00000000   00400000      0   MZLoveboom
0000002A   0040002A      0   LoadLibraryA
000000C0   004000C0      0   GetProcAddress
00000170   00400170      0   Unpacker
000001C0   004001C0      0   Loveboom
000001E8   004001E8      0   .snaker
0000107A   0040107A      0   T$8RV
00001083   00401083      0   |$,MZuB
000010AF   004010AF      0   L$ QV
000010E6   004010E6      0   D$xPV
000011FA   004011FA      0   SUVWj
000012AF   004012AF      0   l$ PU
000013E7   004013E7      0   D$(Pj
00001500   00401500      0   T$(Rj@QP
000015B6   004015B6      0   SPVQR
0000164B   0040164B      0   T$0RP
0000173B   0040173B      0   T$4R+
000017AE   004017AE      0   T$@RV
000017BF   004017BF      0   T$,PQRWS
000019A1   004019A1      0   Ph|!@
000020B4   004020B4      0   Unexpected option header size.
000020D4   004020D4      0   ntdll.dll
000020E0   004020E0      0   ZwUnmapViewOfSection
000020F8   004020F8      0   Memory allocated at %X
00002110   00402110      0   read_pe_info successed
0000212C   0040212C      0   CreateFileA
00002138   00402138      0   kernel32
00002144   00402144      0   \drivers\
00002150   00402150      0   AVP.EXE
0000217C   0040217C      0   pcibus.sys
00002544   00402544      0   ADVAPI32.dll
00003055   00403055      0   !This program cannot be run in DOS mode.
000031E8   004031E8      0   .text
00003210   00403210      0   .rdata
00003237   00403237      0   @.data
00004010   00404010      0   SUVW3
0000412B   0040412B      0   D$,t.Sh
00004174   00404174      0   T$dRj
0000417B   0040417B      0   L$DQhs
00004423   00404423      0   D$ h(b@
00004864   00404864      0   L$ QSUV
00004A21   00404A21      0   L$TQV
00004A2B   00404A2B      0   T$ Rj
00004B1B   00404B1B      0   L$8QW
00004B7A   00404B7A      0   T$/t{Wj
00004BF0   00404BF0      0   L$xQS
00004CA2   00404CA2      0   D$xPV
00004F5E   00404F5E      0   D$ h(h@
00004FC7   00404FC7      0   D$ Ph
0000501A   0040501A      0   T$ Rh
0000506D   0040506D      0   L$ Qh
000057D3   004057D3      0   Phhj@
000059AF   004059AF      0   _h|j@
00005C48   00405C48      0   QSUVWh
00005C8E   00405C8E      0   Ph +@
00005D39   00405D39      0   T$ j.R
00005F32   00405F32      0   L$\PQ
00005F8A   00405F8A      0   D$lRP
000060DB   004060DB      0   L$(Qh
000060E5   004060E5      0   T$4Rh
0000617B   0040617B      0   L$(Qh
00006185   00406185      0   T$4Rh
00006208   00406208      0   L$(Qh
00006212   00406212      0   T$4Rh
0000627E   0040627E      0   D$4hDk@
0000628C   0040628C      0   ShBk@
00006319   00406319      0   tYh,k@
000063DE   004063DE      0   SUVWh0uA
000064E4   004064E4      0   T$ hXk@
000065F4   004065F4      0   SUVW3
00006E1B   00406E1B      0   T$$Rj
00006FEE   00406FEE      0   ][h0uA
0000733B   0040733B      0   D$ Pj@
00007342   00407342      0   L$,QV
0000734F   0040734F      0   |$ MZVt
000074EC   004074EC      0   t8Hu<j
000076C6   004076C6      0   D$<RP
00007803   00407803      0   Vh@G@
0000798B   0040798B      0   L$ Qh
00008330   00408330      0   L$ UQP
0000839A   0040839A      0   T$$Rh
0000920C   0040920C      0   int ut suc!
0000927D   0040927D      0   1h"qE]
00009291   00409291      0   1h"qE]
000092CC   004092CC      0   c:\Program Files\conimeu.exe
000092EC   004092EC      0   c:\Program Files\conimet.exe
0000930C   0040930C      0   c:\Program Files\conimes.exe
0000932C   0040932C      0   c:\Program Files\conimer.exe
0000934C   0040934C      0   c:\Program Files\conimeq.exe
0000936C   0040936C      0   c:\Program Files\conimep.exe
0000938C   0040938C      0   c:\Program Files\conimeo.exe
000093AC   004093AC      0   c:\Program Files\conimen.exe
000093CC   004093CC      0   c:\Program Files\conimem.exe
000093EC   004093EC      0   c:\Program Files\conimel.exe
0000940C   0040940C      0   c:\Program Files\conimek.exe
0000942C   0040942C      0   c:\Program Files\conimej.exe
0000944C   0040944C      0   c:\Program Files\conimei.exe
0000946C   0040946C      0   c:\Program Files\conimeh.exe
0000948C   0040948C      0   c:\Program Files\conimef.exe
000094AC   004094AC      0   c:\Program Files\conimee.exe
000094CC   004094CC      0   c:\Program Files\conimed.exe
000094EC   004094EC      0   c:\Program Files\conimec.exe
0000950C   0040950C      0   c:\Program Files\conimeb.exe
0000952C   0040952C      0   c:\Program Files\conimea.exe
0000954C   0040954C      0   c:\Program Files\conime9.exe
0000956C   0040956C      0   c:\Program Files\conime8.exe
0000958C   0040958C      0   c:\Program Files\conime7.exe
000095AC   004095AC      0   c:\Program Files\conime6.exe
000095CC   004095CC      0   c:\Program Files\conime5.exe
000095EC   004095EC      0   c:\Program Files\conime4.exe
0000960C   0040960C      0   c:\Program Files\conime3.exe
0000962C   0040962C      0   c:\Program Files\conime2.exe
0000964C   0040964C      0   c:\Program Files\conime1.exe
0000966C   0040966C      0   c:\Program Files\conime0.exe
000096F4   004096F4      0   \config\
0000988A   0040988A      0   007IEt
000098AD   004098AD      0   1h"qE]
000098FD   004098FD      0   O l{!
00009A14   00409A14      0   SeDebugPrivilege
00009A34   00409A34      0   received exit signal, exited..
00009A58   00409A58      0   SeRestorePrivilege
00009A94   00409A94      0   %s.%d
00009AC4   00409AC4      0   Sending payload2...finish
00009AE0   00409AE0      0   Sending payload1...finish
00009AFC   00409AFC      0   sending %s
00009B0C   00409B0C      0   4b324fc8-1670-01d3-1278-5a47bf6ee188
00009B38   00409B38      0   \\%s\pipe\BROWSER
00009B4C   00409B4C      0   \\%s\pipe
00009B60   00409B60      0   %s %s %s
00009B6C   00409B6C      0   echo %s >> %s
00009B7C   00409B7C      0   echo %s > %s
00009B94   00409B94      0   %s\%d.exe
00009BA0   00409BA0      0   waitting connections ...
00009BD8   00409BD8      0   Microsoft Windows
00009C0E   00409C0E      0   %s%s%s
00009CA0   00409CA0      0   @80( 
00009D70   00409D70      0   <4,$?7/'
00009DAF   00409DAF      0   (3-!0,1'8"5.*2$
0000A246   0040A246      0   WriteFile
0000A252   0040A252      0   SetFilePointer
0000A264   0040A264      0   ReadFile
0000A270   0040A270      0   DeviceIoControl
0000A282   0040A282      0   CloseHandle
0000A290   0040A290      0   CreateFileA
0000A29E   0040A29E      0   lstrcatA
0000A2AA   0040A2AA      0   lstrlenA
0000A2B6   0040A2B6      0   GetSystemDirectoryA
0000A2CC   0040A2CC      0   DeleteFileA
0000A2DA   0040A2DA      0   lstrcpyA
0000A2E6   0040A2E6      0   Sleep
0000A2EE   0040A2EE      0   OutputDebugStringA
0000A304   0040A304      0   SetSystemTime
0000A314   0040A314      0   GetSystemTime
0000A324   0040A324      0   WaitForSingleObject
0000A33A   0040A33A      0   GetProcAddress
0000A34C   0040A34C      0   GetModuleHandleA
0000A360   0040A360      0   GetFileSize
0000A36E   0040A36E      0   FreeLibrary
0000A37C   0040A37C      0   LoadLibraryA
0000A38C   0040A38C      0   HeapFree
0000A398   0040A398      0   WinExec
0000A3A2   0040A3A2      0   lstrcmpA
0000A3AE   0040A3AE      0   lstrcpynA
0000A3BA   0040A3BA      0   HeapAlloc
0000A3C6   0040A3C6      0   GetProcessHeap
0000A3D8   0040A3D8      0   GetLastError
0000A3E8   0040A3E8      0   GetCurrentProcess
0000A3FC   0040A3FC      0   TerminateProcess
0000A410   0040A410      0   OpenProcess
0000A41E   0040A41E      0   Process32Next
0000A42E   0040A42E      0   lstrcmpiA
0000A43A   0040A43A      0   Process32First
0000A44C   0040A44C      0   CreateToolhelp32Snapshot
0000A468   0040A468      0   SetEvent
0000A474   0040A474      0   ResetEvent
0000A482   0040A482      0   GetModuleFileNameA
0000A498   0040A498      0   CreateThread
0000A4A8   0040A4A8      0   CreateEventA
0000A4B8   0040A4B8      0   OutputDebugStringW
0000A4CE   0040A4CE      0   lstrcpyW
0000A4DA   0040A4DA      0   OpenEventA
0000A4E8   0040A4E8      0   GetCommandLineA
0000A4FA   0040A4FA      0   LeaveCriticalSection
0000A512   0040A512      0   EnterCriticalSection
0000A52A   0040A52A      0   DeleteCriticalSection
0000A542   0040A542      0   InitializeCriticalSection
0000A55E   0040A55E      0   MultiByteToWideChar
0000A574   0040A574      0   CreateFileW
0000A582   0040A582      0   TransactNamedPipe
0000A596   0040A596      0   FindClose
0000A5A2   0040A5A2      0   FindNextFileA
0000A5B2   0040A5B2      0   FindFirstFileA
0000A5C4   0040A5C4      0   GetDriveTypeA
0000A5D4   0040A5D4      0   GetLogicalDriveStringsA
0000A5EC   0040A5EC      0   KERNEL32.dll
0000A5FC   0040A5FC      0   WNetCancelConnection2A
0000A616   0040A616      0   WNetAddConnection2A
0000A62A   0040A62A      0   MPR.dll
0000A632   0040A632      0   NETAPI32.dll
0000A640   0040A640      0   WS2_32.dll
0000A64E   0040A64E      0   SendARP
0000A656   0040A656      0   iphlpapi.dll
0000A666   0040A666      0   UuidToStringA
0000A676   0040A676      0   UuidFromStringA
0000A686   0040A686      0   RPCRT4.dll
0000A694   0040A694      0   wvsprintfA
0000A6A2   0040A6A2      0   IsCharAlphaNumericA
0000A6B8   0040A6B8      0   ShowWindow
0000A6C6   0040A6C6      0   FindWindowA
0000A6D4   0040A6D4      0   SendMessageA
0000A6E4   0040A6E4      0   wsprintfA
0000A6EE   0040A6EE      0   USER32.dll
0000A6FC   0040A6FC      0   CloseServiceHandle
0000A712   0040A712      0   QueryServiceStatus
0000A728   0040A728      0   ControlService
0000A73A   0040A73A      0   OpenServiceA
0000A74A   0040A74A      0   OpenSCManagerA
0000A75C   0040A75C      0   ChangeServiceConfigA
0000A774   0040A774      0   StartServiceA
0000A784   0040A784      0   DeleteService
0000A794   0040A794      0   ChangeServiceConfig2A
0000A7AC   0040A7AC      0   CreateServiceA
0000A7BE   0040A7BE      0   AdjustTokenPrivileges
0000A7D6   0040A7D6      0   LookupPrivilegeValueA
0000A7EE   0040A7EE      0   OpenProcessToken
0000A802   0040A802      0   RegCloseKey
0000A810   0040A810      0   RegRestoreKeyA
0000A822   0040A822      0   RegOpenKeyA
0000A82E   0040A82E      0   ADVAPI32.dll
0000A83E   0040A83E      0   ShellExecuteA
0000A84C   0040A84C      0   SHELL32.dll
0000A85A   0040A85A      0   ExitProcess
0000A868   0040A868      0   GetStartupInfoA
0000B05D   0040B05D      0   !This program cannot be run in DOS mode.
0000B1F8   0040B1F8      0   .text
0000B220   0040B220      0   .rdata
0000B247   0040B247      0   @.data
0000B270   0040B270      0   .rsrc
0000B44C   0040B44C      0   D$ ht @
0000B491   0040B491      0   T$ hX @
0000B836   0040B836      0   T$$Rj
0000C158   0040C158      0   L$ UQP
0000C1C2   0040C1C2      0   T$$Rh
0000C2A5   0040C2A5      0   1h"qE]
0000C2BD   0040C2BD      0   (zQ'3
0000C32D   0040C32D      0   1h"qE]
0000C338   0040C338      0   abcdef
0000C358   0040C358      0   @80( 
0000C428   0040C428      0   <4,$?7/'
0000C467   0040C467      0   (3-!0,1'8"5.*2$
0000C706   0040C706      0   OutputDebugStringA
0000C71C   0040C71C      0   CloseHandle
0000C72A   0040C72A      0   CreateFileA
0000C738   0040C738      0   Sleep
0000C740   0040C740      0   FreeLibrary
0000C74E   0040C74E      0   GetProcAddress
0000C760   0040C760      0   LoadLibraryA
0000C770   0040C770      0   lstrlenA
0000C77C   0040C77C      0   WinExec
0000C786   0040C786      0   lstrcatA
0000C792   0040C792      0   GetSystemDirectoryA
0000C7A8   0040C7A8      0   lstrcpynA
0000C7B4   0040C7B4      0   CreateProcessA
0000C7C6   0040C7C6      0   WriteFile
0000C7D2   0040C7D2      0   HeapAlloc
0000C7DE   0040C7DE      0   GetProcessHeap
0000C7F0   0040C7F0      0   GetModuleHandleA
0000C802   0040C802      0   KERNEL32.dll
0000C810   0040C810      0   USER32.dll
0000C81C   0040C81C      0   ADVAPI32.dll
0000C82C   0040C82C      0   ExitProcess
0000C83A   0040C83A      0   GetStartupInfoA
0000C84C   0040C84C      0   GetCommandLineA
0000CA28   0040CA28      0   MZKERNEL32.DLL
0000CA52   0040CA52      0   LoadLibraryA
0000CAE8   0040CAE8      0   GetProcAddress
0000D1EF   0040D1EF      0   j2DOw
0000D212   0040D212      0   3cIuQ
0000D239   0040D239      0   /B0trR
0000D279   0040D279      0   -JMc*w
0000D3FD   0040D3FD      0   ?lW0(
0000D454   0040D454      0   TzBQlG#
0000D461   0040D461      0   ]{}=NGF
0000D698   0040D698      0   =w&*#
0000D735   0040D735      0   |e.O\
0000D80C   0040D80C      0   4pwc.s
0000D923   0040D923      0   ,,{+W
0000D940   0040D940      0   ]K$P-
0000D99E   0040D99E      0   p' Sn((
0000DAE2   0040DAE2      0   Nutf|
0000DB97   0040DB97      0   tcOC2
0000DD04   0040DD04      0   k31*7
0000DD36   0040DD36      0   I\$@'n
0000DD5E   0040DD5E      0   4(Xtu
0000DF9F   0040DF9F      0   y>	o.P5
0000DFBA   0040DFBA      0   Zw)uB
0000DFE8   0040DFE8      0   l!GTh
0000E0BB   0040E0BB      0   {+%#<
0000E15D   0040E15D      0   3:c\=Z
0000E27D   0040E27D      0   pWqgY
0000E313   0040E313      0   8D;R5-
0000E338   0040E338      0   l[.wh
0000E4C3   0040E4C3      0   Qq4+Y
0000E53E   0040E53E      0   T(TCB
0000E72F   0040E72F      0   	?e	"&
0000E8C7   0040E8C7      0   V9Oe	
0000E8D1   0040E8D1      0    @|J3\UZ-
0000E939   0040E939      0   Q2(I.E
0000E9B8   0040E9B8      0   g|{C?a
0000EA14   0040EA14      0   _nf"|
0000EA7C   0040EA7C      0   #'}>s
0000EA89   0040EA89      0   3.F<]R
0000EC8B   0040EC8B      0   VA.|z1#
0000ECFB   0040ECFB      0   )_q~ 
0000ED59   0040ED59      0   ?,/)j
0000ED90   0040ED90      0    E(Z3
0000EDAF   0040EDAF      0   O9*d5G@
0000EDB8   0040EDB8      0   Jdp8T
0000EE10   0040EE10      0   N\\w]
0000EE2B   0040EE2B      0   onNsp
0000EF62   0040EF62      0   O6*v\
0000F0CE   0040F0CE      0   |q[b+
0000F39A   0040F39A      0   QiW{>~
0000FC5D   0040FC5D      0   !This program cannot be run in DOS mode.
0000FF50   0040FF50      0   .text
0000FF77   0040FF77      0   h.rdata
0000FF9F   0040FF9F      0   H.data
0000FFF0   0040FFF0      0   .reloc
00010118   00410118      0   IoGetDeviceObjectPointer failed.
0001013C   0041013C      0   DR0_DeviceObject = NULL.
000101F0   004101F0      0   IfhDispatchClose, DR0_DeviceObject = NULL
0001021C   0041021C      0   IfhDispatchClose, OldAttachedDeviceOfDR0 = NULL
000102F0   004102F0      0   IoCreateDevice() 0x%x!
00010308   00410308      0   IoCreateSymbolicLink() 0x%x!
00010550   00410550      0   f:\source\cg\cgall\ide_hackdriver\objfre_wxp_x86\i386\pcidisk.pdb
00010736   00410736      0   IoDeleteDevice
00010748   00410748      0   IoDeleteSymbolicLink
00010760   00410760      0   RtlInitUnicodeString
00010778   00410778      0   IofCompleteRequest
0001078E   0041078E      0   ObfDereferenceObject
000107A6   004107A6      0   DbgPrint
000107B2   004107B2      0   IoGetDeviceObjectPointer
000107CE   004107CE      0   IoCreateSymbolicLink
000107E6   004107E6      0   IoCreateDevice
000107F8   004107F8      0   _except_handler3
0001080C   0041080C      0   KeTickCount
00010818   00410818      0   ntoskrnl.exe
0001089F   0041089F      0   4]5s5
000108B1   004108B1      0   5J6_6g6p6
000108BD   004108BD      0   7.757<7F7P7W7r7
00010A05   00410A05      0   !This program cannot be run in DOS mode.
00010B88   00410B88      0   .text
00010BB0   00410BB0      0   .rdata
00010BD7   00410BD7      0   @.data
00010E32   00410E32      0   T$8RV
00010E3B   00410E3B      0   |$,MZuB
00010E67   00410E67      0   L$ QV
00010E9E   00410E9E      0   D$xPV
00010FB2   00410FB2      0   SUVWj
00011067   00411067      0   l$ PU
0001119F   0041119F      0   D$(Pj
000112B8   004112B8      0   T$(Rj@QP
0001136E   0041136E      0   SPVQR
00011403   00411403      0   T$0RP
000114DE   004114DE      0   T$4R+
00011550   00411550      0   T$DRW
00011568   00411568      0   PQUVS
00011654   00411654      0   SUVW3
000116C0   004116C0      0   T$8hx1@
0001176F   0041176F      0   D$8hX1@
000117D0   004117D0      0   t%h,@@
00012020   00412020      0   L$ UQP
0001208A   0041208A      0   T$$Rh
00012468   00412468      0   Unexpected option header size.
00012488   00412488      0   ntdll.dll
00012494   00412494      0   ZwUnmapViewOfSection
000124AC   004124AC      0   Memory allocated at %X
000124C4   004124C4      0   read_pe_info successed
000124E0   004124E0      0   CreateFileA
000124EC   004124EC      0   kernel32
000124F8   004124F8      0   cntpb
00012519   00412519      0   1h"qE]
00012568   00412568      0   @80( 
00012638   00412638      0   <4,$?7/'
00012677   00412677      0   (3-!0,1'8"5.*2$
00012982   00412982      0   OutputDebugStringA
00012998   00412998      0   HeapAlloc
000129A4   004129A4      0   GetProcessHeap
000129B6   004129B6      0   ReadFile
000129C2   004129C2      0   SetFilePointer
000129D4   004129D4      0   VirtualQueryEx
000129E6   004129E6      0   ReadProcessMemory
000129FA   004129FA      0   GetThreadContext
00012A0E   00412A0E      0   CreateProcessA
00012A20   00412A20      0   TerminateProcess
00012A34   00412A34      0   ResumeThread
00012A44   00412A44      0   SetThreadContext
00012A58   00412A58      0   WriteProcessMemory
00012A6E   00412A6E      0   GetProcAddress
00012A80   00412A80      0   GetModuleHandleA
00012A94   00412A94      0   VirtualProtectEx
00012AA8   00412AA8      0   VirtualAllocEx
00012ABA   00412ABA      0   CloseHandle
00012AC8   00412AC8      0   VirtualAlloc
00012AD8   00412AD8      0   GetFileSize
00012AE6   00412AE6      0   MultiByteToWideChar
00012AFC   00412AFC      0   lstrlenA
00012B08   00412B08      0   Process32NextW
00012B1A   00412B1A      0   lstrcmpiA
00012B26   00412B26      0   Process32FirstW
00012B38   00412B38      0   CreateToolhelp32Snapshot
00012B54   00412B54      0   GetCommandLineW
00012B66   00412B66      0   Sleep
00012B6E   00412B6E      0   SetSystemTime
00012B7E   00412B7E      0   GetSystemTime
00012B8E   00412B8E      0   lstrcatA
00012B9A   00412B9A      0   lstrcpyA
00012BA6   00412BA6      0   WideCharToMultiByte
00012BBC   00412BBC      0   lstrlenW
00012BC8   00412BC8      0   lstrcpyW
00012BD4   00412BD4      0   GetSystemDirectoryA
00012BEA   00412BEA      0   GetTempPathW
00012BF8   00412BF8      0   KERNEL32.dll
00012C08   00412C08      0   wvsprintfA
00012C14   00412C14      0   USER32.dll
00012C22   00412C22      0   ExitProcess
00012C30   00412C30      0   GetStartupInfoA
00012C42   00412C42      0   GetCommandLineA
00012FEC   00412FEC      0   ;T$(u
00013022   00413022      0   fSfh32hws2_T
0001304D   0041304D      0   SSSSCSCS
00013073   00413073      0   fjdfhcmjPY)
000130A2   004130A2      0   [WRQQQj
00013105   00413105      0   'OGI7
00013133   00413133      0   K?@BJ
00013144   00413144      0   CNICO
000131D2   004131D2      0   ?HJ@7GA
00013209   00413209      0   K@'FB
0001321E   0041321E      0   KAC@K
00013385   00413385      0   OIGG?
00013399   00413399      0   @@CC@
000133C0   004133C0      0   ACBN@N?7
000133DC   004133DC      0   'O?@7
000133EF   004133EF      0   C''ON
00013569   00413569      0   NJHCOG
00013640   00413640      0   a9h%TY @Q
00013660   00413660      0   a9G%l
0001366B   0041366B      0   %|Y E
000136F8   004136F8      0   1vWNeYEMisI9v29RtUZWlnkKQd9NU2s1qDoUMDop3XGp54znaLmN90P9GMdPFcKatcb8Divv9IaQAZ76njomznFCFyNnLMSHzFwxGcRZ50oB3BW8VYzGkxbkvhycKhBiFST9Jn8turxPimaWpbv68twibkJY8RuclZbw2QoKuLm2HlPO7SHt4eO5XnGSiVHb6Rx5zaK7odI1Ko815L3a
000137D0   004137D0      0   wmO6HzGy
000137DC   004137DC      0   z78CGPYx41yhU0LkaCkpghpIMUtUsEtZ
00013800   00413800      0   ZzDhVuNl
0001380C   0041380C      0   zRfSfZTIuVjcuZfULmdME6Bbt46FTXfF
0001390D   0041390D      0   !This program cannot be run in DOS mode.
00013AA8   00413AA8      0   .text
00013AD0   00413AD0      0   .rdata
00013AF7   00413AF7      0   @.data
00013B20   00413B20      0   .rsrc
00013D3A   00413D3A      0   T$8RV
00013D43   00413D43      0   |$,MZuB
00013D6F   00413D6F      0   L$ QV
00013DA6   00413DA6      0   D$xPV
00013EBA   00413EBA      0   SUVWj
00013F6F   00413F6F      0   l$ PU
000140A7   004140A7      0   D$(Pj
000141C0   004141C0      0   T$(Rj@QP
00014276   00414276      0   SPVQR
0001430B   0041430B      0   T$0RP
00014496   00414496      0   Phl1@
000144B9   004144B9      0   PhX1@
000144DC   004144DC      0   PhL1@
00014538   00414538      0   QhXI@
0001465C   0041465C      0   D$ hl1@
00014862   00414862      0   RhXI@
00014A0E   00414A0E      0   L$0Q+
00014A81   00414A81      0   L$DQV
000153B8   004153B8      0   L$ UQP
000153E0   004153E0      0   UhhA@
00015414   00415414      0   ShhA@
00015422   00415422      0   T$$RhhD@
00015432   00415432      0   ShhA@
00015570   00415570      0   Unexpected option header size.
00015590   00415590      0   ntdll.dll
0001559C   0041559C      0   ZwUnmapViewOfSection
000155D1   004155D1      0   1h"qE]
000156DC   004156DC      0   Memory allocated at %X
000156F4   004156F4      0   read_pe_info successed
00015728   00415728      0   @80( 
000157F8   004157F8      0   <4,$?7/'
00015837   00415837      0   (3-!0,1'8"5.*2$
00015B6E   00415B6E      0   OutputDebugStringA
00015B84   00415B84      0   HeapAlloc
00015B90   00415B90      0   GetProcessHeap
00015BA2   00415BA2      0   ReadFile
00015BAE   00415BAE      0   SetFilePointer
00015BC0   00415BC0      0   VirtualQueryEx
00015BD2   00415BD2      0   ReadProcessMemory
00015BE6   00415BE6      0   GetThreadContext
00015BFA   00415BFA      0   CreateProcessA
00015C0C   00415C0C      0   TerminateProcess
00015C20   00415C20      0   ResumeThread
00015C30   00415C30      0   SetThreadContext
00015C44   00415C44      0   WriteProcessMemory
00015C5A   00415C5A      0   GetProcAddress
00015C6C   00415C6C      0   GetModuleHandleA
00015C80   00415C80      0   VirtualProtectEx
00015C94   00415C94      0   VirtualAllocEx
00015CA6   00415CA6      0   lstrcpynA
00015CB2   00415CB2      0   lstrlenA
00015CBE   00415CBE      0   CloseHandle
00015CCC   00415CCC      0   CreateFileA
00015CDA   00415CDA      0   WaitForSingleObject
00015CF0   00415CF0      0   FreeLibrary
00015CFE   00415CFE      0   LoadLibraryA
00015D0E   00415D0E      0   Sleep
00015D16   00415D16      0   CopyFileA
00015D22   00415D22      0   lstrcatA
00015D2E   00415D2E      0   GetSystemDirectoryA
00015D44   00415D44      0   HeapFree
00015D50   00415D50      0   VirtualAlloc
00015D60   00415D60      0   GetFileSize
00015D6E   00415D6E      0   GetModuleFileNameA
00015D82   00415D82      0   KERNEL32.dll
00015D92   00415D92      0   wvsprintfA
00015D9E   00415D9E      0   USER32.dll
00015DAC   00415DAC      0   QueryServiceStatus
00015DC2   00415DC2      0   OpenServiceA
00015DD2   00415DD2      0   OpenSCManagerA
00015DE2   00415DE2      0   ADVAPI32.dll
00015DF2   00415DF2      0   ShellExecuteExA
00015E02   00415E02      0   SHELL32.dll
00015E10   00415E10      0   ExitProcess
00015E1E   00415E1E      0   GetStartupInfoA
00015E30   00415E30      0   GetCommandLineA
00017330   00417330      0   policies
000174A8   004174A8      0   Explorer
000175B1   004175B1      0   |AfOu
000175E1   004175E1      0   |AfOu
000175FD   004175FD      0   |AfOu
000177F0   004177F0      0   comrepl32T
000178B8   004178B8      0   NonEnum
000178D8   004178D8      0   {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
00017920   00417920      0   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
00017970   00417970      0   {0DF44EAA-FF21-4412-828E-260A8728E7F1}
00017A00   00417A00      0   Ratings
00017B00   00417B00      0   system
00017B1F   00417B1F      0   ;dontdisplaylastusername
00017B50   00417B50      0   shutdownwithoutlogon
00017B80   00417B80      0   undockwithoutlogon
0001A004   0041A004      0   KERNEL32.DLL
0001A011   0041A011      0   SetFilePointer
0001A020   0041A020      0   VirtualQueryEx
0001A02F   0041A02F      0   ReadProcessMemory
0001A041   0041A041      0   GetThreadContext
0001A052   0041A052      0   CreateProcessA
0001A061   0041A061      0   TerminateProcess
0001A072   0041A072      0   ResumeThread
0001A07F   0041A07F      0   SetThreadContext
0001A090   0041A090      0   WriteProcessMemory
0001A0A3   0041A0A3      0   GetProcAddress
0001A0B2   0041A0B2      0   GetModuleHandleA
0001A0C3   0041A0C3      0   VirtualProtectEx
0001A0D4   0041A0D4      0   VirtualAllocEx
0001A0E3   0041A0E3      0   CloseHandle
0001A0EF   0041A0EF      0   VirtualAlloc
0001A0FC   0041A0FC      0   GetFileSize
0001A108   0041A108      0   MultiByteToWideChar
0001A11C   0041A11C      0   lstrlenA
0001A125   0041A125      0   Sleep
0001A12B   0041A12B      0   ReadFile
0001A134   0041A134      0   CreateFileW
0001A140   0041A140      0   lstrcatA
0001A149   0041A149      0   GetSystemDirectoryA
0001A15D   0041A15D      0   Process32Next
0001A16B   0041A16B      0   lstrcmpiA
0001A175   0041A175      0   Process32First
0001A184   0041A184      0   CreateToolhelp32Snapshot
0001A19D   0041A19D      0   GetCommandLineW
0001A1AD   0041A1AD      0   SetSystemTime
0001A1BB   0041A1BB      0   GetSystemTime
0001A1C9   0041A1C9      0   GetTempPathW
0001A1D6   0041A1D6      0   OutputDebugStringW
0001A1E9   0041A1E9      0   GetModuleFileNameA
0001A1FC   0041A1FC      0   WideCharToMultiByte
0001A210   0041A210      0   lstrcatW
0001A219   0041A219      0   GetCommandLineA
0001A229   0041A229      0   GetStartupInfoA
0001A239   0041A239      0   GetProcessHeap
0001A248   0041A248      0   HeapAlloc
0001A252   0041A252      0   WriteFile
0001A25C   0041A25C      0   OutputDebugStringA
0001A26F   0041A26F      0   ExitProcess
0001A280   0041A280      0   USER32.DLL
0001A28B   0041A28B      0   wvsprintfA
0001B09E   0041B09E      0   VFmjt
0001B26D   0041B26D      0   Hf_6O
0001B4AD   0041B4AD      0   -\/7P
0001B4BB   0041B4BB      0   *?|Zs
0001B4EB   0041B4EB      0   +$eM/\
0001B553   0041B553      0   }@Q&	F
0001B63B   0041B63B      0   !J/ZN
0001B643   0041B643      0   E9fHt
0001B784   0041B784      0   6>/Qz'{
0001B78C   0041B78C      0   4-e"}6
0001B813   0041B813      0   bK\7mqN*
0001B905   0041B905      0   D]MHE[
0001B91D   0041B91D      0   |YW,d
0001BBF8   0041BBF8      0   Fo 	w
0001BD0D   0041BD0D      0   6K{2v
0001BEAF   0041BEAF      0   /QQ"6
0001C08A   0041C08A      0   irQFQ
0001C0E8   0041C0E8      0   VoR>b
0001C17A   0041C17A      0   p[:wt
0001C1FB   0041C1FB      0   5$=b}
0001C392   0041C392      0   n2}Cm
0001C3D4   0041C3D4      0   6N,LAz
0001C41B   0041C41B      0   w[]n:%
0001C46B   0041C46B      0   )5~9I
0001C70C   0041C70C      0   6AG{A
0001C84B   0041C84B      0   ,M'-i0
0001C92A   0041C92A      0   -Y{KE
0001C95D   0041C95D      0   o"+i6
0001C9C9   0041C9C9      0   r:y|Z
0001CAAF   0041CAAF      0   f5D3y
0001CADD   0041CADD      0   bwR!W9
0001CB5E   0041CB5E      0   _R*1Am
0001CC6A   0041CC6A      0   bn#rp
0001CC85   0041CC85      0   GS[rv
0001CD65   0041CD65      0   >w=xAr
0001CE16   0041CE16      0   '|f[!0p!(
0001CE4F   0041CE4F      0   l[$*j
0001CE5D   0041CE5D      0   wVjmgmEj"d
0001CED4   0041CED4      0   eW){O{
0001D14D   0041D14D      0   Rbs%c
0001D39D   0041D39D      0   mu0U|
0001D434   0041D434      0   ]O\0M[
0001D4CD   0041D4CD      0   Z6mg?L4
0001D633   0041D633      0   "h_q7
0001D6DE   0041D6DE      0   }};KD
0001D759   0041D759      0   5ij",
0001D782   0041D782      0   *9"W]:
0001D815   0041D815      0   P"]Cb
0001D999   0041D999      0   $I\gc
0001DC16   0041DC16      0   q\]%Y
0001DD3A   0041DD3A      0   9sra:
0001DEA5   0041DEA5      0   HnUor
0001DF82   0041DF82      0   VFw#z
0001E044   0041E044      0   GM2|PL
0001E0D9   0041E0D9      0   9qxX 
0001E40A   0041E40A      0   wN]wD
0001E4A3   0041E4A3      0   }).8(
0001E52E   0041E52E      0   ayM:D
0001E5D5   0041E5D5      0   .=nA\
0001E5EC   0041E5EC      0   e;?@:
0001E688   0041E688      0   nPa&L
0001E784   0041E784      0   03X*cpcH,W
0001E7D2   0041E7D2      0   aN+{T
0001E7FC   0041E7FC      0   OZ/\M
0001E91E   0041E91E      0    d9uO
0001E931   0041E931      0   /[ }-
0001E999   0041E999      0   ?gd<x
0001ED28   0041ED28      0   frv0e
0001EE0F   0041EE0F      0   2gcpuX5&
0001EF29   0041EF29      0   Ghmfn&
0001F0B0   0041F0B0      0   sD.yOb4W<3.r
0001F0CE   0041F0CE      0   =4Qeb
0001F108   0041F108      0   YO=6[
0001F281   0041F281      0   wL6Kfv
0001F2D2   0041F2D2      0   'abfZ
0001F385   0041F385      0   0m\c,a
0001F432   0041F432      0   NK'f|
0001F4A6   0041F4A6      0   FU'KL
0001F53C   0041F53C      0   (p$+4sM
0001F5B1   0041F5B1      0   &.EQq2
0001F5EA   0041F5EA      0   g>	{(
0001F5F9   0041F5F9      0   F#!E{\
0001F667   0041F667      0   (gu9=Y
0001F674   0041F674      0   xCMIV
0001F89C   0041F89C      0   <@J046X
0001F952   0041F952      0   /[PvhJK
0001F9D2   0041F9D2      0   Oj7M3
0001FB62   0041FB62      0   qZt%o
0001FD8A   0041FD8A      0   r4Wn(~@vkq}
0001FDAE   0041FDAE      0   ve/33
0001FE2E   0041FE2E      0   *74X	|;Xp
0001FE80   0041FE80      0   o}O!;*
0001FF0F   0041FF0F      0   p&2FAI
00020043   00420043      0   xdQ8G
000201AA   004201AA      0   9L'+6bZ
00020320   00420320      0   52!&e
0002046D   0042046D      0   N04.K
00020807   00420807      0   }}Je>
00020ADA   00420ADA      0   Bvs'>:$
00020B58   00420B58      0   }Cgdw
00020C33   00420C33      0   R$5*T
00020DD2   00420DD2      0   N6IV0	
0002111F   0042111F      0   \yYUS9
00021271   00421271      0   DXY}[
0002132B   0042132B      0   UN/(x
00021340   00421340      0   Ih(yUa
000213D0   004213D0      0   Y?jB2
00021619   00421619      0   wH*w|
000216B3   004216B3      0   %%"JYe
000216DC   004216DC      0   b7d:}7]6!
0002195D   0042195D      0   WWlL$
00021A08   00421A08      0   	-'".
00021D30   00421D30      0   1&+O7
00021D5D   00421D5D      0   ji2dIdLg4D
00021EB6   00421EB6      0   }%7{v=3
00021ED1   00421ED1      0   3M.}K
00021EEE   00421EEE      0   mYR%0 
00021FF1   00421FF1      0   0[0kM
0002209E   0042209E      0   />KtHk
0002215C   0042215C      0   <Z5b}
000222D1   004222D1      0   R,qZbe
0002230C   0042230C      0   J/g9t
000223D6   004223D6      0   )ll,)
000225B6   004225B6      0   |OD%3
00022647   00422647      0   9 9#8
0002281F   0042281F      0   #8z"?]:
000228AB   004228AB      0   ;IL 'A
00022B0A   00422B0A      0   cI/({
00022CF6   00422CF6      0   %mIK_
0002B000   0042B000      0   MZKERNEL32.DLL
0002B02A   0042B02A      0   LoadLibraryA
0002B0C0   0042B0C0      0   GetProcAddress
0002C03C   0042C03C      0   KERNEL32.dll
0002C04C   0042C04C      0   SetFilePointer
0002C05E   0042C05E      0   VirtualQueryEx
0002C070   0042C070      0   ReadProcessMemory
0002C084   0042C084      0   GetThreadContext
0002C098   0042C098      0   CreateProcessA
0002C0AA   0042C0AA      0   TerminateProcess
0002C0BE   0042C0BE      0   ResumeThread
0002C0CE   0042C0CE      0   SetThreadContext
0002C0E2   0042C0E2      0   WriteProcessMemory
0002C0F8   0042C0F8      0   GetProcAddress
0002C10A   0042C10A      0   GetModuleHandleA
0002C11E   0042C11E      0   VirtualProtectEx
0002C132   0042C132      0   VirtualAllocEx
0002C144   0042C144      0   CloseHandle
0002C152   0042C152      0   VirtualAlloc
0002C162   0042C162      0   GetFileSize
0002C170   0042C170      0   MultiByteToWideChar
0002C186   0042C186      0   lstrlen
0002C190   0042C190      0   Sleep
0002C198   0042C198      0   ReadFile
0002C1A4   0042C1A4      0   CreateFileW
0002C1B2   0042C1B2      0   lstrcat
0002C1BC   0042C1BC      0   GetSystemDirectoryA
0002C1D2   0042C1D2      0   Process32Next
0002C1E2   0042C1E2      0   lstrcmpi
0002C1EE   0042C1EE      0   Process32First
0002C200   0042C200      0   CreateToolhelp32Snapshot
0002C21C   0042C21C      0   GetCommandLineW
0002C22E   0042C22E      0   SetSystemTime
0002C23E   0042C23E      0   GetSystemTime
0002C24E   0042C24E      0   GetTempPathW
0002C25E   0042C25E      0   OutputDebugStringW
0002C274   0042C274      0   GetModuleFileNameA
0002C28A   0042C28A      0   WideCharToMultiByte
0002C2A0   0042C2A0      0   lstrcatW
0002C2AC   0042C2AC      0   GetCommandLineA
0002C2BE   0042C2BE      0   GetStartupInfoA
0002C2D0   0042C2D0      0   GetProcessHeap
0002C2E2   0042C2E2      0   HeapAlloc
0002C2EE   0042C2EE      0   WriteFile
0002C2FA   0042C2FA      0   OutputDebugStringA
0002C310   0042C310      0   ExitProcess
0002C31C   0042C31C      0   USER32.dll
0002C32A   0042C32A      0   wvsprintfA
00002160   00402160      0   \svchost.exe
0000CD16   0040CD16      0   VS_VERSION_INFO
0000CD72   0040CD72      0   StringFileInfo
0000CD96   0040CD96      0   080404B0
0000CDAE   0040CDAE      0   CompanyName
0000CDC8   0040CDC8      0   Microsoft Corporation
0000CDFA   0040CDFA      0   FileDescription
0000CE1C   0040CE1C      0   Userinit Logon Application
0000CE5A   0040CE5A      0   FileVersion
0000CE74   0040CE74      0   5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
0000CECE   0040CECE      0   InternalName
0000CEE8   0040CEE8      0   userinit
0000CF02   0040CF02      0   LegalCopyright
0000CF20   0040CF20      0   (C) Microsoft Corporation. All rights reserved.
0000CF86   0040CF86      0   OriginalFilename
0000CFA8   0040CFA8      0   USERINIT.EXE
0000CFCA   0040CFCA      0   ProductName
0000CFE4   0040CFE4      0   Microsoft(R) Windows(R) Operating System
0000D03E   0040D03E      0   ProductVersion
0000D05C   0040D05C      0   5.1.2600.2180
0000D07E   0040D07E      0   VarFileInfo
0000D09E   0040D09E      0   Translation
0000F676   0040F676      0   VS_VERSION_INFO
0000F6D2   0040F6D2      0   StringFileInfo
0000F6F6   0040F6F6      0   080404b0
0000F70E   0040F70E      0   CompanyName
0000F728   0040F728      0   Microsoft(R) Windows(R) Operating System
0000F782   0040F782      0   FileDescription
0000F7A4   0040F7A4      0   Userinit Logon Application
0000F7E2   0040F7E2      0   FileVersion
0000F7FC   0040F7FC      0   5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
0000F856   0040F856      0   InternalName
0000F870   0040F870      0   userinit
0000F88A   0040F88A      0   LegalCopyright
0000F8A8   0040F8A8      0   (C) Microsoft Corporation. All rights reserved.
0000F90E   0040F90E      0   OriginalFilename
0000F930   0040F930      0   USERINIT.EXE
0000F952   0040F952      0   ProductName
0000F96C   0040F96C      0   Microsoft(R) Windows(R) Operating System
0000F9C6   0040F9C6      0   ProductVersion
0000F9E4   0040F9E4      0   5.1.2600.2180
0000FA06   0040FA06      0   VarFileInfo
0000FA26   0040FA26      0   Translation
00010090   00410090      0   \??\PCIHardDisk1
000100ED   004100ED      0   \Device\Harddisk0\DR0
000102A0   004102A0      0   \Device\PCIHardDisk0
000102CC   004102CC      0   \??\PCIHardDisk1
00012500   00412500      0   avp.exe
00017805   00417805      0   f:\windows\system32\com\comrepl32.exe