**** Run Keys ****
RUN: [SoundMan] SOUNDMAN.EXE
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RUN: [nwiz] nwiz.exe /install
RUN: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
RUN: [zBrowser Launcher] d:\Program Files\Logitech\iTouch\iTouch.exe
RUN: [Logitech Utility] Logi_MwX.Exe
RUN: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RUN: [SysExplr] d:\Herosoft\HeroV8\SysExplr.EXE
RUN: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
RUN: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
RUN: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
RUN: [snppro] C:\WINDOWS\vsnppro.exe
RUN: [colorful] d:\Program Files\Colorful SmartVGA\Colordesk.exe
RUN: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
**** Browser Helper
Objects ****
BHO: [QQBrowserHelper
Object Class] d:\Program Files\Tencent\QQ\QQIEHelper.dll
BHO: [IeCatch2 Class] D:\PROGRA~1\FLASHGET\jccatch.dll
**** IE Toolbars ****
TOOLBAR: [FlashGet Bar] D:\PROGRA~1\FLASHGET\fgiebar.dll
**** IE Extensions ****
IEExt: [豪杰超级解霸V8] d:\Herosoft\HeroV8\STHSDVD.EXE
IEExt: [QQ] d:\Program Files\Tencent\QQ\QQ.EXE
IEExt: [FlashGet] D:\PROGRA~1\FLASHGET\flashget.exe
IEExt: [FlashGet] D:\PROGRA~1\FLASHGET\flashget.exe
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 202.232.140.12 auto.search.msn.com
HOSTS: 207.68.131.21 www.download.windowsupdate.com
**** IE Settings ****
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page:
about:blank
Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**** IE Context Menu (Right click) ****
IEContext: [使用网际快车下载] D:\Program Files\FlashGet\jc_link.htm
IEContext: [使用网际快车下载全部链接] D:\Program Files\FlashGet\jc_all.htm
IEContext: [添加到QQ自定义面板] D:\Program Files\Tencent\QQ\AddPanel.htm
IEContext: [添加到QQ表情] D:\Program Files\Tencent\QQ\AddEmotion.htm
IEContext: [用QQ彩信发送该图片] D:\Program Files\Tencent\QQ\SendMMS.htm
IEContext: [用比特精灵下载(&B)] D:\Program Files\BitSpirit\bsurl.htm
IEContext: [豪杰超级解霸V8实时播放] d:\Herosoft\HeroV8\MPURLGET.HTM
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE3B3750-0D3D-45A2-A1C9-000EC0B45E94}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE3B3750-0D3D-45A2-A1C9-000EC0B45E94}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D548389C-B9CF-4DB0-B93D-60B0182EABF6}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D548389C-B9CF-4DB0-B93D-60B0182EABF6}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{73EE80D4-1724-41CE-9410-FBAA269C0CC3}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{73EE80D4-1724-41CE-9410-FBAA269C0CC3}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACC4C925-8555-44FF-BBA2-49E960331371}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACC4C925-8555-44FF-BBA2-49E960331371}] DATAGRAM 2
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn.com/download/msnmessengersetupdownloader.cab] C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} [http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab]
**** Windows Services ****
[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\system32\imapi.exe
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\system32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\system32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RfwService] d:\program files\rising\rfw\rfwsrv.exe
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RsCCenter] D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
[RsRavMon] D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SNMP] %SystemRoot%\System32\snmp.exe
[SNMPTRAP] %SystemRoot%\System32\snmptrap.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{D12755C1-955F-40D9-9579-AD4282330F05}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\system32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page]
about:blank
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Use FormSuggest] no
IEOPT: [Save Directory] F:\Downloads\
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Print_Background] no
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Show image placeholders]
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [UseThemes]
IEOPT: [NscSingleExpand]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [FavIntelliMenus] no
IEOPT: [NoWebJITSetup]
IEOPT: [Force Offscreen Composition]
IEOPT: [SmoothScroll]
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Friendly http errors] yes
IEOPT: [Page_Transitions]
IEOPT: [ShowGoButton] yes
IEOPT: [AllowWindowReuse]
IEOPT: [LastCheckedHi]
IEOPT: [Default_Page_URL]
about:blank
IEOPT: [Start Page]
about:blank
IEOPT: [FormSuggest Passwords] no
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page]
about:blank
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page]
about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Use_DlgBox_Colors] yes
