.1001\en-
us\msntb.dll</IEToolbar>
<IEToolbar ex="1" clsid="{8E718888-423F-11D2-876E-
00A0C9082467}" prog="Mmedia.RadioBand.1" val="&Radio"
nam="msdxm.ocx" pub="Unavailable"
md5="755aa1f85e3788c3c287ffa03cf58627" ver="Unavailable"
sz="844560" is="0" gfp="">c:\winnt\system32
\msdxm.ocx</IEToolbar>
<IEToolbar ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</IEToolbar>
<IEToolbar ex="1" clsid="{2318C2B1-4965-11d4-9B18-
009027A5CD4F}" prog="" val="&Google" nam="Google IE Client
Toolbar (googletoolbar1.dll)" pub="Google Inc."
md5="ef84f3c59a075b66ca3e99c654224004" ver="2, 0, 114, 10"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</IEToolbar>
</IEToolbars>
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-
00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell
Doc Object and Control Library (shdocvw.dll)"
pub="Microsoft Corporation"
md5="0088ee8260df3b3584648b44779dee06" ver="6.00.2800.1658
(xpsp2.050427-1138)" sz="1338368" is="0"
gfp="">c:\winnt\system32\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{92A40B0A-740A-4A11-9DDB-
70460C6DA383}" prog="" val="Copernic Desktop Search"
nam="Copernic Desktop Search
(copernicdesktopsearchintegration644.dll)" pub="Copernic
Technologies Inc." md5="01d315999a1b11b19ad714157c81d562"
ver="1.5.0.644" sz="1126184" is="0" gfp="">c:\program
files\copernic desktop
search\copernicdesktopsearchintegration644.dll</IEExplorerB
ar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="1a0ec72677da744b60f45ac38e196b24" ver="6.00.2800.1622
(xpsp2.050218-1437)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-
00AA005B4383}" prog="" val="&Address" nam="Shell Browser
UI Library (browseui.dll)" pub="Microsoft Corporation"
md5="1a0ec72677da744b60f45ac38e196b24" ver="6.00.2800.1622
(xpsp2.050218-1437)" sz="1017856" is="0"
gfp="">c:\winnt\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="0" clsid="" prog="" val="" nam=""
pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{EF99BD32-C1FB-11D2-892F-
0090271D4F88}" prog="YBIOCtrl.YBIOCtrl.2" val="Yahoo!
Toolbar" nam="Yahoo! Toolbar 5.5 for Internet Explorer
(ycomp5_5_7_0.dll)" pub="Yahoo! Inc."
md5="15003f375140ffb2d2e0c5508857a2f1" ver="2004, 9, 28,
1" sz="292947" is="0" gfp="">c:\program files\yahoo!
\companion\installs\cpn\ycomp5_5_7_0.dll</IEWebBrowser>
<IEWebBrowser ex="1" clsid="{42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6}"
prog="Symantec.Norton.AntiVirus.IEToolBand.1" val="Norton
AntiVirus" nam="Norton AntiVirusNAVShellExt Module
(navshext.dll)" pub="Symantec Corporation"
md5="65c8a602dfa9d5860f1e328cb8575317" ver="10.00.13"
sz="103368" is="0" gfp="">c:\program files\norton
systemworks\norton antivirus\navshext.dll</IEWebBrowser>
<IEWebBrowser ex="1" clsid="{2318C2B1-4965-11D4-9B18-
009027A5CD4F}" prog="" val="&Google" nam="Google IE Client
Toolbar (googletoolbar1.dll)" pub="Google Inc."
md5="ef84f3c59a075b66ca3e99c654224004" ver="2, 0, 114, 10"
sz="720896" is="0" gfp="">c:\program
files\google\googletoolbar1.dll</IEWebBrowser>
</IEWebBrowsers>
- <IEMenuExts>
<IEMenuExt val="&Google Search">res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html</IEMenuExt>
<IEMenuExt val="Cached Snapshot of
Page">res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html</IEMenuExt>
<IEMenuExt val="E&xport to Microsoft
Excel">res://C:\PROGRA~1\MICROS~2\Office10
\EXCEL.EXE/3000</IEMenuExt>
<IEMenuExt val="Similar Pages">res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html</IEMenuExt>
<IEMenuExt val="Translate into English">res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html</IEMenuExt>
</IEMenuExts>
<IEURLSearchHooks />
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Start Page">http://www.msn.co.uk/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore
Local Page">C:\WINNT\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore
Search Bar">http://www.google.com/ie</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer
Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Start Page">http://www.msn.co.uk/</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search
Page">http://red.clientapps.yahoo.com/customize/ycomp/defau
lts/sp/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Page_URL">http://www.microsoft.com/isapi/redir.dll?
prd=ie&pver=6&ar=msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Local Page">C:\WINNT\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Search Bar">http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
Default_Search_URL">http://www.microsoft.com/isapi/redir.dl
l?prd=ie&ar=iesearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer
HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\Search SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search CustomizeSearch">http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\Search
SearchAssistant">http://www.google.com/ie</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/customi
ze/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet
Explorer\SearchUrl">http://red.clientapps.yahoo.com/customi
ze/ycomp/defaults/su/*http://www.yahoo.com</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.ht
m</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet
Explorer\AboutURLs
mozilla">res://mshtml.dll/about.moz</IEURL>
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-
00C04FD91972}" prog="" val="URL Exec Hook" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="22d55404ce4d7e040cbcb5693630c148"
ver="5.00.3900.7032" sz="2432784" is="0"
gfp="">C:\winnt\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-
04C8C1C67806}"
prog="Microsoft.AntiSpyware.ShellExecuteHook.1"
val="Microsoft.AntiSpyware.ShellExecuteHook.1"
nam="Microsoft AntiSpyware Shell Extension
(shellextension.dll)" pub="Microsoft Corporation"
md5="4b202fff9eb43fdc8d3290deaab7487e" ver="1.0.0614.10"
sz="101080" is="0" gfp="">c:\program files\microsoft
antispyware\shellextension.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htafile\shell\open\command">C:\WINNT\system32
\mshta.exe "%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%
1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%
SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mp3file\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:6 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mpegfile\shell\open\command">"C:\Program
Files\Windows Media
Player\wmplayer.exe" /prefetch:9 /Open "%
L"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~2
\Office10\OUTLOOK.EXE" -c IPM.Note /m "%
1"</ShellOpenCommand>
<ShellOpenCommand
val="HCR\htmlfile\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\http\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\https\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" -
nohome</ShellOpenCommand>
<ShellOpenCommand
val="HCR\ftp\shell\open\command">"C:\Program
Files\Internet Explorer\iexplore.exe" %
1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="DirectAnimation Java Classes"
prog="" nam=""
codebase="file://C:\WINNT\Java\classes\dajava.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="Microsoft XML Parser for Java"
prog="" nam=""
codebase="file://C:\WINNT\Java\classes\xmldso.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{02BCC737-B171-4746-94C9-
0D8A0B2C0089}" prog="Office.awsdc.1" nam="Microsoft Office
Template and Media Control"
codebase="http://office.microsoft.com/templates/ieawsdc.cab
">
- <Files>
<File ex="1" nam="IEAWSDC.DLL" pub="Unavailable"
md5="4a693868d8fa24258fe3800d94d7629e" ver="Unavailable"
sz="87240" is="0" gfp="">C:\WINNT\Downloaded Program
Files\IEAWSDC.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{1F2F4C9E-6F09-47BC-970D-
3C54734667FE}" prog="LSSupCtl.LSSupCtl.1" nam="LSSupCtl
Class" codebase="https://www-
secure.symantec.com/techsupp/asa/LSSupCtl.cab">
- <Files>
<File ex="1" nam="LiveSubscribe Components
(LSSupCtl.dll)" pub="Symantec Corporation"
md5="c8febea460aad5c1b6817f9676e03f78" ver="3.1.0.5"
sz="111752" is="0" gfp="">C:\WINNT\Downloaded Program
Files\LSSupCtl.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{2BC66F54-93A8-11D3-BEB6-
00105AA9B6AE}" prog="Symantec.NavSniff.1" nam="Symantec
AntiVirus scanner"
codebase="http://security.symantec.com/sscv6/SharedContent/
vc/bin/AvSniff.cab">
- <Files>
<File ex="1" nam="Symantec Engine Common Object Model
Loader (ecmldr32.dll)" pub="Symantec Corp."
md5="e8753779e5996465c7c50c8e988ced7b" ver="1.1.0.3"
sz="42160" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\ecmldr32.dll</File>
<File ex="1" nam="(navapi.vxd)" pub=""
md5="291f21e9e41b72bcfa0d73d97e1ca4f3" ver="" sz="6850"
is="0" gfp="">C:\WINNT\Downloaded Program
Files\navapi.vxd</File>
<File ex="1" nam="Symantec AntiVirus Engine API
(navapi32.dll)" pub="Symantec Corp."
md5="ca74a39806ecd04fd412eabcb70473c9" ver="4.2.0.8"
sz="201896" is="0" gfp="">C:\WINNT\Downloaded Program
Files\navapi32.dll</File>
<File ex="1" nam="TODO: <File description>
(avsniffdlgs.dll)" pub="TODO: <Company name>"
md5="5b5e285f25993169f5ad0c25e5c3c51c" ver="1.0.0.1"
sz="198256" is="0" gfp="">C:\WINNT\Downloaded Program
Files\avsniffdlgs.dll</File>
<File ex="1" nam="Symantec Security Check Virus
Detection Scan (avsniff.dll)" pub="Symantec Corporation"
md5="45dff1c7e50e01661e98288ef5289bc7"
ver="2004.12.14.055" sz="202352" is="0"
gfp="">C:\WINNT\Downloaded Program
Files\avsniff.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{30528230-99F7-4BB4-88D8-
FA1D4F56A2AB}" prog="YInstHelper.YInstStarter.1"
nam="YInstStarter Class"
codebase="http://us.dl1.yimg.com/download.yahoo.com/dl/inst
alls/yinst20040510.cab">
- <Files>
<File ex="1" nam="YInstHelper Module (yinsthelper.dll)"
pub="Yahoo! Inc." md5="508da8adf7be51c22d13d02845fb431e"
ver="2004, 6, 1, 1" sz="141312" is="0"
gfp="">C:\WINNT\Downloaded Program
Files\yinsthelper.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{32305793-C19A-48E7-AD2F-
D87FF7B264A4}"
prog="TENEBRILSPYWARESCANNER.TenebrilSpywareScannerCtrl.1"
nam="TenebrilSpywareScanner Control"
codebase="http://www.tenebril.com/scanner/TestScanner.ocx">
- <Files>
<File ex="1" nam="Tenebril Spyware Scanner ActiveX
Control Module (TestScanner.ocx)" pub="Tenebril Inc."
md5="9f9a1c774f6362b501f076a516326ce7" ver="1, 0, 1, 0"
sz="203400" is="0" gfp="">C:\WINNT\Downloaded Program
Files\TestScanner.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{3E68E405-C6DE-49FF-83AE-
41EE9F4C36CE}" prog="OPUCatalog.OPUCatalog11.1"
nam="Office Update Installation Engine"
codebase="http://office.microsoft.com/officeupdate/content/
opuc2.cab">
- <Files>
<File ex="1" nam="Microsoft Office Update Detection
Engine (opuc.dll)" pub="Microsoft Corporation"
md5="20393d64f69f26361a97fd9afb3c9243" ver="11.0.6466"
sz="326656" is="0" gfp="">C:\WINNT\opuc.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{4E62C4DE-627D-4604-B157-
4B7D6B09F02E}" prog="AccountTracking.ProfileManager.1"
nam="AccountTracking Profile Manager Class"
codebase="https://moneymanager.egg.com/Pinsafe/accounttrack
ing.cab">
- <Files>
<File ex="1" nam="AccountTracking Module
(accounttracking.dll)" pub="eWise Systems Pty Ltd"
md5="0b2b910088db6c781f4aa44bdee49311" ver="3,0,0,1"
sz="249936" is="0" gfp="">C:\WINNT\Downloaded Program
Files\accounttracking.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{6414512B-B978-451D-A0D8-
FCFDF33E833C}" prog="SoftwareDistribution.WebControl.1"
nam="WUWebControl Class"
codebase="http://update.microsoft.com/microsoftupdate/v6/V5
Controls/en/x86/client/wuweb_site.cab?1121014879890">
- <Files>
<File ex="1" nam="Windows Update Web Control
(wuweb.dll)" pub="Microsoft Corporation"
md5="c459f2d5e64c942f3f66e1cd7f1c4c00" ver="5.8.0.2469
built by: lab01_n(wmbla)" sz="173536" is="0"
gfp="">C:\winnt\system32\wuweb.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{644E432F-49D3-41A1-8DD5-
E099162EEEC5}" prog="RuFSI.SymUtility.1" nam="Symantec
RuFSI Utility Class"
codebase="http://security.symantec.com/sscv6/SharedContent/
common/bin/cabsa.cab">
- <Files>
<File ex="1" nam="Symantec Security Check Registry and
File Information control (rufsi.dll)" pub="Symantec
Corporation" md5="853f88ccff543f75bdd10e4064c1d6a0"
ver="2004.06.23.042" sz="161432" is="0"
gfp="">C:\WINNT\Downloaded Program Files\rufsi.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{6E32070A-766D-4EE6-879C-
DC1FA91D2FC3}"
prog="SoftwareDistribution.MicrosoftUpdateWebControl.1"
nam="MUWebControl Class"
codebase="http://update.microsoft.com/microsoftupdate/v6/V5
Controls/en/x86/client/muweb_site.cab?1121014867671">
- <Files>
<File ex="1" nam="Microsoft Update Web Control
(muweb.dll)" pub="Microsoft Corporation"
md5="ee37aa2c0700221cd8b02fadcd4c7fb5" ver="5.8.0.2469
built by: lab01_n(wmbla)" sz="178408" is="0"
gfp="">C:\winnt\system32\muweb.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{8AD9C840-044E-11D1-B3E9-
00805F499D93}" prog="" nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-
1_5_0_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{9F1C11AA-197B-4942-BA54-
47A8489BB47F}" prog="" nam=""
codebase="http://v4.windowsupdate.microsoft.com/CAB/x86/uni
code/iuctl.CAB?38226.042662037">
- <Files>
<File ex="1" nam="Windows Update Control Engine
(iuengine.dll)" pub="Microsoft Corporation"
md5="57711736ecc25a00785a1b75c7b20459" ver="5.8.0.2469
built by: lab01_n(wmbla)" sz="198424" is="0"
gfp="">C:\WINNT\System32\iuengine.dll</File>
<File ex="1" nam="Windows Update Client Control
(iuctl.dll)" pub="Microsoft Corporation"
md5="ac9e42250d6e5236b6003a0ebc88de3b" ver="5.4.3790.20
built by: lab04_n" sz="115480" is="0"
gfp="">C:\WINNT\System32\iuctl.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{B38870E4-7ECB-40DA-8C6A-
595F0A5519FF}"
prog="MsnMessengerSetupDownloader.MsnMessen.1"
nam="MsnMessengerSetupDownloadControl Class"
codebase="http://messenger.msn.com/download/msnmessengerset
updownloader.cab">
- <Files>
<File ex="1" nam="Setup downloader for Msn Messenger
(MsnMessengerSetupDownloader.ocx)" pub="Microsoft
Corporation" md5="92d24b6643919005213f60d5b537196a"
ver="1.0.0.2" sz="113152" is="0"
gfp="">C:\WINNT\Downloaded Program
Files\MsnMessengerSetupDownloader.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0014-0001-0002-
ABCDEFFEDCBA}" prog="" nam="Java Plug-in 1.4.1_02"
codebase="http://java.sun.com/products/plugin/1.4/jinstall-
14_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CAFEEFAC-0015-0000-0002-
ABCDEFFEDCBA}" prog="" nam="Java Plug-in 1.5.0_02"
codebase="http://java.sun.com/update/1.5.0/jinstall-
1_5_0_02-windows-i586.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{CE28D5D2-60CF-4C7D-9FE8-
0F47A3308078}" prog="SymAData.ActiveDataInfo.1"
nam="ActiveDataInfo Class" codebase="https://www-
secure.symantec.com/techsupp/asa/ctrl/SymAData.cab">
- <Files>
<File ex="1" nam="SymAData Module (SymAData.dll)"
pub="None" md5="7f8785d76b7f7a79c96e50168daf498e" ver="2,
0, 0, 3" sz="161400" is="0" gfp="">C:\WINNT\Downloaded
Program Files\SymAData.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-
444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1"
nam="Shockwave Flash Object"
codebase="http://fpdownload.macromedia.com/pub/shockwave/ca
bs/flash/swflash.cab">
<Files />
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/octet-stream" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="8c54138d0271ed4e9c16d8534ff707e4" ver="1.1.4322.2032"
sz="155648" is="0" gfp="">c:\winnt\system32
\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-complus" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="8c54138d0271ed4e9c16d8534ff707e4" ver="1.1.4322.2032"
sz="155648" is="0" gfp="">c:\winnt\system32
\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-
00C04F79ED0D}" prog="CorRegistration.CorFltr.1"
filter="application/x-msdownload" val="{1E66F26B-79EE-11D2-
8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution
Engine (mscoree.dll)" pub="Microsoft Corporation"
md5="8c54138d0271ed4e9c16d8534ff707e4" ver="1.1.4322.2032"
sz="155648" is="0" gfp="">c:\winnt\system32
\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-
00AA00B92AF1}" prog="" filter="Class Install Handler"
val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32
Extensions for Win32 (urlmon.dll)" pub="Microsoft
Corporation" md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="deflate" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-
11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-
006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-
b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for
Win32 (urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-
00A0C90312E1}" prog="" filter="text/webviewhtml"
val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows
Shell Common Dll (shell32.dll)" pub="Microsoft
Corporation" md5="22d55404ce4d7e040cbcb5693630c148"
ver="5.00.3900.7032" sz="2432784" is="0"
gfp="">c:\winnt\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="about" val="{3050F406-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-
00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-7b8b-
11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CD00020A-8B95-11D1-82DB-
00C04FB1625D}" prog="CDO.KnowledgePluggable.1"
filter="cdo" val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
nam="Microsoft SharePoint Portal Server Object Model
(pkmcdo.dll)" pub="Microsoft Corporation"
md5="623d03d48a2da1bc03764d6d7fc88542" ver="10.145.7329.0"
sz="868352" is="0" gfp="">c:\program files\common
files\microsoft shared\web
folders\pkmcdo.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="file" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="gopher" val="{79eac9e4-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="http" val="{79eac9e2-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="https" val="{79eac9e5-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="f4e80cd6f8ae4520c066214a2364b9c2" ver="5.2.3790.309
(srv03_gdr.050413-1540)" sz="128000" is="0"
gfp="">c:\winnt\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="javascript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="local" val="{79eac9e7-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="mailto" val="{3050f3DA-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-
00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-BCBC-
11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet Messaging
API (inetcomm.dll)" pub="Microsoft Corporation"
md5="4dcb8bf0eaeb6308b1811d19d0f8c81f"
ver="6.00.2800.1506" sz="596480" is="0"
gfp="">c:\winnt\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-
00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-baf9-
11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32
(urlmon.dll)" pub="Microsoft Corporation"
md5="84354a556ecb2273cecc1e11251e1cae"
ver="6.00.2800.1485" sz="495104" is="0"
gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-
0000F80149F6}" prog="MSITFS1.0" filter="ms-its"
val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="f4e80cd6f8ae4520c066214a2364b9c2" ver="5.2.3790.309
(srv03_gdr.050413-1540)" sz="128000" is="0"
gfp="">c:\winnt\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{0A9007C0-4076-11D3-8789-
0000F8105754}" prog="Microsoft.ITSS.URLProtocol"
filter="ms-itss" val="{0A9007C0-4076-11D3-8789-
0000F8105754}" nam="Microsoft InfoTech Storage System
Library (msitss.dll)" pub="Microsoft Corporation"
md5="bb67c719ccdaf8b442cc194a429079bb" ver="5.40.0358.1"
sz="217088" is="0" gfp="">c:\program files\common
files\microsoft shared\information
retrieval\msitss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3D9F03FA-7A94-11D3-BE81-
0050048385D1}" prog="" filter="mso-offdap" val="{3D9F03FA-
7A94-11D3-BE81-0050048385D1}" nam="Microsoft Office XP Web
Components (owc10.dll)" pub="Microsoft Corporation"
md5="9211fe0255a62db0a51c94acfcf5670b" ver="10.0.6619"
sz="7334592" is="0" gfp="">c:\progra~1\common~1\micros~1
\webcom~1\10\owc10.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-98B5-
11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML Viewer
(mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-
006008059382}" prog="" filter="sysimage" val="{76E67A63-
06E9-11D2-A840-006008059382}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-
00AA00BDCE0B}" prog="" filter="vbscript" val="{3050F3B2-
98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft (R) HTML
Viewer (mshtml.dll)" pub="Microsoft Corporation"
md5="08f0b01556eee4c5f783e919abe6dad5"
ver="6.00.2800.1505" sz="2698752" is="0"
gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020}" prog="Mmedia.AsyncPProt.1"
filter="vnd.ms.radio" val="{3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020}" nam="msdxm.ocx" pub="Unavailable"
md5="755aa1f85e3788c3c287ffa03cf58627" ver="Unavailable"
sz="844560" is="0" gfp="">c:\winnt\system32
\msdxm.ocx</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-
11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk"
namespacefilter="NameSpace Filter for MKMSITStore:..."
val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
nam="Microsoft InfoTech Storage System Library (itss.dll)"
pub="Microsoft Corporation"
md5="f4e80cd6f8ae4520c066214a2364b9c2" ver="5.2.3790.309
(srv03_gdr.050413-1540)" sz="128000" is="0"
gfp="">c:\winnt\system32
\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32
\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0
(compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain
Count">0</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UseMyStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
<IESetting val="UserStylesheet"
set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7007ACCF-
3202-11D1-AAD2-00805FC1270E}" prog=""
val="Network.ConnectionTray" nam="Network Connections
Shell (netshell.dll)" pub="Microsoft Corporation"
md5="fc1783b19a718444de5f6fe5c9143079"
ver="5.00.2195.6604" sz="477456" is="0"
gfp="">c:\winnt\system32
\netshell.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-
DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck"
nam="Web Site Monitor (webcheck.dll)" pub="Microsoft
Corporation" md5="f2786dc35401fceb401a0f5810e22ab6"
ver="6.00.2800.1106" sz="258048" is="0"
gfp="">c:\winnt\system32
\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-
2BE6-11D2-8773-92E220524153}" prog="" val="SysTray"
nam="Systray shell service object (stobject.dll)"
pub="Microsoft Corporation"
md5="34660338069fd5665b921ecffc96e0ce"
ver="5.00.2195.6601" sz="81168" is="0"
gfp="">C:\winnt\system32
\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Adobe Active File Monitor"
desc="Tracks files that are managed by Adobe Photoshop
Album" nam="(PhotoshopElementsFileAgent.exe)" pub=""
md5="e42f7b36b4d8866184e8df9776ca4226" ver="" sz="98304"
is="0" gfp="">C:\Program Files\Adobe\Photoshop Elements 3.0
\PhotoshopElementsFileAgent.exe</Service>
<Service ex="1" disp="Alerter" desc="Notifies selected
users and computers of administrative alerts."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Application Management"
desc="Provides software installation services such as
Assign, Publish, and Remove." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="ASP.NET State Service"
desc="Provides support for out-of-process session states
for ASP.NET. If this service is stopped, out-of-process
requests will not be processed. If this service is
disabled, any services that explicitly depend on it will
fail to start." nam="aspnet_state.exe (aspnet_state.exe)"
pub="Microsoft Corporation"
md5="e1a1206a4fb19b675e947b29ccd25fba" ver="1.1.4322.2032"
sz="32768" is="0"
gfp="">C:\winnt\Microsoft.NET\Framework\v1.1.4322
\aspnet_state.exe</Service>
<Service ex="1" disp="Computer Browser" desc="Maintains
an up-to-date list of computers on your network and
supplies the list to programs that request it."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Symantec Event Manager"
desc="Symantec Event Manager" nam="Common Client Event
Manager Service (ccEvtMgr.exe)" pub="Symantec Corporation"
md5="620cc860890d50fd18d5d9508c5551b2" ver="2.1.7.2"
sz="255600" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe</Service>
<Service ex="1" disp="Symantec Password Validation"
desc="Symantec Password Validation Service" nam="Common
Client Password Validation (ccPwdSvc.exe)" pub="Symantec
Corporation" md5="2ae05429a4ebcfb28a19896cb9fe86b7"
ver="2.1.7.2" sz="87664" is="0" gfp="">C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe</Service>
<Service ex="1" disp="Symantec Settings Manager"
desc="Symantec Settings Manager" nam="Common Client
Settings Manager Service (ccSetMgr.exe)" pub="Symantec
Corporation" md5="cdab825c28154669ab35ea731b8e452b"
ver="2.1.7.2" sz="235120" is="0" gfp="">C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe</Service>
<Service ex="1" disp="Indexing Service" desc=""
nam="Content Index service (cisvc.exe)" pub="Microsoft
Corporation" md5="2830a2c82270f387265dfa658656eb99"
ver="5.00.2134.1" sz="5392" is="0" gfp="">C:\WINNT\System32
\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Supports ClipBook
Viewer, which allows pages to be seen by remote
ClipBooks." nam="Windows NT DDE Server (clipsrv.exe)"
pub="Microsoft Corporation"
md5="804212b6b82354cf4f0c2d567575688a" ver="5.00.2134.1"
sz="31504" is="0" gfp="">C:\winnt\system32
\clipsrv.exe</Service>
<Service ex="1" disp="DHCP Client" desc="Manages network
configuration by registering and updating IP addresses and
DNS names." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Logical Disk Manager
Administrative Service" desc="Administrative service for
disk management requests" nam="Logical Disk Manager
service process (dmadmin.exe)" pub="VERITAS Software
Corp." md5="7b080c0ac30884e981221342da197c1e"
ver="2195.6624.297.3" sz="147728" is="0"
gfp="">C:\winnt\System32\dmadmin.exe</Service>
<Service ex="1" disp="Logical Disk Manager"
desc="Logical Disk Manager Watchdog Service" nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="DNS Client" desc="Resolves and
caches Domain Name System (DNS) names." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Event Log" desc="Logs event
messages issued by programs and Windows. Event Log reports
contain information that can be useful in diagnosing
problems. Reports are viewed in Event Viewer."
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="Fax Service" desc="Helps you send
and receive faxes" nam="Fax Service (faxsvc.exe)"
pub="Microsoft Corporation"
md5="c63946c8124a58a6c86efb0ebec7ccf9"
ver="5.00.2195.6612" sz="94992" is="0"
gfp="">C:\winnt\system32\faxsvc.exe</Service>
<Service ex="1" disp="GhostStartService"
desc="Background service to allow Norton Ghost to perform
priviledged operations" nam="Norton Ghost Start
(GHOSTS~2.EXE)" pub="Symantec Corporation"
md5="bd98f4d6ccaa81f422316b587c7da8c1" ver="2003.789"
sz="200704" is="0" gfp="">C:\PROGRA~1\NORTON~1\NORTON~4
\GHOSTS~2.EXE</Service>
<Service ex="1" disp="InCD Helper" desc="Helper service
for the InCD filesystem driver" nam="incdsrv
(InCDsrv.exe)" pub="Nero AG"
md5="e30aa40b2fcdb0b8818c4521de7e2cdc" ver="4, 3, 14, 1"
sz="869376" is="0" gfp="">C:\Program
Files\Ahead\InCD\InCDsrv.exe</Service>
<Service ex="1" disp="Server" desc="Provides RPC support
and file, print, and named pipe sharing." nam="Services
and Controller app (services.exe)" pub="Microsoft
Corporation" md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Workstation" desc="Provides
network connections and communications." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="TCP/IP NetBIOS Helper Service"
desc="Enables support for NetBIOS over TCP/IP (NetBT)
service and NetBIOS name resolution." nam="Services and
Controller app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Messenger" desc="Sends and
receives messages transmitted by administrators or by the
Alerter service." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing"
desc="Allows authorized people to remotely access your
Windows desktop using NetMeeting." nam="NetMeeting Remote
Desktop Sharing (mnmsrvc.exe)" pub="Microsoft Corporation"
md5="eeee63b92ca888ac9fb3d13581751ec2" ver="4.4.3385"
sz="21776" is="0" gfp="">C:\WINNT\System32
\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction
Coordinator" desc="Coordinates transactions that are
distributed across two or more databases, message queues,
file systems, or other transaction protected resource
managers." nam="MS DTC console program (msdtc.exe)"
pub="Microsoft Corporation"
md5="edc54e17cdf1811a472d518a82182449" ver="1999.9.3421.3"
sz="6928" is="0" gfp="">C:\WINNT\System32
\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Installs,
repairs and removes software according to instructions
contained in .MSI files." nam="Windows installer
(msiexec.exe)" pub="Microsoft Corporation"
md5="f5f0146580e7023adb963879840777f8" ver="3.1.4000.1823"
sz="78848" is="0" gfp="">C:\winnt\system32
\msiexec.exe</Service>
<Service ex="1" disp="Norton AntiVirus Auto Protect
Service" desc="Handles Norton AntiVirus Auto-Protect
events." nam="Norton AntiVirus Auto-Protect Service
(navapsvc.exe)" pub="Symantec Corporation"
md5="106188ee7fce8c769defec27c1edb67c" ver="10.00.2"
sz="158848" is="0" gfp="">C:\Program Files\Norton
SystemWorks\Norton Antivirus\navapsvc.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides
network transport and security for dynamic data exchange
(DDE)." nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="f9b001cb9573d32433e051ec9f4ff203"
ver="5.00.2195.6958" sz="110352" is="0"
gfp="">C:\winnt\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages
shared dynamic data exchange and is used by Network DDE"
nam="Network DDE - DDE Communication (netdde.exe)"
pub="Microsoft Corporation"
md5="f9b001cb9573d32433e051ec9f4ff203"
ver="5.00.2195.6958" sz="110352" is="0"
gfp="">C:\winnt\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-
through authentication of account logon events for
computers in a domain." nam="LSA Executable and Server DLL
(lsass.exe)" pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">C:\winnt\System32\lsass.exe</Service>
<Service ex="1" disp="Norton Unerase Protection" desc=""
nam="Norton Protection Status (NPROTECT.EXE)"
pub="Symantec Corporation"
md5="360f93496fd1664b6e2d318d3e76882a" ver="17.0.0.82"
sz="81920" is="0" gfp="">C:\PROGRA~1\NORTON~1\NORTON~2
\NPROTECT.EXE</Service>
<Service ex="1" disp="NT LM Security Support Provider"
desc="Provides security to remote procedure call (RPC)
programs that use transports other than named pipes."
nam="LSA Executable and Server DLL (lsass.exe)"
pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">C:\winnt\System32\lsass.exe</Service>
<Service ex="1" disp="NVIDIA Display Driver Service"
desc="Provides system and desktop level support to the
NVIDIA display driver" nam="NVIDIA Driver Helper Service,
Version 52.16 (nvsvc32.exe)" pub="NVIDIA Corporation"
md5="5ed834603c36414b579979b3a9c90f54" ver="6.14.10.5216"
sz="81920" is="0" gfp="">C:\winnt\system32
\nvsvc32.exe</Service>
<Service ex="1" disp="Photoshop Elements Device Connect"
desc="Photoshop Elements Organizer launch utility on
device arrival."
nam="(PhotoshopElementsDeviceConnect.exe)" pub=""
md5="d0f9f362023bf94cf58a1c3cdbbebe06" ver="" sz="118784"
is="0" gfp="">C:\Program Files\Adobe\Photoshop Elements 3.0
\PhotoshopElementsDeviceConnect.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Manages
device installation and configuration and notifies
programs of device changes." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="IPSEC Policy Agent" desc="Manages
IP security policy and starts the ISAKMP/Oakley (IKE) and
the IP security driver." nam="LSA Executable and Server
DLL (lsass.exe)" pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">C:\winnt\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides
protected storage for sensitive data, such as private
keys, to prevent access by unauthorized services,
processes, or users." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="Remote Registry Service"
desc="Allows remote registry manipulation." nam="Remote
Registry Service (regsvc.exe)" pub="Microsoft Corporation"
md5="250c4ce389783fa2398e3afa4317008c"
ver="5.00.2195.6701" sz="68368" is="0"
gfp="">C:\winnt\system32\regsvc.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC)
Locator" desc="Manages the RPC name service database."
nam="Rpc Locator (locator.exe)" pub="Microsoft
Corporation" md5="ad57e33f4f7f404d9aba97e8b33fa21b"
ver="5.00.2195.6619" sz="72464" is="0"
gfp="">C:\winnt\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network
signaling and local traffic control setup functionality
for QoS-aware programs and control applets."
nam="Microsoft RSVP 1.0 (rsvp.exe)" pub="Microsoft
Corporation" md5="2a21bddb1ba9b5cd776949380ab46a76"
ver="5.00.2195.6663" sz="176912" is="0"
gfp="">C:\winnt\System32\rsvp.exe</Service>
<Service ex="1" disp="Security Accounts Manager"
desc="Stores security information for local user
accounts." nam="LSA Executable and Server DLL (lsass.exe)"
pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">C:\winnt\system32\lsass.exe</Service>
<Service ex="1" disp="SAVScan" desc="Handles Norton
AntiVirus Auto-Protect Archive Scanning" nam="Symantec
AntiVirus Scanner (SAVScan.exe)" pub="Symantec
Corporation" md5="de337e8649e1970c5663999457a9352f" ver=""
sz="194272" is="0" gfp="">C:\Program Files\Norton
SystemWorks\Norton Antivirus\SAVScan.exe</Service>
<Service ex="1" disp="ScriptBlocking Service" desc=""
nam="ScriptBlocking registration (SBServ.exe)"
pub="Symantec Corporation"
md5="928627472adbd58bb72d5bb9cb1448f6" ver="1, 1, 1, 131"
sz="66784" is="0" gfp="">C:\PROGRA~1\COMMON~1\SYMANT~1
\SCRIPT~1\SBServ.exe</Service>
<Service ex="1" disp="Smart Card Helper" desc="Provides
support for legacy smart card readers attached to the
computer." nam="Smart Card Resource Management Server
(SCardSvr.exe)" pub="Microsoft Corporation"
md5="13c381e66cda8d4d80e84bf18307551f"
ver="5.00.2195.6609" sz="100112" is="0"
gfp="">C:\winnt\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages and
controls access to a smart card inserted into a smart card
reader attached to the computer." nam="Smart Card Resource
Management Server (SCardSvr.exe)" pub="Microsoft
Corporation" md5="13c381e66cda8d4d80e84bf18307551f"
ver="5.00.2195.6609" sz="100112" is="0"
gfp="">C:\winnt\System32\SCardSvr.exe</Service>
<Service ex="1" disp="Task Scheduler" desc="Enables a
program to run at a designated time." nam="Task Scheduler
Engine (MSTask.exe)" pub="Microsoft Corporation"
md5="b00529eae5d0ce97010b69cc677128c8"
ver="4.71.2195.6972" sz="122128" is="0"
gfp="">C:\winnt\system32\MSTask.exe</Service>
<Service ex="1" disp="ScsiAccess" desc=""
nam="(ScsiAccess.exe)" pub=""
md5="54196cdac7e1d81d71c652e100b99e77" ver="" sz="181312"
is="0" gfp="">C:\Program
Files\Photodex\ProShowGold\ScsiAccess.exe</Service>
<Service ex="1" disp="RunAs Service" desc="Enables
starting processes under alternate credentials"
nam="Services and Controller app (services.exe)"
pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="Sygate Security Agent" desc=""
nam="Sygate Personal Firewall (Smc.exe)" pub="Sygate
Technologies, Inc." md5="6a8db23de8fc41a678ecb9fc0e1eb7e0"
ver="4.02.00.878" sz="1228800" is="0" gfp="">C:\Program
Files\Sygate\SSA\Smc.exe</Service>
<Service ex="1" disp="Symantec Network Drivers Service"
desc="Symantec Network Drivers Service" nam="Network
Driver Service (SNDSrvc.exe)" pub="Symantec Corporation"
md5="443e397643965e08c5ab6a6caa732b97" ver="5.5.1.6"
sz="206552" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe</Service>
<Service ex="1" disp="Speed Disk service" desc=""
nam="NOPDB (NOPDB.EXE)" pub="Symantec Corporation"
md5="5e71d2342b963e61f99b19cb2e462c63" ver="7.00.0.24"
sz="176193" is="0" gfp="">C:\PROGRA~1\NORTON~1\NORTON~2
\SPEEDD~1\NOPDB.EXE</Service>
<Service ex="1" disp="Print Spooler" desc="Loads files
to memory for later printing." nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="1f124b89aa469671821115a39c0fbd27"
ver="5.00.2195.7013" sz="48400" is="0"
gfp="">C:\winnt\system32\spoolsv.exe</Service>
<Service ex="1" disp="Still Image Service" desc=""
nam="Still Image Devices Monitor (stisvc.exe)"
pub="Microsoft Corporation"
md5="b75235626b950ff821146555c612f814"
ver="5.00.2195.6656" sz="61712" is="0"
gfp="">C:\winnt\system32\stisvc.exe</Service>
<Service ex="1" disp="Symantec Core LC" desc="Symantec
Core LC" nam="Symantec Core Component (symlcsvc.exe)"
pub="Symantec Corporation"
md5="94d3c8257776019a7a96af69f62ba509" ver="1, 8, 48, 79"
sz="585728" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe</Service>
<Service ex="1" disp="SymWMI Service" desc="Symantec WMI
Service" nam="Norton Security Center Service (SymWSC.exe)"
pub="Symantec Corporation"
md5="67c5af84809468061121fbcbecb19285" ver="2005.1.2.20"
sz="316544" is="0" gfp="">C:\Program Files\Common
Files\Symantec Shared\Security Center\SymWSC.exe</Service>
<Service ex="1" disp="Performance Logs and Alerts"
desc="Configures performance logs and alerts."
nam="Performance Logs and Alerts Service (smlogsvc.exe)"
pub="Microsoft Corporation"
md5="f4f35fe5f46262d45491822d8a66bf62"
ver="5.00.2195.6608" sz="85776" is="0"
gfp="">C:\winnt\system32\smlogsvc.exe</Service>
<Service ex="1" disp="Telnet" desc="Allows a remote user
to log on to the system and run console programs using the
command line." nam="Microsoft Telnet Service
(tlntsvr.exe)" pub="Microsoft Corporation"
md5="fa57d2175f4978e2f32cb1b02781d76a" ver="5.00.99206.1"
sz="186128" is="0" gfp="">C:\winnt\system32
\tlntsvr.exe</Service>
<Service ex="1" disp="Distributed Link Tracking Client"
desc="Sends notifications of files moving between NTFS
volumes in a network domain." nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\services.exe</Service>
<Service ex="1" disp="Uninterruptible Power Supply"
desc="Manages an uninterruptible power supply (UPS)
connected to the computer." nam="UPS Service (ups.exe)"
pub="Microsoft Corporation"
md5="222a997aa4c7f7a2b3453b556afa4406" ver="5.00.2158.1"
sz="17680" is="0" gfp="">C:\winnt\System32
\ups.exe</Service>
<Service ex="1" disp="Utility Manager" desc="Starts and
configures accessibility tools from one window"
nam="UtilMan EXE (UtilMan.exe)" pub="Microsoft
Corporation" md5="7a960f1e9a0b2f7d14f1d0eddd74375c"
ver="1, 0, 0, 3" sz="22800" is="0" gfp="">C:\winnt\System32
\UtilMan.exe</Service>
<Service ex="1" disp="Windows Time" desc="Sets the
computer clock." nam="Services and Controller app
(services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\System32\services.exe</Service>
<Service ex="1" disp="Windows Management
Instrumentation" desc="Provides system management
information." nam="Windows Management Instrumentation
(WinMgmt.exe)" pub="Microsoft Corporation"
md5="05b2001e1bc653fd6091e741b46f71b4"
ver="1.50.1085.0100" sz="196706" is="0"
gfp="">C:\winnt\System32\WBEM\WinMgmt.exe</Service>
<Service ex="1" disp="WLTRYSVC" desc=""
nam="(WLTRYSVC.EXE)" pub=""
md5="516158ce60a5eeb8669fd117cec943a5" ver="" sz="45056"
is="0" gfp="">C:\winnt\System32\WLTRYSVC.EXE</Service>
<Service ex="1" disp="Windows Management Instrumentation
Driver Extensions" desc="Provides systems management
information to and from drivers." nam="Services and
Controller app (Services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">C:\winnt\system32\Services.exe</Service>
</Services>
</SystemAudit>
- <ProcessesAudit>
- <Processes>
<Process ex="1" pid="160" nam="Windows NT Session
Manager (smss.exe)" pub="Microsoft Corporation"
md5="f07c69367770a1c129a22f9158afaa2b"
ver="5.00.2195.6601" sz="45840" is="0"
gfp="">c:\winnt\system32\smss.exe</Process>
<Process ex="1" pid="188" nam="Client Server Runtime
Process (csrss.exe)" pub="Microsoft Corporation"
md5="6533392c5af4bf5c7ff12e453dd59ae5"
ver="5.00.2195.6601" sz="5392" is="0"
gfp="">C:\winnt\system32\csrss.exe</Process>
<Process ex="1" pid="184" nam="Windows NT Logon
Application (winlogon.exe)" pub="Microsoft Corporation"
md5="bb1daf6a5737652646d52665251a0265"
ver="5.00.2195.6997" sz="186640" is="0"
gfp="">c:\winnt\system32\winlogon.exe</Process>
<Process ex="1" pid="236" nam="Services and Controller
app (services.exe)" pub="Microsoft Corporation"
md5="b861b4e6e9637eb76a40c10c552e0229"
ver="5.00.2195.7035" sz="92944" is="0"
gfp="">c:\winnt\system32\services.exe</Process>
<Process ex="1" pid="248" nam="LSA Executable and Server
DLL (lsass.exe)" pub="Microsoft Corporation"
md5="f19d0a319ab4bf5496f08807cb9b8651"
ver="5.00.2195.7011" sz="33552" is="0"
gfp="">c:\winnt\system32\lsass.exe</Process>
<Process ex="1" pid="500" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe</Process>
<Process ex="1" pid="532" nam="Spooler SubSystem App
(spoolsv.exe)" pub="Microsoft Corporation"
md5="1f124b89aa469671821115a39c0fbd27"
ver="5.00.2195.7013" sz="48400" is="0"
gfp="">c:\winnt\system32\spoolsv.exe</Process>
<Process ex="1" pid="560"
nam="(photoshopelementsfileagent.exe)" pub=""
md5="e42f7b36b4d8866184e8df9776ca4226" ver="" sz="98304"
is="0" gfp="">c:\program files\adobe\photoshop elements 3.0
\photoshopelementsfileagent.exe</Process>
<Process ex="1" pid="588" nam="Common Client Settings
Manager Service (ccsetmgr.exe)" pub="Symantec Corporation"
md5="cdab825c28154669ab35ea731b8e452b" ver="2.1.7.2"
sz="235120" is="0" gfp="">c:\program files\common
files\symantec shared\ccsetmgr.exe</Process>
<Process ex="1" pid="604" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe</Process>
<Process ex="1" pid="620" nam="Norton Ghost Start
(ghosts~2.exe)" pub="Symantec Corporation"
md5="bd98f4d6ccaa81f422316b587c7da8c1" ver="2003.789"
sz="200704" is="0" gfp="">c:\progra~1\norton~1\norton~4
\ghosts~2.exe</Process>
<Process ex="1" pid="688" nam="incdsrv (incdsrv.exe)"
pub="Nero AG" md5="e30aa40b2fcdb0b8818c4521de7e2cdc"
ver="4, 3, 14, 1" sz="869376" is="0" gfp="">c:\program
files\ahead\incd\incdsrv.exe</Process>
<Process ex="1" pid="724" nam="Norton AntiVirus Auto-
Protect Service (navapsvc.exe)" pub="Symantec Corporation"
md5="106188ee7fce8c769defec27c1edb67c" ver="10.00.2"
sz="158848" is="0" gfp="">c:\program files\norton
systemworks\norton antivirus\navapsvc.exe</Process>
<Process ex="1" pid="808" nam="Norton Protection Status
(nprotect.exe)" pub="Symantec Corporation"
md5="360f93496fd1664b6e2d318d3e76882a" ver="17.0.0.82"
sz="81920" is="0" gfp="">c:\progra~1\norton~1\norton~2
\nprotect.exe</Process>
<Process ex="1" pid="836" nam="NVIDIA Driver Helper
Service, Version 52.16 (nvsvc32.exe)" pub="NVIDIA
Corporation" md5="5ed834603c36414b579979b3a9c90f54"
ver="6.14.10.5216" sz="81920" is="0"
gfp="">c:\winnt\system32\nvsvc32.exe</Process>
<Process ex="1" pid="848"
nam="(photoshopelementsdeviceconnect.exe)" pub=""
md5="d0f9f362023bf94cf58a1c3cdbbebe06" ver="" sz="118784"
is="0" gfp="">c:\program files\adobe\photoshop elements 3.0
\photoshopelementsdeviceconnect.exe</Process>
<Process ex="1" pid="876" nam="Remote Registry Service
(regsvc.exe)" pub="Microsoft Corporation"
md5="250c4ce389783fa2398e3afa4317008c"
ver="5.00.2195.6701" sz="68368" is="0"
gfp="">c:\winnt\system32\regsvc.exe</Process>
<Process ex="1" pid="904" nam="Symantec AntiVirus
Scanner (savscan.exe)" pub="Symantec Corporation"
md5="de337e8649e1970c5663999457a9352f" ver="" sz="194272"
is="0" gfp="">c:\program files\norton systemworks\norton
antivirus\savscan.exe</Process>
<Process ex="1" pid="936" nam="Task Scheduler Engine
(mstask.exe)" pub="Microsoft Corporation"
md5="b00529eae5d0ce97010b69cc677128c8"
ver="4.71.2195.6972" sz="122128" is="0"
gfp="">c:\winnt\system32\mstask.exe</Process>
<Process ex="1" pid="972" nam="(scsiaccess.exe)" pub=""
md5="54196cdac7e1d81d71c652e100b99e77" ver="" sz="181312"
is="0" gfp="">c:\program
files\photodex\proshowgold\scsiaccess.exe</Process>
<Process ex="1" pid="1024" nam="Sygate Personal Firewall
(smc.exe)" pub="Sygate Technologies, Inc."
md5="6a8db23de8fc41a678ecb9fc0e1eb7e0" ver="4.02.00.878"
sz="1228800" is="0" gfp="">c:\program
files\sygate\ssa\smc.exe</Process>
<Process ex="1" pid="1052" nam="Windows Explorer
(explorer.exe)" pub="Microsoft Corporation"
md5="59cf2b7dced9111f48f51b4b570e672d"
ver="5.00.3700.6690" sz="243472" is="0"
gfp="">c:\winnt\explorer.exe</Process>
<Process ex="1" pid="1124" nam="Norton SystemWorks
SymTray (symtray.exe)" pub="Symantec Corporation"
md5="c06a07c74e2bc59200bcd8c4c782292f" ver="2004.7.81"
sz="77824" is="0" gfp="">c:\program files\common
files\symantec shared\symtray.exe</Process>
<Process ex="1" pid="1060" nam="NOPDB (nopdb.exe)"
pub="Symantec Corporation"
md5="5e71d2342b963e61f99b19cb2e462c63" ver="7.00.0.24"
sz="176193" is="0" gfp="">c:\progra~1\norton~1\norton~2
\speedd~1\nopdb.exe</Process>
<Process ex="1" pid="1136" nam="Still Image Devices
Monitor (stisvc.exe)" pub="Microsoft Corporation"
md5="b75235626b950ff821146555c612f814"
ver="5.00.2195.6656" sz="61712" is="0"
gfp="">c:\winnt\system32\stisvc.exe</Process>
<Process ex="1" pid="1176" nam="Symantec Core Component
(symlcsvc.exe)" pub="Symantec Corporation"
md5="94d3c8257776019a7a96af69f62ba509" ver="1, 8, 48, 79"
sz="585728" is="0" gfp="">c:\program files\common
files\symantec shared\ccpd-lc\symlcsvc.exe</Process>
<Process ex="1" pid="1200" nam="Windows Management
Instrumentation (winmgmt.exe)" pub="Microsoft Corporation"
md5="05b2001e1bc653fd6091e741b46f71b4"
ver="1.50.1085.0100" sz="196706" is="0"
gfp="">c:\winnt\system32\wbem\winmgmt.exe</Process>
<Process ex="1" pid="1212" nam="(wltrysvc.exe)" pub=""
md5="516158ce60a5eeb8669fd117cec943a5" ver="" sz="45056"
is="0" gfp="">c:\winnt\system32\wltrysvc.exe</Process>
<Process ex="1" pid="1056" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe</Process>
<Process ex="1" pid="1268" nam="BCM 802.11g Network
Adapter Wireless Network Tray Applet (bcmwltry.exe)"
pub="Broadcom Corporation"
md5="87e53e4c576c509a0d4869f49025ebdc" ver="3.50.21.10"
sz="610304" is="0" gfp="">c:\winnt\system32
\bcmwltry.exe</Process>
<Process ex="1" pid="1276" nam="Common Client Event
Manager Service (ccevtmgr.exe)" pub="Symantec Corporation"
md5="620cc860890d50fd18d5d9508c5551b2" ver="2.1.7.2"
sz="255600" is="0" gfp="">c:\program files\common
files\symantec shared\ccevtmgr.exe</Process>
<Process ex="1" pid="1412" nam="Generic Host Process for
Win32 Services (svchost.exe)" pub="Microsoft Corporation"
md5="9e64ad53cfd9da2d22e8a924f8c6e62c" ver="5.00.2134.1"
sz="7952" is="0" gfp="">c:\winnt\system32
\svchost.exe</Process>
<Process ex="1" pid="916" nam="Avance Sound Manager
(soundman.exe)" pub="Avance Logic, Inc."
md5="04f314d0c39c32166cdbde1d20267313" ver="5.0"
sz="46592" is="0" gfp="">c:\winnt\soundman.exe</Process>
<Process ex="1" pid="1572" nam="Microsoft IntelliType
Pro (type32.exe)" pub="Microsoft Corporation"
md5="b5eca5948d7f8eaa00333231f33ea31a" ver="2.20.447.0"
sz="94208" is="0" gfp="">c:\program files\microsoft
hardware\keyboard\type32.exe</Process>
<Process ex="1" pid="1576" nam="Common Client User
Session (ccapp.exe)" pub="Symantec Corporation"
md5="5712b77158fbbb5ab5aebc396e15499d" ver="2.1.7.2"
sz="71280" is="0" gfp="">c:\program files\common
files\symantec shared\ccapp.exe</Process>
<Process ex="1" pid="1596" nam="Norton Ghost Start
(ghoststarttrayapp.exe)" pub="Symantec Corporation"
md5="b9217ecc6466e87010dda424bc7ed3d5" ver="2003.789"
sz="94208" is="0" gfp="">c:\program files\norton
systemworks\norton ghost\ghoststarttrayapp.exe</Process>
<Process ex="1" pid="1620" nam="Password Manager
Controller (acctmgr.exe)" pub="Symantec Corporation"
md5="26e56bf66c221deb4be4c88ee5e31c11" ver="2004.1.406"
sz="586896" is="0" gfp="">c:\program files\norton
systemworks\password manager\acctmgr.exe</Process>
<Process ex="1" pid="1764" nam="wpctrl.exe"
pub="Unavailable" md5="ba0312c4b70178044b28c0d5082be754"
ver="Unavailable" sz="558312" is="0" gfp="">c:\program
files\winportrait\wpctrl.exe</Process>
<Process ex="1" pid="1792" nam="PC-CAM Center Launcher
Application (camtray.exe)" pub="Creative Technology Ltd"
md5="282b566b02e46b037ed3d43433ab5449" ver="2.30.05"
sz="53248" is="0" gfp="">c:\program files\creative\pc-cam
center\camtray.exe</Process>
<Process ex="1" pid="1808" nam="Microsoft AntiSpyware
Service (gcasserv.exe)" pub="Microsoft Corporation"
md5="fc8fff9f2e3ebfb5b6ad8d91df6c0f23" ver="1.00.0614"
sz="473928" is="0" gfp="">c:\program files\microsoft
antispyware\gcasserv.exe</Process>
<Process ex="1" pid="1836" nam="InCD (incd.exe)"
pub="Nero AG" md5="1d7587a2264e94a607bc75f21dd6818f"
ver="4, 3, 14, 1" sz="1383936" is="0" gfp="">c:\program
files\ahead\incd\incd.exe</Process>
<Process ex="1" pid="1724" nam="Logitech Events Handler
Application (em_exec.exe)" pub="Logitech Inc."
md5="7d325ec9b9b1589df12d0874700bc59e" ver="9.79.025"
sz="37888" is="0" gfp="">c:\program
files\logitech\mouseware\system\em_exec.exe</Process>
<Process ex="1" pid="1868" nam="Microsoft AntiSpyware
Data Service (gcasdtserv.exe)" pub="Microsoft Corporation"
md5="644f843dadf77a1a85da19edd5a5fc07" ver="1.00.0614"
sz="756552" is="0" gfp="">c:\program files\microsoft
antispyware\gcasdtserv.exe</Process>
<Process ex="1" pid="1920" nam="iTouch Application
(itouch.exe)" pub="Logitech Inc."
md5="9aee9bcb32d82bcc36474eb921f3bb49" ver="2.22.289"
sz="892928" is="0" gfp="">c:\program
files\logitech\itouch\itouch.exe</Process>
<Process ex="1" pid="1992" nam="Java(TM) 2 Platform
Standard Edition binary (jusched.exe)" pub="Sun
Microsystems, Inc." md5="1f6573d67dd5dc06dd29ec7fcf81dc6f"
ver="5.0.20.9" sz="36975" is="0" gfp="">c:\program
files\java\jre1.5.0_02\bin\jusched.exe</Process>
<Process ex="1" pid="2108" nam="None (ubi62ksm.exe)"
pub="None" md5="07ee4d73ff5f9005fbe4fa0f1d386c97" ver="4,
0, 3, 2" sz="204288" is="0" gfp="">c:\winnt\system32
\ubi62ksm.exe</Process>
<Process ex="1" pid="1180" nam="Media Gateway
(mediagateway.exe)" pub="None"
md5="1042676fe7067bdf6b88d944f329fbcd" ver="1, 20, 0, 0"
sz="116224" is="0" gfp="">c:\program files\media
gateway\mediagateway.exe</Process>
<Process ex="1" pid="2240" nam="Device Detector
(devdetect.exe)" pub="ACD Systems, Ltd."
md5="f242af7a557b47bc26456994ad74dd16" ver="3,0,9,0"
sz="282624" is="0" gfp="">c:\program files\common
files\acd systems\en\devdetect.exe</Process>
<Process ex="1" pid="2184" nam="Run a DLL as an App
(rundll32.exe)" pub="Microsoft Corporation"
md5="1ed5274825cd1eebbe102b9ff7c9ec31" ver="5.00.2134.1"
sz="10000" is="0" gfp="">c:\winnt\system32
\rundll32.exe</Process>
<Process ex="1" pid="2136" nam="Cicero Loader
(ctfmon.exe)" pub="Microsoft Corporation"
md5="d36a33c21eeed5a6c1daecb7c80a1909" ver="1.00.2409.7
built by: Lab06_N" sz="8192" is="0"
gfp="">c:\winnt\system32\ctfmon.exe</Process>
<Process ex="1" pid="2116" nam="Copernic Desktop Search
(copernicdesktopsearch.exe)" pub="Copernic Technologies
Inc." md5="e297aba4526d515a6f1cb487a36685fe"
ver="1.5.0.644" sz="4689192" is="0" gfp="">c:\program
files\copernic desktop
search\copernicdesktopsearch.exe</Process>
<Process ex="1" pid="2104" nam="SMART PANEL
(espmain.exe)" pub="NewSoft"
md5="ba76338c29b6f7d4232963414dc54fe0" ver="1, 0, 0, 1"
sz="180224" is="0" gfp="">c:\program files\epson\epson
smart panel for scanner\espmain.exe</Process>
<Process ex="1" pid="1744" nam="NaturalColorLoad
(naturalcolorload.exe)" pub="None"
md5="c0c6c793f5b3b15647a80caafe0f123d" ver="2, 0, 1, 1"
sz="155715" is="0" gfp="">c:\program files\sec\natural
color\naturalcolorload.exe</Process>
<Process ex="1" pid="1728" nam="WinZip Executable
(wzqkpick.exe)" pub="WinZip Computing, Inc."
md5="67b2e7b6ae3b400d832f0456068ea83d" ver="1.0 (32-bit)"
sz="118784" is="0" gfp="">c:\program
files\winzip\wzqkpick.exe</Process>
<Process ex="1" pid="276" nam="Microsoft AntiSpyware
Main (giantantispywaremain.exe)" pub="Microsoft
Corporation" md5="a77cffe35c39c693fcc7d5cf7709c3da"
ver="1.00.0614" sz="4598608" is="0" gfp="">c:\program
files\microsoft
antispyware\giantantispywaremain.exe</Process>
<Process ex="1" pid="2128" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="df81029e6477eddbc3623463df7a2b29"
ver="1.00.0614" sz="400200" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
<Process ex="1" pid="1404" nam="Internet Explorer
(iexplore.exe)" pub="Microsoft Corporation"
md5="eb9eaf627f705525d01de5fa07ea1818"
ver="6.00.2800.1106" sz="91136" is="0" gfp="">c:\program
files\internet explorer\iexplore.exe</Process>
<Process ex="1" pid="1496" nam="Microsoft Suspected
Spyware Reporting Tool (msssrt.exe)" pub="Microsoft
Corporation" md5="df81029e6477eddbc3623463df7a2b29"
ver="1.00.0614" sz="400200" is="0" gfp="">c:\program
files\microsoft antispyware\msssrt.exe</Process>
</Processes>
</ProcessesAudit>
</Audit>
</MSSSRT>