[CODE]

2008-11-02,09:24:50

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Home Edition Service Pack 1 (build 2600) - Administrators



========================================
注册项

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    <IBM RecordNow!><>  []
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation, 4.7.0041, C:2003-03-05 16:37 M:2002-08-20 15:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation, 8.1.4005.0, C:2003-03-05 16:31 M:2002-08-28 21:38]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation, 5.2.2801, C:2003-03-05 16:31 M:2002-08-28 21:39]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation, 5.2.2801, C:2003-03-05 16:31 M:2002-08-28 21:39]
    <S3TRAY2><S3Tray2.exe>  [(Verified)S3 Graphics, Inc., 1.00.13-1012, C:1980-01-01 00:00 M:2001-10-12 07:32]
    <TpShocks><TpShocks.exe>  [IBM Corp., 1, 0, 0, 1, C:2000-06-01 19:49 M:2003-09-03 23:02]
    <TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  [N/A, C:1980-01-01 00:00 M:2003-08-07 15:57]
    <BMMLREF><C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  [N/A, C:2000-06-01 19:50 M:2003-07-11 01:34]
    <TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>  [IBM Corp., 1, 1, 0, 0, C:2000-06-01 19:51 M:2003-09-02 13:56]
    <TP4EX><tp4ex.exe>  [IBM Corporation, 1.05.00, C:2000-06-01 19:51 M:2002-09-04 01:05]
    <EZEJMNAP><C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>  [IBM Corp., 1, 0, 0, 0, C:2000-06-01 19:52 M:2003-07-18 02:02]
    <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:11]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    <AGRSMMSG><AGRSMMSG.exe>  [(Verified)Agere Systems, 2.1.31 2.1.31 06/27/2003 08:53:31, C:1980-01-01 00:00 M:2003-06-27 08:53]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc., 6.14.10.5043, C:2000-06-01 19:57 M:2003-09-11 21:10]
    <ATIModeChange><Ati2mdxx.exe>  [(Verified)ATI Technologies, Inc., 4.13.3, C:1980-01-01 00:00 M:2001-09-04 16:24]
    <tgcmd><"C:\Program Files\Support.com\bin\tgcmd.exe" /server>  [SupportSoft, Inc., 5,8,136,0, C:2002-10-16 16:59 M:2002-10-16 16:59]
    <UpdateManager><"c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r>  [Sonic Solutions, 1.01.32a, C:2003-08-19 01:01 M:2003-08-19 01:01]
    <dla><C:\WINDOWS\system32\dla\tfswctrl.exe>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
    <QCWLICON><C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>  [IBM Corp., 2, 7, 2, 0, C:2000-06-01 20:14 M:2003-10-11 02:07]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [Microsoft Corporation, 6.1.2600.0, C:2003-03-05 16:31 M:2001-09-05 21:00]
    <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [N/A, C:1980-01-01 00:00 M:2002-09-09 15:53]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2000-06-01 20:49 M:2008-07-27 09:56]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2000-06-01 21:00 M:2008-07-27 20:39]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Shell><Explorer.exe>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
    <UIHost><logonui.exe>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
    <BootExecute><autocheck autochk *>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
    <advapi32><advapi32.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    <comdlg32><comdlg32.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    <gdi32><gdi32.dll>  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    <imagehlp><imagehlp.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    <kernel32><kernel32.dll>  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    <lz32><lz32.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    <ole32><ole32.dll>  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    <oleaut32><oleaut32.dll>  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    <olecli32><olecli32.dll>  [Microsoft Corporation, 1.07 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    <olecnv32><olecnv32.dll>  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:1980-01-01 00:00 M:2005-07-26 12:38]
    <olesvr32><olesvr32.dll>  [Microsoft Corporation, 1.09 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    <olethk32><olethk32.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    <rpcrt4><rpcrt4.dll>  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    <url><url.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    <urlmon><urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    <user32><user32.dll>  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    <version><version.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    <wininet><wininet.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    <wldap32><wldap32.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    <SysTray><C:\WINDOWS\System32\stobject.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载]
    <><d:\Program Files\Tencent\QQDownload\geturl.htm>  [N/A, C:2008-08-27 17:09 M:2008-08-27 17:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载全部链接]
    <><d:\Program Files\Tencent\QQDownload\getAllurl.htm>  [N/A, C:2007-01-16 17:34 M:2007-01-16 17:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载本页视频]
    <><d:\Program Files\Tencent\QQDownload\geturlflv.htm>  [N/A, C:2008-09-27 18:34 M:2008-09-27 18:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><D:\Program Files\Tencent\QQ\AddEmotion.htm>  [N/A, C:2008-06-30 17:14 M:2008-06-30 17:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:2003-03-05 16:38 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53|N/A, C:1980-01-01 00:00 M:2001-09-05 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53|N/A, C:1980-01-01 00:00 M:2002-09-09 15:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53|N/A, C:1980-01-01 00:00 M:2002-12-19 05:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:2003-03-05 16:38 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}]
    <相关站点><%SystemRoot%\web\related.htm>  [N/A, C:1980-01-01 00:00 M:2001-09-05 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.exe]
    <><svchost.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor]
    <PrintMonitor: BJ Language Monitor><cnbjmon.dll>  [Microsoft Corporation, 5.1.2503.0 (Lab06_N.010129-0357), C:2001-08-31 16:02 M:2001-09-05 21:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port]
    <PrintMonitor: Local Port><localspl.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\PJL Language Monitor]
    <PrintMonitor: PJL Language Monitor><pjlmon.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:03 M:2001-09-05 21:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port]
    <PrintMonitor: Standard TCP/IP Port><tcpmon.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor]
    <PrintMonitor: USB Monitor><usbmon.dll>  [Microsoft Corporation, 5.1.2600.1125 (xpsp2.020921-0842), C:1980-01-01 00:00 M:2002-09-24 13:28]


========================================
启动项



========================================
计划任务

[BMMTask.job]
    <C:\WINDOWS\tasks\BMMTask.job --> "C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE"  > [N/A, C:2000-06-01 19:50 M:2003-07-11 01:34]


========================================
组件


ShellServiceObjectDelayLoad
[WebCheck]
    {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[SysTray]
    {35CEC8A3-2BE6-11D2-8773-92E220524153}  <C:\WINDOWS\System32\stobject.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

Shell Extension
[Multimedia File Property Sheet]
    {00022613-0000-0000-C000-000000000046}  <mmsys.cpl>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[ICM 扫描仪管理]
    {176d6597-26d3-11d1-b350-080036a75b03}  <icmui.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[NTFS Security Page]
    {1F2E5C40-9550-11CE-99D2-00AA006E086C}  <rshx32.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[OLE Docfile Property Page]
    {3EA48300-8CF6-101B-84FB-666CCB9BCD32}  <docprop.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Shell extensions for sharing]
    {40dd6e20-7c17-11ce-a804-00aa003ca9f6}  <ntshrui.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[PlusPack CPL Extension]
    {41E300E0-78B6-11ce-849B-444553540000}  <%SystemRoot%\System32\themeui.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Display Adapter CPL Extension]
    {42071712-76d4-11d1-8b24-00a0c9068ff3}  <deskadp.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Display Monitor CPL Extension]
    {42071713-76d4-11d1-8b24-00a0c9068ff3}  <deskmon.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[DS Security Page]
    {4E40F770-369C-11d0-8922-00A024AB2DBB}  <dssec.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Compatibility Page]
    {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}  <SlayerXP.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Shell Scrap DataHandler]
    {56117100-C0CD-101B-81E2-00AA004AE837}  <shscrap.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Disk Copy Extension]
    {59099400-57FF-11CE-BD94-0020AF85B590}  <diskcopy.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Shell extensions for Microsoft Windows Network objects]
    {59be4990-f85c-11ce-aff7-00aa003ca9f6}  <ntlanui2.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[ICM 监视器管理]
    {5DB2625A-54DF-11D0-B6C4-0800091AA605}  <%SystemRoot%\System32\icmui.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[ICM 打印机管理]
    {675F097E-4C4D-11D0-B6C1-0800091AA605}  <%SystemRoot%\system32\icmui.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Web Printer Shell Extension]
    {77597368-7b15-11d0-a0c2-080036af3f03}  <printui.dll>  [Microsoft Corporation, 5.1.2600.1125 (xpsp2.020921-0842), C:1980-01-01 00:00 M:2002-09-24 13:28]
[Disk Quota UI]
    {7988B573-EC89-11cf-9C00-00AA00A14F56}  <dskquoui.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[公文包]
    {85BBD920-42A0-1069-A2E4-08002B30309D}  <syncui.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\System32\hticons.dll>  [Hilgraeve, Inc., 5.1.2600.0, C:2003-03-05 16:37 M:2001-09-05 21:00]
[字体]
    {BD84B380-8CA2-1069-AB1D-08000948F534}  <fontext.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[ICC 配置文件]
    {DBCE2480-C732-101B-BE72-BA78E9AD5B27}  <%SystemRoot%\system32\icmui.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Printers Security Page]
    {F37C5810-4D3F-11d0-B4BF-00AA00BBB723}  <rshx32.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Shell extensions for sharing]
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}  <ntshrui.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Display TroubleShoot CPL Extension]
    {f92e8c40-3d33-11d2-b1aa-080036a75b03}  <deskperf.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Crypto PKO Extension]
    {7444C717-39BF-11D1-8CD9-00C04FC29D45}  <C:\WINDOWS\System32\cryptext.dll>  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Crypto Sign Extension]
    {7444C719-39BF-11D1-8CD9-00C04FC29D45}  <C:\WINDOWS\System32\cryptext.dll>  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[网络连接]
    {7007ACC7-3202-11D1-AAD2-00805FC1270E}  <C:\WINDOWS\system32\NETSHELL.dll>  [Microsoft Corporation, 5.1.2600.1130 (xpsp2.020921-0842), C:2002-10-15 11:09 M:2002-10-15 11:09]
[网络连接]
    {992CFFA0-F557-101A-88EC-00DD010CCC48}  <C:\WINDOWS\system32\NETSHELL.dll>  [Microsoft Corporation, 5.1.2600.1130 (xpsp2.020921-0842), C:2002-10-15 11:09 M:2002-10-15 11:09]
[扫描仪和照相机]
    {E211B736-43FD-11D1-9EFB-0000F8757FCD}  <wiashext.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[扫描仪和照相机]
    {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}  <wiashext.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[扫描仪和照相机]
    {905667aa-acd6-11d2-8080-00805f6596d2}  <wiashext.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[扫描仪和照相机]
    {3F953603-1008-4f6e-A73A-04AAC7A992F1}  <wiashext.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[扫描仪和照相机]
    {83bbcbf3-b28a-4919-a5aa-73027445d672}  <wiashext.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Remote Sessions CPL Extension]
    {F0152790-D56E-4445-850E-4F3117DB740C}  <C:\WINDOWS\System32\remotepg.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
[Auto Update Property Sheet Extension]
    {5F327514-6C5E-4d60-8F16-D07FA08A78ED}  <C:\WINDOWS\System32\wuaueng.dll>  [Microsoft Corporation, 5.4.3630.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
[Windows Script Host 的 Shell extensions]
    {60254CA5-953B-11CF-8C96-00AA00B8708C}  <C:\WINDOWS\System32\wshext.dll>  [Microsoft Corporation, 5.6.0.6626, C:1980-01-01 00:00 M:2001-09-05 21:00]
[Microsoft 数据链接]
    {2206CDB2-19C1-11D1-89E0-00C04FD7A829}  <C:\Program Files\Common Files\System\Ole DB\oledb32.dll>  [Microsoft Corporation, 2.71.9030.0 built by: Lab06_N(dagbuild), C:2003-03-05 16:38 M:2002-09-09 15:53]
[Tasks Folder Icon Handler]
    {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}  <C:\WINDOWS\System32\mstask.dll>  [Microsoft Corporation, 5.1.2600.1564 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
[Tasks Folder Shell Extension]
    {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}  <C:\WINDOWS\System32\mstask.dll>  [Microsoft Corporation, 5.1.2600.1564 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
[任务计划]
    {D6277990-4C6A-11CF-8D87-00AA0060F5BF}  <C:\WINDOWS\System32\mstask.dll>  [Microsoft Corporation, 5.1.2600.1564 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
[Audio Media Properties Handler]
    {875CB1A1-0F29-45de-A1AE-CFB4950D0B78}  <%SystemRoot%\System32\shmedia.dll>  [Microsoft Corporation, 6.00.2800.1125 (xpsp2.020921-0842), C:2002-09-30 10:58 M:2002-09-30 10:58]
[Video Media Properties Handler]
    {40C3D757-D6E4-4b49-BB41-0E5BBEA28817}  <%SystemRoot%\System32\shmedia.dll>  [Microsoft Corporation, 6.00.2800.1125 (xpsp2.020921-0842), C:2002-09-30 10:58 M:2002-09-30 10:58]
[Wav Properties Handler]
    {E4B29F9D-D390-480b-92FD-7DDB47101D71}  <%SystemRoot%\System32\shmedia.dll>  [Microsoft Corporation, 6.00.2800.1125 (xpsp2.020921-0842), C:2002-09-30 10:58 M:2002-09-30 10:58]
[Avi Properties Handler]
    {87D62D94-71B3-4b9a-9489-5FE6850DC73E}  <%SystemRoot%\System32\shmedia.dll>  [Microsoft Corporation, 6.00.2800.1125 (xpsp2.020921-0842), C:2002-09-30 10:58 M:2002-09-30 10:58]
[Midi Properties Handler]
    {A6FD9E45-6E44-43f9-8644-08598F5A74D9}  <%SystemRoot%\System32\shmedia.dll>  [Microsoft Corporation, 6.00.2800.1125 (xpsp2.020921-0842), C:2002-09-30 10:58 M:2002-09-30 10:58]
[Video Thumbnail Extractor]
    {c5a40261-cd64-4ccf-84cb-c394da41d590}  <%SystemRoot%\System32\shmedia.dll>  [Microsoft Corporation, 6.00.2800.1125 (xpsp2.020921-0842), C:2002-09-30 10:58 M:2002-09-30 10:58]
[Sendmail service]
    {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}  <C:\WINDOWS\System32\sendmail.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Sendmail service]
    {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}  <C:\WINDOWS\System32\sendmail.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[ActiveX 高速缓存文件夹]
    {88C6C381-2E85-11D0-94DE-444553540000}  <%SystemRoot%\System32\occache.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[WebCheck]
    {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Subscription Mgr]
    {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[预订文件夹]
    {F5175861-2688-11d0-9C5E-00AA00A45957}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[WebCheckWebCrawler]
    {08165EA0-E946-11CF-9C87-00AA005127ED}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[WebCheckChannelAgent]
    {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[TrayAgent]
    {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Code Download Agent]
    {7D559C10-9FE9-11d0-93F7-00AA0059CE02}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[ConnectionAgent]
    {E6CC6978-6B6E-11D0-BECA-00C04FD940BE}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[PostAgent]
    {D8BD2030-6FC9-11D0-864F-00AA006809D9}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[WebCheck SyncMgr Handler]
    {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}  <%SystemRoot%\System32\webcheck.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Shell Application Manager]
    {352EC2B7-8B9A-11D1-B8AE-006008059382}  <%SystemRoot%\System32\appwiz.cpl>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
[Installed Apps Enumerator]
    {0B124F8F-91F0-11D1-B8B5-006008059382}  <%SystemRoot%\System32\appwiz.cpl>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
[Darwin App Publisher]
    {CFCCC7A0-A282-11D1-9082-006008059382}  <%SystemRoot%\System32\appwiz.cpl>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
[Shell Image Verbs]
    {e84fda7c-1d6a-45f6-b725-cb260c236066}  <%SystemRoot%\System32\shimgvw.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Shell Image Data Factory]
    {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}  <%SystemRoot%\System32\shimgvw.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[GDI+ 文件缩略图解压缩程序]
    {3F30C968-480A-4C6C-862D-EFC0897BB84B}  <C:\WINDOWS\System32\shimgvw.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[摘要信息缩略图处理程序(DOCFILES)]
    {9DBD2C50-62AD-11d0-B806-00C04FD706EC}  <C:\WINDOWS\System32\shimgvw.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[HTML 缩略图的解压缩程序]
    {EAB841A0-9550-11cf-8C16-00805F1408F3}  <C:\WINDOWS\System32\shimgvw.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Shell Image Property Handler]
    {eb9b1153-3b57-4e68-959a-a3266bc3d7fe}  <%SystemRoot%\System32\shimgvw.dll>  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[网络出版向导]
    {CC6EEFFB-43F6-46c5-9619-51D571967F7D}  <%SystemRoot%\System32\netplwiz.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[通过 Web 订购照片]
    {add36aa8-751a-4579-a266-d66f5202ccbb}  <%SystemRoot%\System32\netplwiz.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[外壳出版向导对象]
    {6b33163c-76a5-4b6c-bf21-45de9cd503a1}  <%SystemRoot%\System32\netplwiz.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[获取 Passport 向导]
    {58f1f272-9240-4f51-b6d4-fd63d1618591}  <%SystemRoot%\System32\netplwiz.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[压缩(zipped)文件夹]
    {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}  <%SystemRoot%\System32\zipfldr.dll>  [Microsoft Corporation, 6.00.2800.1584 (xpsp2.040720-1705), C:2008-10-31 16:34 M:2004-08-21 15:55]
[Compressed (zipped) Folder Right Drag Handler]
    {BD472F60-27FA-11cf-B8B4-444553540000}  <%SystemRoot%\System32\zipfldr.dll>  [Microsoft Corporation, 6.00.2800.1584 (xpsp2.040720-1705), C:2008-10-31 16:34 M:2004-08-21 15:55]
[Compressed (zipped) Folder SendTo Target]
    {888DCA60-FC0A-11CF-8F0F-00C04FD7D062}  <%SystemRoot%\System32\zipfldr.dll>  [Microsoft Corporation, 6.00.2800.1584 (xpsp2.040720-1705), C:2008-10-31 16:34 M:2004-08-21 15:55]
[FTP Folders Webview]
    {63da6ec0-2e98-11cf-8d82-444553540000}  <C:\WINDOWS\System32\msieftp.dll>  [Microsoft Corporation, 6.00.2800.1724 (xpsp2.050802-1533), C:1980-01-01 00:00 M:2005-08-06 01:24]
[Microsoft DocProp Shell Ext]
    {883373C3-BF89-11D1-BE35-080036B11A03}  <C:\WINDOWS\System32\docprop2.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Microsoft DocProp Inplace Edit Box Control]
    {A9CF0EAE-901A-4739-A481-E35B73E47F6D}  <C:\WINDOWS\System32\docprop2.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Microsoft DocProp Inplace ML Edit Box Control]
    {8EE97210-FD1F-4B19-91DA-67914005F020}  <C:\WINDOWS\System32\docprop2.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Microsoft DocProp Inplace Droplist Combo Control]
    {0EEA25CC-4362-4A12-850B-86EE61B0D3EB}  <C:\WINDOWS\System32\docprop2.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Microsoft DocProp Inplace Calendar Control]
    {6A205B57-2567-4A2C-B881-F787FAB579A3}  <C:\WINDOWS\System32\docprop2.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Microsoft DocProp Inplace Time Control]
    {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}  <C:\WINDOWS\System32\docprop2.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Directory Query UI]
    {8A23E65E-31C2-11d0-891C-00A024AB2DBB}  <%SystemRoot%\System32\dsquery.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Shell properties for a DS object]
    {9E51E0D0-6E0F-11d2-9601-00C04FA31A86}  <%SystemRoot%\System32\dsquery.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Directory Object Find]
    {163FDC20-2ABC-11d0-88F0-00A024AB2DBB}  <%SystemRoot%\System32\dsquery.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Directory Start/Search Find]
    {F020E586-5264-11d1-A532-0000F8757D7E}  <%SystemRoot%\System32\dsquery.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Directory Property UI]
    {0D45D530-764B-11d0-A1CA-00AA00C16E65}  <%SystemRoot%\System32\dsuiext.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Directory Context Menu Verbs]
    {62AE1F9A-126A-11D0-A14B-0800361B1103}  <%SystemRoot%\System32\dsuiext.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[MyDocs Copy Hook]
    {ECF03A33-103D-11d2-854D-006008059367}  <%SystemRoot%\System32\mydocs.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[MyDocs Drop Target]
    {ECF03A32-103D-11d2-854D-006008059367}  <%SystemRoot%\System32\mydocs.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[MyDocs Properties]
    {4a7ded0a-ad25-11d0-98a8-0800361b1103}  <%SystemRoot%\System32\mydocs.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Offline Files Menu]
    {750fdf0e-2a26-11d1-a3ea-080036587f03}  <%SystemRoot%\System32\cscui.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Offline Files Folder Options]
    {10CFC467-4392-11d2-8DB4-00C04FA31A66}  <%SystemRoot%\System32\cscui.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[脱机文件夹]
    {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}  <%SystemRoot%\System32\cscui.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Microsoft Agent Character Property Sheet Handler]
    {143A62C8-C33B-11D1-84FE-00C04FA34A14}  <C:\WINDOWS\msagent\agentpsh.dll>  [Microsoft Corporation, 2.00.0.3422, C:1980-01-01 00:00 M:2001-09-05 21:00]
[DfsShell]
    {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}  <C:\WINDOWS\System32\dfsshlex.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[%DESC_PublishDropTarget%]
    {60fd46de-f830-4894-a628-6fa81bc0190d}  <%SystemRoot%\System32\photowiz.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[MMC Icon Handler]
    {7A80E4A8-8005-11D2-BCF8-00C04F72C717}  <%SystemRoot%\System32\mmcshext.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[.CAB file viewer]
    {0CD7A5C0-9F37-11CE-AE65-08002B2E1262}  <cabview.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[用户(&P)...]
    {32714800-2E5F-11d0-8B85-00AA0044F941}  <C:\Program Files\Outlook Express\wabfind.dll>  [Microsoft Corporation, 6.00.2800.1123, C:2002-10-23 16:46 M:2002-10-23 16:46]
[Windows Media Player Play as Playlist Context Menu Handler]
    {8DD448E6-C188-4aed-AF92-44956194EB1F}  <C:\WINDOWS\System32\wmpshell.dll>  [Microsoft Corporation, 9.00.00.2980, C:2000-06-01 19:20 M:2002-12-19 05:57]
[Windows Media Player Burn Audio CD Context Menu Handler]
    {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}  <C:\WINDOWS\System32\wmpshell.dll>  [Microsoft Corporation, 9.00.00.2980, C:2000-06-01 19:20 M:2002-12-19 05:57]
[Windows Media Player Add to Playlist Context Menu Handler]
    {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}  <C:\WINDOWS\System32\wmpshell.dll>  [Microsoft Corporation, 9.00.00.2980, C:2000-06-01 19:20 M:2002-12-19 05:57]
[RecordNow! SendToExt]
    {DEE12703-6333-4D4E-8F34-738C4DCC2E04}  <c:\Program Files\IBM RecordNow!\shlext.dll>  [(c) Sonic Solutions.  All rights reserved., 6.7.0.0, C:2003-10-30 06:00 M:2003-10-30 06:00]
[DriveLetterAccess]
    {5CA3D70E-1895-11CF-8E15-001234567890}  <C:\WINDOWS\system32\dla\tfswshx.dll>  []
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2000-06-01 20:49 M:2008-07-28 20:14]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <d:\Program Files\WinRAR\rarext.dll>  [N/A, C:2000-06-01 21:15 M:2003-05-19 21:12]
[PowerWord ExplorerBar]
    {47B92A27-8252-420D-9630-378EF61434D7}  <D:\PROGRA~1\POWERW~1\XDictExB.dll>  [金山软件股份有限公司, 1, 0, 0, 0, C:2000-06-01 21:30 M:2002-11-29 04:19]
[频道文件]
    {f39a0dc0-9cc8-11d0-a599-00c04fd64433}  <%SystemRoot%\System32\cdfview.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[频道快捷方式]
    {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}  <%SystemRoot%\System32\cdfview.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[频道句柄对象]
    {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}  <%SystemRoot%\System32\cdfview.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Channel Menu]
    {f3da0dc0-9cc8-11d0-a599-00c04fd64437}  <%SystemRoot%\System32\cdfview.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Channel Properties]
    {f3ea0dc0-9cc8-11d0-a599-00c04fd64438}  <%SystemRoot%\System32\cdfview.dll>  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

Protocols
[AP Class Install Handler filter]
    {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}  <C:\WINDOWS\System32\urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[AP lzdhtml encoding/decoding Filter]
    {8f6b0360-b80d-11d0-a9b3-006097942311}  <C:\WINDOWS\System32\urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[Microsoft HTML About Pluggable Protocol]
    {3050F406-98B5-11CF-BB82-00AA00BDCE0B}  <%SystemRoot%\System32\mshtml.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[CDL: Asychronous Pluggable Protocol Handler]
    {3dd53d40-7b8b-11D0-b013-00aa0059ce02}  <C:\WINDOWS\System32\urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[PowerWord Asychronous Pluggable Protocol Handler]
    {C21F5C32-F57A-4A0D-8E0A-B672691C52D0}  <D:\PROGRA~1\POWERW~1\XDictExB.dll>  [金山软件股份有限公司, 1, 0, 0, 0, C:2000-06-01 21:30 M:2002-11-29 04:19]
[DVD: Pluggable Protocol]
    {12D51199-0DB5-46FE-A120-47A3D7D937CC}  <C:\WINDOWS\System32\msvidctl.dll>  [Microsoft Corporation, 6.05.00001.900 built by: DIRECTX, C:2000-06-01 19:30 M:2003-02-17 10:16]
[file:, local: Asychronous Pluggable Protocol Handler]
    {79eac9e7-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\System32\urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[ftp: Asychronous Pluggable Protocol Handler]
    {79eac9e3-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\System32\urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[gopher: Asychronous Pluggable Protocol Handler]
    {79eac9e4-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\System32\urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[http: Asychronous Pluggable Protocol Handler]
    {79eac9e2-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\System32\urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[https: Asychronous Pluggable Protocol Handler]
    {79eac9e5-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\System32\urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[Microsoft InfoTech Protocols for IE 4.0]
    {9D148291-B9C8-11D0-A4CC-0000F80149F6}  <C:\WINDOWS\System32\itss.dll>  [Microsoft Corporation, 5.2.3790.315 (srv03_gdr.050421-1728), C:2003-01-10 14:44 M:2005-05-27 10:04]
[Microsoft HTML Javascript Pluggable Protocol]
    {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}  <%SystemRoot%\System32\mshtml.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[]
    {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}  <C:\WINDOWS\system32\KuGoo3DownXControl.ocx>  []
[Microsoft HTML Mailto Pluggable Protocol]
    {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}  <%SystemRoot%\System32\mshtml.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[MHTML Asychronous Pluggable Protocol Handler]
    {05300401-BCBC-11d0-85E3-00C04FD85AB4}  <%SystemRoot%\System32\inetcomm.dll>  [Microsoft Corporation, 6.00.2800.1506, C:2003-01-30 16:18 M:2005-05-03 16:26]
[mk: Asychronous Pluggable Protocol Handler]
    {79eac9e6-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\System32\urlmon.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[Microsoft HTML Resource Pluggable Protocol]
    {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}  <%SystemRoot%\System32\mshtml.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[Microsoft HTML Resource Pluggable Protocol]
    {76E67A63-06E9-11D2-A840-006008059382}  <%SystemRoot%\System32\mshtml.dll>  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
[TV: Pluggable Protocol]
    {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}  <C:\WINDOWS\System32\msvidctl.dll>  [Microsoft Corporation, 6.05.00001.900 built by: DIRECTX, C:2000-06-01 19:30 M:2003-02-17 10:16]
[AsyncPProt Class]
    {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020}  <C:\WINDOWS\System32\msdxm.ocx>  [Microsoft Corporation, 6.4.09.1125, C:1980-01-01 00:00 M:2002-09-09 15:52]
[WiaProtocol Class]
    {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}  <C:\WINDOWS\System32\wiascr.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

BrowserHelperObject
[QQCycloneHelper Class]
    {00000000-12C9-4305-82F9-43058F20E8D2}  <d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll>  [(Verified)腾讯公司, 1, 9, 242, 242, C:2007-10-10 13:43 M:2007-10-10 13:43]
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  []

ToolBar
[电台(&R)]
    {8E718888-423F-11D2-876E-00A0C9082467}  <C:\WINDOWS\System32\msdxm.ocx>  [Microsoft Corporation, 6.4.09.1125, C:1980-01-01 00:00 M:2002-09-09 15:52]

ActiveX Extension
[GerneralPeerID Class]
    {0A47E819-F82E-4D5D-B806-6A9EA94D68CD}  <d:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll>  []
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll>  []
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Xunlei Networking Technologies,LTD, 2, 1, 8, 90, C:2008-06-21 14:26 M:2008-10-16 18:17]
[XDRM]
    {693571CB-54A3-4E90-9D52-EEAE1334E2D3}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work>  [Copyright XunLei 2007, 1, 0, 0, 6, C:2008-06-21 14:26 M:2008-01-24 10:22]
[RMGetLicense Class]
    {A9FC132B-096D-460B-B7D5-1DB0FAE0C062}  <C:\WINDOWS\System32\msnetobj.dll>  [Microsoft Corporation, 9.00.00.2980, C:2000-06-01 19:20 M:2002-12-12 11:54]

Context Menu
[Offline Files]
    {750fdf0e-2a26-11d1-a3ea-080036587f03}  <%SystemRoot%\System32\cscui.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2000-06-01 20:49 M:2008-07-28 20:14]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <d:\Program Files\WinRAR\rarext.dll>  [N/A, C:2000-06-01 21:15 M:2003-05-19 21:12]
[Sharing]
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}  <ntshrui.dll>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]


========================================
服务

[Alerter / Alerter][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k LocalService --> "%SystemRoot%\system32\alrsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Application Layer Gateway Service / ALG][Stopped/Manual Start]
    <%SystemRoot%\System32\alg.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Application Management / AppMgmt][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\appmgmts.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Windows Audio / AudioSrv][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\audiosrv.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Background Intelligent Transfer Service / BITS][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "C:\WINDOWS\System32\qmgr.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 6.2.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:38 M:2002-09-09 15:53]
[Computer Browser / Browser][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\browser.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Indexing Service / CiSvc][Stopped/Manual Start]
    <%SystemRoot%\system32\cisvc.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[ClipBook / ClipSrv][Stopped/Manual Start]
    <%SystemRoot%\system32\clipsrv.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[COM+ System Application / COMSysApp][Stopped/Manual Start]
    <C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Cryptographic Services / CryptSvc][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\cryptsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1190 (xpsp2.030320-1720), C:2003-03-25 16:41 M:2003-03-25 16:41]
[DHCP Client / Dhcp][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\dhcpcsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1847 (xpsp2.060519-0009), C:1980-01-01 00:00 M:2006-05-19 20:14]
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
    <%SystemRoot%\System32\dmadmin.exe /com>  [Microsoft Corp., Veritas Software, 2600.0.503.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
[Logical Disk Manager / dmserver][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\dmserver.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corp., 2600.0.503.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
[DNS Client / Dnscache][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k NetworkService --> "%SystemRoot%\System32\dnsrslvr.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Error Reporting Service / ERSvc][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\ersvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Event Log / Eventlog][Running/Auto Start]
    <%SystemRoot%\system32\services.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[COM+ Event System / EventSystem][Running/Manual Start]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs --> "C:\WINDOWS\System32\es.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
[Fast User Switching Compatibility / FastUserSwitchingCompatibility][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\shsvcs.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
    <C:\WINDOWS\System32\imapi.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Infrared Monitor / Irmon][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\irmon.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:34 M:2002-09-09 15:53]
[Server / lanmanserver][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\srvsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Workstation / lanmanworkstation][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\wkssvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1309 (xpsp2.031013-2110), C:1980-01-01 00:00 M:2003-10-22 07:17]
[TCP/IP NetBIOS Helper / LmHosts][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k LocalService --> "%SystemRoot%\System32\lmhsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Messenger / Messenger][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\msgsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1309 (xpsp2.031013-2110), C:2008-10-31 16:29 M:2003-10-22 07:17]
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
    <C:\WINDOWS\System32\mnmsrvc.exe>  [Microsoft Corporation, 4.4.3400, C:2003-03-05 16:38 M:2001-09-05 21:00]
[Distributed Transaction Coordinator / MSDTC][Stopped/Manual Start]
    <C:\WINDOWS\System32\msdtc.exe>  [Microsoft Corporation, 2001.12.4414.42, C:2003-03-05 16:36 M:2001-09-05 21:00]
[Windows Installer / MSIServer][Stopped/Manual Start]
    <C:\WINDOWS\System32\msiexec.exe /V>  [Microsoft Corporation, 2.0.2600.1106, C:1980-01-01 00:00 M:2002-09-09 15:53]
[Network DDE / NetDDE][Stopped/Manual Start]
    <%SystemRoot%\system32\netdde.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Network DDE DSDM / NetDDEdsdm][Stopped/Manual Start]
    <%SystemRoot%\system32\netdde.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Net Logon / Netlogon][Stopped/Manual Start]
    <%SystemRoot%\System32\lsass.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Network Connections / Netman][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\netman.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1733 (xpsp2.050819-1534), C:2008-10-31 16:37 M:2005-08-23 02:36]
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\mswsock.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[NT LM Security Support Provider / NtLmSsp][Stopped/Manual Start]
    <%SystemRoot%\System32\lsass.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Removable Storage / NtmsSvc][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\ntmssvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2400.1106, C:1980-01-01 00:00 M:2002-09-09 15:53]
[Plug and Play / PlugPlay][Running/Auto Start]
    <%SystemRoot%\system32\services.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[IPSEC Services / PolicyAgent][Running/Auto Start]
    <%SystemRoot%\System32\lsass.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Protected Storage / ProtectedStorage][Running/Auto Start]
    <%SystemRoot%\system32\lsass.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[QCONSVC / QCONSVC][Running/Auto Start]
    <System32\QCONSVC.EXE>  [IBM Corp., 2, 7, 2, 0, C:2000-06-01 20:14 M:2003-10-11 02:07]
[Remote Access Auto Connection Manager / RasAuto][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\rasauto.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Remote Access Connection Manager / RasMan][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\rasmans.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1861 (xpsp2.060622-0007), C:2008-10-31 16:41 M:2006-06-22 18:59]
[Remote Desktop Help Session Manager / RDSessMgr][Stopped/Manual Start]
    <C:\WINDOWS\system32\sessmgr.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
[RegSrvc / RegSrvc][Running/Auto Start]
    <C:\WINDOWS\System32\RegSrvc.exe>  [Intel Corporation, 4, 1, 0, 0, C:2003-09-11 06:45 M:2003-09-11 06:45]
[Routing and Remote Access / RemoteAccess][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\mprdim.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Remote Procedure Call (RPC) Locator / RpcLocator][Stopped/Manual Start]
    <%SystemRoot%\System32\locator.exe>  [Microsoft Corporation, 5.1.2600.1147 (xpsp2.021108-1929), C:2002-12-03 18:50 M:2002-12-03 18:50]
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
    <%SystemRoot%\system32\svchost -k rpcss --> "%SystemRoot%\system32\rpcss.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
[QoS RSVP / RSVP][Stopped/Manual Start]
    <%SystemRoot%\System32\rsvp.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
    <C:\WINDOWS\System32\S24EvMon.exe>  [Intel Corporation , 4, 1, 0, 3, C:2003-09-11 06:45 M:2003-09-11 06:45]
[Security Accounts Manager / SamSs][Running/Auto Start]
    <%SystemRoot%\system32\lsass.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Smart Card Helper / SCardDrv][Stopped/Manual Start]
    <%SystemRoot%\System32\SCardSvr.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Smart Card / SCardSvr][Stopped/Manual Start]
    <%SystemRoot%\System32\SCardSvr.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Task Scheduler / Schedule][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\schedsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1564 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
[Secondary Logon / seclogon][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\seclogon.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[System Event Notification / SENS][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\sens.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) / SharedAccess][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\ipnathlp.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1364 (xpsp2.040109-1800), C:2008-10-31 16:31 M:2004-03-30 09:50]
[Shell Hardware Detection / ShellHWDetection][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\shsvcs.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Print Spooler / Spooler][Running/Auto Start]
    <%SystemRoot%\system32\spoolsv.exe>  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533), C:2008-10-31 16:37 M:2005-06-11 07:55]
[System Restore Service / srservice][Stopped/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "C:\WINDOWS\System32\srsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:38 M:2002-09-09 15:53]
[SSDP Discovery Service / SSDPSRV][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k LocalService --> "%SystemRoot%\System32\ssdpsrv.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Windows Image Acquisition (WIA) / stisvc][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k imgsvc --> "%SystemRoot%\system32\wiaservc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[MS Software Shadow Copy Provider / SwPrv][Stopped/Manual Start]
    <C:\WINDOWS\System32\dllhost.exe /Processid:{BE026301-56EE-499A-ADAA-D608E411E343}>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Performance Logs and Alerts / SysmonLog][Stopped/Manual Start]
    <%SystemRoot%\system32\smlogsvc.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Telephony / TapiSrv][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\tapisrv.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1715 (xpsp2.050706-1530), C:2008-10-31 16:36 M:2005-07-09 00:09]
[Terminal Services / TermService][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\termsrv.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
[Themes / Themes][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\shsvcs.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[IBM KCU Service / TpKmpSVC][Running/Auto Start]
    <C:\WINDOWS\system32\TpKmpSVC.exe>  [N/A, C:2000-06-01 19:51 M:2003-07-11 18:19]
[Distributed Link Tracking Client / TrkWks][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\trkwks.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Upload Manager / uploadmgr][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:38 M:2002-09-09 15:53]
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k LocalService --> "%SystemRoot%\System32\upnphost.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[Uninterruptible Power Supply / UPS][Stopped/Manual Start]
    <%SystemRoot%\System32\ups.exe>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
[Volume Shadow Copy / VSS][Stopped/Manual Start]
    <%SystemRoot%\System32\vssvc.exe>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Windows Time / W32Time][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "C:\WINDOWS\System32\w32time.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
[WebClient / WebClient][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k LocalService --> "%SystemRoot%\System32\webclnt.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1790 (xpsp2.060103-1544), C:2008-10-31 16:40 M:2006-01-04 11:37]
[Windows Management Instrumentation / winmgmt][Running/Auto Start]
    <%systemroot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\wbem\WMIsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "C:\WINDOWS\System32\mspmsnsv.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 9.0.1.56, C:2000-06-01 19:20 M:2002-11-26 19:03]
[WMI Performance Adapter / WmiApSrv][Stopped/Manual Start]
    <C:\WINDOWS\System32\wbem\wmiapsrv.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:36 M:2001-09-05 21:00]
[Automatic Updates / wuauserv][Running/Auto Start]
    <%systemroot%\system32\svchost.exe -k netsvcs --> "C:\WINDOWS\System32\wuauserv.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.4.3630.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
[Wireless Zero Configuration / WZCSVC][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\wzcsvc.dll">  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00|Microsoft Corporation, 5.1.2600.1125 (xpsp2.020921-0842), C:2002-10-15 11:09 M:2002-10-15 11:09]
[DBCS数据库服务管理(ZHLXDBENGINE) / ZHLXDBENGINE][Running/Auto Start]
    <d:\Program Files\ZHLX\ZHLXDBENGINE\dbsrvmgr.exe>  [昆明智合力兴信息系统集成有限公司, 1, 0, 0, 1, C:2008-04-27 11:51 M:2008-04-27 11:51]

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
    <%SystemRoot%\System32\Ati2evxx.exe>  [(Verified)N/A, C:1980-01-01 00:00 M:2003-09-11 21:39]
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
    <d:\Program Files\StormII\stormliv.exe /asservice>  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
[IBM PM Service / IBMPMSVC][Running/Auto Start]
    <%SystemRoot%\System32\ibmpmsvc.exe>  [(Verified)N/A, C:1980-01-01 00:00 M:2003-07-03 01:25]
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
    <d:\Program Files\Rising\Rfw\rfwProxy.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2000-06-01 21:00 M:2008-07-31 16:08]
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
    <d:\Program Files\Rising\Rfw\rfwsrv.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.77, C:2000-06-01 21:00 M:2008-10-16 08:19]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"d:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2000-06-01 20:49 M:2008-07-28 20:14]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2000-06-01 20:49 M:2008-07-28 20:14]


========================================
驱动

[abp480n5 / abp480n5][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\ABP480N5.SYS>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:44 M:2001-08-17 13:52]
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
    <system32\drivers\ac97intc.sys>  [Intel Corporation, 5.10.3523 built by: WinDDK, C:2003-03-05 16:33 M:2001-08-17 12:20]
[Microsoft ACPI Driver / ACPI][Running/Boot Start]
    <System32\DRIVERS\ACPI.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-09-09 15:35 M:2002-09-09 16:05]
[Microsoft Embedded Controller Driver / ACPIEC][Running/Boot Start]
    <System32\DRIVERS\ACPIEC.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2001-08-31 15:21 M:2001-09-05 21:00]
[adpu160m / adpu160m][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\adpu160m.sys>  [Microsoft Corporation, v3.60a (Lab01_N(johnstra).010529-2218), C:2003-03-05 17:40 M:2001-08-17 14:07]
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
    <system32\drivers\aec.sys>  [Microsoft Corporation, 5.1.2601.1095 built by: xpsp1, C:2003-03-05 16:35 M:2002-08-28 23:16]
[AFD 网络支持环境 / AFD][Running/Auto Start]
    <\SystemRoot\System32\drivers\afd.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 02:01]
[Intel AGP Bus Filter / agp440][Running/Boot Start]
    <System32\DRIVERS\agp440.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 17:36 M:2001-08-17 13:58]
[Compaq AGP Bus Filter / agpCPQ][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\agpCPQ.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 17:37 M:2001-08-17 13:58]
[Aha154x / Aha154x][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\aha154x.sys>  [Microsoft Corporation, v1.13b (XPClient.010817-1148), C:2003-03-05 17:41 M:2001-08-17 13:52]
[aic78u2 / aic78u2][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\aic78u2.sys>  [Microsoft Corporation, v3.60a (Lab01_N.010510-0033), C:2003-03-05 17:40 M:2001-08-17 14:07]
[aic78xx / aic78xx][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\aic78xx.sys>  [Microsoft Corporation, v3.60a (Lab01_N.010510-0033), C:2003-03-05 17:41 M:2001-08-17 14:07]
[AliIde / AliIde][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\aliide.sys>  [Acer Laboratories Inc., 1.20, C:2003-03-05 17:45 M:2001-08-17 13:51]
[ALI AGP Bus Filter / alim1541][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\alim1541.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 17:33 M:2001-08-17 13:58]
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\amdagp.sys>  [Advanced Micro Devices, Inc., 5.00 (xpclient.010817-1148), C:2003-03-05 17:33 M:2001-08-17 13:58]
[amsint / amsint][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\amsint.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:44 M:2001-08-17 13:52]
[ANC / ANC][Stopped/Manual Start]
    <System32\drivers\ANC.SYS>  [N/A, C:2000-06-01 20:14 M:2003-10-11 02:07]
[1394 ARP 客户端协议 / Arp1394][Stopped/Manual Start]
    <System32\DRIVERS\arp1394.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-08-29 01:33 M:2002-09-09 16:05]
[asc / asc][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\asc.sys>  [Advanced System Products, Inc., 2.9I-MS (XPClient.010817-1148), C:2003-03-05 17:44 M:2001-08-17 13:52]
[asc3350p / asc3350p][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\asc3350p.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:44 M:2001-08-17 13:52]
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Manual Start]
    <System32\DRIVERS\asyncmac.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
    <System32\DRIVERS\atapi.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 17:47 M:2002-08-29 01:27]
[ATM ARP Client Protocol / Atmarpc][Stopped/Manual Start]
    <System32\DRIVERS\atmarpc.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[音频存根驱动程序 / audstub][Running/Manual Start]
    <System32\DRIVERS\audstub.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 16:35 M:2001-08-17 13:59]
[cbidf / cbidf][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\cbidf2k.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:43 M:2001-08-17 13:52]
[cd20xrnt / cd20xrnt][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\cd20xrnt.sys>  [Microsoft Corporation, v3.01 (XPClient.010817-1148), C:2003-03-05 17:43 M:2001-08-17 13:52]
[CD-ROM Driver / Cdrom][Running/System Start]
    <System32\DRIVERS\cdrom.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-08-29 01:27 M:2002-09-09 16:05]
[Microsoft ACPI Control Method Battery Driver / CmBatt][Running/Manual Start]
    <System32\DRIVERS\CmBatt.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:35 M:2002-08-29 01:09]
[CmdIde / CmdIde][Stopped/Manual Start]
    <\SystemRoot\System32\DRIVERS\cmdide.sys>  [CMD Technology, Inc., 2.0.7 (XPClient.010817-1148), C:2003-03-05 17:45 M:2001-08-31 15:29]
[Microsoft Composite Battery Driver / Compbatt][Running/Boot Start]
    <System32\DRIVERS\compbatt.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:35 M:2001-08-17 13:58]
[Cpqarray / Cpqarray][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\cpqarray.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:41 M:2001-08-17 13:52]
[dac2w2k / dac2w2k][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\dac2w2k.sys>  [Mylex Corporation, 6.00-21 (XPClient.010817-1148), C:2003-03-05 17:44 M:2001-08-17 13:52]
[dac960nt / dac960nt][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\dac960nt.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:44 M:2001-08-17 13:52]
[磁盘驱动器 / Disk][Running/Boot Start]
    <System32\DRIVERS\disk.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-08-29 01:27 M:2002-09-09 16:05]
[dmboot / dmboot][Stopped/Disabled]
    <System32\drivers\dmboot.sys>  [Microsoft Corp., Veritas Software, 2600.0.503.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
[dmio / dmio][Stopped/Disabled]
    <System32\drivers\dmio.sys>  [Microsoft Corp., Veritas Software, 2600.0.503.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
[dmload / dmload][Stopped/Disabled]
    <System32\drivers\dmload.sys>  [Microsoft Corp., Veritas Software., 2600.0.503.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
[Microsoft Kernel DLS Syntheiszer / DMusic][Stopped/Manual Start]
    <system32\drivers\DMusic.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 16:35 M:2001-08-17 13:59]
[dpti2o / dpti2o][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\dpti2o.sys>  [Microsoft Corporation, 2.09 (Lab01_N.010309-0027), C:2003-03-05 17:40 M:2001-08-17 14:07]
[Microsoft Kernel DRM Audio Descrambler / drmkaud][Stopped/Manual Start]
    <system32\drivers\drmkaud.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:35 M:2002-08-29 01:32]
[drvmcdb / drvmcdb][Running/Boot Start]
    <system32\drivers\drvmcdb.sys>  [Sonic Solutions, 3.21.66a, C:2000-06-01 20:05 M:2003-09-19 03:21]
[drvnddm / drvnddm][Running/Auto Start]
    <system32\drivers\drvnddm.sys>  [Sonic Solutions, 2.56.38a, C:2000-06-01 20:05 M:2003-06-20 02:56]
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
    <System32\DRIVERS\e100b325.sys>  [Intel Corporation, 5.41.22.0000 built by: WinDDK, C:2003-03-05 16:34 M:2001-08-31 15:38]
[Floppy Disk Controller Driver / Fdc][Running/Manual Start]
    <System32\DRIVERS\fdc.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-17 13:51 M:2001-09-05 21:00]
[软盘驱动程序 / Flpydisk][Stopped/Manual Start]
    <System32\DRIVERS\flpydisk.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-08-29 01:27 M:2002-09-09 16:05]
[FsVga / FsVga][Running/System Start]
    <System32\DRIVERS\fsvga.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 15:43 M:2001-09-05 21:00]
[Volume Manager Driver / Ftdisk][Running/Boot Start]
    <System32\DRIVERS\ftdisk.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:32 M:2001-08-31 15:43]
[Generic Packet Classifier / Gpc][Running/Manual Start]
    <System32\DRIVERS\msgpc.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Microsoft HID Class Driver / HidUsb][Running/Manual Start]
    <System32\DRIVERS\hidusb.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2000-06-01 19:18 M:2001-08-17 14:02]
[hpn / hpn][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\hpn.sys>  [Microsoft Corporation, 5.1.2467.0 (Lab01_N(johnstra).010423-0023), C:2003-03-05 17:42 M:2001-08-17 14:07]
[i2omp / i2omp][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\i2omp.sys>  [Microsoft Corporation, 1.0.0.6 (XPClient.010817-1148), C:2003-03-05 17:43 M:2001-08-17 13:56]
[i8042 键盘及 PS/2 鼠标端口驱动程序 / i8042prt][Running/System Start]
    <System32\DRIVERS\i8042prt.sys>  [Microsoft Corporation, 5.1.2600.1229 (xpsp2.030527-2026), C:2002-09-09 15:44 M:2003-06-03 15:20]
[IBMTPCHK / IBMTPCHK][Running/System Start]
    <System32\drivers\IBMBLDID.SYS>  [N/A, C:2000-06-01 20:14 M:2003-10-11 02:07]
[CD 烧制筛选驱动器 / Imapi][Running/System Start]
    <System32\DRIVERS\imapi.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-08-29 01:28 M:2002-09-09 16:05]
[ini910u / ini910u][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\ini910u.sys>  [Microsoft Corporation, 2.17 (XPClient.010817-1148), C:2003-03-05 17:44 M:2001-08-17 13:52]
[IntelIde / IntelIde][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\intelide.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 17:46 M:2002-09-09 15:45]
[IP Traffic Filter Driver / IpFilterDriver][Stopped/Manual Start]
    <System32\DRIVERS\ipfltdrv.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
    <System32\DRIVERS\ipinip.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[IP Network Address Translator / IpNat][Stopped/Manual Start]
    <System32\DRIVERS\ipnat.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:36]
[IrDA Protocol / irda][Running/Auto Start]
    <System32\DRIVERS\irda.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:34 M:2001-08-17 13:51]
[IR Enumerator Service / IRENUM][Running/Manual Start]
    <System32\DRIVERS\irenum.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:31 M:2001-09-05 21:00]
[PnP ISA/EISA Bus Driver / isapnp][Running/Boot Start]
    <System32\DRIVERS\isapnp.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 17:39 M:2001-08-31 15:24]
[Keyboard Class Driver / Kbdclass][Running/System Start]
    <System32\DRIVERS\kbdclass.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 17:32 M:2002-09-09 15:46]
[Microsoft Kernel Wave Audio Mixer / kmixer][Running/Manual Start]
    <system32\drivers\kmixer.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:35 M:2002-08-29 01:32]
[Lucent Technologies Soft Modem / LucentSoftModem][Stopped/Manual Start]
    <System32\DRIVERS\LTSM.sys>  [Lucent Technologies, 3.1.92.1 3.1.92.1 07/18/2001 12:51:10, C:2003-03-05 16:33 M:2001-08-17 13:28]
[AEGIS Protocol (IEEE 802.1x) v2.2.1.0 / MDC8021X][Running/Auto Start]
    <System32\DRIVERS\mdc8021x.sys>  [Meetinghouse Data Communications, 2.2.1.0, C:2000-06-01 19:56 M:2000-06-01 19:56]
[Mouse Class Driver / Mouclass][Running/System Start]
    <System32\DRIVERS\mouclass.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 17:32 M:2002-09-09 15:49]
[Mouse HID Driver / mouhid][Running/Manual Start]
    <System32\DRIVERS\mouhid.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2000-06-01 19:18 M:2001-08-31 15:31]
[mraid35x / mraid35x][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\mraid35x.sys>  [American Megatrends Inc., 6.19 (XPClient.010817-1148), C:2003-03-05 17:43 M:2001-08-17 13:52]
[Microsoft Streaming Service Proxy / MSKSSRV][Stopped/Manual Start]
    <system32\drivers\MSKSSRV.sys>  [Microsoft Corporation, 5.3.0000000.900 built by: DIRECTX, C:2002-12-12 00:14 M:2002-12-12 00:14]
[Microsoft Streaming Clock Proxy / MSPCLOCK][Stopped/Manual Start]
    <system32\drivers\MSPCLOCK.sys>  [Microsoft Corporation, 5.3.0000000.900 built by: DIRECTX, C:2002-12-12 00:14 M:2002-12-12 00:14]
[Microsoft Streaming Quality Manager Proxy / MSPQM][Stopped/Manual Start]
    <system32\drivers\MSPQM.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-23 05:00 M:2001-08-23 05:00]
[Remote Access NDIS TAPI Driver / NdisTapi][Running/Manual Start]
    <System32\DRIVERS\ndistapi.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[NDIS 用户模式 I/O 协议 / Ndisuio][Running/Manual Start]
    <System32\DRIVERS\ndisuio.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-08-29 01:35 M:2002-09-09 16:05]
[Remote Access NDIS WAN Driver / NdisWan][Running/Manual Start]
    <System32\DRIVERS\ndiswan.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:58]
[NetBIOS Interface / NetBIOS][Running/System Start]
    <System32\DRIVERS\netbios.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:35]
[NetBT / NetBT][Running/System Start]
    <System32\DRIVERS\netbt.sys>  [Microsoft Corporation, 5.1.2600.1243 (xpsp2.030702-2125), C:1980-01-01 00:00 M:2003-07-08 16:48]
[1394 网络驱动程序 / NIC1394][Stopped/Manual Start]
    <System32\DRIVERS\nic1394.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-08-29 01:33 M:2002-09-09 16:05]
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
    <System32\DRIVERS\nscirda.sys>  [National Semiconductor Corporation, 5,01,00,006 (xpclient.010817-1148), C:2003-03-05 16:34 M:2001-08-17 13:51]
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
    <System32\DRIVERS\nwlnkflt.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
    <System32\DRIVERS\nwlnkfwd.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Texas Instruments OHCI Compliant IEEE 1394 Host Controller / ohci1394][Running/Boot Start]
    <System32\DRIVERS\ohci1394.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2000-06-01 19:17 M:2002-08-29 01:33]
[Intel PentiumIII Processor Driver / P3][Stopped/System Start]
    <System32\DRIVERS\p3.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-09-09 15:36 M:2002-09-09 16:05]
[Parallel port driver / Parport][Running/Manual Start]
    <System32\DRIVERS\parport.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-09-09 15:36 M:2002-09-09 16:05]
[PCI Bus Driver / PCI][Running/Boot Start]
    <System32\DRIVERS\pci.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 17:39 M:2002-09-09 15:36]
[PCIIde / PCIIde][Running/Boot Start]
    <System32\DRIVERS\pciide.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:47 M:2001-08-31 15:42]
[Pcmcia / Pcmcia][Running/Boot Start]
    <System32\DRIVERS\pcmcia.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-09-09 15:36 M:2002-09-09 16:05]
[perc2 / perc2][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\perc2.sys>  [Microsoft Corporation, 5.1.2467.0 (Lab01_N(johnstra).010423-0023), C:2003-03-05 17:42 M:2001-08-17 14:07]
[perc2hib / perc2hib][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\perc2hib.sys>  [Microsoft Corporation, 5.1.2467.0 (Lab01_N(johnstra).010423-0023), C:2003-03-05 17:42 M:2001-08-17 14:07]
[PMEM / PMEM][Running/Auto Start]
    <\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS>  [Microsoft Corporation, 4.00, C:2002-05-03 03:22 M:2002-05-03 03:22]
[WAN Miniport (PPTP) / PptpMiniport][Running/Manual Start]
    <System32\DRIVERS\raspptp.sys>  [Microsoft Corporation, 5.1.2600.1129 (xpsp2.020921-0842), C:1980-01-01 00:00 M:2002-10-01 17:52]
[QoS Packet Scheduler / PSched][Running/Manual Start]
    <System32\DRIVERS\psched.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:35]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <System32\DRIVERS\ptilink.sys>  [Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[PxHelp20 / PxHelp20][Running/Boot Start]
    <System32\DRIVERS\PxHelp20.sys>  [Sonic Solutions, 2.02.60a, C:2003-08-27 02:02 M:2003-08-27 02:02]
[ql1080 / ql1080][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\ql1080.sys>  [QLogic Corporation, 3.04, C:2003-03-05 17:42 M:2001-08-17 13:52]
[Ql10wnt / Ql10wnt][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\ql10wnt.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:42 M:2001-08-17 13:52]
[ql12160 / ql12160][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\ql12160.sys>  [QLogic Corporation, 7.13.02 (W64), C:2003-03-05 17:42 M:2001-08-17 13:52]
[ql1240 / ql1240][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\ql1240.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:42 M:2001-08-17 13:52]
[ql1280 / ql1280][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\ql1280.sys>  [QLogic Corporation, 7.13.01 (W2K), C:2003-03-05 17:42 M:2001-08-17 13:52]
[Remote Access Auto Connection Driver / RasAcd][Running/System Start]
    <System32\DRIVERS\rasacd.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[WAN Miniport (IrDA) / Rasirda][Running/Manual Start]
    <System32\DRIVERS\rasirda.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:34 M:2001-08-17 13:51]
[WAN Miniport (L2TP) / Rasl2tp][Running/Manual Start]
    <System32\DRIVERS\rasl2tp.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 02:06]
[远程访问 PPPOE 驱动程序 / RasPppoe][Running/Manual Start]
    <System32\DRIVERS\raspppoe.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Direct Parallel / Raspti][Running/Manual Start]
    <System32\DRIVERS\raspti.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[RDPCDD / RDPCDD][Running/System Start]
    <System32\DRIVERS\RDPCDD.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Terminal Server Device Redirector Driver / rdpdr][Stopped/Manual Start]
    <System32\DRIVERS\rdpdr.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 17:32 M:2002-08-29 01:06]
[Digital CD Audio Playback Filter Driver / redbook][Running/System Start]
    <System32\DRIVERS\redbook.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2000-06-01 19:17 M:2002-09-09 15:37]
[WLAN Transport / s24trans][Running/Auto Start]
    <System32\DRIVERS\s24trans.sys>  [Intel Corporation, 4, 1, 0, 3, C:2003-09-11 06:34 M:2003-09-11 06:34]
[Secdrv / Secdrv][Stopped/Manual Start]
    <System32\DRIVERS\secdrv.sys>  [N/A, C:1980-01-01 00:00 M:2002-03-25 20:02]
[Serenum Filter Driver / serenum][Running/Manual Start]
    <System32\DRIVERS\serenum.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-17 13:50 M:2001-09-05 21:00]
[Serial port driver / Serial][Running/System Start]
    <System32\DRIVERS\serial.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-09-09 15:39 M:2002-09-09 16:05]
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\sisagp.sys>  [Silicon Integrated Systems Corporation, 5.12.01.2010 (xpclient.010817-1148), C:2003-03-05 17:37 M:2001-08-17 13:58]
[Smapint / Smapint][Running/System Start]
    <System32\drivers\Smapint.sys>  [Microsoft Corporation, 4.00, C:2000-06-01 19:50 M:2003-07-03 01:34]
[Sparrow / Sparrow][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\sparrow.sys>  [Adaptec, Inc., v2.0a (ReleaseBinaries.001205-1804), C:2003-03-05 17:41 M:2001-08-17 14:07]
[Microsoft Kernel Audio Splitter / splitter][Stopped/Manual Start]
    <system32\drivers\splitter.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:35 M:2002-08-29 01:32]
[System Restore Filter Driver / sr][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\sr.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:38 M:2002-09-09 15:42]
[sscdbhk5 / sscdbhk5][Running/System Start]
    <system32\drivers\sscdbhk5.sys>  [Sonic Solutions, 1.10.81a, C:2000-06-01 20:05 M:2003-07-14 11:28]
[ssrtln / ssrtln][Running/System Start]
    <system32\drivers\ssrtln.sys>  [Sonic Solutions, 1.10.81a, C:2000-06-01 20:05 M:2003-07-14 11:28]
[Software Bus Driver / swenum][Running/Manual Start]
    <System32\DRIVERS\swenum.sys>  [Microsoft Corporation, 5.3.0000000.900 built by: DIRECTX, C:2002-12-12 00:14 M:2002-12-12 00:14]
[Microsoft Kernel GS Wavetable Synthesizer / swmidi][Stopped/Manual Start]
    <system32\drivers\swmidi.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 16:35 M:2001-08-17 14:00]
[symc810 / symc810][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\symc810.sys>  [Symbios Logic Inc., 5.1.2409.1 (ReleaseBinaries.001205-1804), C:2003-03-05 17:42 M:2001-08-17 14:07]
[symc8xx / symc8xx][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\symc8xx.sys>  [LSI Logic, 5.1.2409.1 (ReleaseBinaries.001205-1804), C:2003-03-05 17:42 M:2001-08-17 14:07]
[sym_hi / sym_hi][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\sym_hi.sys>  [LSI Logic, 5.1.2462.0 (Lab01_N.010309-0027), C:2003-03-05 17:42 M:2001-08-17 14:07]
[sym_u3 / sym_u3][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\sym_u3.sys>  [LSI Logic, 5.1.2462.0 (Lab01_N.010309-0027), C:2003-03-05 17:43 M:2001-08-17 14:07]
[Microsoft Kernel System Audio Device / sysaudio][Running/Manual Start]
    <system32\drivers\sysaudio.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:35 M:2002-08-29 02:01]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <System32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:58]
[TDSMAPI / TDSMAPI][Running/System Start]
    <System32\drivers\TDSMAPI.SYS>  [N/A, C:2000-06-01 19:50 M:2003-07-03 01:34]
[Terminal Device Driver / TermDD][Running/System Start]
    <System32\DRIVERS\termdd.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 17:32 M:2002-09-09 15:54]
[tfsnboio / tfsnboio][Running/Auto Start]
    <system32\dla\tfsnboio.sys>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
[tfsncofs / tfsncofs][Running/Auto Start]
    <system32\dla\tfsncofs.sys>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
[tfsndrct / tfsndrct][Running/Auto Start]
    <system32\dla\tfsndrct.sys>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
[tfsndres / tfsndres][Running/Auto Start]
    <system32\dla\tfsndres.sys>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
[tfsnifs / tfsnifs][Running/Auto Start]
    <system32\dla\tfsnifs.sys>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
[tfsnopio / tfsnopio][Running/Auto Start]
    <system32\dla\tfsnopio.sys>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
[tfsnpool / tfsnpool][Running/Auto Start]
    <system32\dla\tfsnpool.sys>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
[tfsnudf / tfsnudf][Running/Auto Start]
    <system32\dla\tfsnudf.sys>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
[tfsnudfa / tfsnudfa][Running/Auto Start]
    <system32\dla\tfsnudfa.sys>  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
[TosIde / TosIde][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\toside.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2003-03-05 17:47 M:2001-08-31 15:26]
[TPPWR / TPPWR][Running/System Start]
    <System32\drivers\Tppwr.sys>  [IBM Corp., 1, 0, 0, 0, C:2000-06-01 19:50 M:2003-07-11 01:34]
[TSMAPIP / TSMAPIP][Running/System Start]
    <System32\drivers\TSMAPIP.SYS>  [N/A, C:2000-06-01 19:51 M:2003-09-12 02:21]
[IBM PS/2 TrackPoint Filter Driver / TwoTrack][Stopped/Manual Start]
    <System32\DRIVERS\TwoTrack.sys>  [IBM Corporation, 6.03 (XPClient.010817-1148), C:2003-03-05 16:34 M:2001-08-17 13:48]
[ultra / ultra][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\ultra.sys>  [Promise Technology, Inc.,  1.43 (第 0603 版), C:2003-03-05 17:44 M:2001-08-17 13:52]
[Microcode Update Driver / Update][Running/Manual Start]
    <System32\DRIVERS\update.sys>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Microsoft USB 2.0 Enhanced Host Controller Miniport Driver / usbehci][Running/Manual Start]
    <System32\DRIVERS\usbehci.sys>  [Microsoft Corporation, 5.1.2600.1152 (xpsp2.021217-1051), C:2002-12-17 18:47 M:2002-12-17 18:47]
[USB2 Enabled Hub / usbhub][Running/Manual Start]
    <System32\DRIVERS\usbhub.sys>  [Microsoft Corporation, 5.1.2600.1144 (xpsp2.021108-1929), C:2002-11-21 11:09 M:2002-11-21 11:09]
[USB 大容量存储设备 / USBSTOR][Stopped/Manual Start]
    <System32\DRIVERS\USBSTOR.SYS>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2000-06-01 20:44 M:2002-08-29 01:32]
[Microsoft USB Universal Host Controller Miniport Driver / usbuhci][Running/Manual Start]
    <System32\DRIVERS\usbuhci.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2002-08-29 01:32 M:2002-09-09 16:05]
[VgaSave / VgaSave][Running/System Start]
    <\SystemRoot\System32\drivers\vga.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:32]
[VIA AGP Bus Filter / viaagp][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\viaagp.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 17:39 M:2001-08-17 13:58]
[ViaIde / ViaIde][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\viaide.sys>  [Microsoft Corporation, 1.00.01.00, C:2003-03-05 17:46 M:2002-08-29 01:27]
[Remote Access IP ARP Driver / Wanarp][Running/Manual Start]
    <System32\DRIVERS\wanarp.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[Microsoft WINMM WDM Audio Compatibility Driver / wdmaud][Running/Manual Start]
    <system32\drivers\wdmaud.sys>  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:35 M:2002-08-29 02:00]

[aeaudio / aeaudio][Running/Manual Start]
    <system32\drivers\aeaudio.sys>  [(Verified)Andrea Electronics Corporation, 3.0.2.35, C:1980-01-01 00:00 M:2003-07-03 14:15]
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
    <System32\DRIVERS\AGRSM.sys>  [(Verified)Agere Systems, 2.1.31 2.1.31 06/27/2003 08:53:43, C:1980-01-01 00:00 M:2003-06-27 08:53]
[ati2mtag / ati2mtag][Running/Manual Start]
    <System32\DRIVERS\ati2mtag.sys>  [(Verified)ATI Technologies Inc., 6.14.10.6392, C:1980-01-01 00:00 M:2003-09-11 21:40]
[Intel(R) PRO/1000 Adapter Driver / E1000][Running/Manual Start]
    <System32\DRIVERS\e1000325.sys>  [(Verified)Intel Corporation, 6.4.16.36 built by: WinDDK, C:1980-01-01 00:00 M:2003-06-13 09:39]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2000-06-01 20:49 M:2008-07-28 20:14]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 52, C:2000-06-01 20:49 M:2008-10-24 08:32]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2000-06-01 20:49 M:2008-07-28 20:14]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2000-06-01 20:49 M:2008-08-27 15:37]
[HookUrl / HookUrl][Running/Auto Start]
    <\??\d:\Program Files\Rising\Rfw\HookUrl.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.13, C:2000-06-01 21:00 M:2008-10-20 22:16]
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
    <System32\DRIVERS\ibmpmdrv.sys>  [(Verified)IBM Corp., 1.25, C:1980-01-01 00:00 M:2003-07-03 01:25]
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
    <System32\DRIVERS\rfwbase.SYS>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.10, C:2000-06-01 21:00 M:2008-07-31 16:08]
[RsFwDrv / RsFwDrv][Running/System Start]
    <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.35, C:2000-06-01 21:00 M:2008-10-20 22:16]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <System32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2000-06-01 20:49 M:2008-07-28 20:15]
[S3SSavage / S3SSavage][Stopped/Manual Start]
    <System32\DRIVERS\s3ssavm.sys>  [(Verified)S3 Graphics, Inc., 6.13.10.1236-12.90.36, C:1980-01-01 00:00 M:2001-11-01 11:57]
[smwdm / smwdm][Running/Manual Start]
    <system32\drivers\smwdm.sys>  [(Verified)Analog Devices, Inc., 5.12.01.3620, C:1980-01-01 00:00 M:2003-05-27 17:05]
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
    <System32\DRIVERS\SynTP.sys>  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 10:50]
[Intel(R) PRO/Wireless 7100 Adapter 驱动程序 / w70n51][Stopped/Manual Start]
    <System32\DRIVERS\w70n51.sys>  [(Verified)Intel? Corporation, 1.2.1.1, C:1980-01-01 00:00 M:2003-09-11 18:40]


========================================
进程

[PID: 628 / SYSTEM]   \SystemRoot\System32\smss.exe   [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]

[PID: 684 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\CSRSRV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\basesrv.dll  [Microsoft Corporation, 5.1.2600.1566 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\winsrv.dll  [Microsoft Corporation, 5.1.2600.1740 (xpsp2.050831-1533), C:1980-01-01 00:00 M:2005-09-01 09:51]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\KERNEL32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\sxs.dll  [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705), C:2008-10-31 16:43 M:2004-08-21 05:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\imm32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 708 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:27]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\AUTHZ.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:2008-10-31 16:35 M:2005-03-03 02:21]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\NDdeApi.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\PROFMAP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\PSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\REGAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSGINA.dll  [Microsoft Corporation, 5.1.2600.1343 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\ODBC32.dll  [Microsoft Corporation, 3.520.9041.40, C:2003-07-22 11:22 M:2003-07-22 11:22]
    C:\WINDOWS\system32\comdlg32.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\odbcint.dll  [Microsoft Corporation, 3.520.7713.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\SHSVCS.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\sfc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINTRUST.dll  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\IMAGEHLP.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\WINSCARD.DLL  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WTSAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\sxs.dll  [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705), C:2008-10-31 16:43 M:2004-08-21 05:53]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WlNotify.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSPOOL.DRV  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
    C:\WINDOWS\system32\MPR.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\rsaenh.dll  [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800), C:1980-01-01 00:00 M:2002-08-28 22:27]
    C:\WINDOWS\System32\SAMLIB.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\cscui.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\msv1_0.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\NTMARTA.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\wdmaud.drv  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:04 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msacm32.drv  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSACM32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\midimap.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 784 / SYSTEM]   C:\WINDOWS\system32\services.exe   [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SCESRV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\AUTHZ.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:2008-10-31 16:35 M:2005-03-03 02:21]
    C:\WINDOWS\system32\umpnpmgr.dll  [Microsoft Corporation, 5.1.2600.1734 (xpsp2.050822-1657), C:2008-10-31 16:37 M:2005-08-23 11:52]
    C:\WINDOWS\system32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\NCObjAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\system32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\eventlog.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\PSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\wtsapi32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\netapi32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 796 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\LSASRV.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\SAMSRV.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\cryptdll.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\SAMLIB.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\MPR.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\NTDSAPI.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\system32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\msprivs.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\kerberos.dll  [Microsoft Corporation, 5.1.2600.1701 (xpsp2.050614-1532), C:2008-10-31 16:37 M:2005-06-16 01:51]
    C:\WINDOWS\system32\msv1_0.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\netlogon.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\w32time.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\MSVCP60.dll  [Microsoft Corporation, 6.00.8972.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\schannel.dll  [Microsoft Corporation, 5.1.2600.1347 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\wdigest.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\rsaenh.dll  [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800), C:1980-01-01 00:00 M:2002-08-28 22:27]
    C:\WINDOWS\system32\scecli.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\OLE32.DLL  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\pstorsvc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\psbase.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\dssenh.dll  [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800), C:1980-01-01 00:00 M:2002-08-28 22:27]

[PID: 960 / SYSTEM]   C:\WINDOWS\System32\ibmpmsvc.exe   [(Verified)N/A, C:1980-01-01 00:00 M:2003-07-03 01:25]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 1028 / SYSTEM]   C:\WINDOWS\System32\Ati2evxx.exe   [(Verified)N/A, C:1980-01-01 00:00 M:2003-09-11 21:39]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 1064 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    c:\windows\system32\rpcss.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    c:\windows\system32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\system32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\userenv.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rsaenh.dll  [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800), C:1980-01-01 00:00 M:2002-08-28 22:27]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\winrnr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 1108 / SYSTEM]   d:\Program Files\Rising\Rav\CCenter.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2000-06-01 20:49 M:2008-07-28 20:14]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 1124 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\shsvcs.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rsaenh.dll  [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800), C:1980-01-01 00:00 M:2002-08-28 22:27]
    c:\windows\system32\termsrv.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    c:\windows\system32\ICAAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\AUTHZ.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:2008-10-31 16:35 M:2005-03-03 02:21]
    c:\windows\system32\mstlsapi.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\ACTIVEDS.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\adsldpc.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\ATL.DLL  [Microsoft Corporation, 3.00.9435, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    c:\windows\system32\wzcsvc.dll  [Microsoft Corporation, 5.1.2600.1125 (xpsp2.020921-0842), C:2002-10-15 11:09 M:2002-10-15 11:09]
    c:\windows\system32\rtutils.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\WMI.dll  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\WTSAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\REGAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\irmon.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:34 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\MSWSOCK.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\NTMARTA.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SAMLIB.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SETUPAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rastls.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CRYPTUI.dll  [Microsoft Corporation, 5.131.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINTRUST.dll  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\IMAGEHLP.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WININET.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MPRAPI.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\RASAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rasman.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\TAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SCHANNEL.dll  [Microsoft Corporation, 5.1.2600.1347 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\System32\WinSCard.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\wshirda.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:34 M:2001-08-31 16:04]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\raschap.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\msv1_0.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\schedsvc.dll  [Microsoft Corporation, 5.1.2600.1564 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    c:\windows\system32\NTDSAPI.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSIDLE.DLL  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\audiosrv.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\wkssvc.dll  [Microsoft Corporation, 5.1.2600.1309 (xpsp2.031013-2110), C:1980-01-01 00:00 M:2003-10-22 07:17]
    c:\windows\system32\cryptsvc.dll  [Microsoft Corporation, 5.1.2600.1190 (xpsp2.030320-1720), C:2003-03-25 16:41 M:2003-03-25 16:41]
    c:\windows\system32\certcli.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\msgsvc.dll  [Microsoft Corporation, 5.1.2600.1309 (xpsp2.031013-2110), C:2008-10-31 16:29 M:2003-10-22 07:17]
    c:\windows\system32\srvsvc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\es.dll  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    c:\windows\system32\ersvc.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\seclogon.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\srsvc.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:38 M:2002-09-09 15:53]
    c:\windows\system32\POWRPROF.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\sens.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\trkwks.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\pchealth\helpctr\binaries\pchsvc.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:38 M:2002-09-09 15:53]
    c:\windows\system32\w32time.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\MSVCP60.dll  [Microsoft Corporation, 6.00.8972.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\wbem\wmisvc.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    c:\windows\system32\wbem\wbemcomn.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\VSSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\wuauserv.dll  [Microsoft Corporation, 5.4.3630.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wuaueng.dll  [Microsoft Corporation, 5.4.3630.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ADVPACK.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\sfc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SXS.DLL  [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705), C:2008-10-31 16:43 M:2004-08-21 05:53]
    C:\WINDOWS\system32\comsvcs.dll  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\colbact.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\WSOCK32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\CLUSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\RESUTILS.DLL  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\browser.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    c:\windows\system32\netman.dll  [Microsoft Corporation, 5.1.2600.1733 (xpsp2.050819-1534), C:2008-10-31 16:37 M:2005-08-23 02:36]
    C:\WINDOWS\system32\NETSHELL.dll  [Microsoft Corporation, 5.1.2600.1130 (xpsp2.020921-0842), C:2002-10-15 11:09 M:2002-10-15 11:09]
    C:\WINDOWS\system32\credui.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\hnetcfg.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\upnp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SSDPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\netcfgx.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Wbem\wbemcore.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Wbem\esscli.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Wbem\FastProx.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msi.dll  [Microsoft Corporation, 2.0.2600.1106, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wbem\wbemsvc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:36 M:2001-09-05 21:00]
    c:\windows\system32\tapisrv.dll  [Microsoft Corporation, 5.1.2600.1715 (xpsp2.050706-1530), C:2008-10-31 16:36 M:2005-07-09 00:09]
    c:\windows\system32\PSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wbem\wmiutils.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wbem\repdrvfs.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rastapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\unimdm.tsp  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\uniplat.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\unimdmat.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\modemui.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wbem\wmiprvsd.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\NCObjAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\kmddsp.tsp  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ndptsp.tsp  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ipconf.tsp  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wbem\wbemess.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\h323.tsp  [Microsoft Corporation, 5.1.2600.1348 (xpsp2.040109-1800), C:2008-10-31 16:31 M:2004-03-30 09:50]
    C:\WINDOWS\System32\hidphone.tsp  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\HID.DLL  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:02 M:2001-09-05 21:00]
    C:\WINDOWS\System32\rasppp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ntlsapi.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\RASDLG.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wbem\ncprov.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\winhttp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 1216 / SYSTEM]   C:\WINDOWS\System32\S24EvMon.exe   [Intel Corporation , 4, 1, 0, 3, C:2003-09-11 06:45 M:2003-09-11 06:45]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 1316 / NETWORK SERVICE]   C:\WINDOWS\System32\svchost.exe   [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    c:\windows\system32\dnsrslvr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    c:\windows\system32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 1356 / LOCAL SERVICE]   C:\WINDOWS\System32\svchost.exe   [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\lmhsvc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    c:\windows\system32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\WININET.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wsock32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    c:\windows\system32\ssdpsrv.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 1396 / SYSTEM]   D:\PROGRAM FILES\RISING\RAV\ravmond.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2000-06-01 20:49 M:2008-07-28 20:14]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    D:\PROGRAM FILES\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2000-06-01 20:49 M:2008-07-28 20:14]
    C:\WINDOWS\System32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    C:\WINDOWS\System32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-05-11 11:50 M:2006-03-24 10:01]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\OLE32.DLL  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    C:\WINDOWS\System32\WSOCK32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-06-16 15:20 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-06-10 13:14 M:2008-07-27 09:56]
    D:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2000-06-01 20:49 M:2008-07-28 20:14]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    D:\PROGRAM FILES\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2000-06-01 20:49 M:2008-07-28 20:14]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\Wtsapi32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    D:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2000-06-01 20:49 M:2008-08-20 15:52]
    D:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2000-06-01 20:49 M:2008-09-26 14:31]
    C:\WINDOWS\System32\sfc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINTRUST.dll  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\IMAGEHLP.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2000-06-01 20:49 M:2008-07-28 20:14]
    d:\Program Files\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2000-06-01 20:49 M:2008-07-28 20:15]
    d:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2000-06-01 20:49 M:2008-07-28 20:15]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    D:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2000-06-01 20:49 M:2008-07-28 20:15]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    D:\PROGRAM FILES\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2000-06-01 20:49 M:2008-07-28 20:15]
    C:\WINDOWS\System32\secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\netapi32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    D:\PROGRAM FILES\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2000-06-01 20:49 M:2008-08-27 15:37]
    D:\PROGRAM FILES\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 96, C:2000-06-01 20:49 M:2008-10-20 09:43]
    D:\PROGRAM FILES\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\scanpack.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\revm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\urutils.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2000-06-01 20:58 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\ur000.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2000-06-01 20:58 M:2008-10-10 08:25]
    D:\PROGRAM FILES\RISING\RAV\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2000-06-01 20:49 M:2008-09-02 20:05]
    D:\PROGRAM FILES\RISING\RAV\scriptci.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\ur001.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2000-06-01 20:58 M:2008-10-10 08:25]
    D:\PROGRAM FILES\RISING\RAV\extole.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\extmail.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2000-06-01 20:49 M:2008-07-28 20:15]

[PID: 1408 / SYSTEM]   d:\Program Files\Rising\Rfw\rfwsrv.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.77, C:2000-06-01 21:00 M:2008-10-16 08:19]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    C:\WINDOWS\System32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-05-11 11:50 M:2006-03-24 10:01]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 21:00 M:2008-07-31 16:09]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2000-06-01 21:00 M:2008-07-31 16:08]
    d:\Program Files\Rising\Rfw\rfwlog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.16, C:2000-06-01 21:00 M:2008-07-31 16:08]
    d:\Program Files\Rising\Rfw\Rfwdrv.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.50, C:2000-06-01 21:00 M:2008-10-30 12:43]
    C:\WINDOWS\System32\psapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_ctrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.0, C:2000-06-01 21:00 M:2008-07-27 20:39]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\unvdet.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.8, C:2000-06-01 21:00 M:2008-07-31 16:09]
    C:\WINDOWS\System32\sfc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINTRUST.dll  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\IMAGEHLP.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\netapi32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\mPorts.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2000-06-01 21:00 M:2008-07-31 16:08]
    C:\WINDOWS\system32\perfproc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 1440 / SYSTEM]   d:\Program Files\Rising\Rfw\rfwProxy.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2000-06-01 21:00 M:2008-07-31 16:08]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    C:\WINDOWS\System32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-05-11 11:50 M:2006-03-24 10:01]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\OLE32.DLL  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\psapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 21:00 M:2008-07-31 16:09]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2000-06-01 21:00 M:2008-07-31 16:08]
    d:\Program Files\Rising\Rfw\urlrule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2000-06-01 21:00 M:2008-07-31 16:08]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\version.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\Rising\Rfw\MonMid.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2000-06-01 21:00 M:2008-07-31 16:08]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\perfproc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 1776 / SYSTEM]   d:\Program Files\Rising\Rfw\rfwstub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2000-06-01 21:00 M:2008-07-31 16:09]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\System32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    C:\WINDOWS\System32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-05-11 11:50 M:2006-03-24 10:01]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2000-06-01 21:00 M:2008-07-31 16:09]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 2012 / LSCZ]   C:\WINDOWS\Explorer.EXE   [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ShimEng.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSACM32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\system32\appHelp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\cscui.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\themeui.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSIMG32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Msimtf.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msutb.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\System32\SAMLIB.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msi.dll  [Microsoft Corporation, 2.0.2600.1106, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\MPR.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\drprov.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ntlanman.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\NETUI0.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\NETUI1.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\NETRAP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\davclnt.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\shgina.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSGINA.dll  [Microsoft Corporation, 5.1.2600.1343 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\System32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ODBC32.dll  [Microsoft Corporation, 3.520.9041.40, C:2003-07-22 11:22 M:2003-07-22 11:22]
    C:\WINDOWS\system32\comdlg32.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\odbcint.dll  [Microsoft Corporation, 3.520.7713.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\LINKINFO.dll  [Microsoft Corporation, 5.1.2600.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\ntshrui.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ATL.DLL  [Microsoft Corporation, 3.00.9435, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\NETSHELL.dll  [Microsoft Corporation, 5.1.2600.1130 (xpsp2.020921-0842), C:2002-10-15 11:09 M:2002-10-15 11:09]
    C:\WINDOWS\system32\credui.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\urlmon.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\System32\webcheck.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\stobject.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\BatMeter.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\POWRPROF.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WTSAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\wdmaud.drv  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:04 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msacm32.drv  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\midimap.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\System32\printui.dll  [Microsoft Corporation, 5.1.2600.1125 (xpsp2.020921-0842), C:1980-01-01 00:00 M:2002-09-24 13:28]
    C:\WINDOWS\System32\WINSPOOL.DRV  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
    C:\WINDOWS\System32\ACTIVEDS.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\adsldpc.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CFGMGR32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\irprops.cpl  [Microsoft Corporation, 5.1.2600.1144 (xpsp2.021108-1929), C:2003-03-05 16:34 M:2002-11-22 14:47]
    C:\WINDOWS\System32\DEVMGR.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WMI.dll  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WSOCK32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\browselc.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:52]
    C:\WINDOWS\system32\WININET.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\System32\DUSER.dll  [Microsoft Corporation, 5.1.2600.1129 (xpsp2.020921-0842), C:2002-10-02 10:28 M:2002-10-02 10:28]
    d:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2000-06-01 20:49 M:2008-07-28 20:14]
    C:\WINDOWS\System32\mydocs.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WINTRUST.dll  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\IMAGEHLP.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rsaenh.dll  [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800), C:1980-01-01 00:00 M:2002-08-28 22:27]
    C:\WINDOWS\System32\SXS.DLL  [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705), C:2008-10-31 16:43 M:2004-08-21 05:53]
    C:\WINDOWS\System32\shdoclc.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\WinRAR\rarext.dll  [N/A, C:2000-06-01 21:15 M:2003-05-19 21:12]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2000-06-01 20:49 M:2008-07-28 20:14]
    d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll  []
    C:\WINDOWS\System32\OLEACC.dll  [Microsoft Corporation, 4.2.5406.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSVCP60.dll  [Microsoft Corporation, 6.00.8972.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-11-02 09:08 M:2008-09-23 17:39]
    d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-11-02 09:08 M:2008-09-23 17:39]
    d:\Program Files\StormII\spfa.dll  [北京暴风网际科技有限公司, 2, 7, 4, 2, C:2007-12-13 12:41 M:2007-12-13 12:41]

[PID: 280 / LSCZ]   d:\Program Files\Rising\Rfw\RfwMain.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2000-06-01 21:00 M:2008-07-27 20:39]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    C:\WINDOWS\System32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-05-11 11:50 M:2006-03-24 10:01]
    C:\WINDOWS\System32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    d:\Program Files\Rising\Rfw\RsGuiLib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2000-06-01 21:00 M:2008-07-31 16:09]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\RfwCtrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2000-06-01 21:00 M:2008-07-31 16:09]
    d:\Program Files\Rising\Rfw\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2000-06-01 21:00 M:2008-07-31 16:09]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2000-06-01 21:00 M:2008-07-31 16:08]
    C:\WINDOWS\System32\wintrust.dll  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\IMAGEHLP.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rsaenh.dll  [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800), C:1980-01-01 00:00 M:2002-08-28 22:27]
    C:\WINDOWS\system32\perfproc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\netapi32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\System32\cryptnet.dll  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\wininet.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wsock32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\RASAPI32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rasman.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\TAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rtutils.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\sensapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 284 / SYSTEM]   D:\PROGRAM FILES\RISING\RAV\RavStub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2000-06-01 20:49 M:2008-07-28 20:14]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\System32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    D:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2000-06-01 20:49 M:2008-07-28 20:14]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 388 / LSCZ]   D:\PROGRAM FILES\RISING\RAV\RavMon.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2000-06-01 20:49 M:2008-08-27 15:37]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\System32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    C:\WINDOWS\System32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-05-11 11:50 M:2006-03-24 10:01]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2000-06-01 20:49 M:2000-06-01 20:45]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    D:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2000-06-01 20:49 M:2008-08-20 15:52]
    D:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2000-06-01 20:49 M:2008-07-28 20:15]
    D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-06-16 15:20 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\PROGRAM FILES\RISING\RAV\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2000-06-01 20:49 M:2008-07-27 09:56]
    C:\WINDOWS\System32\wtsapi32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    D:\PROGRAM FILES\RISING\RAV\Rsguilib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2000-06-01 20:49 M:2008-07-27 09:56]
    C:\WINDOWS\System32\perfproc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    D:\PROGRAM FILES\RISING\RAV\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2000-06-01 20:49 M:2008-07-28 20:14]
    C:\WINDOWS\System32\Msimtf.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 452 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533), C:2008-10-31 16:37 M:2005-06-11 07:55]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\system32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SPOOLSS.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\localspl.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WINTRUST.dll  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\IMAGEHLP.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\winspool.drv  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
    C:\WINDOWS\system32\netapi32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\cnbjmon.dll  [Microsoft Corporation, 5.1.2503.0 (Lab06_N.010129-0357), C:2001-08-31 16:02 M:2001-09-05 21:00]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\pjlmon.dll  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:03 M:2001-09-05 21:00]
    C:\WINDOWS\system32\tcpmon.dll  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\usbmon.dll  [Microsoft Corporation, 5.1.2600.1125 (xpsp2.020921-0842), C:1980-01-01 00:00 M:2002-09-24 13:28]
    C:\WINDOWS\System32\winrnr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\win32spl.dll  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533), C:1980-01-01 00:00 M:2005-06-11 10:42]
    C:\WINDOWS\system32\NETRAP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\inetpp.dll  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\icmp.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 1592 / SYSTEM]   d:\Program Files\StormII\stormliv.exe   [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\StormII\MSVCP60.dll  [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43]
    C:\WINDOWS\System32\MFC42.DLL  [Microsoft Corporation, 6.00.8665.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\comdlg32.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WININET.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MFC42LOC.DLL  [Microsoft Corporation, 6.00.8665.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msxml3.dll  [Microsoft Corporation, 8.30.9926.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\winrnr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\atl.dll  [Microsoft Corporation, 3.00.9435, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\cryptdll.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\urlmon.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\System32\mlang.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 1836 / SYSTEM]   C:\WINDOWS\System32\QCONSVC.EXE   [IBM Corp., 2, 7, 2, 0, C:2000-06-01 20:14 M:2003-10-11 02:07]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\Apphelp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 1996 / SYSTEM]   C:\WINDOWS\System32\RegSrvc.exe   [Intel Corporation, 4, 1, 0, 0, C:2003-09-11 06:45 M:2003-09-11 06:45]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\System32\WINSPOOL.DRV  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
    C:\WINDOWS\System32\ATL.DLL  [Microsoft Corporation, 3.00.9435, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 676 / SYSTEM]   C:\WINDOWS\system32\TpKmpSVC.exe   [N/A, C:2000-06-01 19:51 M:2003-07-11 18:19]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\system32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 576 / SYSTEM]   d:\Program Files\ZHLX\ZHLXDBENGINE\dbsrvmgr.exe   [昆明智合力兴信息系统集成有限公司, 1, 0, 0, 1, C:2008-04-27 11:51 M:2008-04-27 11:51]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 2368 / LSCZ]   C:\WINDOWS\System32\TpShocks.exe   [IBM Corp., 1, 0, 0, 1, C:2000-06-01 19:49 M:2003-09-03 23:02]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\Sensor.dll  [N/A, C:2000-06-01 19:49 M:2003-09-10 17:28]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\Msimtf.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 2420 / LSCZ]   C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe   [N/A, C:1980-01-01 00:00 M:2003-08-07 15:57]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\netapi32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\urlmon.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wdmaud.drv  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:04 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msacm32.drv  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSACM32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\midimap.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll  [N/A, C:1980-01-01 00:00 M:2003-07-03 23:49]
    C:\WINDOWS\System32\PSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Oemdspif.dll  [(Verified)ATI Technologies, Inc., 6.14.0010, C:1980-01-01 00:00 M:2003-09-11 21:39]
    C:\WINDOWS\System32\wtsapi32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 2500 / LSCZ]   C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe   [N/A, C:1980-01-01 00:00 M:2003-06-23 07:34]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 2516 / LSCZ]   C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe   [IBM Corporation, 1.06, C:1980-01-01 00:00 M:2002-01-10 15:01]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\DDRAW.dll  [Microsoft Corporation, 5.3.0000000.900 built by: DIRECTX, C:2002-12-12 00:14 M:2002-12-12 00:14]
    C:\WINDOWS\System32\DCIMAN32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 2532 / LSCZ]   C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe   [IBM Corp., 1, 0, 0, 0, C:2000-06-01 19:52 M:2003-07-18 02:02]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\comdlg32.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSPOOL.DRV  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
    C:\WINDOWS\System32\oledlg.dll  [Microsoft Corporation, 1.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\OLEPRO32.DLL  [Microsoft Corporation, 5.0.5014, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\setupapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 2608 / LSCZ]   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe   [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:11]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 2668 / LSCZ]   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe   [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\comdlg32.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\SynCOM.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 10:55]
    C:\WINDOWS\System32\SynTPAPI.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 10:54]
    C:\WINDOWS\System32\netapi32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\urlmon.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 2684 / LSCZ]   C:\WINDOWS\AGRSMMSG.exe   [(Verified)Agere Systems, 2.1.31 2.1.31 06/27/2003 08:53:31, C:1980-01-01 00:00 M:2003-06-27 08:53]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 2916 / LSCZ]   C:\Program Files\Support.com\bin\tgcmd.exe   [SupportSoft, Inc., 5,8,136,0, C:2002-10-16 16:59 M:2002-10-16 16:59]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\System32\WSOCK32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\Program Files\Support.com\bin\2052\tglocale.dll  [N/A, C:2002-01-08 09:07 M:2002-02-28 03:27]
    C:\Program Files\Support.com\bin\sdcmon.dll  [SupportSoft, Inc., 5,8,136,0, C:2002-10-16 16:59 M:2002-10-16 16:59]
    C:\WINDOWS\system32\WININET.DLL  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\URLMON.DLL  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\PSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\winrnr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rasapi32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rasman.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\TAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rtutils.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 3008 / LSCZ]   C:\WINDOWS\system32\dla\tfswctrl.exe   [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\System32\tfswapi.dll  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\dla\tfswcres.dll  [Sonic Solutions, 1.04.07a, C:2000-06-01 20:05 M:2003-09-26 01:04]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\Wtsapi32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 3048 / LSCZ]   C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE   [IBM Corp., 2, 7, 2, 0, C:2000-06-01 20:14 M:2003-10-11 02:07]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll  [IBM Corp., 2, 7, 2, 0, C:2000-06-01 20:14 M:2003-10-11 02:07]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\System32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\RASAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rasman.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\TAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rtutils.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\RASDLG.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MPRAPI.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\ACTIVEDS.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\adsldpc.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ATL.DLL  [Microsoft Corporation, 3.00.9435, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SAMLIB.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WININET.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\PSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\Program Files\ThinkPad\ConnectUtilities\MerlinC201.dll  [Novatel Wireless Inc., 1, 0, 0, 1, C:2000-06-01 20:14 M:2003-10-11 02:07]
    C:\WINDOWS\System32\MSVCIRT.dll  [Microsoft Corporation, 7.0.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MFC42.DLL  [Microsoft Corporation, 6.00.8665.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\comdlg32.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSVCP60.dll  [Microsoft Corporation, 6.00.8972.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MFC42LOC.DLL  [Microsoft Corporation, 6.00.8665.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\CfgMgr32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\SbrngAPI.dll  [Intel Corporation, 1, 7, 0, 0, C:2003-09-11 06:54 M:2003-09-11 06:54]
    C:\WINDOWS\System32\PfMgrApi.dll  [Intel Corporation, 4, 1, 0, 0, C:2003-09-11 06:45 M:2003-09-11 06:45]
    C:\WINDOWS\System32\PsRegApi.dll  [Intel Corporation, 4, 1, 0, 0, C:2003-09-11 06:45 M:2003-09-11 06:45]
    C:\WINDOWS\System32\WINSPOOL.DRV  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
    C:\WINDOWS\System32\WConfig.DLL  [Intel Corporation, 4, 1, 0, 1, C:2003-09-11 06:46 M:2003-09-11 06:46]
    C:\WINDOWS\System32\WiFiAdap.DLL  [Intel Corporation, 4, 1, 0, 0, C:2003-09-11 06:45 M:2003-09-11 06:45]
    C:\WINDOWS\System32\S24MUDLL.dll  [Intel Corporation, 4, 1, 0, 3, C:2003-09-11 06:45 M:2003-09-11 06:45]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 3128 / LSCZ]   D:\Program Files\Rising\Rav\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2000-06-01 20:49 M:2008-07-27 09:56]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    D:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2000-06-01 20:49 M:2008-07-28 20:14]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    D:\Program Files\Rising\Rav\RSAPPMGR.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2000-06-01 20:49 M:2008-07-28 20:14]
    D:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-06-16 15:20 M:2008-07-28 20:14]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 3204 / LSCZ]   C:\WINDOWS\System32\ctfmon.exe   [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSUTB.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]

[PID: 3236 / LSCZ]   C:\Program Files\Messenger\msmsgs.exe   [Microsoft Corporation, 4.7.0041, C:2003-03-05 16:37 M:2002-08-20 15:08]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\GDI32.DLL  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\OLE32.DLL  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.DLL  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\MSVCRT.DLL  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\Program Files\Messenger\MSGSLANG.DLL  [Microsoft Corporation, 4.7.0041, C:2003-03-05 16:37 M:2002-08-20 16:13]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\SXS.DLL  [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705), C:2008-10-31 16:43 M:2004-08-21 05:53]
    C:\WINDOWS\System32\wtsapi32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\PROGRA~1\MESSEN~1\rtcimsp.dll  [Microsoft Corporation, 4.0.3599.0 (Lab02_N(ntvbl02).020107-1351), C:2003-03-05 16:37 M:2002-08-20 12:34]
    C:\WINDOWS\System32\WSOCK32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\rtcdll.dll  [Microsoft Corporation, 5.1.2600.1351 (xpsp2.040109-1800), C:2008-10-31 16:31 M:2004-03-30 09:50]
    C:\WINDOWS\System32\ATL.DLL  [Microsoft Corporation, 3.00.9435, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WININET.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\termmgr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\rtutils.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\quartz.dll  [Microsoft Corporation, 6.05.01.0902, C:2003-05-30 09:00 M:2003-05-30 09:00]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\dxmrtp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSVFW32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\DSOUND.dll  [Microsoft Corporation, 5.3.0000000.900 built by: DIRECTX, C:2002-12-12 00:14 M:2002-12-12 00:14]
    C:\WINDOWS\System32\PSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\devenum.dll  [Microsoft Corporation, 6.05.01.0902, C:2003-05-30 09:00 M:2003-05-30 09:00]
    C:\WINDOWS\System32\setupapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wdmaud.drv  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:04 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msacm32.drv  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSACM32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\midimap.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msdmo.dll  [N/A, C:2002-12-12 00:14 M:2002-12-12 00:14]
    C:\WINDOWS\System32\dpnhupnp.dll  [Microsoft Corporation, 5.3.0000000.901 built by: DIRECTX, C:2003-03-24 09:00 M:2003-03-24 09:00]
    C:\WINDOWS\System32\rsaenh.dll  [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800), C:1980-01-01 00:00 M:2002-08-28 22:27]
    C:\WINDOWS\System32\rasapi32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rasman.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\System32\TAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\winrnr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\es.dll  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\credui.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\sensapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\hnetcfg.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\netshell.dll  [Microsoft Corporation, 5.1.2600.1130 (xpsp2.020921-0842), C:2002-10-15 11:09 M:2002-10-15 11:09]
    C:\WINDOWS\System32\wbem\wbemprox.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wbem\wbemcomn.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wbem\wbemsvc.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:36 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wbem\fastprox.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2003-03-05 16:36 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msi.dll  [Microsoft Corporation, 2.0.2600.1106, C:1980-01-01 00:00 M:2002-09-09 15:53]

[PID: 3724 / SYSTEM]   d:\Program Files\ZHLX\ZHLXDBENGINE\Binn\Sqlservr.exe   [Microsoft Corporation, 2000.080.2039.00, C:2005-05-04 00:19 M:2005-05-04 00:19]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    d:\Program Files\ZHLX\ZHLXDBENGINE\Binn\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-11-29 12:06 M:2004-11-29 12:06]
    d:\Program Files\ZHLX\ZHLXDBENGINE\Binn\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-11-29 12:06 M:2004-11-29 12:06]
    d:\Program Files\ZHLX\ZHLXDBENGINE\Binn\opends60.dll  [Microsoft Corporation, 2000.080.2039.00, C:2005-05-04 00:02 M:2005-05-04 00:02]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    d:\Program Files\ZHLX\ZHLXDBENGINE\Binn\sqlsort.dll  [Microsoft Corporation, 2000.080.2039.00, C:2005-05-04 00:02 M:2005-05-04 00:02]
    d:\Program Files\ZHLX\ZHLXDBENGINE\Binn\ums.dll  [Microsoft Corporation, 2000.080.2039.00, C:2005-05-04 00:02 M:2005-05-04 00:02]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\ZHLX\ZHLXDBENGINE\Binn\Resources\2052\sqlevn70.RLL  [Microsoft Corporation, 2000.080.2039.00, C:2005-05-04 00:19 M:2005-05-04 00:19]
    C:\WINDOWS\System32\NETAPI32.DLL  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\System32\AUTHZ.DLL  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:2008-10-31 16:35 M:2005-03-03 02:21]
    d:\Program Files\ZHLX\ZHLXDBENGINE\binn\SSNETLIB.dll  [Microsoft Corporation, 2000.080.2039.00, C:2005-05-04 00:02 M:2005-05-04 00:02]
    C:\WINDOWS\System32\WSOCK32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\NTMARTA.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\SAMLIB.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\security.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\SECUR32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\winrnr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\ZHLX\ZHLXDBENGINE\Binn\SSmsLPCn.dll  [Microsoft Corporation, 2000.080.2039.00, C:2005-05-04 00:02 M:2005-05-04 00:02]
    d:\Program Files\ZHLX\ZHLXDBENGINE\Binn\SSnmPN70.dll  [Microsoft Corporation, 2000.080.2039.00, C:2005-05-04 00:02 M:2005-05-04 00:02]
    C:\WINDOWS\System32\ntdsapi.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 3452 / LSCZ]   D:\Program Files\Tencent\TT\bin\TTraveler.exe   [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    D:\Program Files\Tencent\TT\bin\TTUtilWidget.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:49 M:2008-08-08 14:49]
    C:\WINDOWS\System32\IMM32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\ole32.dll  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\urlmon.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\System32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\WININET.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\imagehlp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    D:\Program Files\Tencent\TT\bin\TTStore.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:49 M:2008-08-08 14:49]
    D:\Program Files\Tencent\TT\bin\sqlite3.dll  [(Verified)N/A, C:2008-08-08 14:47 M:2008-08-08 14:47]
    D:\Program Files\Tencent\TT\bin\PlatformWidget.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:46 M:2008-08-08 14:46]
    D:\Program Files\Tencent\TT\bin\TTMainFrame.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48]
    C:\WINDOWS\System32\DINPUT.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    D:\Program Files\Tencent\TT\bin\UpdateUtil.dll  [(Verified)N/A, C:2008-08-08 14:49 M:2008-08-08 14:49]
    C:\WINDOWS\System32\MFC42.DLL  [Microsoft Corporation, 6.00.8665.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSVCP60.dll  [Microsoft Corporation, 6.00.8972.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WSOCK32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\comdlg32.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSIMG32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158), C:2007-05-20 17:50 M:2007-05-20 17:50]
    C:\WINDOWS\System32\MFC42LOC.DLL  [Microsoft Corporation, 6.00.8665.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msxml3.dll  [Microsoft Corporation, 8.30.9926.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    D:\Program Files\Tencent\TT\bin\TTMBrowser.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48]
    D:\Program Files\Tencent\TT\bin\TTabMgr.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:47 M:2008-08-08 14:47]
    C:\WINDOWS\System32\Msimtf.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    D:\Program Files\Tencent\TT\bin\TTSkin.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:49 M:2008-08-08 14:49]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\appHelp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\cscui.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SXS.DLL  [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705), C:2008-10-31 16:43 M:2004-08-21 05:53]
    D:\Program Files\Tencent\TT\bin\TTPluginMng.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48]
    D:\Program Files\Tencent\TT\Plugins\3TTWeather\TTWeather.dll  [Tencent, 1.0.0.1, C:2008-08-08 10:34 M:2008-08-08 10:34]
    D:\Program Files\Tencent\TT\Plugins\WebInfo\WebToolbar.dll  [Tencent, 1.0.0.1, C:2008-08-08 10:34 M:2008-08-08 10:34]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\mlang.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\RASAPI32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rasman.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\TAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rtutils.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\sensapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    D:\Program Files\Tencent\TT\bin\FavoriteLogical.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:46 M:2008-08-08 14:46]
    D:\Program Files\Tencent\TT\bin\TSupport.dll  [(Verified)TENCENT Inc., 1, 2, 11, 201, C:2008-08-08 14:47 M:2008-08-08 14:47]
    C:\WINDOWS\System32\Psapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\winrnr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\dciman32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\HID.DLL  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:02 M:2001-09-05 21:00]
    D:\Program Files\Tencent\TT\bin\TTHtmlApp.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48]
    C:\WINDOWS\System32\msi.dll  [Microsoft Corporation, 2.0.2600.1106, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\shdoclc.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\mshtml.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    D:\Program Files\Tencent\TT\bin\TTFilter.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:47 M:2008-08-08 14:47]
    D:\Program Files\Tencent\TT\bin\TTNetwork.dll  [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48]
    C:\WINDOWS\System32\jscript.dll  [Microsoft Corporation, 5.6.0.8513, C:2003-01-13 14:57 M:2003-01-13 14:57]
    C:\WINDOWS\System32\MSLS31.DLL  [Microsoft Corporation, 3.10.349.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\imgutil.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\mshtmled.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wdmaud.drv  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:04 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msacm32.drv  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSACM32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\midimap.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\iepeers.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSPOOL.DRV  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
    C:\WINDOWS\System32\Macromed\Flash\Flash9f.ocx  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
    C:\WINDOWS\System32\dxtrans.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ATL.DLL  [Microsoft Corporation, 3.00.9435, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ddrawex.dll  [Microsoft Corporation, 5.3.0000000.900 built by: DIRECTX, C:2002-12-12 00:14 M:2002-12-12 00:14]
    C:\WINDOWS\System32\DDRAW.dll  [Microsoft Corporation, 5.3.0000000.900 built by: DIRECTX, C:2002-12-12 00:14 M:2002-12-12 00:14]
    C:\WINDOWS\System32\dxtmsft.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\schannel.dll  [Microsoft Corporation, 5.1.2600.1347 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\System32\pngfilt.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\actxprxy.dll  [Microsoft Corporation, 6.00.2600.0000 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSRATING.DLL  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\msratelc.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 1148 / LSCZ]   D:\Program Files\Tencent\TT\bin\ttpartner.exe   [(Verified)N/A, C:2008-08-08 14:48 M:2008-08-08 14:48]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\PSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]

[PID: 2540 / LSCZ]   d:\Program Files\Tencent\QQDownload\QQDownload.exe   [(Verified)Tencent Technology (Shenzhen) Company Limited, 1, 9, 241, 241, C:2007-10-10 13:43 M:2007-10-10 13:43]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\WININET.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\OLE32.DLL  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\MFC42.DLL  [Microsoft Corporation, 6.00.8665.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\OLEPRO32.DLL  [Microsoft Corporation, 5.0.5014, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\urlmon.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSVCP60.dll  [Microsoft Corporation, 6.00.8972.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WSOCK32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\NETAPI32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\IMAGEHLP.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MFC42LOC.DLL  [Microsoft Corporation, 6.00.8665.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\RICHED32.DLL  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\RICHED20.dll  [Microsoft Corporation, 5.30.23.1211, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\Msimtf.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\appHelp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\cscui.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Tencent\QQDownload\xmain.dll  [(Verified)Tencent Technology (Shenzhen) Company Limited, 1.9.242.242, C:2007-10-10 13:43 M:2007-10-10 13:43]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.762, C:2007-05-20 17:50 M:2007-05-20 17:50]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2007-05-20 17:50 M:2007-05-20 17:50]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL  [Microsoft Corporation, 8.00.50727.762, C:2007-05-20 17:50 M:2007-05-20 17:50]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msi.dll  [Microsoft Corporation, 2.0.2600.1106, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SXS.DLL  [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705), C:2008-10-31 16:43 M:2004-08-21 05:53]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\shdoclc.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\mlang.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\RASAPI32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rasman.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\TAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rtutils.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\sensapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\winrnr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\mshtml.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\System32\jscript.dll  [Microsoft Corporation, 5.6.0.8513, C:2003-01-13 14:57 M:2003-01-13 14:57]
    C:\WINDOWS\System32\MSLS31.DLL  [Microsoft Corporation, 3.10.349.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msxml3.dll  [Microsoft Corporation, 8.30.9926.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\imgutil.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Tencent\QQDownload\xcore.dll  [(Verified)Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 90, C:2007-06-17 14:22 M:2007-06-17 14:22]
    C:\WINDOWS\System32\Msimg32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Tencent\QQDownload\VideoParser.dll  [(Verified)Copyright 2008, 1, 9, 2, 201, C:2007-10-10 13:43 M:2007-10-10 13:43]
    C:\WINDOWS\System32\ATL.DLL  [Microsoft Corporation, 3.00.9435, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wdmaud.drv  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2001-08-31 16:04 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msacm32.drv  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSACM32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\midimap.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]

[PID: 3920 / LSCZ]   D:\Program Files\arswp\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-08-15 22:25 M:2008-08-15 22:25]
    C:\WINDOWS\System32\ntdll.dll  [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131), C:1980-01-01 00:00 M:2003-05-01 16:57]
    C:\WINDOWS\system32\kernel32.dll  [Microsoft Corporation, 5.1.2600.1560 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\SHLWAPI.dll  [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\system32\ADVAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\RPCRT4.dll  [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800), C:2008-10-31 16:39 M:2004-03-06 10:17]
    C:\WINDOWS\system32\GDI32.dll  [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325), C:1980-01-01 00:00 M:2004-06-18 02:31]
    C:\WINDOWS\system32\USER32.dll  [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526), C:1980-01-01 00:00 M:2005-03-03 02:21]
    C:\WINDOWS\system32\msvcrt.dll  [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\WININET.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\CRYPT32.dll  [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842), C:2002-09-23 15:10 M:2002-09-23 15:10]
    C:\WINDOWS\system32\MSASN1.dll  [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800), C:1980-01-01 00:00 M:2004-03-30 09:50]
    C:\WINDOWS\system32\OLEAUT32.dll  [Microsoft Corporation, 3.50.5016.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\OLE32.DLL  [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526), C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\system32\VERSION.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\imagehlp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINTRUST.dll  [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WTSAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSTA.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\PSAPI.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\system32\comdlg32.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\WINSPOOL.DRV  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:54]
    C:\WINDOWS\System32\oledlg.dll  [Microsoft Corporation, 1.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\OLEPRO32.DLL  [Microsoft Corporation, 5.0.5014, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\urlmon.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\System32\WSOCK32.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WS2HELP.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\MSVCP60.dll  [Microsoft Corporation, 6.00.8972.0, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SETUPAPI.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\IMM32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\LPK.DLL  [Microsoft Corporation, 5.1.2600.1126 (xpsp2.020921-0842), C:2002-09-25 19:53 M:2002-09-25 19:53]
    C:\WINDOWS\System32\USP10.dll  [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    d:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-27 20:40 M:2008-07-27 20:38]
    d:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-27 20:40 M:2008-07-27 20:38]
    C:\WINDOWS\System32\uxtheme.dll  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\MSCTF.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SynTPFcs.dll  [(Verified)Synaptics, Inc., 7.5.17.6 28Aug03, C:2000-06-01 19:55 M:2003-08-28 11:10]
    C:\WINDOWS\system32\appHelp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\CLBCATQ.DLL  [Microsoft Corporation, 2001.12.4414.62, C:2008-10-31 16:39 M:2005-07-26 12:38]
    C:\WINDOWS\System32\COMRes.dll  [Microsoft Corporation, 2001.12.4414.42, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\msctfime.ime  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-08-29 01:11]
    C:\WINDOWS\System32\Msimtf.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\netapi32.dll  [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\USERENV.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Secur32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\asycfilt.dll  [Microsoft Corporation, 3.50.5014, C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\mlang.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\mswsock.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\RASAPI32.DLL  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rasman.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\TAPI32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\rtutils.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\WINMM.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\wshtcpip.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\winrnr.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\system32\WLDAP32.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\sensapi.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\Cabinet.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\SXS.DLL  [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705), C:2008-10-31 16:43 M:2004-08-21 05:53]
    C:\WINDOWS\System32\shdoclc.dll  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
    C:\WINDOWS\System32\mshtml.dll  [Microsoft Corporation, 6.00.2800.1226, C:2003-07-13 16:07 M:2003-07-13 16:07]
    C:\WINDOWS\System32\MSLS31.DLL  [Microsoft Corporation, 3.10.349.0, C:1980-01-01 00:00 M:2001-09-05 21:00]
    D:\Program Files\arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19]
    C:\WINDOWS\System32\LINKINFO.dll  [Microsoft Corporation, 5.1.2600.1740 (xpsp2.050831-1533), C:2008-10-31 16:38 M:2005-09-01 09:51]
    C:\WINDOWS\System32\ntshrui.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\ATL.DLL  [Microsoft Corporation, 3.00.9435, C:1980-01-01 00:00 M:2002-09-09 15:53]
    C:\WINDOWS\System32\mstask.dll  [Microsoft Corporation, 5.1.2600.1564 (xpsp2_gdr.040517-1325), C:2008-10-31 16:32 M:2004-06-09 06:01]
    C:\WINDOWS\system32\MPR.dll  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]


========================================
文件关联

[.txt] <C:\WINDOWS\notepad.exe %1> [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:31 M:2001-09-05 21:00]
[.log] <C:\WINDOWS\notepad.exe %1> [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2003-03-05 16:31 M:2001-09-05 21:00]
[.ini] <C:\WINDOWS\System32\NOTEPAD.EXE %1> [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[.hlp] <%SystemRoot%\System32\winhlp32.exe %1> [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
[.vbs] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.6.0.6626, C:1980-01-01 00:00 M:2001-09-05 21:00]
[.js] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.6.0.6626, C:1980-01-01 00:00 M:2001-09-05 21:00]
[.chm] <"hh.exe" %1> [Microsoft Corporation, 5.2.3790.315 (srv03_gdr.050421-1728), C:2002-09-21 20:13 M:2005-05-26 06:44]


========================================
AutoRun.INF



========================================
Winsock提供者

MSAFD Tcpip [TCP/IP]
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD Tcpip [UDP/IP]
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD Tcpip [RAW/IP]
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
RSVP UDP Service Provider
    <%SystemRoot%\system32\rsvpsp.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
RSVP TCP Service Provider
    <%SystemRoot%\system32\rsvpsp.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD Irda [IrDA]
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{97223096-1B00-455C-AF8E-2979016460A3}] SEQPACKET 4
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{97223096-1B00-455C-AF8E-2979016460A3}] DATAGRAM 4
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{99273B07-3E0B-42B1-9C97-E7B5B92168B5}] SEQPACKET 3
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{99273B07-3E0B-42B1-9C97-E7B5B92168B5}] DATAGRAM 3
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5840C426-3ED8-4929-86A2-2DB8E8475463}] SEQPACKET 0
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5840C426-3ED8-4929-86A2-2DB8E8475463}] DATAGRAM 0
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E2B64C7-261C-4F89-993A-71A9F0A57C02}] SEQPACKET 1
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E2B64C7-261C-4F89-993A-71A9F0A57C02}] DATAGRAM 1
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E109CF83-60C8-420C-A1DF-8FE481DF4B4B}] SEQPACKET 2
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E109CF83-60C8-420C-A1DF-8FE481DF4B4B}] DATAGRAM 2
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2001-09-05 21:00]


========================================
HOSTS

    127.0.0.1 localhost


[/CODE]