{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fmodern\fprq6\fcharset134 \'cb\'ce\'cc\'e5;}} {\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\lang2052\f0\fs20 [CODE]\par \par 2009-08-29,10:01:41\par \par System Repair Engineer 2.8.1.1279\par Smallfrogs (http://www.KZTechs.com)\par \par Windows XP Professional Service Pack 2 (Build 2600) - \'b9\'dc\'c0\'ed\'c8\'a8\'cf\'de\'d3\'c3\'bb\'a7 - \'cd\'ea\'d5\'fb\'b9\'a6\'c4\'dc\par \par \'d2\'d4\'cf\'c2\'c4\'da\'c8\'dd\'b1\'bb\'d1\'a1\'d6\'d0\'a3\'ba\par \'cb\'f9\'d3\'d0\'b5\'c4\'c6\'f4\'b6\'af\'cf\'ee\'c4\'bf\'a3\'a8\'b0\'fc\'c0\'a8\'d7\'a2\'b2\'e1\'b1\'ed\'a1\'a2\'c6\'f4\'b6\'af\'ce\'c4\'bc\'fe\'bc\'d0\'a1\'a2\'b7\'fe\'ce\'f1\'b5\'c8\'a3\'a9\par \'e4\'af\'c0\'c0\'c6\'f7\'bc\'d3\'d4\'d8\'cf\'ee\par \'d5\'fd\'d4\'da\'d4\'cb\'d0\'d0\'b5\'c4\'bd\'f8\'b3\'cc\'a3\'a8\'b0\'fc\'c0\'a8\'bd\'f8\'b3\'cc\'c4\'a3\'bf\'e9\'d0\'c5\'cf\'a2\'a3\'a9\par \'ce\'c4\'bc\'fe\'b9\'d8\'c1\'aa\par Winsock \'cc\'e1\'b9\'a9\'d5\'df\par Autorun.inf\par HOSTS \'ce\'c4\'bc\'fe\par \'bd\'f8\'b3\'cc\'cc\'d8\'c8\'a8\'c9\'a8\'c3\'e8\par \'bc\'c6\'bb\'ae\'c8\'ce\'ce\'f1\par Windows \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'bc\'ec\'b2\'e9\par API HOOK\par \'d2\'fe\'b2\'d8\'bd\'f8\'b3\'cc\par \par \par \'c6\'f4\'b6\'af\'cf\'ee\'c4\'bf\par \'d7\'a2\'b2\'e1\'b1\'ed\par [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows]\par <> [N/A]\par [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]\par <"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]\par <360Safebox><"C:\\Program Files\\360Safebox\\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]\par <360Safetray> []\par <"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]\par []\par <"D:\\Rising\\Rav\\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]\par [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon]\par [(Verified)Microsoft Windows Publisher]\par [(Infected) Microsoft Corporation]\par [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows]\par <> [N/A]\par [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks]\par <\{AEB6717E-7E19-11d0-97EE-00C04FD91972\}> [(Verified)Microsoft Windows Component Publisher]\par <\{E3531A16-FFEA-416F-82DF-32FEDE02EABF\}> []\par <\{A6B7F435-38B4-4DCC-9EBF-21C968ECF4FD\}> []\par <\{AB8105BD-1B1B-40F3-8D3D-65FD7FC68CC5\}> []\par <\{CF2C613A-A0D9-4E5C-B1BB-6B03B269B054\}> []\par <\{A600E212-2A41-41BC-92F1-ED5C96B06185\}> []\par <\{4E5CFE74-700B-4A8B-B0BF-A6B47D896C18\}> []\par <\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC\}> []\par <\{5405A7B2-F3F5-446F-8715-2A4EF674E079\}> []\par <\{610B6886-2A1A-475A-A842-65A613C70460\}> []\par <\{765BA0B5-EBE4-4B1A-AFDA-5683606F626C\}> []\par <\{87DE8A1A-96C5-4420-B222-EF998F697CE7\}> []\par <\{108DA6C0-CFBF-41D4-9A09-C4D06AE6FFD2\}> []\par <\{704C3595-DB85-40F6-A601-8D6F346907BD\}> []\par <\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E\}> []\par <\{8708994F-1758-4C2C-9A3F-FA22D6CCCB41\}> []\par <\{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA\}> []\par <\{1055CA44-51F8-486B-8CBD-DC7AD4213F1E\}> []\par <\{53915AE3-2660-4870-B092-C9E5A292D327\}> []\par <\{CD478099-014D-4B3A-A4BB-B518F1019BC7\}> []\par <\{7F41BC77-7742-4ABF-9277-1316B43D049A\}> []\par <\{23DA65D2-C696-4EE4-BEE8-B4841DEC3E30\}> []\par <\{2EF0D734-21FD-4225-A1A2-BCD296182AAF\}> []\par <\{51AA0D89-E9A9-4284-93E8-40C0FDD59304\}> []\par <\{0A2D7F10-1153-4061-AA4B-ACB870212B57\}> []\par <\{A5CA6C70-7185-4466-AB45-B1C34E7A37CA\}> []\par <\{BE12C98F-645D-4566-B524-DC32040B7C8A\}> []\par <\{822775B8-E45B-4E55-9325-0753A0C1DC00\}> []\par <\{1719B301-B494-4185-9379-242461F9CF02\}> []\par <\{38FEFE05-702C-440D-AD5C-B796209A1CC5\}> []\par <\{50EBD6A5-0CF6-4E59-AE08-CCD991AA0596\}> []\par <\{737858A9-9AEA-4838-9B49-54DA731F7F37\}> []\par <\{51716C09-6B08-4CCF-B526-718E912C0573\}> []\par <\{CE38B9E6-AF0C-4B93-AFAB-A20C2311FFD0\}> []\par <\{41D2953A-CB90-485A-8673-6975088309F7\}> []\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]\par <%SystemRoot%\\system32\\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]\par <%SystemRoot%\\system32\\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]\par <%SystemRoot%\\system32\\webcheck.dll> [(Verified)Microsoft Windows Publisher]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\crypt32chain]\par [(Verified)Microsoft Windows Component Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\cryptnet]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\cscdll]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\ScCertProp]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\Schedule]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\sclgntfy]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\SensLogn]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\termsrv]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\wlballoon]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler]\par <\{438755C2-A8BA-11D1-B96B-00A0C90312E1\}><%SystemRoot%\\system32\\browseui.dll> [(Verified)Microsoft Windows Component Publisher]\par <\{8C7461EF-2B13-11d2-BE35-3078302C2030\}><%SystemRoot%\\system32\\browseui.dll> [(Verified)Microsoft Windows Component Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>\{22d6f312-b0f6-11d0-94ab-0080c74c7e95\}]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>\{26923b43-4d38-484f-9b9e-de460746276c\}]\par <%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigIE> [File is missing]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>\{60B49E34-C7CC-11D0-8953-00A0C90347FF\}MICROS]\par <\'e4\'af\'c0\'c0\'c6\'f7\'d7\'d4\'b6\'a8\'d2\'e5\'d7\'e9\'bc\'fe> [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>\{881dd1c5-3dcf-431b-b061-f3f88e8be88a\}]\par <%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE> [File is missing]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED\}]\par <%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll> [File is missing]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C\}]\par <"%ProgramFiles%\\Outlook Express\\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\\{44BBA842-CC51-11CF-AAFA-00AA00B6015B\}]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\\{5945c046-1e7d-11d1-bc44-00c04fd912be\}]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\\{6BF52A52-394A-11d3-B153-00C04F79FAA6\}]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\\{7790769C-0471-11d2-AF11-00C04FA35D02\}]\par <\'cd\'a8\'d1\'b6\'b2\'be 6><"%ProgramFiles%\\Outlook Express\\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\\{89820200-ECBD-11cf-8B85-00AA005B4340\}]\par [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\\{89820200-ECBD-11cf-8B85-00AA005B4383\}]\par <%SystemRoot%\\system32\\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\360hotfix.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\360rpt.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\360safe.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\360safebox.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\360tray.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\agentsvr.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\apvxdwin.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ast.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\avcenter.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\avengine.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\avgnt.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\avguard.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\avltmain.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\avp32.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\avtask.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bdagent.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bdwizreg.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\boxmod.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ccapp.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ccenter.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ccevtmgr.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ccregvfy.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ccsetmgr.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\cqw32.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DrvAnti.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\egui.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ekrn.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\enc98.EXE]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\extdb.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\frameworkservice.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\frwstub.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\guardfield.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\iparmor.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kaccore.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kasmain.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kav32.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kavstart.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kavsvc.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kavsvcui.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kislnchr.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kissvc.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kmailmon.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\knownsvr.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kpfw32.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kpfwsvc.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kregex.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kvfw.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kvmonxp.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kvmonxp.kxp]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kvol.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kvprescan.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kvsrvxp.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kvwsc.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kvxp.kxp]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\kwatch.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\livesrv.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\mcagent.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\mcdash.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\mcdetect.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\mcshield.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\mctskshd.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\mcvsescn.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\mcvsshld.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\mghtml.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\naprdmgr.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\navapsvc.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\navapw32.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\navw32.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\nmain.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\nod32.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\nod32krn.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\nod32kui.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\npfmntor.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\oasclnt.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\pavsrv51.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\pfw.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\psctrls.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\psimreal.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\psimsvc.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\qqdoctormain.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ras.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ravmon.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ravmond.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ravstub.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ravtask.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rfwcfg.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rfwmain.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rfwproxy.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rfwsrv.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rsagent.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rsmain.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rsnetsvr.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rssafety.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rstray.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\safebank.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\safeboxtray.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\scan32.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\scanfrm.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sched.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\seccenter.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\secnotifier.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\SetupLD.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\shstat.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\smartup.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sndsrvc.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\spbbcsvc.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\symlcsvc.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\tbmon.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\uihost.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ulibcfg.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\updaterui.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\uplive.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\vcr32.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\vcrmon.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\vptray.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\vsserv.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\vstskmgr.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\webproxy.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\xcommsvr.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\xnlscn.exe]\par [N/A]\par [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\\'d0\'de\'b8\'b4\'b9\'a4\'be\'df.]\par [N/A]\par [HKEY_CURRENT_USER\\Control Panel\\Desktop]\par [(Verified)Microsoft Windows Publisher]\par \par ==================================\par \'c6\'f4\'b6\'af\'ce\'c4\'bc\'fe\'bc\'d0\par N/A\par \par ==================================\par \'b7\'fe\'ce\'f1\par [6to4 / 6to4][Stopped/Auto Start]\par C:\\WINDOWS\\system32\\6to4.dll>\par [Human Interface Device Access / HidServ][Stopped/Disabled]\par %SystemRoot%\\System32\\hidserv.dll>\par [Ias / Ias][Stopped/Auto Start]\par C:\\WINDOWS\\system32\\Ias.dll>\par [Rav Process Communication Center / RavCCenter][Stopped/Auto Start]\par \par [Rising RavTask Manager / RavTask][Stopped/Auto Start]\par <"D:\\Rising\\Rav\\RavTask.exe" RavTask>\par [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]\par \par [Rising Scan Service / RsScanSrv][Stopped/Auto Start]\par \par \par ==================================\par \'c7\'fd\'b6\'af\'b3\'cc\'d0\'f2\par [Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]\par \par [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]\par \par [CALLKEY_IO / CALLKEY_IO][Stopped/Manual Start]\par <\\??\\C:\\Program Files\\lenovo\\\'d6\'c7\'c4\'dc\'ce\'ac\'bb\'a43.0\\CALLKEY.sys>\par [VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]\par \par [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]\par \par [hookcont / hookcont][Running/System Start]\par \par [hooksys / hooksys][Running/System Start]\par \par [NTSIM / NTSIM][Stopped/Manual Start]\par <\\??\\C:\\WINDOWS\\system32\\ntsim.sys>\par [Direct Parallel Link Driver / Ptilink][Running/Manual Start]\par \par [RsNTGDI / RsNTGDI][Running/Boot Start]\par <\\SystemRoot\\system32\\Drivers\\RsNTGdi.sys>\par [SafeBoxKrnl / SafeBoxKrnl][Running/System Start]\par <\\??\\C:\\WINDOWS\\system32\\drivers\\SafeBoxKrnl.sys><360\'b0\'b2\'c8\'ab\'d6\'d0\'d0\'c4>\par [Secdrv / Secdrv][Stopped/Manual Start]\par \par [viagfx / viagfx][Running/Manual Start]\par \par [viamraid / viamraid][Running/Boot Start]\par <\\SystemRoot\\system32\\DRIVERS\\viamraid.sys>\par [WmiSvc / WmiSvc][Running/Auto Start]\par <\\??\\C:\\WINDOWS\\system32\\drivers\\WmiSvc.sys>\par [pcidump / pcidump][Running/Disabled]\par <\\??\\C:\\WINDOWS\\system32\\drivers\\pcidump.sys>\par \par ==================================\par \'e4\'af\'c0\'c0\'c6\'f7\'bc\'d3\'d4\'d8\'cf\'ee\par [ThunderAtOnce Class]\par \{01443AEC-0FD1-40fd-9C87-E93D1494C233\} \par [Adobe PDF Link Helper]\par \{18DF081C-E8AD-4283-A596-FA578C2EBDC3\} \par [Thunder Browser Helper]\par \{889D2FEB-5411-4565-8998-1DD2C5261283\} \par [SafeMon Class]\par \{B69F34DD-F0F9-42DC-9EDD-957187DA688D\} \par [\'c6\'f4\'b6\'af\'d1\'b8\'c0\'d75]\par \{09BA8F6D-CB54-424B-839C-C2A6C8E6B436\} \par [Messenger]\par \{FB5F1910-F110-11d2-BB9E-00C04F795683\} \par [Rising Online Antivirus scanner control]\par \{9FAFB576-6933-4CCC-AB3D-B988EC43D04E\} <%ProgramFiles%\\Rising\\RavOL\\RavOLCtl.dll, (Signed) N/A>\par [ThunderAtOnce Class]\par \{01443AEC-0FD1-40FD-9C87-E93D1494C233\} \par []\par \{09BA8F6D-CB54-424B-839C-C2A6C8E6B436\} <, >\par [Adobe PDF Link Helper]\par \{18DF081C-E8AD-4283-A596-FA578C2EBDC3\} \par []\par \{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E\} <, >\par []\par \{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C\} <, >\par [Thunder Browser Helper]\par \{889D2FEB-5411-4565-8998-1DD2C5261283\} \par [Rising Online Antivirus scanner control]\par \{9FAFB576-6933-4CCC-AB3D-B988EC43D04E\} <%ProgramFiles%\\Rising\\RavOL\\RavOLCtl.dll, (Signed) N/A>\par [SafeMon Class]\par \{B69F34DD-F0F9-42DC-9EDD-957187DA688D\} \par [Shockwave Flash Object]\par \{D27CDB6E-AE6D-11CF-96B8-444553540000\} \par []\par \{FB5F1910-F110-11D2-BB9E-00C04F795683\} <, >\par [\'ca\'b9\'d3\'c3\'d1\'b8\'c0\'d7\'cf\'c2\'d4\'d8]\par \par [\'ca\'b9\'d3\'c3\'d1\'b8\'c0\'d7\'cf\'c2\'d4\'d8\'c8\'ab\'b2\'bf\'c1\'b4\'bd\'d3]\par \par \par ==================================\par \'d5\'fd\'d4\'da\'d4\'cb\'d0\'d0\'b5\'c4\'bd\'f8\'b3\'cc\par [PID: 548 / SYSTEM][\\SystemRoot\\System32\\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [PID: 640 / SYSTEM][\\??\\C:\\WINDOWS\\system32\\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [PID: 664 / SYSTEM][\\??\\C:\\WINDOWS\\system32\\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par [PID: 708 / SYSTEM][C:\\WINDOWS\\system32\\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [PID: 720 / SYSTEM][C:\\WINDOWS\\system32\\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [PID: 876 / SYSTEM][C:\\WINDOWS\\system32\\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par [PID: 952 / NETWORK SERVICE][C:\\WINDOWS\\system32\\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par [PID: 1068 / SYSTEM][C:\\WINDOWS\\System32\\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\System32\\COMRes.dll] [N/A, ]\par [c:\\windows\\system32\\6to4.dll] [N/A, ]\par [c:\\windows\\system32\\ias.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\emHnPuBAaF7XjuXBbdxSg.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\S9UQCTA4tnRSJhfxC7Vfj.inf] [N/A, ]\par [C:\\WINDOWS\\Downloaded Program Files\\ktEDQzfuNZk2SUAMgyAZz.cur] [N/A, ]\par [C:\\WINDOWS\\system32\\rKPbzUHze58GK2VWcYUCt.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\GrTZqH5SnRhAt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\122B901E.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\rfpz9wwyy2np.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\SrNRKs5F7Rkv9hp.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Q9q2MHJ3uTBErM7wc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\704C3595.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\08223B03.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\A97CRaCB.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\dhDhwS7fFW.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\bQgc5yHMSD4yd.fon] [N/A, ]\par [C:\\WINDOWS\\fonts\\DGvbbtCNkQVHR6JNYgc.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\SCEVFJRCmaB7.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\kFDDTTA2NjqgtbCWBxS.inf] [N/A, ]\par [D:\\Rising\\Rav\\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.77]\par [C:\\WINDOWS\\system32\\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]\par [C:\\WINDOWS\\system32\\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]\par [C:\\WINDOWS\\system32\\ndxq9awMc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\2EF0D734.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\eNyN5X48HrtXc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\z5WRXqHagksJxWt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\ed78ab9.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\eYNMAnskCCBQCc8Jp.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\wdGSVBqAs3Xk.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BtmBAnd89jc9PsPq5EKNj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\Y4npJWJNr.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\GU6f5sW42mdc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BMsg6pdMD4ht.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\X5T4kV8DNmMbdRXAUx82K.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\fRWSJda7RbSuR3jFSmMBy.inf] [N/A, ]\par [PID: 1168 / NETWORK SERVICE][C:\\WINDOWS\\system32\\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [PID: 1264 / LOCAL SERVICE][C:\\WINDOWS\\system32\\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par [PID: 1504 / SYSTEM][C:\\WINDOWS\\system32\\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par [PID: 256 / aa][C:\\WINDOWS\\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\emHnPuBAaF7XjuXBbdxSg.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\S9UQCTA4tnRSJhfxC7Vfj.inf] [N/A, ]\par [C:\\WINDOWS\\Downloaded Program Files\\ktEDQzfuNZk2SUAMgyAZz.cur] [N/A, ]\par [C:\\WINDOWS\\system32\\rKPbzUHze58GK2VWcYUCt.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\GrTZqH5SnRhAt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\122B901E.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\rfpz9wwyy2np.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\SrNRKs5F7Rkv9hp.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Q9q2MHJ3uTBErM7wc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\704C3595.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\08223B03.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\A97CRaCB.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\dhDhwS7fFW.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\bQgc5yHMSD4yd.fon] [N/A, ]\par [C:\\WINDOWS\\fonts\\DGvbbtCNkQVHR6JNYgc.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\SCEVFJRCmaB7.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\kFDDTTA2NjqgtbCWBxS.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\ndxq9awMc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\2EF0D734.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\eNyN5X48HrtXc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\z5WRXqHagksJxWt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\ed78ab9.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\eYNMAnskCCBQCc8Jp.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\wdGSVBqAs3Xk.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BtmBAnd89jc9PsPq5EKNj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\Y4npJWJNr.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\GU6f5sW42mdc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BMsg6pdMD4ht.dll] [N/A, ]\par [C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.dll] [Adobe Systems, Inc., 9.0.0.2008061100]\par [C:\\WINDOWS\\WinSxS\\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]\par [C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0]\par [C:\\WINDOWS\\system32\\X5T4kV8DNmMbdRXAUx82K.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\fRWSJda7RbSuR3jFSmMBy.inf] [N/A, ]\par [D:\\Program Files\\ComDlls\\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34]\par [C:\\WINDOWS\\system32\\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]\par [C:\\WINDOWS\\system32\\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]\par [D:\\Program Files\\ComDlls\\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120]\par [D:\\Program Files\\Components\\ResWorker\\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20]\par [D:\\Program Files\\Components\\ResWorker\\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]\par [D:\\360safe\\safemon\\safemon.dll] [360.CN, 5, 0, 0, 1012]\par [PID: 1968 / LOCAL SERVICE][C:\\WINDOWS\\System32\\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\System32\\COMRes.dll] [N/A, ]\par [PID: 1000 / SYSTEM][C:\\WINDOWS\\system32\\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par [PID: 4044 / aa][C:\\WINDOWS\\system32\\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\system32\\BMsg6pdMD4ht.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\GU6f5sW42mdc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Y4npJWJNr.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BtmBAnd89jc9PsPq5EKNj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\2EF0D734.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\bQgc5yHMSD4yd.fon] [N/A, ]\par [C:\\WINDOWS\\fonts\\A97CRaCB.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\08223B03.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\704C3595.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Q9q2MHJ3uTBErM7wc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\SrNRKs5F7Rkv9hp.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\GrTZqH5SnRhAt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ]\par [C:\\WINDOWS\\Downloaded Program Files\\ktEDQzfuNZk2SUAMgyAZz.cur] [N/A, ]\par [C:\\WINDOWS\\system32\\S9UQCTA4tnRSJhfxC7Vfj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\fRWSJda7RbSuR3jFSmMBy.inf] [N/A, ]\par [PID: 2644 / aa][C:\\WINDOWS\\system32\\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\DOCUME~1\\aa\\LOCALS~1\\Temp\\tmp.tmp] [N/A, ]\par [PID: 2920 / aa][C:\\WINDOWS\\system32\\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\system32\\BMsg6pdMD4ht.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\GU6f5sW42mdc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Y4npJWJNr.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BtmBAnd89jc9PsPq5EKNj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\2EF0D734.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\bQgc5yHMSD4yd.fon] [N/A, ]\par [C:\\WINDOWS\\fonts\\A97CRaCB.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\08223B03.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\704C3595.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Q9q2MHJ3uTBErM7wc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\SrNRKs5F7Rkv9hp.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\GrTZqH5SnRhAt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ]\par [C:\\WINDOWS\\Downloaded Program Files\\ktEDQzfuNZk2SUAMgyAZz.cur] [N/A, ]\par [C:\\WINDOWS\\system32\\S9UQCTA4tnRSJhfxC7Vfj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\fRWSJda7RbSuR3jFSmMBy.inf] [N/A, ]\par [PID: 2120 / aa][C:\\WINDOWS\\system32\\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BMsg6pdMD4ht.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\GU6f5sW42mdc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Y4npJWJNr.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BtmBAnd89jc9PsPq5EKNj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\2EF0D734.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\bQgc5yHMSD4yd.fon] [N/A, ]\par [C:\\WINDOWS\\fonts\\A97CRaCB.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\08223B03.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\704C3595.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Q9q2MHJ3uTBErM7wc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\SrNRKs5F7Rkv9hp.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\GrTZqH5SnRhAt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ]\par [C:\\WINDOWS\\Downloaded Program Files\\ktEDQzfuNZk2SUAMgyAZz.cur] [N/A, ]\par [C:\\WINDOWS\\system32\\S9UQCTA4tnRSJhfxC7Vfj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\fRWSJda7RbSuR3jFSmMBy.inf] [N/A, ]\par [PID: 2772 / aa][C:\\Program Files\\Internet Explorer\\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par [D:\\Program Files\\ComDlls\\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34]\par [C:\\WINDOWS\\system32\\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]\par [C:\\WINDOWS\\system32\\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]\par [C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll] [Adobe Systems Incorporated, 9.0.0.2008061100]\par [C:\\WINDOWS\\WinSxS\\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]\par [C:\\WINDOWS\\WinSxS\\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]\par [C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll] [Adobe Systems Incorporated, 9.0.0.2008061100]\par [D:\\Program Files\\ComDlls\\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120]\par [D:\\360safe\\safemon\\safemon.dll] [360.CN, 5, 0, 0, 1012]\par [C:\\WINDOWS\\system32\\BMsg6pdMD4ht.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\GU6f5sW42mdc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Y4npJWJNr.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BtmBAnd89jc9PsPq5EKNj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\2EF0D734.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\bQgc5yHMSD4yd.fon] [N/A, ]\par [C:\\WINDOWS\\fonts\\A97CRaCB.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\08223B03.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\704C3595.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Q9q2MHJ3uTBErM7wc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\SrNRKs5F7Rkv9hp.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\GrTZqH5SnRhAt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ]\par [C:\\WINDOWS\\Downloaded Program Files\\ktEDQzfuNZk2SUAMgyAZz.cur] [N/A, ]\par [C:\\WINDOWS\\system32\\S9UQCTA4tnRSJhfxC7Vfj.inf] [N/A, ]\par [D:\\Rising\\Rav\\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.77]\par [C:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]\par [C:\\WINDOWS\\system32\\kFDDTTA2NjqgtbCWBxS.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\fRWSJda7RbSuR3jFSmMBy.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\emHnPuBAaF7XjuXBbdxSg.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\rKPbzUHze58GK2VWcYUCt.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\122B901E.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\rfpz9wwyy2np.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\dhDhwS7fFW.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\DGvbbtCNkQVHR6JNYgc.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\SCEVFJRCmaB7.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\ndxq9awMc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\eNyN5X48HrtXc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\z5WRXqHagksJxWt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\ed78ab9.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\eYNMAnskCCBQCc8Jp.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\wdGSVBqAs3Xk.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\X5T4kV8DNmMbdRXAUx82K.inf] [N/A, ]\par [PID: 3304 / aa][C:\\DOCUME~1\\aa\\LOCALS~1\\Temp\\sreng2[1].zip \'b5\'c4\'c1\'d9\'ca\'b1\'c4\'bf\'c2\'bc 2\\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279]\par [PID: 2748 / aa][C:\\DOCUME~1\\aa\\LOCALS~1\\Temp\\sreng2[1].zip \'b5\'c4\'c1\'d9\'ca\'b1\'c4\'bf\'c2\'bc 2\\SRE1599598a.EXE] [Smallfrogs Studio, 2.8.1.1279]\par [C:\\WINDOWS\\system32\\fRWSJda7RbSuR3jFSmMBy.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\BMsg6pdMD4ht.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\GU6f5sW42mdc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Y4npJWJNr.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\BtmBAnd89jc9PsPq5EKNj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\2EF0D734.dll] [N/A, ]\par [C:\\WINDOWS\\fonts\\bQgc5yHMSD4yd.fon] [N/A, ]\par [C:\\WINDOWS\\fonts\\A97CRaCB.fon] [N/A, ]\par [C:\\WINDOWS\\system32\\08223B03.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\704C3595.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\Q9q2MHJ3uTBErM7wc.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\SrNRKs5F7Rkv9hp.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\GrTZqH5SnRhAt.dll] [N/A, ]\par [C:\\WINDOWS\\system32\\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ]\par [C:\\WINDOWS\\Downloaded Program Files\\ktEDQzfuNZk2SUAMgyAZz.cur] [N/A, ]\par [C:\\WINDOWS\\system32\\S9UQCTA4tnRSJhfxC7Vfj.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\kFDDTTA2NjqgtbCWBxS.inf] [N/A, ]\par [C:\\WINDOWS\\system32\\COMRes.dll] [N/A, ]\par \par ==================================\par \'ce\'c4\'bc\'fe\'b9\'d8\'c1\'aa\par .TXT OK. [%SystemRoot%\\system32\\NOTEPAD.EXE %1]\par .EXE OK. ["%1" %*]\par .COM OK. ["%1" %*]\par .PIF OK. ["%1" %*]\par .REG OK. [regedit.exe "%1"]\par .BAT OK. ["%1" %*]\par .SCR OK. ["%1" /S]\par .CHM OK. ["C:\\WINDOWS\\hh.exe" %1]\par .HLP OK. [%SystemRoot%\\System32\\winhlp32.exe %1]\par .INI OK. [%SystemRoot%\\System32\\NOTEPAD.EXE %1]\par .INF OK. [%SystemRoot%\\System32\\NOTEPAD.EXE %1]\par .VBS OK. [%SystemRoot%\\System32\\WScript.exe "%1" %*]\par .JS OK. [%SystemRoot%\\System32\\WScript.exe "%1" %*]\par .LNK OK. [\{00021401-0000-0000-C000-000000000046\}]\par \par ==================================\par Winsock \'cc\'e1\'b9\'a9\'d5\'df\par N/A\par \par ==================================\par Autorun.inf\par [E:\\]\par [AutoRun]\par open=recycle.\{645FF040-5081-101B-9F08-00AA002F954E\}\\rav32.exe\par shell\\open=\'b4\'f2\'bf\'aa(&O)\par shell\\open\\Command=recycle.\{645FF040-5081-101B-9F08-00AA002F954E\}\\rav32.exe\par shell\\open\\Default=1\par shell\\explore=\'d7\'ca\'d4\'b4\'b9\'dc\'c0\'ed\'c6\'f7(&X)\par shell\\explore\\Command=recycle.\{645FF040-5081-101B-9F08-00AA002F954E\}\\rav32.exe\par \par ==================================\par HOSTS \'ce\'c4\'bc\'fe\par 127.0.0.1 localhost\par \par ==================================\par \'bd\'f8\'b3\'cc\'cc\'d8\'c8\'a8\'c9\'a8\'c3\'e8\par \'cc\'d8\'ca\'e2\'cc\'d8\'c8\'a8\'b1\'bb\'d4\'ca\'d0\'ed\'a3\'ba SeDebugPrivilege [PID = 3304, C:\\DOCUME~1\\AA\\LOCALS~1\\TEMP\\SRENG2[1].ZIP \'b5\'c4\'c1\'d9\'ca\'b1\'c4\'bf\'c2\'bc 2\\SRENGLDR.EXE]\par \'cc\'d8\'ca\'e2\'cc\'d8\'c8\'a8\'b1\'bb\'d4\'ca\'d0\'ed\'a3\'ba SeLoadDriverPrivilege [PID = 3304, C:\\DOCUME~1\\AA\\LOCALS~1\\TEMP\\SRENG2[1].ZIP \'b5\'c4\'c1\'d9\'ca\'b1\'c4\'bf\'c2\'bc 2\\SRENGLDR.EXE]\par \par ==================================\par \'bc\'c6\'bb\'ae\'c8\'ce\'ce\'f1\par N/A\par \par ==================================\par Windows \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'bc\'ec\'b2\'e9\par Microsoft .NET Framework \'b0\'e6\'b1\'be 1.1\'a3\'ac\'bc\'f2\'cc\'e5\'d6\'d0\'ce\'c4\'b0\'e6 \par KB893803, Microsoft Windows \'b0\'b2\'d7\'b0\'b3\'cc\'d0\'f2 3.1 \par KB891122, \'c6\'f4\'d3\'c3\'c1\'cb WMDRM \'b5\'c4 Media Player \'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB891122) \par KB934268, Microsoft Core XML Services (MSXML) 6.0 Service Pack 1 \'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB934268) \par KB892130, Windows \'d5\'fd\'b0\'e6\'d4\'f6\'d6\'b5\'d1\'e9\'d6\'a4\'b9\'a4\'be\'df (KB892130) \par KB925850, Windows Media Player 11 \par KB940157, \'d3\'c3\'d3\'da Windows XP \'b5\'c4 Windows \'cb\'d1\'cb\'f7 4.0 (KB940157) \par KB960225, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB960225) MS09-007\par KB905474, Windows Genuine Advantage \'cd\'a8\'d6\'aa (KB905474) \par KB909520, Microsoft \'bb\'f9\'b1\'be\'d6\'c7\'c4\'dc\'bf\'a8\'bc\'d3\'c3\'dc\'b7\'fe\'ce\'f1\'cc\'e1\'b9\'a9\'b3\'cc\'d0\'f2\'b0\'fc\'a3\'ba x86 (KB909520) \par KB923561, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB923561) MS09-010\par KB956572, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB956572) MS09-012\par KB952004, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB952004) MS09-012\par KB960803, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB960803) MS09-013\par KB959426, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB959426) MS09-015\par KB936929, Windows XP Service Pack 3 (KB936929) \par KB931125, \'b8\'f9\'d6\'a4\'ca\'e9\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 [2009 \'c4\'ea 5 \'d4\'c2] (KB931125) \par KB961501, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB961501) MS09-022\par KB968537, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB968537) MS09-025\par KB970238, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB970238) MS09-026\par KB951847, Microsoft .NET Framework 3.5 Service Pack 1 \'ba\'cd .NET Framework 3.5 Family Update (KB951847) x86 \par KB971633, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB971633) MS09-028\par KB973346, \'d3\'c3\'d3\'da Windows XP \'b5\'c4 ActiveX Killbit \'c0\'db\'bb\'fd\'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB973346) MS09-032\par KB972260, \'d3\'c3\'d3\'da Windows XP \'b5\'c4 Internet Explorer 6 \'c0\'db\'bb\'fd\'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB972260) MS09-034\par KB890830, Windows \'b6\'f1\'d2\'e2\'c8\'ed\'bc\'fe\'c9\'be\'b3\'fd\'b9\'a4\'be\'df - 2009 \'c4\'ea 8 \'d4\'c2 (KB890830) \par KB968389, Windows XP \'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB968389) \par KB971032, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB971032) MS09-040\par KB971557, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB971557) MS09-038\par KB973540, Windows XP Service Pack 2 \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB973540) MS09-037\par KB973869, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB973869) MS09-037\par KB958470, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB958470) MS09-044\par KB973354, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB973354) MS09-037\par KB973507, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB973507) MS09-037\par KB960859, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB960859) MS09-042\par KB973815, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB973815) MS09-037\par KB971657, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB971657) MS09-041\par KB970653, Windows XP \'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB970653) \par KB961371, Windows XP \'b0\'b2\'c8\'ab\'b8\'fc\'d0\'c2\'b3\'cc\'d0\'f2 (KB961371) MS09-029\par KB944036, \'d3\'c3\'d3\'da Windows XP \'b5\'c4 Internet Explorer 8 \par \par ==================================\par API HOOK\par N/A\par \par ==================================\par \'d2\'fe\'b2\'d8\'bd\'f8\'b3\'cc\par N/A\par \par ==================================\par \par \par [/CODE]\par }