Trojan.Muldrop.BDT_595d2fe558

Trojan-Dropper.Win32.Agent.akh (Kaspersky), Trojan.Muldrop.BDT (B) (Emsisoft), Trojan.Muldrop.BDT (AdAware), Trojan.Win32.Bumat.FD, Trojan.Win32.Sasfis.FD, Virus.Win32.Parite.B.FD, VirusParite.YR, GenericPhysicalDrive0.YR, BankerGeneric.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Banker, Trojan, Virus

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

d/d/d d:d:d.d

d/d/d d:d:d.d

An exception (X) occurred during DllEntryPoint or DllMain in module:

An exception (X) occurred during DllEntryPoint or DllMain in module:

xx.cpp

xx.cpp

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcDtorAddr

varType->tpClass.tpcDtorAddr

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

memType->tpClass.tpcFlags & CF_HAS_DTOR

memType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

elemType->tpClass.tpcFlags & CF_HAS_DTOR

elemType->tpClass.tpcFlags & CF_HAS_DTOR

Cv.SCv

Cv.SCv

Bv}.Bv

Bv}.Bv

ReportLevel

ReportLevel

GetCPInfo

GetCPInfo

GetProcessHeap

GetProcessHeap

GetWindowsDirectoryA

GetWindowsDirectoryA

RegCreateKeyExA

RegCreateKeyExA

RegFlushKey

RegFlushKey

SetViewportOrgEx

SetViewportOrgEx

ActivateKeyboardLayout

ActivateKeyboardLayout

EnumThreadWindows

EnumThreadWindows

EnumWindows

EnumWindows

GetKeyNameTextA

GetKeyNameTextA

GetKeyState

GetKeyState

GetKeyboardLayout

GetKeyboardLayout

GetKeyboardLayoutList

GetKeyboardLayoutList

GetKeyboardState

GetKeyboardState

GetKeyboardType

GetKeyboardType

LoadKeyboardLayoutA

LoadKeyboardLayoutA

MapVirtualKeyA

MapVirtualKeyA

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

SetWindowsHookExA

SetWindowsHookExA

UnhookWindowsHookEx

UnhookWindowsHookEx

VprK|%Ud

VprK|%Ud

€00404

€00404

8 @ @ @ @ @

8 @ @ @ @ @

.text

.text

`.data

`.data

.idata

.idata

@.edata

@.edata

@.rsrc

@.rsrc

@.reloc

@.reloc

70"!(&&$

70"!(&&$

External exception %x

External exception %x

Interface not supported

Interface not supported

%s (%s, line %d)

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Win32 Error. Code: %d.

Win32 Error. Code: %d.

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

Invalid variant operation"Variant method calls not supported

I/O error %d

I/O error %d

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation

Invalid data type for '%s'

Invalid data type for '%s'

Failed to set data for '%s'

Failed to set data for '%s'

Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'

Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'

Asynchronous socket error %d

Asynchronous socket error %d

- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value

- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value

Alt Clipboard does not support Icons

Alt Clipboard does not support Icons

!Control '%s' has no parent window

!Control '%s' has no parent window

Error reading %s%s%s: %s

Error reading %s%s%s: %s

Ancestor for '%s' not found

Ancestor for '%s' not found

Unsupported clipboard format

Unsupported clipboard format

Class %s not found

Class %s not found

Resource %s not found

Resource %s not found

List index out of bounds (%d) List capacity out of bounds (%d)

List index out of bounds (%d) List capacity out of bounds (%d)

List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name

List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name

A class named %s already exists

A class named %s already exists

Cannot assign a %s to a %s

Cannot assign a %s to a %s

Cannot create file %s

Cannot create file %s

Cannot open file %s

Cannot open file %s

DATA0003.EXE_2060_rwx_00403000_00002000:

MSVCRT

MSVCRT

PSAPI.DLL

PSAPI.DLL

GetWindowsDirectoryA

GetWindowsDirectoryA

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

ADVAPI32.dll

ADVAPI32.dll

\\.\PHYSICALDRIVE0

\\.\PHYSICALDRIVE0

~DFE0F5.tmp

~DFE0F5.tmp

[-]OpenSCManager Failed in LoadDriver %d

[-]OpenSCManager Failed in LoadDriver %d

c:\bios.bin

c:\bios.bin

%s %s /isa %s

%s %s /isa %s

%s %s /isa release

%s %s /isa release

cbrom.exe

cbrom.exe

\\.\Bios

\\.\Bios

explorer.exe

explorer.exe

svchost.exe

svchost.exe

services.exe

services.exe

\flash.dll

\flash.dll

\\.\MyDeviceDriver

\\.\MyDeviceDriver

\drivers\beep.sys

\drivers\beep.sys

beep.sys

beep.sys

RSTray.exe

RSTray.exe

\drivers\bios.sys

\drivers\bios.sys

hook.rom

hook.rom

User32.DLL

User32.DLL

c:\my.sys

c:\my.sys

DATA0003.EXE_2060_rwx_00422000_00001000:

Kernel32.dll

Kernel32.dll

ADVAPI32.dll

ADVAPI32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

Software\Microsoft\Windows\CurrentVersion\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer

Svchost.exe_2920:

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

P.xur

P.xur

Portions Copyright (c) 1999,2003 Avenger by NhT

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

kernel32.dll

hXXp://

hXXp://

HTTP/1.0

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Windows 95

Windows 95

Windows 95 OSR 2

Windows 95 OSR 2

Windows 98

Windows 98

Windows 98 Second Edition

Windows 98 Second Edition

Windows Millenium

Windows Millenium

Windows NT

Windows NT

Windows NT 3.5

Windows NT 3.5

Windows NT 4.0

Windows NT 4.0

Windows 2000

Windows 2000

Windows XP

Windows XP

Windows XP Service Pack 2

Windows XP Service Pack 2

Windows XP x64

Windows XP x64

Windows Server 2003

Windows Server 2003

Windows Vista

Windows Vista

Windows Server Longhorn

Windows Server Longhorn

rpcrt4.dll

rpcrt4.dll

ntdll.dll

ntdll.dll

Kernel32.dll

Kernel32.dll

Unit_GetWebSV

Unit_GetWebSV

wininet.dll

wininet.dll

InternetOpenUrlA

InternetOpenUrlA

HttpQueryInfoA

HttpQueryInfoA

HttpOpenRequestA

HttpOpenRequestA

HttpSendRequestA

HttpSendRequestA

ShellExecuteA

ShellExecuteA

Shell32.dll

Shell32.dll

360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;

360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;

AutoRun.inf

AutoRun.inf

Open=%s

Open=%s

Shell\Open\Command=%s

Shell\Open\Command=%s

Shell\Explore\Command=%s

Shell\Explore\Command=%s

Sfc.dll

Sfc.dll

VVV.360.cn

VVV.360.cn

VVV.360safe.cn

VVV.360safe.cn

VVV.360safe.com

VVV.360safe.com

VVV.chinakv.com

VVV.chinakv.com

VVV.rising.com.cn

VVV.rising.com.cn

rising.com.cn

rising.com.cn

dl.jiangmin.com

dl.jiangmin.com

jiangmin.com

jiangmin.com

VVV.jiangmin.com

VVV.jiangmin.com

VVV.duba.net

VVV.duba.net

VVV.eset.com.cn

VVV.eset.com.cn

VVV.nod32.com

VVV.nod32.com

shadu.duba.net

shadu.duba.net

union.kingsoft.com

union.kingsoft.com

VVV.kaspersky.com.cn

VVV.kaspersky.com.cn

kaspersky.com.cn

kaspersky.com.cn

virustotal.com

virustotal.com

virscan.org

virscan.org

VVV.virscan.org

VVV.virscan.org

VVV.kaspersky.com

VVV.kaspersky.com

VVV.cnnod32.cn

VVV.cnnod32.cn

VVV.lanniao.org

VVV.lanniao.org

VVV.nod32club.com

VVV.nod32club.com

VVV.dswlab.com

VVV.dswlab.com

bbs.sucop.com

bbs.sucop.com

VVV.virustotal.com

VVV.virustotal.com

tool.ikaka.com

tool.ikaka.com

360.qihoo.com

360.qihoo.com

VVV.kafan.cn

VVV.kafan.cn

bbs.kafan.cn

bbs.kafan.cn

127.0.0.1

127.0.0.1

d-d-d d:d:d

d-d-d d:d:d

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

&Key=

&Key=

cmd /c erase /F "

cmd /c erase /F "

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

"!"""&"""

"!"""&"""

",#)#%("8""

",#)#%("8""

?""$

?""$

22222222

22222222

930 2|222

930 2|222

2222222

2222222

.Rr23D#X2X2X2Z

.Rr23D#X2X2X2Z

.Rr22F»`fX0X2Z

.Rr22F»`fX0X2Z

.Rr23D5ba

.Rr23D5ba

.Rr23D/b`c

.Rr23D/b`c

.Rr23D `fX3X2Z

.Rr23D `fX3X2Z

.Rr23D"fX0X2Z

.Rr23D"fX0X2Z

.Rr22E

.Rr22E

.Rr22E'b

.Rr22E'b

.Rr22E=

.Rr22E=

( (((,(((

( (((,(((

%)(@(.)(

%)(@(.)(

(()()(-(

(()()(-(

(8((8(((2

(8((8(((2

22222222222222

22222222222222

22322232223222

22322232223222

22220222

22220222

2222=2223

2222=2223

GetProcessHeap

GetProcessHeap

user32.dll

user32.dll

oleaut32.dll

oleaut32.dll

advapi32.dll

advapi32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCreateKeyA

RegCreateKeyA

RegCloseKey

RegCloseKey

WinExec

WinExec

GetWindowsDirectoryA

GetWindowsDirectoryA

t!==9sff!

t!==9sff!

KWindows

KWindows

LUnit_GetWeb

LUnit_GetWeb

Unit_NsPass

Unit_NsPass

ADVAPI32.dll

ADVAPI32.dll

Software\Microsoft\Windows\CurrentVersion\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer

Svchost.exe_2920_rwx_000E1000_00071000:

UDPSockError

UDPSockError

NMUDP

NMUDP

Errmsg

Errmsg

Port

Port

TNMUDP

TNMUDP

RemotePort

RemotePort

LocalPort

LocalPort

ReportLevelLk

ReportLevelLk

0.0.0.0

0.0.0.0

%d.%d.%d.%d

%d.%d.%d.%d

AutoHotkeys

AutoHotkeys

:].tJ

:].tJ

EInvalidGraphicOperation,0

EInvalidGraphicOperation,0

EInvalidGraphicOperation

EInvalidGraphicOperation

KeyPreview,

KeyPreview,

WindowState

WindowState

OnKeyDown

OnKeyDown

OnKeyPressdz

OnKeyPressdz

OnKeyUp

OnKeyUp

ssHotTrack

ssHotTrack

TWindowState

TWindowState

poProportional

poProportional

TWMKey

TWMKey

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

vcltest3.dll

TDragOperation

TDragOperation

TKeyEvent

TKeyEvent

TKeyPressEvent

TKeyPressEvent

crSQLWait

crSQLWait

%s (%s)

%s (%s)

IMM32.DLL

IMM32.DLL

EInvalidOperation

EInvalidOperation

%s[%d]

%s[%d]

%s_%d

%s_%d

USER32.DLL

USER32.DLL

comctl32.dll

comctl32.dll

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

MSH_SCROLL_LINES_MSG

kernel32.dll

kernel32.dll

Portions Copyright (c) 1983,99 Borland

Portions Copyright (c) 1983,99 Borland

explorer.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer

*.TMP

*.TMP

Kernel32.dll

Kernel32.dll

ADVAPI32.dll

ADVAPI32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

readbook.exe

readbook.exe

rundll32.exe

rundll32.exe

*.exe

*.exe

*.scr

*.scr

UdpT

UdpT

UdpOnDataReceived

UdpOnDataReceived

xxtype.cpp

xxtype.cpp

derv->tpClass.tpcFlags & CF_HAS_BASES

derv->tpClass.tpcFlags & CF_HAS_BASES

Inappropriate I/O control operation

Inappropriate I/O control operation

Broken pipe

Broken pipe

Operation not permitted

Operation not permitted

%H:%M:%S

%H:%M:%S

%m/%d/%y

%m/%d/%y

%A, %B %d, %Y

%A, %B %d, %Y

d/d/d d:d:d.d

d/d/d d:d:d.d

An exception (X) occurred during DllEntryPoint or DllMain in module:

An exception (X) occurred during DllEntryPoint or DllMain in module:

xx.cpp

xx.cpp

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcDtorAddr

varType->tpClass.tpcDtorAddr

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

memType->tpClass.tpcFlags & CF_HAS_DTOR

memType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

elemType->tpClass.tpcFlags & CF_HAS_DTOR

elemType->tpClass.tpcFlags & CF_HAS_DTOR

Cv.SCv

Cv.SCv

Bv}.Bv

Bv}.Bv

ReportLevel

ReportLevel

GetCPInfo

GetCPInfo

GetProcessHeap

GetProcessHeap

GetWindowsDirectoryA

GetWindowsDirectoryA

RegCreateKeyExA

RegCreateKeyExA

RegFlushKey

RegFlushKey

SetViewportOrgEx

SetViewportOrgEx

ActivateKeyboardLayout

ActivateKeyboardLayout

EnumThreadWindows

EnumThreadWindows

EnumWindows

EnumWindows

GetKeyNameTextA

GetKeyNameTextA

GetKeyState

GetKeyState

GetKeyboardLayout

GetKeyboardLayout

GetKeyboardLayoutList

GetKeyboardLayoutList

GetKeyboardState

GetKeyboardState

GetKeyboardType

GetKeyboardType

LoadKeyboardLayoutA

LoadKeyboardLayoutA

MapVirtualKeyA

MapVirtualKeyA

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

SetWindowsHookExA

SetWindowsHookExA

UnhookWindowsHookEx

UnhookWindowsHookEx

VprK|%Ud

VprK|%Ud

€00404

€00404

8 @ @ @ @ @

8 @ @ @ @ @

.text

.text

`.data

`.data

.idata

.idata

@.edata

@.edata

@.rsrc

@.rsrc

@.reloc

@.reloc

70"!(&&$

70"!(&&$

External exception %x

External exception %x

Interface not supported

Interface not supported

%s (%s, line %d)

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Win32 Error. Code: %d.

Win32 Error. Code: %d.

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

Invalid variant operation"Variant method calls not supported

I/O error %d

I/O error %d

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation

Invalid data type for '%s'

Invalid data type for '%s'

Failed to set data for '%s'

Failed to set data for '%s'

Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'

Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'

Asynchronous socket error %d

Asynchronous socket error %d

- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value

- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value

Alt Clipboard does not support Icons

Alt Clipboard does not support Icons

!Control '%s' has no parent window

!Control '%s' has no parent window

Error reading %s%s%s: %s

Error reading %s%s%s: %s

Ancestor for '%s' not found

Ancestor for '%s' not found

Unsupported clipboard format

Unsupported clipboard format

Class %s not found

Class %s not found

Resource %s not found

Resource %s not found

List index out of bounds (%d) List capacity out of bounds (%d)

List index out of bounds (%d) List capacity out of bounds (%d)

List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name

List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name

A class named %s already exists

A class named %s already exists

Cannot assign a %s to a %s

Cannot assign a %s to a %s

Cannot create file %s

Cannot create file %s

Cannot open file %s

Cannot open file %s

Svchost.exe_2920_rwx_00400000_0001F000:

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

P.xur

P.xur

Portions Copyright (c) 1999,2003 Avenger by NhT

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

kernel32.dll

hXXp://

hXXp://

HTTP/1.0

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Windows 95

Windows 95

Windows 95 OSR 2

Windows 95 OSR 2

Windows 98

Windows 98

Windows 98 Second Edition

Windows 98 Second Edition

Windows Millenium

Windows Millenium

Windows NT

Windows NT

Windows NT 3.5

Windows NT 3.5

Windows NT 4.0

Windows NT 4.0

Windows 2000

Windows 2000

Windows XP

Windows XP

Windows XP Service Pack 2

Windows XP Service Pack 2

Windows XP x64

Windows XP x64

Windows Server 2003

Windows Server 2003

Windows Vista

Windows Vista

Windows Server Longhorn

Windows Server Longhorn

rpcrt4.dll

rpcrt4.dll

ntdll.dll

ntdll.dll

Kernel32.dll

Kernel32.dll

Unit_GetWebSV

Unit_GetWebSV

wininet.dll

wininet.dll

InternetOpenUrlA

InternetOpenUrlA

HttpQueryInfoA

HttpQueryInfoA

HttpOpenRequestA

HttpOpenRequestA

HttpSendRequestA

HttpSendRequestA

ShellExecuteA

ShellExecuteA

Shell32.dll

Shell32.dll

360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;

360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;

AutoRun.inf

AutoRun.inf

Open=%s

Open=%s

Shell\Open\Command=%s

Shell\Open\Command=%s

Shell\Explore\Command=%s

Shell\Explore\Command=%s

Sfc.dll

Sfc.dll

VVV.360.cn

VVV.360.cn

VVV.360safe.cn

VVV.360safe.cn

VVV.360safe.com

VVV.360safe.com

VVV.chinakv.com

VVV.chinakv.com

VVV.rising.com.cn

VVV.rising.com.cn

rising.com.cn

rising.com.cn

dl.jiangmin.com

dl.jiangmin.com

jiangmin.com

jiangmin.com

VVV.jiangmin.com

VVV.jiangmin.com

VVV.duba.net

VVV.duba.net

VVV.eset.com.cn

VVV.eset.com.cn

VVV.nod32.com

VVV.nod32.com

shadu.duba.net

shadu.duba.net

union.kingsoft.com

union.kingsoft.com

VVV.kaspersky.com.cn

VVV.kaspersky.com.cn

kaspersky.com.cn

kaspersky.com.cn

virustotal.com

virustotal.com

virscan.org

virscan.org

VVV.virscan.org

VVV.virscan.org

VVV.kaspersky.com

VVV.kaspersky.com

VVV.cnnod32.cn

VVV.cnnod32.cn

VVV.lanniao.org

VVV.lanniao.org

VVV.nod32club.com

VVV.nod32club.com

VVV.dswlab.com

VVV.dswlab.com

bbs.sucop.com

bbs.sucop.com

VVV.virustotal.com

VVV.virustotal.com

tool.ikaka.com

tool.ikaka.com

360.qihoo.com

360.qihoo.com

VVV.kafan.cn

VVV.kafan.cn

bbs.kafan.cn

bbs.kafan.cn

127.0.0.1

127.0.0.1

d-d-d d:d:d

d-d-d d:d:d

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

&Key=

&Key=

cmd /c erase /F "

cmd /c erase /F "

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

"!"""&"""

"!"""&"""

",#)#%("8""

",#)#%("8""

?""$

?""$

22222222

22222222

930 2|222

930 2|222

2222222

2222222

.Rr23D#X2X2X2Z

.Rr23D#X2X2X2Z

.Rr22F»`fX0X2Z

.Rr22F»`fX0X2Z

.Rr23D5ba

.Rr23D5ba

.Rr23D/b`c

.Rr23D/b`c

.Rr23D `fX3X2Z

.Rr23D `fX3X2Z

.Rr23D"fX0X2Z

.Rr23D"fX0X2Z

.Rr22E

.Rr22E

.Rr22E'b

.Rr22E'b

.Rr22E=

.Rr22E=

( (((,(((

( (((,(((

%)(@(.)(

%)(@(.)(

(()()(-(

(()()(-(

(8((8(((2

(8((8(((2

22222222222222

22222222222222

22322232223222

22322232223222

22220222

22220222

2222=2223

2222=2223

GetProcessHeap

GetProcessHeap

user32.dll

user32.dll

oleaut32.dll

oleaut32.dll

advapi32.dll

advapi32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCreateKeyA

RegCreateKeyA

RegCloseKey

RegCloseKey

WinExec

WinExec

GetWindowsDirectoryA

GetWindowsDirectoryA

t!==9sff!

t!==9sff!

KWindows

KWindows

LUnit_GetWeb

LUnit_GetWeb

Unit_NsPass

Unit_NsPass

ADVAPI32.dll

ADVAPI32.dll

Software\Microsoft\Windows\CurrentVersion\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer

IEXPLORE.EXE_2064:

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

P.xur

P.xur

Portions Copyright (c) 1999,2003 Avenger by NhT

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

kernel32.dll

hXXp://

hXXp://

HTTP/1.0

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Windows 95

Windows 95

Windows 95 OSR 2

Windows 95 OSR 2

Windows 98

Windows 98

Windows 98 Second Edition

Windows 98 Second Edition

Windows Millenium

Windows Millenium

Windows NT

Windows NT

Windows NT 3.5

Windows NT 3.5

Windows NT 4.0

Windows NT 4.0

Windows 2000

Windows 2000

Windows XP

Windows XP

Windows XP Service Pack 2

Windows XP Service Pack 2

Windows XP x64

Windows XP x64

Windows Server 2003

Windows Server 2003

Windows Vista

Windows Vista

Windows Server Longhorn

Windows Server Longhorn

rpcrt4.dll

rpcrt4.dll

ntdll.dll

ntdll.dll

Kernel32.dll

Kernel32.dll

Unit_GetWebSV

Unit_GetWebSV

wininet.dll

wininet.dll

InternetOpenUrlA

InternetOpenUrlA

HttpQueryInfoA

HttpQueryInfoA

HttpOpenRequestA

HttpOpenRequestA

HttpSendRequestA

HttpSendRequestA

ShellExecuteA

ShellExecuteA

Shell32.dll

Shell32.dll

360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;

360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;

AutoRun.inf

AutoRun.inf

Open=%s

Open=%s

Shell\Open\Command=%s

Shell\Open\Command=%s

Shell\Explore\Command=%s

Shell\Explore\Command=%s

Sfc.dll

Sfc.dll

VVV.360.cn

VVV.360.cn

VVV.360safe.cn

VVV.360safe.cn

VVV.360safe.com

VVV.360safe.com

VVV.chinakv.com

VVV.chinakv.com

VVV.rising.com.cn

VVV.rising.com.cn

rising.com.cn

rising.com.cn

dl.jiangmin.com

dl.jiangmin.com

jiangmin.com

jiangmin.com

VVV.jiangmin.com

VVV.jiangmin.com

VVV.duba.net

VVV.duba.net

VVV.eset.com.cn

VVV.eset.com.cn

VVV.nod32.com

VVV.nod32.com

shadu.duba.net

shadu.duba.net

union.kingsoft.com

union.kingsoft.com

VVV.kaspersky.com.cn

VVV.kaspersky.com.cn

kaspersky.com.cn

kaspersky.com.cn

virustotal.com

virustotal.com

virscan.org

virscan.org

VVV.virscan.org

VVV.virscan.org

VVV.kaspersky.com

VVV.kaspersky.com

VVV.cnnod32.cn

VVV.cnnod32.cn

VVV.lanniao.org

VVV.lanniao.org

VVV.nod32club.com

VVV.nod32club.com

VVV.dswlab.com

VVV.dswlab.com

bbs.sucop.com

bbs.sucop.com

VVV.virustotal.com

VVV.virustotal.com

tool.ikaka.com

tool.ikaka.com

360.qihoo.com

360.qihoo.com

VVV.kafan.cn

VVV.kafan.cn

bbs.kafan.cn

bbs.kafan.cn

127.0.0.1

127.0.0.1

d-d-d d:d:d

d-d-d d:d:d

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

&Key=

&Key=

cmd /c erase /F "

cmd /c erase /F "

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

"!"""&"""

"!"""&"""

",#)#%("8""

",#)#%("8""

?""$

?""$

22222222

22222222

930 2|222

930 2|222

2222222

2222222

.Rr23D#X2X2X2Z

.Rr23D#X2X2X2Z

.Rr22F»`fX0X2Z

.Rr22F»`fX0X2Z

.Rr23D5ba

.Rr23D5ba

.Rr23D/b`c

.Rr23D/b`c

.Rr23D `fX3X2Z

.Rr23D `fX3X2Z

.Rr23D"fX0X2Z

.Rr23D"fX0X2Z

.Rr22E

.Rr22E

.Rr22E'b

.Rr22E'b

.Rr22E=

.Rr22E=

( (((,(((

( (((,(((

%)(@(.)(

%)(@(.)(

(()()(-(

(()()(-(

(8((8(((2

(8((8(((2

22222222222222

22222222222222

22322232223222

22322232223222

22220222

22220222

2222=2223

2222=2223

GetProcessHeap

GetProcessHeap

user32.dll

user32.dll

oleaut32.dll

oleaut32.dll

advapi32.dll

advapi32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCreateKeyA

RegCreateKeyA

RegCloseKey

RegCloseKey

WinExec

WinExec

GetWindowsDirectoryA

GetWindowsDirectoryA

t!==9sff!

t!==9sff!

KWindows

KWindows

LUnit_GetWeb

LUnit_GetWeb

Unit_NsPass

Unit_NsPass

ADVAPI32.dll

ADVAPI32.dll

Software\Microsoft\Windows\CurrentVersion\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer

IEXPLORE.EXE_2064_rwx_00400000_0001F000:

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

P.xur

P.xur

Portions Copyright (c) 1999,2003 Avenger by NhT

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

kernel32.dll

hXXp://

hXXp://

HTTP/1.0

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Windows 95

Windows 95

Windows 95 OSR 2

Windows 95 OSR 2

Windows 98

Windows 98

Windows 98 Second Edition

Windows 98 Second Edition

Windows Millenium

Windows Millenium

Windows NT

Windows NT

Windows NT 3.5

Windows NT 3.5

Windows NT 4.0

Windows NT 4.0

Windows 2000

Windows 2000

Windows XP

Windows XP

Windows XP Service Pack 2

Windows XP Service Pack 2

Windows XP x64

Windows XP x64

Windows Server 2003

Windows Server 2003

Windows Vista

Windows Vista

Windows Server Longhorn

Windows Server Longhorn

rpcrt4.dll

rpcrt4.dll

ntdll.dll

ntdll.dll

Kernel32.dll

Kernel32.dll

Unit_GetWebSV

Unit_GetWebSV

wininet.dll

wininet.dll

InternetOpenUrlA

InternetOpenUrlA

HttpQueryInfoA

HttpQueryInfoA

HttpOpenRequestA

HttpOpenRequestA

HttpSendRequestA

HttpSendRequestA

ShellExecuteA

ShellExecuteA

Shell32.dll

Shell32.dll

360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;

360hotfix.exe;360rpt.exe;360Safe.exe;360safebox.exe;360tray.exe;adam.exe;AgentSvr.exe;AntiArp.exe;AppSvc32.exe;arvmon.exe;AutoGuarder.exe;autoruns.exe;avgrssvc.exe;AvMonitor.exe;avp.com;avp.exe;CCenter.exe;ccSvcHst.exe;FileDsty.exe;findt2005.exe;FTCleanerShell.exe;HijackThis.exe;IceSword.exe;iparmo.exe;Iparmor.exe;IsHelp.exe;isPwdSvc.exe;kabaload.exe;KaScrScn.SCR;KASMain.exe;KASTask.exe;KAV32.exe;KAVDX.exe;KAVPFW.exe;KAVSetup.exe;KAVStart.exe;killhidepid.exe;KISLnchr.exe;KMailMon.exe;KMFilter.exe;KPFW32.exe;KPFW32X.exe;KPFWSvc.exe;KRepair.COM;KsLoader.exe;KVCenter.kxp;KvDetect.exe;kvfw.exe;KvfwMcl.exe;KVMonXP.kxp;KVMonXP_1.kxp;kvol.exe;kvolself.exe;KvReport.kxp;KVScan.kxp;KVSrvXP.exe;KVStub.kxp;kvupload.exe;kvwsc.exe;KvXP.kxp;KvXP_1.kxp;KWatch.exe;KWatch9x.exe;KWatchX.exe;loaddll.exe;MagicSet.exe;mcconsol.exe;mmqczj.exe;mmsk.exe;NAVSetup.exe;nod32krn.exe;nod32kui.exe;PFW.exe;PFWLiveUpdate.exe;QHSET.exe;Ras.exe;Rav.exe;RavCopy.exe;RavMon.exe;RavMonD.exe;RavStore.exe;RavStub.exe;ravt08.exe;RavTask.exe;RegClean.exe;RegEx.exe;rfwcfg.exe;RfwMain.exe;rfwolusr.exe;rfwProxy.exe;rfwsrv.exe;RsAgent.exe;Rsaupd.exe;RsMain.exe;rsnetsvr.exe;RSTray.exe;runiep.exe;safebank.exe;safeboxTray.exe;safelive.exe;scan32.exe;ScanFrm.exe;shcfg32.exe;smartassistant.exe;SmartUp.exe;SREng.exe;SREngPS.exe;symlcsvc.exe;syscheck.exe;Syscheck2.exe;SysSafe.exe;ToolsUp.exe;TrojanDetector.exe;Trojanwall.exe;TrojDie.kxp;UIHost.exe;UmxAgent.exe;UmxAttachment.exe;UmxCfg.exe;UmxFwHlp.exe;UmxPol.exe;UpLive.exe;WoptiClean.exe;zxsweep.exe;LiveUpdate360.exe;

AutoRun.inf

AutoRun.inf

Open=%s

Open=%s

Shell\Open\Command=%s

Shell\Open\Command=%s

Shell\Explore\Command=%s

Shell\Explore\Command=%s

Sfc.dll

Sfc.dll

VVV.360.cn

VVV.360.cn

VVV.360safe.cn

VVV.360safe.cn

VVV.360safe.com

VVV.360safe.com

VVV.chinakv.com

VVV.chinakv.com

VVV.rising.com.cn

VVV.rising.com.cn

rising.com.cn

rising.com.cn

dl.jiangmin.com

dl.jiangmin.com

jiangmin.com

jiangmin.com

VVV.jiangmin.com

VVV.jiangmin.com

VVV.duba.net

VVV.duba.net

VVV.eset.com.cn

VVV.eset.com.cn

VVV.nod32.com

VVV.nod32.com

shadu.duba.net

shadu.duba.net

union.kingsoft.com

union.kingsoft.com

VVV.kaspersky.com.cn

VVV.kaspersky.com.cn

kaspersky.com.cn

kaspersky.com.cn

virustotal.com

virustotal.com

virscan.org

virscan.org

VVV.virscan.org

VVV.virscan.org

VVV.kaspersky.com

VVV.kaspersky.com

VVV.cnnod32.cn

VVV.cnnod32.cn

VVV.lanniao.org

VVV.lanniao.org

VVV.nod32club.com

VVV.nod32club.com

VVV.dswlab.com

VVV.dswlab.com

bbs.sucop.com

bbs.sucop.com

VVV.virustotal.com

VVV.virustotal.com

tool.ikaka.com

tool.ikaka.com

360.qihoo.com

360.qihoo.com

VVV.kafan.cn

VVV.kafan.cn

bbs.kafan.cn

bbs.kafan.cn

127.0.0.1

127.0.0.1

d-d-d d:d:d

d-d-d d:d:d

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

&Key=

&Key=

cmd /c erase /F "

cmd /c erase /F "

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

"!"""&"""

"!"""&"""

",#)#%("8""

",#)#%("8""

?""$

?""$

22222222

22222222

930 2|222

930 2|222

2222222

2222222

.Rr23D#X2X2X2Z

.Rr23D#X2X2X2Z

.Rr22F»`fX0X2Z

.Rr22F»`fX0X2Z

.Rr23D5ba

.Rr23D5ba

.Rr23D/b`c

.Rr23D/b`c

.Rr23D `fX3X2Z

.Rr23D `fX3X2Z

.Rr23D"fX0X2Z

.Rr23D"fX0X2Z

.Rr22E

.Rr22E

.Rr22E'b

.Rr22E'b

.Rr22E=

.Rr22E=

( (((,(((

( (((,(((

%)(@(.)(

%)(@(.)(

(()()(-(

(()()(-(

(8((8(((2

(8((8(((2

22222222222222

22222222222222

22322232223222

22322232223222

22220222

22220222

2222=2223

2222=2223

GetProcessHeap

GetProcessHeap

user32.dll

user32.dll

oleaut32.dll

oleaut32.dll

advapi32.dll

advapi32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCreateKeyA

RegCreateKeyA

RegCloseKey

RegCloseKey

WinExec

WinExec

GetWindowsDirectoryA

GetWindowsDirectoryA

t!==9sff!

t!==9sff!

KWindows

KWindows

LUnit_GetWeb

LUnit_GetWeb

Unit_NsPass

Unit_NsPass

ADVAPI32.dll

ADVAPI32.dll

Software\Microsoft\Windows\CurrentVersion\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer

IEXPLORE.EXE_2064_rwx_00421000_00071000:

UDPSockError

UDPSockError

NMUDP

NMUDP

Errmsg

Errmsg

Port

Port

TNMUDP

TNMUDP

RemotePort

RemotePort

LocalPort

LocalPort

ReportLevelLkB

ReportLevelLkB

0.0.0.0

0.0.0.0

%d.%d.%d.%d

%d.%d.%d.%d

AutoHotkeys

AutoHotkeys

:].tJ

:].tJ

EInvalidGraphicOperation,0C

EInvalidGraphicOperation,0C

EInvalidGraphicOperation

EInvalidGraphicOperation

KeyPreview,

KeyPreview,

WindowState

WindowState

OnKeyDown

OnKeyDown

OnKeyPressdzD

OnKeyPressdzD

OnKeyUp

OnKeyUp

ssHotTrack

ssHotTrack

TWindowState

TWindowState

poProportional

poProportional

TWMKey

TWMKey

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

vcltest3.dll

TDragOperation

TDragOperation

TKeyEvent

TKeyEvent

TKeyPressEvent

TKeyPressEvent

crSQLWait

crSQLWait

%s (%s)

%s (%s)

IMM32.DLL

IMM32.DLL

EInvalidOperation

EInvalidOperation

%s[%d]

%s[%d]

%s_%d

%s_%d

USER32.DLL

USER32.DLL

comctl32.dll

comctl32.dll

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

MSH_SCROLL_LINES_MSG

kernel32.dll

kernel32.dll

Portions Copyright (c) 1983,99 Borland

Portions Copyright (c) 1983,99 Borland

explorer.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer

*.TMP

*.TMP

Kernel32.dll

Kernel32.dll

ADVAPI32.dll

ADVAPI32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

readbook.exe

readbook.exe

rundll32.exe

rundll32.exe

*.exe

*.exe

*.scr

*.scr

UdpT

UdpT

UdpOnDataReceived

UdpOnDataReceived

xxtype.cpp

xxtype.cpp

derv->tpClass.tpcFlags & CF_HAS_BASES

derv->tpClass.tpcFlags & CF_HAS_BASES

Inappropriate I/O control operation

Inappropriate I/O control operation

Broken pipe

Broken pipe

Operation not permitted

Operation not permitted

%H:%M:%S

%H:%M:%S

%m/%d/%y

%m/%d/%y

%A, %B %d, %Y

%A, %B %d, %Y

d/d/d d:d:d.d

d/d/d d:d:d.d

An exception (X) occurred during DllEntryPoint or DllMain in module:

An exception (X) occurred during DllEntryPoint or DllMain in module:

xx.cpp

xx.cpp

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcDtorAddr

varType->tpClass.tpcDtorAddr

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

memType->tpClass.tpcFlags & CF_HAS_DTOR

memType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

elemType->tpClass.tpcFlags & CF_HAS_DTOR

elemType->tpClass.tpcFlags & CF_HAS_DTOR

Cv.SCv

Cv.SCv

Bv}.Bv

Bv}.Bv

ReportLevel

ReportLevel

GetCPInfo

GetCPInfo

GetProcessHeap

GetProcessHeap

GetWindowsDirectoryA

GetWindowsDirectoryA

RegCreateKeyExA

RegCreateKeyExA

RegFlushKey

RegFlushKey

SetViewportOrgEx

SetViewportOrgEx

ActivateKeyboardLayout

ActivateKeyboardLayout

EnumThreadWindows

EnumThreadWindows

EnumWindows

EnumWindows

GetKeyNameTextA

GetKeyNameTextA

GetKeyState

GetKeyState

GetKeyboardLayout

GetKeyboardLayout

GetKeyboardLayoutList

GetKeyboardLayoutList

GetKeyboardState

GetKeyboardState

GetKeyboardType

GetKeyboardType

LoadKeyboardLayoutA

LoadKeyboardLayoutA

MapVirtualKeyA

MapVirtualKeyA

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

SetWindowsHookExA

SetWindowsHookExA

UnhookWindowsHookEx

UnhookWindowsHookEx

VprK|%Ud

VprK|%Ud

€00404

€00404

8 @ @ @ @ @

8 @ @ @ @ @

.text

.text

`.data

`.data

.idata

.idata

@.edata

@.edata

@.rsrc

@.rsrc

@.reloc

@.reloc

70"!(&&$

70"!(&&$

External exception %x

External exception %x

Interface not supported

Interface not supported

%s (%s, line %d)

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Win32 Error. Code: %d.

Win32 Error. Code: %d.

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

Invalid variant operation"Variant method calls not supported

I/O error %d

I/O error %d

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation

Invalid data type for '%s'

Invalid data type for '%s'

Failed to set data for '%s'

Failed to set data for '%s'

Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'

Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'

Asynchronous socket error %d

Asynchronous socket error %d

- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value

- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value

Alt Clipboard does not support Icons

Alt Clipboard does not support Icons

!Control '%s' has no parent window

!Control '%s' has no parent window

Error reading %s%s%s: %s

Error reading %s%s%s: %s

Ancestor for '%s' not found

Ancestor for '%s' not found

Unsupported clipboard format

Unsupported clipboard format

Class %s not found

Class %s not found

Resource %s not found

Resource %s not found

List index out of bounds (%d) List capacity out of bounds (%d)

List index out of bounds (%d) List capacity out of bounds (%d)

List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name

List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name

A class named %s already exists

A class named %s already exists

Cannot assign a %s to a %s

Cannot assign a %s to a %s

Cannot create file %s

Cannot create file %s

Cannot open file %s

Cannot open file %s

svchost.exe_3704:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

msvcrt.dll

msvcrt.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

API-MS-Win-Security-Base-L1-1-0.dll

API-MS-Win-Security-Base-L1-1-0.dll

API-MS-WIN-Service-Core-L1-1-0.dll

API-MS-WIN-Service-Core-L1-1-0.dll

API-MS-WIN-Service-winsvc-L1-1-0.dll

API-MS-WIN-Service-winsvc-L1-1-0.dll

RPCRT4.dll

RPCRT4.dll

ole32.dll

ole32.dll

ntdll.dll

ntdll.dll

_amsg_exit

_amsg_exit

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

GetProcessHeap

GetProcessHeap

svchost.pdb

svchost.pdb

version="5.1.0.0"

version="5.1.0.0"

name="Microsoft.Windows.Services.SvcHost"

name="Microsoft.Windows.Services.SvcHost"

Host Process for Windows Services

Host Process for Windows Services

Software\Microsoft\Windows NT\CurrentVersion\Svchost

Software\Microsoft\Windows NT\CurrentVersion\Svchost

Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost

Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost

\PIPE\

\PIPE\

Host Process for Windows Services

Host Process for Windows Services

6.1.7600.16385 (win7_rtm.090713-1255)

6.1.7600.16385 (win7_rtm.090713-1255)

svchost.exe

svchost.exe

Windows

Windows

Operating System

Operating System

6.1.7600.16385

6.1.7600.16385

DrvInst.exe_1272:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

msvcrt.dll

msvcrt.dll

ntdll.dll

ntdll.dll

API-MS-Win-Core-Debug-L1-1-0.dll

API-MS-Win-Core-Debug-L1-1-0.dll

API-MS-Win-Core-ErrorHandling-L1-1-0.dll

API-MS-Win-Core-ErrorHandling-L1-1-0.dll

API-MS-Win-Core-File-L1-1-0.dll

API-MS-Win-Core-File-L1-1-0.dll

API-MS-Win-Core-Handle-L1-1-0.dll

API-MS-Win-Core-Handle-L1-1-0.dll

API-MS-Win-Core-Heap-L1-1-0.dll

API-MS-Win-Core-Heap-L1-1-0.dll

API-MS-Win-Core-Interlocked-L1-1-0.dll

API-MS-Win-Core-Interlocked-L1-1-0.dll

API-MS-Win-Core-IO-L1-1-0.dll

API-MS-Win-Core-IO-L1-1-0.dll

API-MS-Win-Core-LibraryLoader-L1-1-0.dll

API-MS-Win-Core-LibraryLoader-L1-1-0.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

API-MS-Win-Core-Memory-L1-1-0.dll

API-MS-Win-Core-Memory-L1-1-0.dll

API-MS-Win-Core-Misc-L1-1-0.dll

API-MS-Win-Core-Misc-L1-1-0.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

API-MS-Win-Core-ProcessThreads-L1-1-0.dll

API-MS-Win-Core-Profile-L1-1-0.dll

API-MS-Win-Core-Profile-L1-1-0.dll

API-MS-Win-Core-String-L1-1-0.dll

API-MS-Win-Core-String-L1-1-0.dll

API-MS-Win-Core-Synch-L1-1-0.dll

API-MS-Win-Core-Synch-L1-1-0.dll

API-MS-Win-Core-SysInfo-L1-1-0.dll

API-MS-Win-Core-SysInfo-L1-1-0.dll

API-MS-Win-Security-Base-L1-1-0.dll

API-MS-Win-Security-Base-L1-1-0.dll

SETUPAPI.dll

SETUPAPI.dll

cfgmgr32.DLL

cfgmgr32.DLL

devrtl.DLL

devrtl.DLL

KERNEL32.dll

KERNEL32.dll

Exception in DRVINST.EXE HandleDeviceInstallEntry!, ExceptionCode = 0xlx

Exception in DRVINST.EXE HandleDeviceInstallEntry!, ExceptionCode = 0xlx

Exception in DRVINST.EXE wmain!, ExceptionCode = 0xlx

Exception in DRVINST.EXE wmain!, ExceptionCode = 0xlx

Driver package failed signature validation. Error = 0xX

Driver package failed signature validation. Error = 0xX

System restore disabled by policy. Error = 0xX

System restore disabled by policy. Error = 0xX

Unable to mark devices that match new INF - (x)!

Unable to mark devices that match new INF - (x)!

DRVINST.EXE: Entering debugger while %ws driver package to Driver Store.

DRVINST.EXE: Entering debugger while %ws driver package to Driver Store.

Ea~Cancel Windows Update search failed!

Ea~Cancel Windows Update search failed!

Received request to cancel Windows Update search.

Received request to cancel Windows Update search.

CancelWUOperation

CancelWUOperation

Error (x):Unexpected cancel wait failure!

Error (x):Unexpected cancel wait failure!

Error 0x%X opening up RunOnce key.

Error 0x%X opening up RunOnce key.

{Core Device Install - exit(0xx)}

{Core Device Install - exit(0xx)}

Queueing up error report since device installation failed...

Queueing up error report since device installation failed...

Policy is set to skip sending error report for additional software requested

Policy is set to skip sending error report for additional software requested

Additional software is requested so a WER report should be sent, but the sending of WER reports from drvinst has been suppressed.

Additional software is requested so a WER report should be sent, but the sending of WER reports from drvinst has been suppressed.

Queueing up error report since additional software is requested...

Queueing up error report since additional software is requested...

Policy is set to skip sending error report for generic device driver install

Policy is set to skip sending error report for generic device driver install

A generic driver was installed so a WER report should be sent, but the sending of WER reports from drvinst has been suppressed.

A generic driver was installed so a WER report should be sent, but the sending of WER reports from drvinst has been suppressed.

Queueing up error report since device driver is generic...

Queueing up error report since device driver is generic...

Queueing up error report since device has a PnP problem...

Queueing up error report since device has a PnP problem...

Device install status=0xx

Device install status=0xx

Error(x) installing device!

Error(x) installing device!

Enabling shuffle-move file queue operations.

Enabling shuffle-move file queue operations.

Error(x) determining installation policy for device!

Error(x) determining installation policy for device!

Error(x) creating drvinst install mutex!

Error(x) creating drvinst install mutex!

No driver found on Windows Update.

No driver found on Windows Update.

Failed to load download functions from search DLL! Error=%d

Failed to load download functions from search DLL! Error=%d

Selecting best match from Windows Update...

Selecting best match from Windows Update...

Failed to build driver list from WU package. Error=%d

Failed to build driver list from WU package. Error=%d

Found driver on Windows Update, downloading - %.1f MB...

Found driver on Windows Update, downloading - %.1f MB...

Windows Update driver search cancelled.

Windows Update driver search cancelled.

Error(x) opening WU cancel event!

Error(x) opening WU cancel event!

Error(x) creating WU search serialization mutex!

Error(x) creating WU search serialization mutex!

Failed to load search function from search DLL! Error=%d

Failed to load search function from search DLL! Error=%d

Searching Windows Update for drivers...

Searching Windows Update for drivers...

INF specified BasicDriverOk for this device, skipping Windows Update search.

INF specified BasicDriverOk for this device, skipping Windows Update search.

Failed to load WU search DLL! Error=%d

Failed to load WU search DLL! Error=%d

Failed to load initialization functions from search DLL! Error=%d

Failed to load initialization functions from search DLL! Error=%d

Skipping Windows Update because no internet connection!

Skipping Windows Update because no internet connection!

Device driver was updated during servicing, skipping Windows Update search.

Device driver was updated during servicing, skipping Windows Update search.

Driver Store import failed, failing install.

Driver Store import failed, failing install.

Error(x) creating cancel thread!

Error(x) creating cancel thread!

Error(x) opening cancel thread event!

Error(x) opening cancel thread event!

Error(x) creating end-cancel thread event!

Error(x) creating end-cancel thread event!

Error(x) creating Device Manager sync event!

Error(x) creating Device Manager sync event!

DRVINST.EXE: Entering debugger during PnP device installation.

DRVINST.EXE: Entering debugger during PnP device installation.

DRVINST.EXE: Waiting for debugger on Process ID = %d ...

DRVINST.EXE: Waiting for debugger on Process ID = %d ...

DRVINST.EXE: Unknown DebugInstall options, NOT breaking to debugger.

DRVINST.EXE: Unknown DebugInstall options, NOT breaking to debugger.

The system will restart in %d seconds in order to enforce device installation restriction policy.

The system will restart in %d seconds in order to enforce device installation restriction policy.

{Driver package policy check - exit(0xx)}

{Driver package policy check - exit(0xx)}

Driver Package importation is subject to policy

Driver Package importation is subject to policy

{Device installation policy check [%ws] exit(0xx)}

{Device installation policy check [%ws] exit(0xx)}

{Device Installation Restrictions Policy Check - exit(0xx)}

{Device Installation Restrictions Policy Check - exit(0xx)}

{Device Removal Initiated by Policy Change [%ws] exit(0xx)}

{Device Removal Initiated by Policy Change [%ws] exit(0xx)}

API-MS-Win-Security-SDDL-L1-1-0.dll

API-MS-Win-Security-SDDL-L1-1-0.dll

ADVAPI32.dll

ADVAPI32.dll

COMCTL32.dll

COMCTL32.dll

OS Version = %d.%d.%d

OS Version = %d.%d.%d

Service Pack = %d.%d

Service Pack = %d.%d

Suite = 0xx

Suite = 0xx

ProductType = %d

ProductType = %d

Architecture = %s

Architecture = %s

d/d/d

d/d/d

d:d:d.d

d:d:d.d

[Exit status: FAILURE(0xx)]

[Exit status: FAILURE(0xx)]

cmd: %s

cmd: %s

os: Version = %d.%d.%d, Service Pack = %d.%d, Suite = 0xx, ProductType = %d, Architecture = %s

os: Version = %d.%d.%d, Service Pack = %d.%d, Suite = 0xx, ProductType = %d, Architecture = %s

[Boot Session: d/d/d d:d:d.d]

[Boot Session: d/d/d d:d:d.d]

[%s - %s]

[%s - %s]

RegCloseKey

RegCloseKey

RegCreateKeyExW

RegCreateKeyExW

RegOpenKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegQueryInfoKeyW

drvstore.dll

drvstore.dll

DrvInst.pdb

DrvInst.pdb

udPPj

udPPj

Ht.Ht

Ht.Ht

PSSSSSSh

PSSSSSSh

pServerImportDriverPackage

pServerImportDriverPackage

_amsg_exit

_amsg_exit

SetupDiReportDeviceInstallError

SetupDiReportDeviceInstallError

SetupDiReportAdditionalSoftwareRequested

SetupDiReportAdditionalSoftwareRequested

SetupDiReportGenericDriverInstalled

SetupDiReportGenericDriverInstalled

SetupDiReportPnPDeviceProblem

SetupDiReportPnPDeviceProblem

SetupDiReportDriverNotFoundError

SetupDiReportDriverNotFoundError

SetupDiOpenDevRegKey

SetupDiOpenDevRegKey

GetSystemWindowsDirectoryW

GetSystemWindowsDirectoryW

GetProcessHeap

GetProcessHeap

name="Microsoft.Windows.DrvInst"

name="Microsoft.Windows.DrvInst"

version="5.1.0.0"

version="5.1.0.0"

2"363;3@3

2"363;3@3

Global\DrvInst_CancelSearch_{86EC8168-ECD8-46ac-B312-AAE1DAF80BB8}

Global\DrvInst_CancelSearch_{86EC8168-ECD8-46ac-B312-AAE1DAF80BB8}

!%d-%d-%d

!%d-%d-%d

...

...

streamci.dll

streamci.dll

rundll32.exe

rundll32.exe

Software\Microsoft\Windows\CurrentVersion\RunOnce

Software\Microsoft\Windows\CurrentVersion\RunOnce

setupapi.dll

setupapi.dll

!DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}

!DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}

!DrvInst.exe_mutex_{6848E37B-F8FA-404d-AF21-279E723B6D35}

!DrvInst.exe_mutex_{6848E37B-F8FA-404d-AF21-279E723B6D35}

Software\Microsoft\Windows\CurrentVersion\Device Installer

Software\Microsoft\Windows\CurrentVersion\Device Installer

Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\DoqInProgress

Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\DoqInProgress

Software\Microsoft\Windows\CurrentVersion\DriverSearching

Software\Microsoft\Windows\CurrentVersion\DriverSearching

Software\Policies\Microsoft\Windows\DriverSearching

Software\Policies\Microsoft\Windows\DriverSearching

Software\Microsoft\Windows\CurrentVersion\DriverSearching\Plugin

Software\Microsoft\Windows\CurrentVersion\DriverSearching\Plugin

Software\Policies\Microsoft\Windows\DeviceInstall

Software\Policies\Microsoft\Windows\DeviceInstall

Software\Policies\Microsoft\Windows\DriverInstall

Software\Policies\Microsoft\Windows\DriverInstall

Registry Keys

Registry Keys

Software\Microsoft\Windows\CurrentVersion\Setup

Software\Microsoft\Windows\CurrentVersion\Setup

setupapi.offline.log

setupapi.offline.log

setupapi.dev.log

setupapi.dev.log

setupapi.app.log

setupapi.app.log

%s.ddd_ddd.%s

%s.ddd_ddd.%s

%s.????????_??????.%s

%s.????????_??????.%s

setupapi.ev3

setupapi.ev3

setupapi.ev2

setupapi.ev2

setupapi.ev1

setupapi.ev1

advapi32.dll

advapi32.dll

6.1.7600.16385 (win7_rtm.090713-1255)

6.1.7600.16385 (win7_rtm.090713-1255)

DrvInst.EXE

DrvInst.EXE

Windows

Windows

Operating System

Operating System

6.1.7600.16385

6.1.7600.16385

rundll32.exe_3876:

.text

.text

`.data

`.data

.rsrc

.rsrc

@.reloc

@.reloc

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

msvcrt.dll

msvcrt.dll

imagehlp.dll

imagehlp.dll

ntdll.dll

ntdll.dll

Av.TBv

Av.TBv

?.ulf

?.ulf

.ue9]

.ue9]

ole32.dll

ole32.dll

_amsg_exit

_amsg_exit

_wcmdln

_wcmdln

rundll32.pdb

rundll32.pdb

name="Microsoft.Windows.Shell.rundll32"

name="Microsoft.Windows.Shell.rundll32"

version="5.1.0.0"

version="5.1.0.0"

name="Microsoft.Windows.Shell.rundll32"

name="Microsoft.Windows.Shell.rundll32"

version="5.1.0.0"

version="5.1.0.0"

.....eZXnnnnnnnnnnnn3

.....eZXnnnnnnnnnnnn3

....eDXnnnnnnnnnnnn3

....eDXnnnnnnnnnnnn3

...eDXnnnnnnnnnnnn,

...eDXnnnnnnnnnnnn,

.eDXnnnnnnnnnnnn,

.eDXnnnnnnnnnnnn,

%Xnnnnnnnnnnnnnnn1

%Xnnnnnnnnnnnnnnn1

O3$dS7"%U9

O3$dS7"%U9

.manifest

.manifest

{00000000-0000-0000-0000-000000000000}

{00000000-0000-0000-0000-000000000000}

\\?\Volume

\\?\Volume

\\?\UNC\

\\?\UNC\

rundll32.exe

rundll32.exe

Windows host process (Rundll32)

Windows host process (Rundll32)

6.1.7600.16385 (win7_rtm.090713-1255)

6.1.7600.16385 (win7_rtm.090713-1255)

RUNDLL32.EXE

RUNDLL32.EXE

Windows

Windows

Operating System

Operating System

6.1.7600.16385

6.1.7600.16385

Explorer.EXE_2024_rwx_046C1000_00071000:

UDPSockError

UDPSockError

NMUDP

NMUDP

Errmsg

Errmsg

Port

Port

TNMUDP

TNMUDP

RemotePort

RemotePort

LocalPort

LocalPort

ReportLevelLkl

ReportLevelLkl

0.0.0.0

0.0.0.0

%d.%d.%d.%d

%d.%d.%d.%d

AutoHotkeys

AutoHotkeys

:].tJ

:].tJ

EInvalidGraphicOperation,0m

EInvalidGraphicOperation,0m

EInvalidGraphicOperation

EInvalidGraphicOperation

KeyPreview,

KeyPreview,

WindowState

WindowState

OnKeyDown

OnKeyDown

OnKeyPressdzn

OnKeyPressdzn

OnKeyUp

OnKeyUp

ssHotTrack

ssHotTrack

TWindowState

TWindowState

poProportional

poProportional

TWMKey

TWMKey

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

vcltest3.dll

TDragOperation

TDragOperation

TKeyEvent

TKeyEvent

TKeyPressEvent

TKeyPressEvent

crSQLWait

crSQLWait

%s (%s)

%s (%s)

IMM32.DLL

IMM32.DLL

EInvalidOperation

EInvalidOperation

%s[%d]

%s[%d]

%s_%d

%s_%d

USER32.DLL

USER32.DLL

comctl32.dll

comctl32.dll

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

MSH_SCROLL_LINES_MSG

kernel32.dll

kernel32.dll

Portions Copyright (c) 1983,99 Borland

Portions Copyright (c) 1983,99 Borland

explorer.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer

*.TMP

*.TMP

Kernel32.dll

Kernel32.dll

ADVAPI32.dll

ADVAPI32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

readbook.exe

readbook.exe

rundll32.exe

rundll32.exe

*.exe

*.exe

*.scr

*.scr

UdpT

UdpT

UdpOnDataReceived

UdpOnDataReceived

xxtype.cpp

xxtype.cpp

derv->tpClass.tpcFlags & CF_HAS_BASES

derv->tpClass.tpcFlags & CF_HAS_BASES

Inappropriate I/O control operation

Inappropriate I/O control operation

Broken pipe

Broken pipe

Operation not permitted

Operation not permitted

%H:%M:%S

%H:%M:%S

%m/%d/%y

%m/%d/%y

%A, %B %d, %Y

%A, %B %d, %Y

d/d/d d:d:d.d

d/d/d d:d:d.d

An exception (X) occurred during DllEntryPoint or DllMain in module:

An exception (X) occurred during DllEntryPoint or DllMain in module:

xx.cpp

xx.cpp

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcDtorAddr

varType->tpClass.tpcDtorAddr

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

memType->tpClass.tpcFlags & CF_HAS_DTOR

memType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

elemType->tpClass.tpcFlags & CF_HAS_DTOR

elemType->tpClass.tpcFlags & CF_HAS_DTOR

Cv.SCv

Cv.SCv

Bv}.Bv

Bv}.Bv

ReportLevel

ReportLevel

GetCPInfo

GetCPInfo

GetProcessHeap

GetProcessHeap

GetWindowsDirectoryA

GetWindowsDirectoryA

RegCreateKeyExA

RegCreateKeyExA

RegFlushKey

RegFlushKey

SetViewportOrgEx

SetViewportOrgEx

ActivateKeyboardLayout

ActivateKeyboardLayout

EnumThreadWindows

EnumThreadWindows

EnumWindows

EnumWindows

GetKeyNameTextA

GetKeyNameTextA

GetKeyState

GetKeyState

GetKeyboardLayout

GetKeyboardLayout

GetKeyboardLayoutList

GetKeyboardLayoutList

GetKeyboardState

GetKeyboardState

GetKeyboardType

GetKeyboardType

LoadKeyboardLayoutA

LoadKeyboardLayoutA

MapVirtualKeyA

MapVirtualKeyA

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

SetWindowsHookExA

SetWindowsHookExA

UnhookWindowsHookEx

UnhookWindowsHookEx

VprK|%Ud

VprK|%Ud

€00404

€00404

8 @ @ @ @ @

8 @ @ @ @ @

.text

.text

`.data

`.data

.idata

.idata

@.edata

@.edata

@.rsrc

@.rsrc

@.reloc

@.reloc

70"!(&&$

70"!(&&$

External exception %x

External exception %x

Interface not supported

Interface not supported

%s (%s, line %d)

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Win32 Error. Code: %d.

Win32 Error. Code: %d.

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

Invalid variant operation"Variant method calls not supported

I/O error %d

I/O error %d

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation

Invalid data type for '%s'

Invalid data type for '%s'

Failed to set data for '%s'

Failed to set data for '%s'

Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'

Failed to get data for '%s'/Menu '%s' is already being used by another form*Windows socket error: %s (%d), on API '%s'

Asynchronous socket error %d

Asynchronous socket error %d

- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value

- Dock zone has no control%List does not allow duplicates ($0%x)!'%s' is not a valid integer value

Alt Clipboard does not support Icons

Alt Clipboard does not support Icons

!Control '%s' has no parent window

!Control '%s' has no parent window

Error reading %s%s%s: %s

Error reading %s%s%s: %s

Ancestor for '%s' not found

Ancestor for '%s' not found

Unsupported clipboard format

Unsupported clipboard format

Class %s not found

Class %s not found

Resource %s not found

Resource %s not found

List index out of bounds (%d) List capacity out of bounds (%d)

List index out of bounds (%d) List capacity out of bounds (%d)

List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name

List count out of bounds (%d) Operation not allowed on sorted string list%String list does not allow duplicates#A component named %s already exists$''%s'' is not a valid component name

A class named %s already exists

A class named %s already exists

Cannot assign a %s to a %s

Cannot assign a %s to a %s

Cannot create file %s

Cannot create file %s

Cannot open file %s

Cannot open file %s