Trojan.NSIS.StartPage_431ce28a13

by malwarelabrobot on March 20th, 2017 in Malware Descriptions.

not-a-virus:AdWare.Win32.OpenCandy.aq (Kaspersky), Trojan.NSIS.StartPage.FD, Trojan.Win32.BHO.FD, Trojan.Win32.Ransom.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Ransom, Trojan, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 431ce28a13c102f094e0ddd1e6c8a023
SHA1: c0ac53c76f25a1c4adb02360b998e2de163f8aa9
SHA256: fb7933db75604bfe00dc9e2dd533e122f350e39fa29c23a1e26905b69f7519fe
SSDeep: 393216:8VylAQ4kOJxPVtDn3Xej2NjLMs2MqdWTkXr0kIHGbZ:8glApjPv6aNKWgXdIw
Size: 12732963 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2011-05-28 19:04:29
Analyzed on: Windows7 SP1 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

DAEMONLite4.41.exe:3616
sidebar.exe:1808
%original file name%.exe:1796
rundll32.exe:3972
DrvInst.exe:2628
DrvInst.exe:3532
DrvInst.exe:4052
SetupHelper.exe:2904
regsvr32.exe:1428

The Trojan injects its code into the following process(es):

DT_free_Rus_YandexBar1022.exe:2792
DTLite4413-0173.exe:1672
irsetup.exe:2296

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process DAEMONLite4.41.exe:3616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe (1151 bytes)

The process %original file name%.exe:1796 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DAEMONLite4.41.exe (5340 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\zone-it.com.url (198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\zone-it.com.nfo (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\KOB.dll (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\x.bat (964 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\Readme2.vbs (75 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\RUN.exe (2192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\Ã Â¹â‚¬Ã Â¸â€žÃ Â¸Â£Ã Â¸â€Ã Â¸Â´Ã Â¸â€¢.txt (133 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_337648 (0 bytes)

The process DrvInst.exe:2628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\inf\setupapi.dev.log (478 bytes)
C:\Windows\System32\DriverStore\infpub.dat (248 bytes)
C:\Windows\Temp\Tar4716.tmp (2712 bytes)
C:\Windows\Temp\Tar45E8.tmp (2712 bytes)
C:\Windows\Temp\Tar4659.tmp (2712 bytes)
C:\Windows\Temp\Tar4598.tmp (2712 bytes)
C:\Windows\System32\DriverStore\infstrng.dat (1036 bytes)
C:\Windows\Temp\Cab45E7.tmp (48 bytes)
C:\Windows\Temp\Tar4628.tmp (2712 bytes)
C:\Windows\Temp\Cab4658.tmp (48 bytes)
C:\Windows\Temp\Cab4627.tmp (48 bytes)
C:\Windows\Temp\Cab4715.tmp (48 bytes)
C:\Windows\inf\oem10.PNF (7501 bytes)
C:\Windows\System32\drivers\SET46FE.tmp (1281 bytes)
C:\Windows\Temp\Cab4597.tmp (48 bytes)

The Trojan deletes the following file(s):

C:\Windows\Temp\Tar4716.tmp (0 bytes)
C:\Windows\Temp\Tar45E8.tmp (0 bytes)
C:\Windows\Temp\Tar4659.tmp (0 bytes)
C:\Windows\Temp\Tar4598.tmp (0 bytes)
C:\Windows\Temp\Cab45E7.tmp (0 bytes)
C:\Windows\Temp\Tar4628.tmp (0 bytes)
C:\Windows\Temp\Cab4658.tmp (0 bytes)
C:\Windows\Temp\Cab4627.tmp (0 bytes)
C:\Windows\Temp\Cab4715.tmp (0 bytes)
C:\Windows\System32\drivers\SET46FE.tmp (0 bytes)
C:\Windows\Temp\Cab4597.tmp (0 bytes)

The process DrvInst.exe:3532 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F62.tmp (1281 bytes)
C:\Windows\System32\DriverStore\FileRepository\dtsoftbus01.inf_x86_neutral_1cc2711e3c419337\dtsoftbus01.PNF (14978 bytes)
C:\Windows\System32\DriverStore\infpub.dat (252 bytes)
C:\Windows\Temp\Tar415A.tmp (2712 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F50.tmp (7 bytes)
C:\Windows\Temp\Tar4127.tmp (2712 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b} (4 bytes)
C:\Windows\Temp\Tar417B.tmp (2712 bytes)
C:\Windows\inf\oem10.inf (1 bytes)
C:\Windows\System32\DriverStore\INFCACHE.0 (1523 bytes)
C:\Windows\Temp\Tar4139.tmp (2712 bytes)
C:\Windows\Temp\Cab417A.tmp (48 bytes)
C:\Windows\System32\DriverStore\infstrng.dat (1036 bytes)
C:\Windows\Temp\Cab4138.tmp (48 bytes)
C:\Windows\System32\DriverStore\infstor.dat (308 bytes)
C:\Windows\Temp\Cab4126.tmp (48 bytes)
C:\Windows\Temp\Cab40C7.tmp (48 bytes)
C:\Windows\Temp\Tar40C8.tmp (2712 bytes)
C:\Windows\Temp\Cab4159.tmp (48 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F51.tmp (1 bytes)

The Trojan deletes the following file(s):

C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F62.tmp (0 bytes)
C:\Windows\Temp\Tar415A.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F50.tmp (0 bytes)
C:\Windows\Temp\Tar4127.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b} (0 bytes)
C:\Windows\Temp\Tar417B.tmp (0 bytes)
C:\Windows\Temp\Tar4139.tmp (0 bytes)
C:\Windows\Temp\Cab417A.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\dtsoftbus01.sys (0 bytes)
C:\Windows\Temp\Cab4138.tmp (0 bytes)
C:\Windows\Temp\Cab4126.tmp (0 bytes)
C:\Windows\Temp\Cab40C7.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\dtsoftbus01.inf (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\dtsoftbus01.cat (0 bytes)
C:\Windows\Temp\Tar40C8.tmp (0 bytes)
C:\Windows\Temp\Cab4159.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F51.tmp (0 bytes)

The process DrvInst.exe:4052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\inf\setupapi.dev.log (2324 bytes)

The process DTLite4413-0173.exe:1672 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider.png (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_bottom.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Grabbing.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives4.png (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\setuphlp.dll (267063 bytes)
%Program Files%\DAEMON Tools Lite\DTLite.exe (316919 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_middle.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\add_slot.png (906 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drive_controls.png (10 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SLV.dll (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHS.dll (1597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_bottom.png (627 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ESN.dll (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\virtual_drive.js (226 bytes)
%Program Files%\DAEMON Tools Lite\imgengine.dll (11663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\no_slot.png (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\NLB.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\TRK.dll (2461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_selected.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_out.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_drive_disable.png (505 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SRL.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\warning_48.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_hint_right.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives0.png (547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_news_display_top.gif (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar43EA.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\content_bottom.gif (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\MNDManager.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives0.png (23 bytes)
C:\Windows\System32\catroot2\dberr.txt (1255 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\down_drive.png (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_2.png (209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab1.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\down_drive.png (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\no_drive_select.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_bottom_links_news.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab2.png (1340 bytes)
%Program Files%\DAEMON Tools Lite\SPTDinst-x86.exe (21234 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HYE.dll (3398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_out.png (893 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_left.png (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\RUS.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\content_bottom.gif (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED3.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_9.png (502 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HRV.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_window.png (11 bytes)
%Program Files%\DAEMON Tools Lite\DT.gadget (33248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab3.png (995 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin3_pro.jpg (1873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\style.css (851 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_right.png (137 bytes)
C:\Windows\System32\DriverStore\infstrng.dat (844 bytes)
%Program Files%\DAEMON Tools Lite\DTCommonRes.dll (109567 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_selected.png (606 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\skins_gallery_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc341B.tmp (799348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_middle.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab1.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_tab.gif (535 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_selected.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_top.png (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab3.png (1155 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_over.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BIH.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_bottom_links_news.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_top_right.png (168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_top.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\DTGadget_icon.png (1910 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_out.png (597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dell_slot.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_controls_icons.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives2.png (8 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ARA.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_bottom.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SVE.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_window.png (824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KOR.dll (1597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\read.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\skin_select.gif (295 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\help.png (896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\unmounted.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar438B.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DEU.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drive_controls.png (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tabgrey.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_selected.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_hint.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_window.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives2.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_drive_hover.png (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\unmounted.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_middle.png (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\DTSetupHelper.exe (6532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_over.png (744 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\IND.dll (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_news_display_top.gif (134 bytes)
%Program Files%\DAEMON Tools Lite\Lang\PLK.dll (3616 bytes)
%Program Files%\DAEMON Tools Lite\Lang\BGR.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FRA.dll (5114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\feedback.png (761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drive_select.png (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drive_controls.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\no_drive_select.png (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\make_img.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_out.png (811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drag.png (1359 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SKY.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_bottom_right.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_selected.png (606 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3EE5.tmp (1281 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ITA.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KAT.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drive_select.png (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Grabbing.ico (1 bytes)
%Program Files%\DAEMON Tools Lite\DT_free_Rus_YandexBar1022.exe (84187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives3.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_selected.png (871 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives4.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\prop_.png (1096 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HUN.dll (3312 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HEB.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\01_attached_unmounted.png (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\CHT.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\inf.png (686 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_7.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_over.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_top.png (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_right.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LTH.dll (3722 bytes)
%Program Files%\DAEMON Tools Lite\Lang\CSY.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_3.png (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab438A.tmp (51 bytes)
%Program Files%\DAEMON Tools Lite\Lang\NOR.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_icon.png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_1.png (311 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_bottom.gif (424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\content_bottom.gif (282 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget_pro.xml (913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab1.ico (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_6.png (171 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget_lite.xml (913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SKY.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives1.png (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\settings.html (856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\1.png (122 bytes)
%Program Files%\DAEMON Tools Lite\Lang\DEU.dll (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab2.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_out.png (669 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives0.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\down_drive_hover.png (348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_top.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\skin_gallery.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_drive.png (943 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ELL.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar4379.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED4.tmp (1 bytes)
%Program Files%\DAEMON Tools Lite\Lang\LTH.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\skin_select.gif (295 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives1.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_over.png (402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png (500 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ENU.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar44EC.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_top.png (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\MNDManager.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\add_drive.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_out.png (471 bytes)
%Program Files%\DAEMON Tools Lite\Lang\TRK.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab44EB.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\settings.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_middle.png (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab448B.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_bottom.png (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Grabbing.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\1.png (122 bytes)
%Program Files%\DAEMON Tools Lite\Lang\KOR.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_icon.png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_out.png (797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\error.png (809 bytes)
%Program Files%\DAEMON Tools Lite\Lang\FRA.dll (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\mount_n_drive.html (2 bytes)
%Program Files%\DAEMON Tools Lite\uninst.exe (66912 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\lines.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_drive.png (903 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png (1536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_unread.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message.css (995 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider_left.png (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\message.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_selected.png (362 bytes)
%Program Files%\DAEMON Tools Lite\DTShellHlp.exe (98771 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_refresh.png (800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\main_controls_icons.png (964 bytes)
%Program Files%\DAEMON Tools Lite\Lang\UKR.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slot_button1.gif (859 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar448C.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_middle.gif (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\shortcut_hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_news_display_middle.gif (59 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HUN.dll (3398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_middle.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives3.png (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_bottom.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\1.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\down_drive_hover.png (348 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\Uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives1.png (7 bytes)
%Program Files%\DAEMON Tools Lite\Lang\PTB.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\DTGadget_icon.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\chenge_view.png (575 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_bottom_links_news.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_out.png (597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\lines.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss.gif (635 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin2.jpg (633 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_selected.png (385 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_bottom.png (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\JPN.dll (1921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_over.png (642 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\add_image.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ESN.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\mounted.png (433 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ARA.dll (3398 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ROM.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_bottom_left.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_middle.png (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ENU.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\close.png (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\IND.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\DTGadget_icon.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab3.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_butts.gif (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_news_display_top.gif (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a} (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\feedback.png (761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\drive_slotes.js (1309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\popup_window.css (103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\feedback.png (761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\1.png (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PLK.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\left_right_butts.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slot_button.gif (852 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\down_drive_hover.png (348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_selected.png (750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drive_select.png (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHT.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\photoshop.png (2 bytes)
C:\Windows\System32\DriverStore\infpub.dat (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\01_attached_mounted.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_drive_disable.png (904 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_bottom.png (140 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_drive_disable.png (505 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\SetupHelper.exe (1856 bytes)
%Program Files%\DAEMON Tools Lite\dtsoftbus01.sys (232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_icon.png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab2.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_refresh.png (759 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\global_settings.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\chenge_view.png (575 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_divider_left.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\rss.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\1.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_out.png (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HRV.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_refresh.png (800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_divider_right.png (135 bytes)
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_butts.gif (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\unread.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\jquery-1.3.1.min.js (2333 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives2.png (1724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\make_img.css (103 bytes)
%Program Files%\DAEMON Tools Lite\InstallGadget.exe (12536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin3.jpg (578 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FIN.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_unread.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\shortcut_hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\mounted.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_middle.gif (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\unmounted.png (1 bytes)
%Program Files%\DAEMON Tools Lite\DTHelper.exe (19152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_over.png (157 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ITA.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab441A.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\gadget.js (454 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_window_small.png (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_selected.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_over.png (374 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\photoshop.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ROM.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_selected.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_drive_hover.png (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\lines.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\shortcut_hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar447B.tmp (2712 bytes)
%Program Files%\DAEMON Tools Lite\Lang\LVI.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tabblue.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SRL.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\help.png (896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_out.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\add_image.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_window_small.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\help.png (896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_over.png (642 bytes)
%Program Files%\DAEMON Tools Lite\Lang\KAT.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\json_parse.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_top.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_top_left.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin2_pro.jpg (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_butt.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_window.png (1162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\add_image.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\no_drive_select.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget.xml (913 bytes)
C:\ProgramData\DAEMON Tools Lite\license.dat (2156 bytes)
%Program Files%\DAEMON Tools Lite\Engine.dll (132485 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab43E9.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_icon_pro.png (960 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_controls_icons.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\mounted.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_butt.png (1 bytes)
%Program Files%\DAEMON Tools Lite\DTGadget32.dll (10136 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives3.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\prop_.png (804 bytes)
%Program Files%\DAEMON Tools Lite\Lang\AFK.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\main_controls_icons.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_drive.png (903 bytes)
%Program Files%\DAEMON Tools Lite\dtsoftbus01.inf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives4.png (962 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider_right.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin1_pro.jpg (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_top.png (137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DAN.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_selected.png (465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\dtcom.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_controls_icons.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab4378.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_over.png (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LVI.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\gadjet_scripts.js (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_left.png (137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message.css (995 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\down_drive.png (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_drive_hover.png (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\System.dll (11 bytes)
%Program Files%\DAEMON Tools Lite\SPTDinst-x64.exe (24832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_selected.png (465 bytes)
%Program Files%\DAEMON Tools Lite\Lang\BIH.dll (3616 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SVE.dll (3616 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\dtsetup.ini (1358 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab1.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\chenge_view.png (677 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\skins_gallery_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_8.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_butt.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab447A.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\AFK.dll (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar441B.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab1.ico (16 bytes)
%Program Files%\DAEMON Tools Lite\DTGadget64.dll (12088 bytes)
%Program Files%\DAEMON Tools Lite\Lang\FIN.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\MNDManager.ico (1150 bytes)
%Program Files%\DAEMON Tools Lite\Lang\DAN.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_selected.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin1.jpg (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_selected.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\style.css (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_out.png (669 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\warning.png (3 bytes)
%Program Files%\DAEMON Tools Lite\Lang\RUS.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_bottom.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HEB.dll (2473 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_butts.gif (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_over.png (891 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ELL.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\photoshop.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_middle.gif (897 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\prop_.png (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NLB.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\mount.html (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\JPN.dll (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CSY.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\style.css (1093 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_unread.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab1.ico (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\UKR.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\rss.js (988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_over.png (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\1.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PTB.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BGR.dll (3730 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HYE.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SLV.dll (1921 bytes)
%Program Files%\DAEMON Tools Lite\dtsoftbus01.cat (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_bottom.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NOR.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\main_controls_icons.png (488 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget.html (9 bytes)
%Program Files%\DAEMON Tools Lite\Lang\CHS.dll (1552 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar438B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab438A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3EE5.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\dtsoftbus01.sys (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab447A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar44EC.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar441B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a} (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab44EB.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab441A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab448B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar448C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab4378.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\dtsoftbus01.inf (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc33CC.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED3.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar447B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\dtsoftbus01.cat (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar43EA.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab43E9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar4379.tmp (0 bytes)

The process irsetup.exe:2296 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe (187244 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat (2712 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)

Registry activity

The process DAEMONLite4.41.exe:3616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process sidebar.exe:1808 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Sidebar\Settings]
"ShowGadgets" = "1"

The process %original file name%.exe:1796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

The process rundll32.exe:3972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

The process DrvInst.exe:2628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\root#dtsoftbus01]
"Security" = "01 00 04 90 00 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemPath%\system32\DRIVERS]
"dtsoftbus01.sys" = "5"

[HKU\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\root#dtsoftbus01]
"ClassGUID" = "{4d36e97d-e325-11ce-bfc1-08002be10318}"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"SCSI Miniport" = "42 00 00 00 00 01 00 00 01 01 00 00 19 00 00 00"

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\root#dtsoftbus01]
"Service" = "dtsoftbus01"
"DeviceCharacteristics" = "256"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\root#dtsoftbus01]
"Exclusive"
"DeviceType"
"LowerFilters"
"UpperFilters"

The process DrvInst.exe:3532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0]
"Blob" = "0F 00 00 00 01 00 00 00 14 00 00 00 03 F5 5B 4D"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD]
"Blob" = "0F 00 00 00 01 00 00 00 20 00 00 00 52 29 BA 15"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0]
"Blob" = "0F 00 00 00 01 00 00 00 14 00 00 00 03 F5 5B 4D"

[HKU\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates]
"5557C0953FBD9F93745B214FB2483E9369B597F0"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"D69B561148F01C77C54578C10926DF5B856976AD"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates]
"5557C0953FBD9F93745B214FB2483E9369B597F0"

The process DrvInst.exe:4052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters]
"DefaultRequestFlags" = "8"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters\DigitalAudio]
"CDDAAccurate" = "1"

[HKU\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\System\CurrentControlSet\services\eventlog\System\cdrom]
"TypesSupported" = "7"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters\DigitalAudio]
"CDDASupported" = "1"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"SCSI CDROM Class" = "03 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemPath%\system32\DRIVERS]
"cdrom.sys" = "1"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters\DigitalAudio]
"SettingsFromDevice" = "1"

[HKLM\System\CurrentControlSet\services\eventlog\System\cdrom]
"EventMessageFile" = "%SystemRoot%\System32\IoLogMsg.dll"

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\GenCdRom]
"ClassGUID" = "{4d36e965-e325-11ce-bfc1-08002be10318}"
"Service" = "cdrom"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters]
"DefaultDvdRegion" = "1"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters\DigitalAudio]
"ReadSizesSupported" = "4294967295"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\GenCdRom]
"DeviceType"
"DeviceCharacteristics"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PnPSysprep\ServiceStartTypeBackup]
"cdrom"

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\GenCdRom]
"LowerFilters"
"UpperFilters"
"Exclusive"
"Security"

The process SetupHelper.exe:2904 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

The process DTLite4413-0173.exe:1672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit30]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit62]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit124]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit117]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit114]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit28]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit13]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit40]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit58]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit60]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit17]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit50]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit18]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit82]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SYSTEM\Setup\SetupapiLogStatus]
"setupapi.app.log" = "4096"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit113]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}]
"Class" = "dtsoftbus01"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit90]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit120]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro\FileTypesSave\.mdx]
"Type" = "Type: REG_SZ, Length: 0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayName" = "DAEMON Tools Lite"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit39]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit111]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"B67DE95D-274B-0C7D-C784-82C002ECA45C" = "Type: REG_SZ, Length: 0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit26]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\DAEMON.Tools.Lite\DefaultIcon]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTLite.exe,0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit53]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}\Properties]
"Security" = "01 00 0C 90 00 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit77]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}]
"NoDisplayClass" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit103]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit81]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit91]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit93]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro]
"Version Minor" = "41"
"Version Release" = "3"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit67]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit97]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit108]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit34]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit101]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\.mdx]
"(Default)" = "DAEMON.Tools.Lite"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit23]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit116]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit1]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit66]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit2]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit63]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit10]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit96]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit36]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit92]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayIcon" = "%Program Files%\DAEMON Tools Lite\DTLite.exe"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit5]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit12]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DTLite.exe]
"Path" = "%Program Files%\DAEMON Tools Lite\"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit118]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit4]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit70]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit41]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit7]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit107]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit76]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 55 57 C0 95"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit71]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit121]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro\FileTypesSave\.mdf]
"Type" = "Type: REG_SZ, Length: 0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit119]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit35]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit38]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit25]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit126]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit14]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit110]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit98]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}]
"NoUseClass" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit83]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit49]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro]
"Version Major" = "4"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit99]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro\Config]
"AdapterStateDT" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit42]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit46]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit15]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DTLite.exe]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTLite.exe"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit44]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit48]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit54]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit68]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit86]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 55 57 C0 95"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit21]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit80]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\DAEMON.Tools.Lite]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit102]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit84]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit73]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit89]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit106]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit51]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit45]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit75]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit55]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit16]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit20]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit57]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\.mds]
"(Default)" = "DAEMON.Tools.Lite"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit69]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit19]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit65]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit85]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit22]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro\FileTypesSave\.mds]
"Type" = "Type: REG_SZ, Length: 0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit95]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayVersion" = "4.41.3.0173"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit123]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit6]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit0]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit9]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit105]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit115]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit94]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit78]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit56]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit61]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"Publisher" = "DT Soft Ltd"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit32]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit72]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SYSTEM\Setup\SetupapiLogStatus]
"setupapi.dev.log" = "4096"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit104]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\DAEMON.Tools.Lite\shell\open\command]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTLite.exe -shellmount %1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit100]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit88]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro]
"Path" = "%Program Files%\DAEMON Tools Lite\"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit11]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01]
"AdapterStatus" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit29]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalAssocChangedCounter" = "45"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01]
"client" = "41 3B 13 40 37 80 B7 AF AB 63 56 48 3F BA 8E B6"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit59]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit37]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"URLInfoAbout" = "http://www.daemon-tools.cc/"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit33]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit122]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit31]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"UninstallString" = "%Program Files%\DAEMON Tools Lite\uninst.exe"

[HKCU\Software\DT Soft\DAEMON Tools Pro\Config]
"AutoStart" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit64]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit47]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit79]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit74]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit43]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit109]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit27]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit24]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\.mdf]
"(Default)" = "DAEMON.Tools.Lite"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit125]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit3]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit8]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit112]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit52]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit87]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite" = "%Program Files%\DAEMON Tools Lite\DTLite.exe -autorun"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\dtsoftbus01]
"Start" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates]
"5557C0953FBD9F93745B214FB2483E9369B597F0"

[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\%Program Files%\DAEMON Tools Lite]
"DTLite.exe"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates]
"5557C0953FBD9F93745B214FB2483E9369B597F0"

The process regsvr32.exe:1428 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\DTGadget.RSS.1]
"(Default)" = "RSS Class"

[HKCR\DTGadget.GadgetControl.1]
"(Default)" = "GadgetControl Class"

[HKCR\DTGadget.GadgetControl\CurVer]
"(Default)" = "DTGadget.GadgetControl.1"

[HKCR\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTGadget32.dll"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}]
"AppID" = "{F574FC8D-EFB4-4DAB-AA18-B6C688A8CC58}"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}]
"AppID" = "{F574FC8D-EFB4-4DAB-AA18-B6C688A8CC58}"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\HELPDIR]
"(Default)" = "%Program Files%\DAEMON Tools Lite"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\VersionIndependentProgID]
"(Default)" = "DTGadget.GadgetControl"

[HKCR\DTGadget.RSS\CurVer]
"(Default)" = "DTGadget.RSS.1"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTGadget32.dll"

[HKCR\DTGadget.RSS.1\CLSID]
"(Default)" = "{46F8ADC5-0EA1-49d7-9657-56A50133CD42}"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\TypeLib]
"(Default)" = "{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}]
"(Default)" = "IGadgetControl"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}]
"(Default)" = "IRSS"

[HKCR\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0]
"(Default)" = "DTGadget 1.0 Type Library"

[HKCR\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win32]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTGadget32.dll"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\ProgID]
"(Default)" = "DTGadget.GadgetControl.1"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}\TypeLib]
"(Default)" = "{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}]
"(Default)" = "GadgetControl Class"

[HKCR\DTGadget.GadgetControl.1\CLSID]
"(Default)" = "{273C813F-46B0-4D2D-B522-73CB5D1C372A}"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}\TypeLib]
"(Default)" = "{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}"

[HKCR\DTGadget.RSS\CLSID]
"(Default)" = "{46F8ADC5-0EA1-49d7-9657-56A50133CD42}"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\{F574FC8D-EFB4-4DAB-AA18-B6C688A8CC58}]
"(Default)" = "DTGadget"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\VersionIndependentProgID]
"(Default)" = "DTGadget.RSS"

[HKCR\DTGadget.GadgetControl\CLSID]
"(Default)" = "{273C813F-46B0-4D2D-B522-73CB5D1C372A}"

[HKCR\AppID\DTGadget.DLL]
"AppID" = "{F574FC8D-EFB4-4DAB-AA18-B6C688A8CC58}"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}]
"(Default)" = "RSS Class"

[HKCR\DTGadget.GadgetControl]
"(Default)" = "GadgetControl Class"

[HKCR\DTGadget.RSS]
"(Default)" = "RSS Class"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\TypeLib]
"(Default)" = "{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\ProgID]
"(Default)" = "DTGadget.RSS.1"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
"ThreadingModel" = "Apartment"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\ProgID]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\VersionIndependentProgID]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\VersionIndependentProgID]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\Programmable]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\TypeLib]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\TypeLib]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\Programmable]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\ProgID]

Dropped PE files

MD5	File path
fd5b3fbfe4346f45d3764d149afc761a	c:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
00d0a111a66f1e531f849727a528036b	c:\Program Files\DAEMON Tools Lite\DTGadget32.dll
62f4fda5c8db21799ca4c30c10046ca7	c:\Program Files\DAEMON Tools Lite\DTGadget64.dll
252ff12c709418a7792b593605188cb6	c:\Program Files\DAEMON Tools Lite\DTHelper.exe
cea0461aae4b8b6216f164501b1b5a10	c:\Program Files\DAEMON Tools Lite\DTLite.exe
f9803b1b1fa3e9d34f309d2dd8db30b5	c:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
1bc6ff991384848c588e4ec94512a2fc	c:\Program Files\DAEMON Tools Lite\DT_free_Rus_YandexBar1022.exe
f605346de44da5e5037392616d3b919d	c:\Program Files\DAEMON Tools Lite\Engine.dll
e52159020ed1fe44684f8aa003f2dd40	c:\Program Files\DAEMON Tools Lite\InstallGadget.exe
cf0ba43ae03d5dc57e96fa583d26f506	c:\Program Files\DAEMON Tools Lite\Lang\AFK.dll
92749b95321bf93e7e285537229feaad	c:\Program Files\DAEMON Tools Lite\Lang\ARA.dll
c1286d50ea59268af55eb7bc72e9fd30	c:\Program Files\DAEMON Tools Lite\Lang\BGR.dll
9d692d85639d0d9fcc8fd8428cb8ff2c	c:\Program Files\DAEMON Tools Lite\Lang\BIH.dll
98b5f8d3c7f45937fa6b920e51e83782	c:\Program Files\DAEMON Tools Lite\Lang\CHS.dll
44def48444c237ca2455b12f020a41d6	c:\Program Files\DAEMON Tools Lite\Lang\CHT.dll
1838b84c7cc7529319dd704759d4273e	c:\Program Files\DAEMON Tools Lite\Lang\CSY.dll
49dfb5b9bc3b193a847f96f72ba7deab	c:\Program Files\DAEMON Tools Lite\Lang\DAN.dll
7305e2e252ec3ca9809fd3172dd63a68	c:\Program Files\DAEMON Tools Lite\Lang\DEU.dll
27d9823928ab2be476b6f07ead03c33c	c:\Program Files\DAEMON Tools Lite\Lang\ELL.dll
ae1efc111af8c51865f7982cf6563178	c:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
e1a42e5f8460ccbd8cd0a389a8798cc7	c:\Program Files\DAEMON Tools Lite\Lang\ESN.dll
7731e2156769c740f8a2c31b5e4df534	c:\Program Files\DAEMON Tools Lite\Lang\FIN.dll
614fcda9095d370e39209d6d42958fb3	c:\Program Files\DAEMON Tools Lite\Lang\FRA.dll
4211100519c955e423215e9a3a08c1d7	c:\Program Files\DAEMON Tools Lite\Lang\HEB.dll
9731e2fe05e3da9a66067908f6d3be07	c:\Program Files\DAEMON Tools Lite\Lang\HRV.dll
b5ec9c8bb10b4d032c1362463758a25e	c:\Program Files\DAEMON Tools Lite\Lang\HUN.dll
61c46b0a6fa7e2d189dc104632800be6	c:\Program Files\DAEMON Tools Lite\Lang\HYE.dll
70f07f8cc1a4b5fc982df281c543f2a8	c:\Program Files\DAEMON Tools Lite\Lang\IND.dll
95b38c347abd82b8b87408434bd16077	c:\Program Files\DAEMON Tools Lite\Lang\ITA.dll
d0b2fed29ef162a3a8d736fd40961b3b	c:\Program Files\DAEMON Tools Lite\Lang\JPN.dll
b3eaa9d656acff1824c20c8248c35e76	c:\Program Files\DAEMON Tools Lite\Lang\KAT.dll
5765c1d93c810fa191b2603952d0534f	c:\Program Files\DAEMON Tools Lite\Lang\KOR.dll
85fa1b1123c4b48671e0da25dacf246b	c:\Program Files\DAEMON Tools Lite\Lang\LTH.dll
e4d780ef46b04d4e79baf5148f3d8dd9	c:\Program Files\DAEMON Tools Lite\Lang\LVI.dll
d02efd07e77c06b994430065b69d2c2f	c:\Program Files\DAEMON Tools Lite\Lang\NLB.dll
89906933894f18cde773b2325e6bb042	c:\Program Files\DAEMON Tools Lite\Lang\NOR.dll
2b58f578d140b24e70ef8382223263b6	c:\Program Files\DAEMON Tools Lite\Lang\PLK.dll
f10f25b99d119f70d033aaf1f6e1b172	c:\Program Files\DAEMON Tools Lite\Lang\PTB.dll
4e1d52f4c97d3c47325c0e7eea53427a	c:\Program Files\DAEMON Tools Lite\Lang\ROM.dll
9477befb435d7e49a495785b9e12af0f	c:\Program Files\DAEMON Tools Lite\Lang\RUS.dll
bbcb4687f9d735db1999e4e3541c2561	c:\Program Files\DAEMON Tools Lite\Lang\SKY.dll
0c6d4a502a4a7da18b170d80711ba345	c:\Program Files\DAEMON Tools Lite\Lang\SLV.dll
60f3def51db1fb1cb6f0cdd26c517f6f	c:\Program Files\DAEMON Tools Lite\Lang\SRL.dll
c24c9fc4ac8f4bd44f8e89746cf97cc4	c:\Program Files\DAEMON Tools Lite\Lang\SVE.dll
43baa07c3f4326d6783fc05c0f620e8f	c:\Program Files\DAEMON Tools Lite\Lang\TRK.dll
e29dd8fc5f137994c80629a7ad002d5c	c:\Program Files\DAEMON Tools Lite\Lang\UKR.dll
d2adc3ee87c7983b34c1d284aad2d163	c:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
fd62e3b8d7e193ab19e71f26c1fc81b6	c:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
c0c7ceccb6c85994c2bc92d58e52d3f2	c:\Program Files\DAEMON Tools Lite\dtsoftbus01.sys
d6cd851869a9a3fbeb2254d3766a9aba	c:\Program Files\DAEMON Tools Lite\imgengine.dll
92e541cb724a8a0ee3f04469b8099c04	c:\Program Files\DAEMON Tools Lite\uninst.exe
a20431e552a37ab90e6cc98ce5ed82d1	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DAEMONLite4.41.exe
d74a7db367d407dec2fcbbd22043a91b	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\KOB.dll
ee6d5584f593fab1c5d3d8e548b7203b	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\RUN.exe
e808a6b7751f6f980f97008d1aeb8036	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe
cdec84efa7e61e09f8f344f1a151ba59	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
4f88bef9204d347c0d1c99d7be7baae8	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\DTSetupHelper.exe
cf0ba43ae03d5dc57e96fa583d26f506	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\AFK.dll
92749b95321bf93e7e285537229feaad	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ARA.dll
c1286d50ea59268af55eb7bc72e9fd30	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BGR.dll
9d692d85639d0d9fcc8fd8428cb8ff2c	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BIH.dll
98b5f8d3c7f45937fa6b920e51e83782	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHS.dll
44def48444c237ca2455b12f020a41d6	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHT.dll
1838b84c7cc7529319dd704759d4273e	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CSY.dll
49dfb5b9bc3b193a847f96f72ba7deab	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DAN.dll
7305e2e252ec3ca9809fd3172dd63a68	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DEU.dll
27d9823928ab2be476b6f07ead03c33c	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ELL.dll
ae1efc111af8c51865f7982cf6563178	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ENU.dll
e1a42e5f8460ccbd8cd0a389a8798cc7	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ESN.dll
7731e2156769c740f8a2c31b5e4df534	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FIN.dll
614fcda9095d370e39209d6d42958fb3	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FRA.dll
4211100519c955e423215e9a3a08c1d7	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HEB.dll
9731e2fe05e3da9a66067908f6d3be07	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HRV.dll
b5ec9c8bb10b4d032c1362463758a25e	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HUN.dll
61c46b0a6fa7e2d189dc104632800be6	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HYE.dll
70f07f8cc1a4b5fc982df281c543f2a8	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\IND.dll
95b38c347abd82b8b87408434bd16077	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ITA.dll
d0b2fed29ef162a3a8d736fd40961b3b	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\JPN.dll
b3eaa9d656acff1824c20c8248c35e76	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KAT.dll
5765c1d93c810fa191b2603952d0534f	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KOR.dll
85fa1b1123c4b48671e0da25dacf246b	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LTH.dll
e4d780ef46b04d4e79baf5148f3d8dd9	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LVI.dll
d02efd07e77c06b994430065b69d2c2f	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NLB.dll
89906933894f18cde773b2325e6bb042	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NOR.dll
2b58f578d140b24e70ef8382223263b6	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PLK.dll
f10f25b99d119f70d033aaf1f6e1b172	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PTB.dll
4e1d52f4c97d3c47325c0e7eea53427a	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ROM.dll
9477befb435d7e49a495785b9e12af0f	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\RUS.dll
bbcb4687f9d735db1999e4e3541c2561	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SKY.dll
0c6d4a502a4a7da18b170d80711ba345	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SLV.dll
60f3def51db1fb1cb6f0cdd26c517f6f	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SRL.dll
c24c9fc4ac8f4bd44f8e89746cf97cc4	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SVE.dll
43baa07c3f4326d6783fc05c0f620e8f	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\TRK.dll
e29dd8fc5f137994c80629a7ad002d5c	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\UKR.dll
7fbc1cd7de7bc2dc40e9960bd3d3ecc8	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\SetupHelper.exe
959ea64598b9a3e494c00e8fa793be7e	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\System.dll
9adb3f7c3d4b623f74c4a17ee665d65f	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\setuphlp.dll
c0c7ceccb6c85994c2bc92d58e52d3f2	c:\Windows\System32\DriverStore\FileRepository\dtsoftbus01.inf_x86_neutral_1cc2711e3c419337\dtsoftbus01.sys
c0c7ceccb6c85994c2bc92d58e52d3f2	c:\Windows\System32\drivers\dtsoftbus01.sys

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	72088	72192	4.546	984dfeff737935f78877d3d08b82ef95
.rdata	77824	7189	7680	3.37138	0fb0a72395723950e1915d6bf373f506
.data	86016	65324	512	2.43883	11ffdfc240c81dfe9d957f6bf1761f00
.CRT	151552	16	512	0.147711	a5ba361df79e0a565f00bd42dc501625
.rsrc	155648	16504	16896	2.78807	4a42d4a1c79a481d4a049c0bb7911c60

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://dt.web-search-home.com/getsettings?query=GNNfZQWUSUiqIdLnKNvMCWONHmmtB4GyN1neWQ5Hrhcs97W0l3CNcge3IKypSpg5kSHNUNN1OsEkUhQ3B+tZ2A==	198.16.77.12
hxxp://dt.web-search-home.com/download/yandexdtLite	198.16.77.12
hxxp://mirror23.mountspace.com/getfile.php?p=hxxp://eu-uk7.disk-tools.com/f8c73ad1ae1a2b396bd63e8855c2017a/DT_free_Rus_YandexBar1022.exe	188.120.245.109
hxxp://web-search-home.com/download/yandexdtLite	198.16.77.12

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY PE EXE or DLL Windows file download HTTP

Traffic

GET /getsettings?query=GNNfZQWUSUiqIdLnKNvMCWONHmmtB4GyN1neWQ5Hrhcs97W0l3CNcge3IKypSpg5kSHNUNN1OsEkUhQ3B+tZ2A== HTTP/1.1

Connection: Keep-Alive

Host: dt.web-search-home.com


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Sun, 19 Mar 2017 20:50:07 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.3.29

Set-Cookie: PHPSESSID=tmtd9mej8682qtd5kn84kdgja7; path=/; domain=web-search-home.com

Content-Length: 3904

Jhz9HA/OCm0GW6fp9ZcSPDN34A485s78WSH2Jd SS2e96LkhrSzsfWe/aniircng kpRLo
ZsqhAQv8vCVpKIf08MvKSvlWND8pTpxJea euCVcbwqRQCtsUE vavGJoC630cVWj/iIQH
NtvbMPDN9ChUZ66FNi6Cn0I5sEQsCRCGAwt5Tjkb1rnTGMV hGpIrOtC1q924swB3 7RaN
POkIYAco8kr9kFVuFmXRs0sD9UmV13VFwenUxK0H1bbFve5xHdkhoGDFDUDC5adsSfz43j
S/TmKtIQm7GEjMZFE7EKZ qAlIjCRV3BBhX /VpWDS4TO9aXEtdHbJq7bsR RldNXvJjl9
y du67xyCIwYdaw WJbMzBRGQA fW/WOmpdzUDaY44j5mm1T89qA8UbM18s998P9YW4zZA
qmfOAU16hWoG3v/ixsNPAMnKnEzFTdcWLDTD32iNGzbbhPMrB AslbUUtWrqoUvhd/neRJ
WKWFU4L2roLbhRI0qNGMtKe7YXF9p3EVFCy hSXE5HAV88AV4z0vw4rVop2baNVxyrwrrd
8RN9tHVBsVvRvGR5RVb7MeOAX bmXo7d2kPm6n4mLUZWnGLdpojnYK4J70mRW7DL9KStSF
2iHuZnUrGTvgSCVlKgT31eba02Ho6iK7AbIYzImgScRxdnNoJzvnnVgH9C8K99Y03AQLBi
ByudppCDFVxmk IDSxiIF5x5EwKkj2zjZ5h94RsqGB63KFNOmMmowv8s/EZSHGP7lJuLys
cLN7rl6qttro6lHpGe6HtT8W3UCKn60EMERHisGRpCFV u3YcdVYSctQrHSwIlZ0Hy1rPN
q8iGRrQjpIG/bNBiEd dYIFH7WYyDVsts6 iFDJklN18/Fuw7xXDGm8IPlumykb4ufaT6a
/4OstjcX3c9dychuaghoNWiGEXI1QRgzdT6r2T5fvfV4pd0kg9JXIMOTbi62fIikQj9ZnC
Eo67fG3H0NXE0ZKklKmdjSUaIlGZkKkANicWsbCrKYA3zuKPDJv0lD7WQrP7m8s7Hbv5Ta
wxpRVPSOj2ay1rjIkrSSkXVJECoqEVjloZzYctZJ0D60AoCN4GyxkC8cIwxK4ho/wG8T2m
Pi31H3iYw0WzSTmkadHNcZggYo6qZOhWOEPPMJJW3uCH5oJs0Loccx OiRChZ2EvQ22jKr
M40EPkNEZyNt6ILjRYIZDgJIp4tfq5AMpCwRd24d5TmdVTvlbE43TMuPkP4suVvVKjxGQc
LxsQfDSyU7EPSxVS39HgQqsMkAMhXbdoVSGS4Kbrob97ByKsz//02CMpGIA54QOlNEs0nf
dhtRBPJwD2tVCW6AYlhUis/1ctmqWJ5pG1rncAPBn8CRTMEpQmBit9T/IjYmPOYB/GgvKF
uePlfx1kYTVqP Bb3SIevwVIsMdefhBHn29Ub4KEo9esQiNQ47bpFxpnINyaseLMDvYUx4
lR22L1oed4s0a9cJcpokLK/ e5QBRb7frT6ljCDUw lFLrqNjX07iOMJ/0cxdS/tWi

<<< skipped >>>

GET /getfile.php?p=hXXp://eu-uk7.disk-tools.com/f8c73ad1ae1a2b396bd63e8855c2017a/DT_free_Rus_YandexBar1022.exe HTTP/1.1

Connection: Keep-Alive

Host: mirror23.mountspace.com


HTTP/1.1 200 OK

Server: nginx/0.8.55

Date: Sun, 19 Mar 2017 20:50:22 GMT

Content-Type: application/octet-stream

Connection: close

X-Powered-By: PHP/5.3.19

Cache-Control:

Pragma:

Content-Disposition: attachment; filename="DT_free_Rus_YandexBar1022.exe"

Content-Transfer-Encoding: binary

Accept-Ranges: bytes

Content-Length: 878208

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......^".u.C.&.C.&
.C.&..S&.C.&..g&kC.&..f&3C.&.;^&.C.&.C.&.C.&..b&.C.&..W&.C.&..P&.C.&Ri
ch.C.&........................PE..L....v.P............................
.O............@..................................Z....@...............
......................x....p...............R.......p..$...`...........
....................p...@............................................t
ext............................... ..`.rdata...V.......X..............
....@..@.data....1...0......................@....rsrc........p.......,
..............@..@.reloc...$...p...&...,..............@..B............
......................................................................
......................................................................
......................................................................
......................................................................
............................................U..W....9w@t5.G....w].$...
@...tR.F..I..tI.F.P.A.P....@..5..t5.F..,..t,.F..#......w6......s...Nt%
......u...t.....uJ.M............_].........2...r...8...v.......u....H.
..v..A......RP....@...VS... ..WP....@._]....I...@.%.@.9.@.l.@.l.@.....
....................U....$.U..M.SV.u..^..F.W.}..U.3.R.U..U..U..U..U.R.
U.RQ.]..]..^...W.E..M.P.....E.$....E......}....M....N...tK..9w.t....r'
../v...7u..]..<......t...1...v...8...v..F..u..U..F.Rj.P....@.......
..u..N...F...t .~..u..N.......F..B.Q...F......._^..[..]...........

<<< skipped >>>

GET /download/yandexdtLite HTTP/1.1

Connection: Keep-Alive

Host: web-search-home.com


HTTP/1.1 302 Moved Temporarily

Server: nginx/1.0.15

Date: Sun, 19 Mar 2017 20:50:22 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: close

X-Powered-By: PHP/5.3.29

Set-Cookie: PHPSESSID=qq11dd7q3ss3td1dp3d1v6kch6; path=/; domain=web-search-home.com

Location: hXXp://mirror23.mountspace.com/getfile.php?p=hXXp://eu-uk7.disk-tools.com/f8c73ad1ae1a2b396bd63e8855c2017a/DT_free_Rus_YandexBar1022.exe

0..

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_1796:

.text

`.rdata

@.data

@.rsrc

VSSSSh

^SShq

%.*s(%d)%s

COMCTL32.dll

SHLWAPI.dll

GetProcessHeap

GetCPInfo

KERNEL32.dll

USER32.dll

GDI32.dll

COMDLG32.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

ADVAPI32.dll

SHFileOperationW

ShellExecuteExW

SHELL32.dll

ole32.dll

OLEAUT32.dll

WINRAR.SFX

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

version="1.0.0.0"

<requestedExecutionLevel level="asInvoker"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<!--The ID below indicates application support for Windows Vista -->

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<!--The ID below indicates application support for Windows 7 -->

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

r%.*s(%d)%s

rtmp%d

<head><meta http-equiv="content-type" content="text/html; charset=

Shell.Explorer

%s %s

%s %s %s

GETPASSWORD1

%s%s%d

Software\Microsoft\Windows\CurrentVersion

%s.%d.tmp

winrarsfxmappingfile.tmp

-el -s2 "-d%s" "-p%s" "-sp%s"

__tmp_rar_sfx_access_check_%u

sfxcmd

riched20.dll

riched32.dll

Extracting %s

c:\%original file name%.exe

Enter password

&Enter password for the encrypted file:

Skipping %s

The file "%s" header is corrupt%The archive comment header is corrupt

Unknown method in %s

Cannot open %s

Cannot create %s

Cannot create folder %sDCRC failed in the encrypted file %s. Corrupt file or wrong password.

CRC failed in %s

Packed data CRC failed in %s

Wrong password for %s5Write error in the file %s. Probably the disk is full

Read error in the file %s

Extracting from %s

ErroraErrors encountered while performing the operation

Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.

Extracting files to %s folder$Extracting files to temporary folder

=Total path and file name length must not exceed %d characters

conhost.exe_3496:

.text

`.data

.rsrc

@.reloc

GDI32.dll

USER32.dll

msvcrt.dll

ntdll.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

KERNEL32.dll

IMM32.dll

ole32.dll

OLEAUT32.dll

PutInputInBuffer: EventsWritten != 1 (0x%x), 1 expected

Invalid message 0x%x

InitExtendedEditKeys: Unsupported version number(%d)

Console init failed with status 0x%x

CreateWindowsWindow failed with status 0x%x, gle = 0x%x

InitWindowsStuff failed with status 0x%x (gle = 0x%x)

InitSideBySide failed create an activation context. Error: %d

GetModuleFileNameW requires more than ScratchBufferSize(%d) - 1.

GetModuleFileNameW failed %d.

Invalid EventType: 0x%x

Dup handle failed for %d of %d (Status = 0x%x)

Couldn't grow input buffer, Status == 0x%x

InitializeScrollBuffer failed, Status = 0x%x

CreateWindow failed with gle = 0x%x

Opening Font file failed with error 0x%x

\ega.cpi

NtReplyWaitReceivePort failed with Status 0x%x

ConsoleOpenWaitEvent failed with Status 0x%x

NtCreatePort failed with Status 0x%x

GetCharWidth32 failed with error 0x%x

GetTextMetricsW failed with error 0x%x

GetSystemEUDCRangeW: RegOpenKeyExW(%ws) failed, error = 0x%x

RtlStringCchCopy failed with Status 0x%x

Cannot allocate 0n%d bytes

|%SWj

O.fBf;

ReCreateDbcsScreenBuffer failed. Restoring to CP=%d

Invalid Parameter: 0x%x, 0x%x, 0x%x

ConsoleKeyInfo buffer is full

Invalid screen buffer size (0x%x, 0x%x)

SetROMFontCodePage: failed to memory allocation %d bytes

FONT.NT

Failed to set font image. wc=x, sz=(%x,%x)

Failed to set font image. wc=x sz=(%x, %x).

Failed to set font image. wc=x sz=(%x,%x)

FullscreenControlSetColors failed - Status = 0x%x

FullscreenControlSetPalette failed - Status = 0x%x

WriteCharsFromInput failed 0x%x

WriteCharsFromInput failed %x

RtlStringCchCopyW failed with Status 0x%x

CreateFontCache failed with Status 0x%x

FTPh

\>.Sj

GetKeyboardLayout

MapVirtualKeyW

VkKeyScanW

GetKeyboardState

UnhookWindowsHookEx

SetWindowsHookExW

GetKeyState

ActivateKeyboardLayout

GetKeyboardLayoutNameA

GetKeyboardLayoutNameW

_amsg_exit

_acmdln

ShipAssert

NtReplyWaitReceivePort

NtCreatePort

NtEnumerateValueKey

NtQueryValueKey

NtOpenKey

NtAcceptConnectPort

NtReplyPort

SetProcessShutdownParameters

GetCPInfo

conhost.pdb

%$%a%b%V%U%c%Q%W%]%\%[%

%<%^%_%Z%T%i%f%`%P%l%g%h%d%e%Y%X%R%S%k%j%

version="5.1.0.0"

name="Microsoft.Windows.ConsoleHost"

<requestedExecutionLevel

name="Microsoft.Windows.ConsoleHost.SystemDefault"

publicKeyToken="6595b64144ccf1df"

name="Microsoft.Windows.SystemCompatible"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

< =$>:>@>

2%2X2

%SystemRoot%

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\FullScreen

WindowSize

ColorTableu

ExtendedEditkeyCustom

ExtendedEditKey

Software\Microsoft\Windows\CurrentVersion

\ !:=/.<>;|&

%d/%d

cmd.exe

desktop.ini

\console.dll

%d/%d

6.1.7601.17641 (win7sp1_gdr.110623-1503)

CONHOST.EXE

Windows

Operating System

6.1.7601.17641

DAEMONLite4.41.exe_3616:

.text

`.rdata

@.data

.rsrc

diu2.iu

Advapi32.dll

irsetup.exe

Could not determine a temp directory name. Try running setup.exe /T:<Path>

c:\temp

%s\irsetup.exe

%s%s_%d

"__IRSID:%s"

"__IRCT:%d"

"__IRAFN:%s"

__IRAOFF:%u

KERNEL32.DLL

mscoree.dll

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

kernel32.dll

GetProcessWindowStation

USER32.DLL

operator

KERNEL32.dll

MsgWaitForMultipleObjects

USER32.dll

ADVAPI32.dll

ShellExecuteExA

SHELL32.dll

GetProcessHeap

GetCPInfo

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DAEMONLite4.41.exe

%xERRj3cqZQ

! !!####0

;;;9551%%0

! !!565665@

version="8.1.1000.0"

name="setup.exe"/>

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>

04090000

VVV.u-soft.org

0.0.0.0

suf80_launch.exe

irsetup.exe_2296:

`.rsrc

FtPh

FtPhu

SSSSh

SSh`UQ

SSh4UQ

SShlTQ

SShDTQ

u1SSh

Su%Sh

SShx`Q

txSSh<`Q

SSh _Q

@ SSh

.hPsQ

SSShDxQ

9^$u&SSSSh?

u SSSSh?

9^$u)SSSSh?

u.VWS

WSSh|DQ

udPQ

t.Ht Ht(Ht

y2SSh

FHSSh

GHSSh

GTSSh

G\SSh

FlSSh

Nt.Nt

SShlSR

tjSShHSR

t;SSh$SR

F<%u3

t'SShl

u$SShe

aSSSh

.VVVVVSRSSj

FTPjK

FtPj;

C.PjRV

diu2.iuz

MSG_ERROR

%s %d. %s

MSG_ASK_FOR_DISK

MSG_NEW_LOCATION

MSG_CONFIRM_ABORT

MSG_CONFIRM

A%s.%d

%s, Line %d: %s

File condition evaluation for file "%s"

C:\temp\SUF_SFX_TEST\

msi.dll

\msi.dll

Software\Microsoft\Windows\CurrentVersion\Installer

MSG_INITIALIZING

16670749

[%d]: %s

*** LOCATION: %s

__NOREPORT__

Script: %s, %s (%s)

__ir_eval_value = %s;

%s (%s:%d)

F:\Program Files\Microsoft Visual Studio 8\VC\atlmfc\include\afxwin2.inl

%Copyright%. All rights reserved. %CompanyURL%

WindowStyle

MainWindowSettings

%s at offset %d unterminated

Incorrect %s at offset %d

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s%d bytes

%s%d wide chars to %d bytes

%d bytes to %s%d wide chars

MSG_SEARCH_FILE

(*.*)|*.*||

MSG_SEARCH_ALL

MSG_SEARCH_MASK

MSG_INSERTDISK

MSG_CANCEL

MSG_OK

MSG_BROWSE

MSG_PATH

Windows Server 2008

Windows Vista

Windows Server 2003

Windows XP

Windows 2000

Windows NT4

Windows NT3

Windows ME

Windows 98

Windows 95

CPasswordData

-- Defined in _SUF70_Global_Functions.lua

number e_ErrorCode, string e_ErrorMsgID

%WindowsFolder%\%ProductName% Setup Log.txt

%StartupFolder%

%StartFolder%

%StartProgramsFolder%

ÞsktopFolder%

%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

%CommonFilesFolder%\Microsoft Shared\DAO

Software\Microsoft\Shared Tools\DAO350.dll

Software\Microsoft\Shared Tools\DAO360.dll

ÚOPath%

Software\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows\CurrentVersion

%SourceFolder%

%SystemDrive%

_WindowsFolder

%WindowsFolder%

%SystemFolder%

%CommonFilesFolder%

%CommonFilesFolder64%

%CommonProgramW6432%

%CommonDocumentsFolder%

%StartupFolderCommon%

%StartProgramsFolderCommon%

%StartFolderCommon%

%FontsFolder%

ÞsktopFolderCommon%

UninstallSupportFiles

CPRegKey

Run extra uninstall script: %d

%SourceDrive%

%SourceFilename%

\irsetup.dat

Support file added to uninstall list:

Registry key added to uninstall list:

Remove uninstall support file:

Remove uninstall CP entry from Registry: HKEY_LOCAL_MACHINE\

Register font: %s, %s

%sbk%d

MSG_NO

MSG_YES_TOALL

MSG_YES

MSG_UNINSTALL_OK_REMOVE

MSG_UNINSTALL_NO_APP_USE

MSG_UNINSTALL_REMOVE_SHARED

Decrement shared file count: %s (New count = %d)

SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs

: %s (#%d)

Global include script: %s

RegisterTypeLib: %s

RegisterTypeLib: %s - %s

Register COM file: %s

Register COM file: %s - System Error # %u

Register COM file on reboot: %s

regsvr32.exe /s %s

SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Increment usage count: %s

Increment usage count: %s (New count = %d)

%s\%s

%s (%d)

local e_Stage = %d;local e_CurrentItemText=[[%s]];local e_CurrentItemPct=%d;local e_StagePct=%d;

MSG_SYSREQ_WARN

MSG_NOTICE

MSG_SYSREQ_ABORT

%s: %s

MSG_SYSREQ_USERPERMISSION

MSG_SYSREQ_SYSTEMADMIN

MSG_SYSREQ_COLORDEPTH

MSG_BITSPERPIXEL

MSG_SYSREQ_SCREENHEIGHT

MSG_SYSREQ_SCREENWIDTH

%s: %d

%s: %d %s

MSG_SYSREQ_RAM

MSG_SIZE_MEGABYTES

Operating System

MSG_SYSREQ_OS

MSG_OS_PART_ORNEWER

MSG_OS_PART_NOSERVPACK

MSG_OS_PART_SERVPACK

MSG_OS_PART_SE

MSG_OS_PART_C

MSG_OS_PART_B

MSG_OS_PART_A

MSG_OS_ALL

MSG_OS_NONE

MSG_OS_WSRV2008

MSG_OS_WVISTA

MSG_OS_WSRV2003

MSG_OS_WXP

MSG_OS_W2000

MSG_OS_WNT4

MSG_OS_WNT3

MSG_OS_WME

MSG_OS_W98

MSG_OS_W95

MSG_OS_UNKNOWN

MSG_SYSREQ_NOTMET

MSG_EXP_USESLEFT

MSG_EXP_USESLEFT2

%s %d %s

MSG_EXP_DAYSLEFT

MSG_EXP_DAYSLEFT2

Software\Microsoft\Windows\CurrentVersion\I652R9823\

MSG_EXP_CONTACT_START

MSG_SEEKING

Dependency Detection Passed

Arc: %s

FN: %s

%s (#%d)

MSG_SKIPPING

MSG_INSTALLING

Run project event: %s

local e_ErrorCode=%d; local e_ErrorMsgID = "%s"

Start project event: %s

MSG_UNINSTALLFILE_NOREMOVE

MSG_UNINSTALLFILE_INUSE

%s (%s: %u)

\WININIT.INI

MSG_FILE_EXISTS_INUSE

MSG_FILE_EXISTS_RETRY

MSG_FILE_EXISTS_ANY

MSG_FILE_EXISTS_NEWER

MSG_FILE_OVERWRITE_CONFIRM

%s\%s.lnk

%s (Return code: %d)

Product: %s, version %s

%s (%d):

MSG_PROG_UNINSTALL_CREATECONTROLFILE

ERR_CREATEUNINSTALL_OPEN_EXE_READ

ERR_CREATEUNINSTALL_OPEN_EXE_WRITE

Overwrite uninstall executable:

MSG_PROG_UNINSTALL_CREATEEXE

@MSG_PROG_UNINSTALL_CREATEDATFILE

?MSG_PROG_UNINSTALL_CREATEFOLDER

"/U:%s"

MSG_PROG_UNINSTALL_CREATESC

Create uninstall CP entry key

ERR_CREATEUNINSTALL_CREATEREGKEY

"%s",%d

Uninstall CP entry: URLUpdateInfo =

URLUpdateInfo

Uninstall CP entry: URLInfoAbout =

URLInfoAbout

"%s" "/U:%s"

HKEY_LOCAL_MACHINE\

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

MSG_PROG_UNINSTALL_CREATECPENTRY

MSG_PROG_UNINSTALL_COPYSUPPORTFILES

MSG_PROG_UNINSTALL_COPYPLUGINS

%s %s

MSG_REQUIRED_DRIVE

MSG_AVAILABLE_DRIVE

MSG_PROG_CHECKING_DRIVESPACE

MSG_PROG_CHECKING_FILES

%A, %B %d, %Y

[%s] %s

%m/%d/%Y %H:%M:%S

MsgFile

ERR_MSI_PATCH_REMOVAL_UNSUPPORTED

ERR_MSI_PATCH_PACKAGE_UNSUPPORTED

ERR_MSI_INSTALL_PLATFORM_UNSUPPORTED

ERR_MSI_UNSUPPORTED_TYPE

ERR_MSI_INSTALL_LANGUAGE_UNSUPPORTED

ERR_SERVER_FILE_DOWNLOAD_SET_PROXY_PASSWORD

ERR_SERVER_FILE_DOWNLOAD_OPEN_FTP_FILE

ERR_SERVER_FILE_DOWNLOAD_OPEN_HTTP_FILE

ERR_ODBC_INVALID_KEYWORD_VALUE

ERR_WEB_503

ERR_WEB_500

ERR_WEB_404

ERR_WEB_403

ERR_WEB_400

ERR_WEB_SET_PROXY_PASSWORD

ERR_WEB_SET_PROXY_USERNAME

ERR_WEB_WRITE_MEMORY

ERR_WEB_FTP_FILE_OPEN

ERR_WEB_USER_ABORT

ERR_WEB_FILE_WRITE

ERR_WEB_DOWNLOAD_FILE_ERROR

ERR_WEB_INVALID_HTTP_RESPONSE

ERR_WEB_DESTINATION_FILE_OPEN

ERR_WEB_SEND_REQUEST

ERR_WEB_OPEN_REQUEST

ERR_WEB_CREATE_HTTP_CONNECTION

ERR_WEB_CREATE_INTERNET_SESSION

ERR_REG_GET_SUB_KEY_NAME

ERR_REG_NON_EXISTANT_SUB_KEY

ERR_REG_DELETE_KEY

ERR_REG_CREATE_KEY

ERR_FILE_EXECUTION_FAILED_ELEVATION

ERR_KEY_RUN_ON_REBOOT_FAILED

ERR_USER_ABORTED_OPERATION

ERR_NON_EXISTANT_VIEWER_EXE

ERR_FILE_EXECUTION_FAILED

ERR_SPECIFIED_EXE_FILE_INVALID

MSG_SUCCESS

Language set: Primary = %d, Secondary = %d

%CompanyURL%

%CompanyName%

UxTheme.dll

%Copyright% %CompanyName%. All rights reserved. %CompanyURL%

%WindowsFolder%\%ProductName% Uninstall Log.txt

%CompanyName% Support Department

%WindowsFolder%\%ProductName%\uninstall.exe

uninstall.xml

CWebBrowser2

Confirm Operation

kernel32.dll

KERNEL32.DLL

PSAPI.DLL

Kernel32.dll

WS2_32.DLL

Copying "%s"

"%s" %s

%d.%d.%d.%d

\StringFileInfo\xx\ProductVersion

\StringFileInfo\xx\PrivateBuild

.bak%d

Windows NT 4

Windows NT 3

%s\shell\open\command

NUL=%s

Software\Microsoft\Windows NT\CurrentVersion\Fonts

Software\Microsoft\Windows\CurrentVersion\Fonts

***!!!***@@

Advapi32.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

%s\%s.url

%s\%s.pif

srclient.dll

%s_%d

%s\_ir_tmpfnt_%d

/\:*?"<>|

jsproxy.dll

DetectAutoProxyUrl

wininet.dll

%%x

d:d

WinINet.dll

Could not create Internet session: %u

Error downloading file: %u

Error writing the destination file: %d-%u

Could not create HTTP connection: %u

Could not create HTTP connection

Incorrect HTTP status returned by server: %d

Send request failed: %u

Content-Type: application/x-www-form-urlencoded

Could not open HTTP file: %s

PTF://

hXXps://

hXXp://

Could not open request: %u

Could not HTTP file: %u

MSG_STATUS_HANDLE_CREATED

MSG_STATUS_HANDLE_CLOSING

MSG_STATUS_REQUEST_COMPLETE

MSG_REDIRECTING

MSG_CONNECTION_CLOSED

MSG_RESOLVING_HOST_NAME

MSG_HOST_NAME_RESOLVED

MSG_CONNECTING_TO_SERVER

MSG_CONNECTED_TO_SERVER

MSG_CLOSING_CONNECTION

TRACE: LastError = %d ("%s")

Script: %s, %s

Script: %s, Line %d

All Files (*.*)|*.*|

PasswordInput

MSG_MOVING

MSG_COPYING

MSG_FROM

MSG_TO

MSG_DELETING

MSG_SEARCHING

\StringFileInfo\xx\SpecialBuild

\StringFileInfo\xx\OriginalFilename

\StringFileInfo\xx\Comments

\StringFileInfo\xx\LegalTrademarks

\StringFileInfo\xx\LegalCopyright

\StringFileInfo\xx\ProductName

\StringFileInfo\xx\InternalName

\StringFileInfo\xx\FileDescription

\StringFileInfo\xx\CompanyName

ErrorMsg

%Y-%m-%dT%H:%M:%S

MSG_INSTALL_DO_YOU_WANT_OVERWRITE

MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG

MSG_INSTALL_FILE_OLDER_MSG

OpenURL

\msiexec.exe

RunMsiexec

SQLInstallerError

SQLRemoveDriverManager

odbccp32.dll

SQLConfigDataSource

SQLInstallDriverEx

SQLInstallDriverManager

SQLRemoveDriver

\Kernel32.dll

GetKeyNames

DoesKeyExist

DeleteKey

CreateKey

ShortcutKey

keycode

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

MSG_SIZE_BYTES

P?MSG_SIZE_KILOBYTES

>MSG_SIZE_GIGABYTES

xxxxxx

%s-%s-%s

%s/%s/%s

%s:%s:%s

%d:%s:%s AM

%d:%s:%s PM

MSG_REBOOT_FAILED

WININET.DLL

PPassword

Password

%s %s %s %s (%0.2f %s)

%0.1f %s/%0.1f %s

%I64u %s/%I64u %s

MSG_KB_PER_SEC

MSG_ESTIMATED_TIME_LEFT

MSG_SAVING

MSG_DOWNLOADING

%s %s %s %s

MSG_QUERYING_INTERNET

MSG_READING

GetHTTPErrorInfo

%s > %s

local e_CtrlID=%d; local e_MsgID=%d;

Button%d

Check%d

ComboBox%d

Edit%d

Space available on selected drive: %SpaceAvailable%

Space required: %SpaceRequired%

Error: The specified file: '%s' could not be found.

Error: The specified file: '%s' could not be opened.

Error: The specified file: '%s' is too large to read.

Error: The specified file: '%s' could not be read.

number e_CtrlID, number e_MsgID, table e_Details

Application.Exit();

Screen.Next();

Screen.Back();

Radio%d

Total space required: %SpaceRequired%

IDS_CTRL_CHECK_BOX_d

IDS_CTRL_BUTTON_d

IDS_CTRL_STATICTEXT_LABEL_d

IDS_CTRL_COMBOBOX_d_DEFAULT

IDS_CTRL_EDIT_d

IDS_CTRL_RADIO_BUTTON_d

IDS_CTRL_LISTBOX_d

IDS_CTRL_SCROLLTEXT_BODY_d

IDS_CTRL_PROGRESS_BAR_d

IDS_CTRL_GROUP_BOX_d

IDS_CTRL_SELECT_PACKAGE_TREE_d

CTRL_CHECK_BOX_d

CTRL_BUTTON_d

CTRL_STATICTEXT_LABEL_d

CTRL_COMBOBOX_d

CTRL_EDIT_d

CTRL_RADIO_BUTTON_d

CTRL_LIST_BOX_d

CTRL_SCROLLTEXT_BODY_d

CTRL_PROGRESS_BAR_d

CTRL_GROUP_BOX_d

CTRL_SELECT_PACKAGE_TREE_d

IDS_CTRL_COMBOBOX_d_ITEMS

IDS_CTRL_SCROLLTEXT_FILE_d

WebWindow

IDS_CTRL_CATEGORY_NAME_d_%.3d

IDS_CTRL_CATEGORY_DESCRIPTION_d_%.3d

$Lua: Lua 5.0.2 Copyright (C) 1994-2004 Tecgraf, PUC-Rio $

$URL: VVV.lua.org $

!"#$%&'()* ,-./012

#*1892 $

%,3:;4-&

'.5<=6/7>?

mgM

CNotSupportedException

GDI32.DLL

hhctrl.ocx

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

commctrl_DragListMsg

CCmdTarget

f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

MSWHEEL_ROLLMSG

comctl32.dll

comdlg32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

ntdll.dll

%s.dll

mfcm80.dll

CHttpConnection

CHttpFile

HTTP/1.0

user32.dll

f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

ole32.dll

mscoree.dll

Visual C   CRT: Not enough memory to complete call to strerror.

cmd.exe

command.com

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

?#%X.y

operator

GetProcessWindowStation

USER32.DLL

OLEACC.dll

WININET.dll

InternetCrackUrlA

InternetCanonicalizeUrlA

HttpQueryInfoA

HttpSendRequestA

HttpOpenRequestA

.?AVCCmdTarget@@

.PAVCFileException@@

.PAVCException@@

.?AVCMainWindowSettings@@

.?AVCMD5@@

.?AVCPasswordData@@

.?AVCRTSessionVarMgr@@

.?AVCScreenCrtrMeasure@@

.?AVCWebBrowser2@@

.PAVCInternetException@@

.PAVCMemoryException@@

.PAVCResourceException@@

.?AVCScreenCtrlMsg@@

.?AVCScreenCtrlMsgDetail@@

Lua 5.0.2

attempt to %s a %s value

attempt to %s %s `%s' (a %s value)

attempt to compare %s with %s

attempt to compare two %s values

%s:%d: %s

system error %d

file (%s)

`popen' not supported

field `%s' missing in date table

^$* ?.([%-

missing `[' after `%%f' in pattern

no function environment for tail call at level %d

could not load package `%s' from path `%s'

error loading package `%s' (%s)

?;?.lua

bad argument #%d to `%s' (%s)

calling `%s' on bad self (%s)

%s expected, got %s

%s:%d:

stack overflow (%s)

cannot read %s: %s

`__pow' (`^' operator) is not a function

invalid key for `next'

too many %s (limit=%d)

%s:%d: %s near `%s'

char(%d)

`%s' expected (to close `%s' at line %d)

`%s' expected

bad code in %s

unexpected end of file in %s

bad integer in %s

bad nupvalues in %s: read %d; expected %d

bad constant type (%d) in %s

unknown number format in %s

%s too old: read version %d.%d; expected at least %d.%d

%s too new: read version %d.%d; expected at most %d.%d

bad signature in %s

virtual machine mismatch in %s: size of %s is %d but read %d

.PAVCSimpleException@@

.PAVCObject@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.PAVCOleException@@

.PAVCUserException@@

.?AVCTestCmdUI@@

.?AVCCmdUI@@

.PAVCArchiveException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.PAVCOleDispatchException@@

zcÁ

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

GetConsoleOutputCP

GetCPInfo

GetProcessHeap

GetWindowsDirectoryA

RegEnumKeyA

RegOpenKeyA

RegCloseKey

RegEnumKeyExA

RegQueryInfoKeyA

RegDeleteKeyA

RegCreateKeyExA

RegOpenKeyExA

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

GetViewportExtEx

ShellExecuteA

ShellExecuteExA

UrlUnescapeA

URLDownloadToFileA

SetWindowsHookExA

UnhookWindowsHookEx

CreateDialogIndirectParamA

GetKeyState

ExitWindowsEx

EnumWindows

MsgWaitForMultipleObjects

GetAsyncKeyState

.text

`.rdata

@.data

.rsrc

%xERRj3cqZQ

! !!####0

;;;9551%%0

! !!565665@

version="8.1.1000.0"

name="setup.exe"/>

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>

ADVAPI32.dll

COMCTL32.dll

GDI32.dll

NETAPI32.dll

OLEAUT32.dll

oledlg.dll

SHELL32.dll

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WINMM.dll

WINSPOOL.DRV

accKeyboardShortcut

Argument %d must be of type %s.

%d arguments required.

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

#Unable to load mail system support.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

8.1.1000.0

2008 Indigo Rose Corporation (VVV.indigorose.com)

suf80_rt.exe

irsetup.exe_2296_rwx_00401000_00172000:

FtPhu

SSSSh

FtPh

SSh`UQ

SSh4UQ

SShlTQ

SShDTQ

u1SSh

Su%Sh

SShx`Q

txSSh<`Q

SSh _Q

@ SSh

.hPsQ

SSShDxQ

9^$u&SSSSh?

u SSSSh?

9^$u)SSSSh?

u.VWS

WSSh|DQ

udPQ

t.Ht Ht(Ht

y2SSh

FHSSh

GHSSh

GTSSh

G\SSh

FlSSh

Nt.Nt

SShlSR

tjSShHSR

t;SSh$SR

F<%u3

t'SShl

u$SShe

aSSSh

.VVVVVSRSSj

FTPjK

FtPj;

C.PjRV

diu2.iuz

MSG_ERROR

%s %d. %s

MSG_ASK_FOR_DISK

MSG_NEW_LOCATION

MSG_CONFIRM_ABORT

MSG_CONFIRM

A%s.%d

%s, Line %d: %s

File condition evaluation for file "%s"

C:\temp\SUF_SFX_TEST\

msi.dll

\msi.dll

Software\Microsoft\Windows\CurrentVersion\Installer

MSG_INITIALIZING

16670749

[%d]: %s

*** LOCATION: %s

__NOREPORT__

Script: %s, %s (%s)

__ir_eval_value = %s;

%s (%s:%d)

F:\Program Files\Microsoft Visual Studio 8\VC\atlmfc\include\afxwin2.inl

%Copyright%. All rights reserved. %CompanyURL%

WindowStyle

MainWindowSettings

%s at offset %d unterminated

Incorrect %s at offset %d

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s%d bytes

%s%d wide chars to %d bytes

%d bytes to %s%d wide chars

MSG_SEARCH_FILE

(*.*)|*.*||

MSG_SEARCH_ALL

MSG_SEARCH_MASK

MSG_INSERTDISK

MSG_CANCEL

MSG_OK

MSG_BROWSE

MSG_PATH

Windows Server 2008

Windows Vista

Windows Server 2003

Windows XP

Windows 2000

Windows NT4

Windows NT3

Windows ME

Windows 98

Windows 95

CPasswordData

-- Defined in _SUF70_Global_Functions.lua

number e_ErrorCode, string e_ErrorMsgID

%WindowsFolder%\%ProductName% Setup Log.txt

%StartupFolder%

%StartFolder%

%StartProgramsFolder%

ÞsktopFolder%

%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

%CommonFilesFolder%\Microsoft Shared\DAO

Software\Microsoft\Shared Tools\DAO350.dll

Software\Microsoft\Shared Tools\DAO360.dll

ÚOPath%

Software\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows\CurrentVersion

%SourceFolder%

%SystemDrive%

_WindowsFolder

%WindowsFolder%

%SystemFolder%

%CommonFilesFolder%

%CommonFilesFolder64%

%CommonProgramW6432%

%CommonDocumentsFolder%

%StartupFolderCommon%

%StartProgramsFolderCommon%

%StartFolderCommon%

%FontsFolder%

ÞsktopFolderCommon%

UninstallSupportFiles

CPRegKey

Run extra uninstall script: %d

%SourceDrive%

%SourceFilename%

\irsetup.dat

Support file added to uninstall list:

Registry key added to uninstall list:

Remove uninstall support file:

Remove uninstall CP entry from Registry: HKEY_LOCAL_MACHINE\

Register font: %s, %s

%sbk%d

MSG_NO

MSG_YES_TOALL

MSG_YES

MSG_UNINSTALL_OK_REMOVE

MSG_UNINSTALL_NO_APP_USE

MSG_UNINSTALL_REMOVE_SHARED

Decrement shared file count: %s (New count = %d)

SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs

: %s (#%d)

Global include script: %s

RegisterTypeLib: %s

RegisterTypeLib: %s - %s

Register COM file: %s

Register COM file: %s - System Error # %u

Register COM file on reboot: %s

regsvr32.exe /s %s

SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Increment usage count: %s

Increment usage count: %s (New count = %d)

%s\%s

%s (%d)

local e_Stage = %d;local e_CurrentItemText=[[%s]];local e_CurrentItemPct=%d;local e_StagePct=%d;

MSG_SYSREQ_WARN

MSG_NOTICE

MSG_SYSREQ_ABORT

%s: %s

MSG_SYSREQ_USERPERMISSION

MSG_SYSREQ_SYSTEMADMIN

MSG_SYSREQ_COLORDEPTH

MSG_BITSPERPIXEL

MSG_SYSREQ_SCREENHEIGHT

MSG_SYSREQ_SCREENWIDTH

%s: %d

%s: %d %s

MSG_SYSREQ_RAM

MSG_SIZE_MEGABYTES

Operating System

MSG_SYSREQ_OS

MSG_OS_PART_ORNEWER

MSG_OS_PART_NOSERVPACK

MSG_OS_PART_SERVPACK

MSG_OS_PART_SE

MSG_OS_PART_C

MSG_OS_PART_B

MSG_OS_PART_A

MSG_OS_ALL

MSG_OS_NONE

MSG_OS_WSRV2008

MSG_OS_WVISTA

MSG_OS_WSRV2003

MSG_OS_WXP

MSG_OS_W2000

MSG_OS_WNT4

MSG_OS_WNT3

MSG_OS_WME

MSG_OS_W98

MSG_OS_W95

MSG_OS_UNKNOWN

MSG_SYSREQ_NOTMET

MSG_EXP_USESLEFT

MSG_EXP_USESLEFT2

%s %d %s

MSG_EXP_DAYSLEFT

MSG_EXP_DAYSLEFT2

Software\Microsoft\Windows\CurrentVersion\I652R9823\

MSG_EXP_CONTACT_START

MSG_SEEKING

Dependency Detection Passed

Arc: %s

FN: %s

%s (#%d)

MSG_SKIPPING

MSG_INSTALLING

Run project event: %s

local e_ErrorCode=%d; local e_ErrorMsgID = "%s"

Start project event: %s

MSG_UNINSTALLFILE_NOREMOVE

MSG_UNINSTALLFILE_INUSE

%s (%s: %u)

\WININIT.INI

MSG_FILE_EXISTS_INUSE

MSG_FILE_EXISTS_RETRY

MSG_FILE_EXISTS_ANY

MSG_FILE_EXISTS_NEWER

MSG_FILE_OVERWRITE_CONFIRM

%s\%s.lnk

%s (Return code: %d)

Product: %s, version %s

%s (%d):

MSG_PROG_UNINSTALL_CREATECONTROLFILE

ERR_CREATEUNINSTALL_OPEN_EXE_READ

ERR_CREATEUNINSTALL_OPEN_EXE_WRITE

Overwrite uninstall executable:

MSG_PROG_UNINSTALL_CREATEEXE

@MSG_PROG_UNINSTALL_CREATEDATFILE

?MSG_PROG_UNINSTALL_CREATEFOLDER

"/U:%s"

MSG_PROG_UNINSTALL_CREATESC

Create uninstall CP entry key

ERR_CREATEUNINSTALL_CREATEREGKEY

"%s",%d

Uninstall CP entry: URLUpdateInfo =

URLUpdateInfo

Uninstall CP entry: URLInfoAbout =

URLInfoAbout

"%s" "/U:%s"

HKEY_LOCAL_MACHINE\

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

MSG_PROG_UNINSTALL_CREATECPENTRY

MSG_PROG_UNINSTALL_COPYSUPPORTFILES

MSG_PROG_UNINSTALL_COPYPLUGINS

%s %s

MSG_REQUIRED_DRIVE

MSG_AVAILABLE_DRIVE

MSG_PROG_CHECKING_DRIVESPACE

MSG_PROG_CHECKING_FILES

%A, %B %d, %Y

[%s] %s

%m/%d/%Y %H:%M:%S

MsgFile

ERR_MSI_PATCH_REMOVAL_UNSUPPORTED

ERR_MSI_PATCH_PACKAGE_UNSUPPORTED

ERR_MSI_INSTALL_PLATFORM_UNSUPPORTED

ERR_MSI_UNSUPPORTED_TYPE

ERR_MSI_INSTALL_LANGUAGE_UNSUPPORTED

ERR_SERVER_FILE_DOWNLOAD_SET_PROXY_PASSWORD

ERR_SERVER_FILE_DOWNLOAD_OPEN_FTP_FILE

ERR_SERVER_FILE_DOWNLOAD_OPEN_HTTP_FILE

ERR_ODBC_INVALID_KEYWORD_VALUE

ERR_WEB_503

ERR_WEB_500

ERR_WEB_404

ERR_WEB_403

ERR_WEB_400

ERR_WEB_SET_PROXY_PASSWORD

ERR_WEB_SET_PROXY_USERNAME

ERR_WEB_WRITE_MEMORY

ERR_WEB_FTP_FILE_OPEN

ERR_WEB_USER_ABORT

ERR_WEB_FILE_WRITE

ERR_WEB_DOWNLOAD_FILE_ERROR

ERR_WEB_INVALID_HTTP_RESPONSE

ERR_WEB_DESTINATION_FILE_OPEN

ERR_WEB_SEND_REQUEST

ERR_WEB_OPEN_REQUEST

ERR_WEB_CREATE_HTTP_CONNECTION

ERR_WEB_CREATE_INTERNET_SESSION

ERR_REG_GET_SUB_KEY_NAME

ERR_REG_NON_EXISTANT_SUB_KEY

ERR_REG_DELETE_KEY

ERR_REG_CREATE_KEY

ERR_FILE_EXECUTION_FAILED_ELEVATION

ERR_KEY_RUN_ON_REBOOT_FAILED

ERR_USER_ABORTED_OPERATION

ERR_NON_EXISTANT_VIEWER_EXE

ERR_FILE_EXECUTION_FAILED

ERR_SPECIFIED_EXE_FILE_INVALID

MSG_SUCCESS

Language set: Primary = %d, Secondary = %d

%CompanyURL%

%CompanyName%

UxTheme.dll

%Copyright% %CompanyName%. All rights reserved. %CompanyURL%

%WindowsFolder%\%ProductName% Uninstall Log.txt

%CompanyName% Support Department

%WindowsFolder%\%ProductName%\uninstall.exe

uninstall.xml

CWebBrowser2

Confirm Operation

kernel32.dll

KERNEL32.DLL

PSAPI.DLL

Kernel32.dll

WS2_32.DLL

Copying "%s"

"%s" %s

%d.%d.%d.%d

\StringFileInfo\xx\ProductVersion

\StringFileInfo\xx\PrivateBuild

.bak%d

Windows NT 4

Windows NT 3

%s\shell\open\command

NUL=%s

Software\Microsoft\Windows NT\CurrentVersion\Fonts

Software\Microsoft\Windows\CurrentVersion\Fonts

***!!!***@@

Advapi32.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

%s\%s.url

%s\%s.pif

srclient.dll

%s_%d

%s\_ir_tmpfnt_%d

/\:*?"<>|

jsproxy.dll

DetectAutoProxyUrl

wininet.dll

%%x

d:d

WinINet.dll

Could not create Internet session: %u

Error downloading file: %u

Error writing the destination file: %d-%u

Could not create HTTP connection: %u

Could not create HTTP connection

Incorrect HTTP status returned by server: %d

Send request failed: %u

Content-Type: application/x-www-form-urlencoded

Could not open HTTP file: %s

PTF://

hXXps://

hXXp://

Could not open request: %u

Could not HTTP file: %u

MSG_STATUS_HANDLE_CREATED

MSG_STATUS_HANDLE_CLOSING

MSG_STATUS_REQUEST_COMPLETE

MSG_REDIRECTING

MSG_CONNECTION_CLOSED

MSG_RESOLVING_HOST_NAME

MSG_HOST_NAME_RESOLVED

MSG_CONNECTING_TO_SERVER

MSG_CONNECTED_TO_SERVER

MSG_CLOSING_CONNECTION

TRACE: LastError = %d ("%s")

Script: %s, %s

Script: %s, Line %d

All Files (*.*)|*.*|

PasswordInput

MSG_MOVING

MSG_COPYING

MSG_FROM

MSG_TO

MSG_DELETING

MSG_SEARCHING

\StringFileInfo\xx\SpecialBuild

\StringFileInfo\xx\OriginalFilename

\StringFileInfo\xx\Comments

\StringFileInfo\xx\LegalTrademarks

\StringFileInfo\xx\LegalCopyright

\StringFileInfo\xx\ProductName

\StringFileInfo\xx\InternalName

\StringFileInfo\xx\FileDescription

\StringFileInfo\xx\CompanyName

ErrorMsg

%Y-%m-%dT%H:%M:%S

MSG_INSTALL_DO_YOU_WANT_OVERWRITE

MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG

MSG_INSTALL_FILE_OLDER_MSG

OpenURL

\msiexec.exe

RunMsiexec

SQLInstallerError

SQLRemoveDriverManager

odbccp32.dll

SQLConfigDataSource

SQLInstallDriverEx

SQLInstallDriverManager

SQLRemoveDriver

\Kernel32.dll

GetKeyNames

DoesKeyExist

DeleteKey

CreateKey

ShortcutKey

keycode

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

MSG_SIZE_BYTES

P?MSG_SIZE_KILOBYTES

>MSG_SIZE_GIGABYTES

xxxxxx

%s-%s-%s

%s/%s/%s

%s:%s:%s

%d:%s:%s AM

%d:%s:%s PM

MSG_REBOOT_FAILED

WININET.DLL

PPassword

Password

%s %s %s %s (%0.2f %s)

%0.1f %s/%0.1f %s

%I64u %s/%I64u %s

MSG_KB_PER_SEC

MSG_ESTIMATED_TIME_LEFT

MSG_SAVING

MSG_DOWNLOADING

%s %s %s %s

MSG_QUERYING_INTERNET

MSG_READING

GetHTTPErrorInfo

%s > %s

local e_CtrlID=%d; local e_MsgID=%d;

Button%d

Check%d

ComboBox%d

Edit%d

Space available on selected drive: %SpaceAvailable%

Space required: %SpaceRequired%

Error: The specified file: '%s' could not be found.

Error: The specified file: '%s' could not be opened.

Error: The specified file: '%s' is too large to read.

Error: The specified file: '%s' could not be read.

number e_CtrlID, number e_MsgID, table e_Details

Application.Exit();

Screen.Next();

Screen.Back();

Radio%d

Total space required: %SpaceRequired%

IDS_CTRL_CHECK_BOX_d

IDS_CTRL_BUTTON_d

IDS_CTRL_STATICTEXT_LABEL_d

IDS_CTRL_COMBOBOX_d_DEFAULT

IDS_CTRL_EDIT_d

IDS_CTRL_RADIO_BUTTON_d

IDS_CTRL_LISTBOX_d

IDS_CTRL_SCROLLTEXT_BODY_d

IDS_CTRL_PROGRESS_BAR_d

IDS_CTRL_GROUP_BOX_d

IDS_CTRL_SELECT_PACKAGE_TREE_d

CTRL_CHECK_BOX_d

CTRL_BUTTON_d

CTRL_STATICTEXT_LABEL_d

CTRL_COMBOBOX_d

CTRL_EDIT_d

CTRL_RADIO_BUTTON_d

CTRL_LIST_BOX_d

CTRL_SCROLLTEXT_BODY_d

CTRL_PROGRESS_BAR_d

CTRL_GROUP_BOX_d

CTRL_SELECT_PACKAGE_TREE_d

IDS_CTRL_COMBOBOX_d_ITEMS

IDS_CTRL_SCROLLTEXT_FILE_d

WebWindow

IDS_CTRL_CATEGORY_NAME_d_%.3d

IDS_CTRL_CATEGORY_DESCRIPTION_d_%.3d

$Lua: Lua 5.0.2 Copyright (C) 1994-2004 Tecgraf, PUC-Rio $

$URL: VVV.lua.org $

!"#$%&'()* ,-./012

#*1892 $

%,3:;4-&

'.5<=6/7>?

mgM

CNotSupportedException

GDI32.DLL

hhctrl.ocx

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

commctrl_DragListMsg

CCmdTarget

f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

MSWHEEL_ROLLMSG

comctl32.dll

comdlg32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

ntdll.dll

%s.dll

mfcm80.dll

CHttpConnection

CHttpFile

HTTP/1.0

user32.dll

f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

ole32.dll

mscoree.dll

Visual C   CRT: Not enough memory to complete call to strerror.

cmd.exe

command.com

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

?#%X.y

operator

GetProcessWindowStation

USER32.DLL

OLEACC.dll

WININET.dll

InternetCrackUrlA

InternetCanonicalizeUrlA

HttpQueryInfoA

HttpSendRequestA

HttpOpenRequestA

.?AVCCmdTarget@@

.PAVCFileException@@

.PAVCException@@

.?AVCMainWindowSettings@@

.?AVCMD5@@

.?AVCPasswordData@@

.?AVCRTSessionVarMgr@@

.?AVCScreenCrtrMeasure@@

.?AVCWebBrowser2@@

.PAVCInternetException@@

.PAVCMemoryException@@

.PAVCResourceException@@

.?AVCScreenCtrlMsg@@

.?AVCScreenCtrlMsgDetail@@

Lua 5.0.2

attempt to %s a %s value

attempt to %s %s `%s' (a %s value)

attempt to compare %s with %s

attempt to compare two %s values

%s:%d: %s

system error %d

file (%s)

`popen' not supported

field `%s' missing in date table

^$* ?.([%-

missing `[' after `%%f' in pattern

no function environment for tail call at level %d

could not load package `%s' from path `%s'

error loading package `%s' (%s)

?;?.lua

bad argument #%d to `%s' (%s)

calling `%s' on bad self (%s)

%s expected, got %s

%s:%d:

stack overflow (%s)

cannot read %s: %s

`__pow' (`^' operator) is not a function

invalid key for `next'

too many %s (limit=%d)

%s:%d: %s near `%s'

char(%d)

`%s' expected (to close `%s' at line %d)

`%s' expected

bad code in %s

unexpected end of file in %s

bad integer in %s

bad nupvalues in %s: read %d; expected %d

bad constant type (%d) in %s

unknown number format in %s

%s too old: read version %d.%d; expected at least %d.%d

%s too new: read version %d.%d; expected at most %d.%d

bad signature in %s

virtual machine mismatch in %s: size of %s is %d but read %d

.PAVCSimpleException@@

.PAVCObject@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.PAVCOleException@@

.PAVCUserException@@

.?AVCTestCmdUI@@

.?AVCCmdUI@@

.PAVCArchiveException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.PAVCOleDispatchException@@

zcÁ

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

GetConsoleOutputCP

GetCPInfo

GetProcessHeap

GetWindowsDirectoryA

RegEnumKeyA

RegOpenKeyA

RegCloseKey

RegEnumKeyExA

RegQueryInfoKeyA

RegDeleteKeyA

RegCreateKeyExA

RegOpenKeyExA

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

GetViewportExtEx

ShellExecuteA

ShellExecuteExA

UrlUnescapeA

URLDownloadToFileA

SetWindowsHookExA

UnhookWindowsHookEx

CreateDialogIndirectParamA

GetKeyState

ExitWindowsEx

EnumWindows

MsgWaitForMultipleObjects

GetAsyncKeyState

.text

`.rdata

@.data

.rsrc

accKeyboardShortcut

Argument %d must be of type %s.

%d arguments required.

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

#Unable to load mail system support.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

DTLite4413-0173.exe_1672:

.text

`.rdata

@.data

.ndata

.rsrc

RegDeleteKeyExW

Kernel32.DLL

PSAPI.DLL

%s=%s

GetWindowsDirectoryW

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationW

ShellExecuteW

SHELL32.dll

RegDeleteKeyW

RegCloseKey

RegEnumKeyW

RegOpenKeyExW

RegCreateKeyExW

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

%U/nE

q4*.rIY

.cr1h

;$;(;,;0;4;8;<;@;

<(</<4<8<<<]<

<&=,=0=4=8=

4 4@4\4`4

2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.

3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D

hXXps://VVV.verisign.com/rpa0

hXXp://ocsp.verisign.com0?

3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0

.Class 3 Public Primary Certification Authority0

hXXps://VVV.verisign.com/cps0*

#hXXp://logo.verisign.com/vslogo.gif0

hXXp://ocsp.verisign.com01

hXXp://crl.verisign.com/pca3.crl0)

hXXp://ocsp.verisign.com0

"hXXp://crl.verisign.com/tss-ca.crl0

Thawte Certification1

0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0

<TOOLBAR version="1.00.000" >

<BUTTON ID="DTLite" key="1000" captionShow="1" img="dt.ico" caption="ID_DTLiteCaption" hint="ID_DTLiteCaptionHint" system="DTLITE_PATH -show_mdm" >

<ITEM key="1002" caption="ID_Mount" img="m.ico" system="DTLITE_PATH -show_mount"/>

<ITEM key="1003" caption="ID_UnMount" img="u.ico" system="DTLITE_PATH -unmount_all"/>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="highestAvailable" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

%u.%u%s%s

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

*?|<>/":

pData\Local\Temp\nsr342B.tmp\setuphlp.dll

0173.exe /S

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\setuphlp.dll

ON Tools Lite\DTGadget.lnk

te.lnk

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp

6.exe

Monkey's Audio!

Windows Media Audio

`~!@#$^&*() =[]{}\:;'",|<>/

<A HREF="%s">

nsr342B.tmp

\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe /S

342B.tmp\Lang\

\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe /S

%Program Files%\DAEMON Tools Lite

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0

DTLite4413-0173.exe

ers\"%CurrentUserName%"\AppData\Local\Temp\nsc33CC.tmp

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe

Windows Gadget

Integrate with Windows Explorer

SCSI Pass Through Direct (SPTD) layer is needed for Advanced Emulation features.

Windows Gadget for quick access to main DAEMON Tools functionalities from Desktop.

4.41.3.0173.0

DAEMONSetup4.41.3.0173.exe

dinotify.exe_3912:

.text

`.data

.rsrc

@.reloc

KERNEL32.dll

msvcrt.dll

pnpui.dll

dinotify.pdb

_amsg_exit

version="1.0.0.0"

name="DINotify.exe"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel

pnpui.dll,SimplifiedDINotification

Windows Device Installation

6.1.7600.16385 (win7_rtm.090713-1255)

dinotify.exe

Windows

Operating System

6.1.7600.16385

sidebar.exe_1808:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

GDI32.dll

USER32.dll

msvcrt.dll

ATL.DLL

ole32.dll

OLEAUT32.dll

COMCTL32.dll

gdiplus.dll

SHLWAPI.dll

SHELL32.dll

urlmon.dll

CRYPT32.dll

sfc_os.dll

dwmapi.dll

CRYPTUI.dll

UxTheme.dll

SSShZ

SSSSSSh

FTPQ

#SSSh

1.1.4

1.3.6.1.4.1.311.2.1.12

DwmApplyWindowScaleFactor

FTPh

SSShw

PSSh|

tWHt;Ht.Ht

sidebar.exe

WININET.dll

WTSAPI32.dll

WINMM.dll

IPHLPAPI.DLL

WINTRUST.dll

PROPSYS.dll

Wlanapi.dll

wlanutil.dll

OLEACC.dll

COMDLG32.dll

InternetCreateUrlW

InternetCrackUrlW

GetUrlCacheEntryInfoW

PSGetPropertyKeyFromName

ntdll.dll

RegCloseKey

RegOpenKeyExW

RegNotifyChangeKeyValue

RegDeleteKeyW

ReportEventW

GetProcessHeap

RegEnumKeyExW

GetSystemWindowsDirectoryW

RegCreateKeyExW

SetViewportOrgEx

GetKeyState

GetKeyboardState

UnregisterHotKey

RegisterHotKey

MsgWaitForMultipleObjectsEx

GetAsyncKeyState

_amsg_exit

_acmdln

GdipSetPenLineJoin

GdipSetImageAttributesColorKeys

GdiplusShutdown

PathIsURLW

UrlIsW

UrlEscapeW

PathCreateFromUrlW

UrlUnescapeW

ShellExecuteW

SHFileOperationW

ShellExecuteExW

URLOpenBlockingStreamW

CreateURLMoniker

CertCloseStore

CertFreeCertificateContext

CertGetNameStringW

CertFindCertificateInStore

CryptMsgGetParam

CryptMsgClose

CryptUIDlgViewCertificateW

sidebar.pdb

name="Microsoft.Windows.Sidebar"

version="1.0.0.0"

<description>Windows Sidebar</description>

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel level="asInvoker" uiAccess="false"/>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

stdole2.tlbWWWp)

vOperationWW

.ssid

.backgroundWW

.lpbstrStdDisplayNameWD

KEYWh

"" ,,/,**)((

!<9:;;6611-,,)))((

yuussHIBA@<9966111/-,,),9IA89511

wfb=3/-A}

444600,,)''%%$$

"<34//*('%%$$

=55/** ('%%$$

@<25/**((%%%$$

!!//---*)(

62.*(&$#

,63.*)&$$##

/963.*)&&##

L[Q9930.*'$$&.LhmlEF

7000--,,**''''

U$.eH~

}#$##$$$ !

}    / 0/01&&()#

];<4*/%'

@.lF!=^

*8<<:8<<8<<<8<<<8*

6666666666

.oeA(

l.GCc

"Cw%X

%d%t3

%fLpX

%US7i

;w.VS]}

.IDATx

&p.VM

j.ah@

g?.Vf

Q.hH5

)%uuu

d^pÇ

{D58F39FF-953E-4F45-898F-59F243B9A523} = s 'ghost'

'sidebar.EXE'

val AppID = s {D58F39FF-953E-4F45-898F-59F243B9A523}

NoRemove 'Windows Sidebar'

*021:1@1

3 3$3(3,3034383<3

? ?$?(?,?

8 8$8(8,808

4 4'4.4;4

="=)=0=7=

6#6*61676

=4=8=\=`=

4 4<4@4\4`4|4

5 5<5@5\5`5|5

Section%d

Software\Microsoft\Windows\CurrentVersion\Sidebar\Settings

Software\Microsoft\Windows Sidebar\IEOverride

00.00.00.02

Software\Microsoft\Windows\CurrentVersion\Sidebar\Compatibility

Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar

Microsoft\Windows Sidebar\Gadgets

Settings.ini

Microsoft\Windows Sidebar

AnimationsTimerT%d

Gadget.xml

*.Gadget

hXXp://go.microsoft.com/fwlink/?LinkId=124093

imageres.dll

{557CF406-1A04-11D3-9A73-0000F81EF32E}

Windows Sidebar\Shared Gadgets

Msg_GadgetInstalled

%d.%d.%d.%d

Wversion.dll

%s %s

.0123456789

ddwmapi.dll

Msxml.DOMDocument

Windows Sidebar\Gadgets

%s\%s

keywords

website

Software\Microsoft\Windows\CurrentVersion\Run

Section %d

\\?\UNC\

BurlyWood

Windows

Keywords

Windows Sidebar

mshelp://windows/?id=3d5bb826-ed5d-421f-9411-8e0d6ee83947

hXXp://

.html

.Gadget

<A href="%s">%s</A>

<A ID="Link">%s</A>

<A ID="Cert">%s</A>

Cert

mshelp://windows/?id=6b046ae9-1434-4423-9303-400ff6fe686b

url("gbackground:///%s")

SupportLink

SidebarExecute

{00000000-0000-0000-0000-000000000000}

\\?\Volume

style.backgroundImage

style.width

style.height

Software\Microsoft\Windows\CurrentVersion\Sidebar

style.backgroundColor

%windir%\system32\schtasks.exe

/run /tn Microsoft\Windows\SideShow\GadgetManager

HARDWARE\DESCRIPTION\System\CentralProcessor\%d

Shell.Application

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones

@tzres.dll,

\tzres.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

&C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

Windows Desktop Gadgets

6.1.7601.17514 (win7sp1_rtm.101119-1850)

sidebar.EXE

Windows

Operating System

1.0.7601.17514

Microsoft-Windows-Sidebar/Diagnostic

DT_free_Rus_YandexBar1022.exe_2792:

.text

`.rdata

@.data

.rsrc

@.reloc

operator

GetProcessWindowStation

%d %d %d %d

inflate 1.1.3 Copyright 1995-1998 Mark Adler

-DTLite.exe

YandexSetup.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON_Tools_Bar Toolbar

--distr /passive /msicl "

E:\Projects\toolbars\YandexToolbar\Release\ToolbarSetup.pdb

KERNEL32.dll

EnumChildWindows

EnumThreadWindows

USER32.dll

GDI32.dll

RegOpenKeyExA

RegCloseKey

RegCreateKeyExA

ADVAPI32.dll

ShellExecuteExW

ShellExecuteExA

SHELL32.dll

GetProcessHeap

GetCPInfo

t~}q{{oyylwvitsfqqdoobnn_ll^jj[hhZhhZhhZggYhhZhgZggYggYffXffXffXefXefXfeXeeWeeXddWddWddVddVddVcdVbcUbcTbcUabTabTabTaaTaaT``T``T``T``S``S__R__R^^Q^^Q^^Q^^Q]]Q]]P]\P\\P\\O\\O[[O[[O[[N[[N[ZNZZMZZLZZLZYLYYLYYKYWKYWKYWKYXKXWKWVJWWJXVIWVHWVHWVIWVHVUGVUGVUGVUGVTGUSGVTFVTEVTFVSEUSETSETSDURETRETRETRDTRDSRDTRDTQCTQCTRD

BYL<`S<^P8UF.VG.XI0^Q9VH/SE,TF-UG.UG.UG.WI1XI2SF,SF,SF,TF-TG.UH/ZM4_S:^R9^R9]Q9]P8UH0XK3VI/]Q9]Q9]Q:[N6SF,UG.XL3^R:^R:WJ2TH/UH/SF-\O7\O7\P8YM4SF.QD,SE.WK2[N7[N7[O8[N8[N8[N8[N8YL6YL6WK5XL6YL6YL6YL6WL5WK5VJ4OC1NA3MB2QE2VJ4UI3UI3TI4TH3TH3SH3SH3RG2RG2QF2PF1PE1PE1PE0PE0OD0OD0QF3OD0NB/MB.MB.

k`LOB WJ4XK5WJ4WJ4WK5WK5VJ4VJ4VI4UI4UI4TI4TI3UH3UH3TH3RG2RG2RG2RG2QF1QF1QF2QF2PE1PE1PE1OD0OD0OD0NC/MB.MB/LA.LA.LA.KA.K@.J?-J?-I?-I?,H>,

PD.XK5RD.xm[

RE.VI3PC,

NB,QF1SG3RG2RG1RF1RF1QF1RF1QE1QF2QF2PE1PD1QD1PD0OD0NC/OC/NC/NC.MB.MC/MB.MA.LA.LA.L@.K@,K@,J@,J?,J>,I>,I>,H>,G= G= G= F<*F<*E;)E;*

G;&OD0OD0OD0OC.NC.NC.NB.MB.MB/MB/MB.LB.LA.LA.LA.K@-K@.J?-MC1MC1I>,J?-I>,I>,I>,G= G=*G=*G=*G<*G<*F;)F;*E;)E;)D:(D:(D:(C9(C9(C9(

OC.TI6RG3MA-NB.MA-K?*

?5$?5$>4#>4#=4#=3"=4#=3"<2!G?.ZRC=5&:1":2":2":2":1":1":1":1"90"90"90"8/"8/!8/!8/!7. 7. 7. 7-

8/!:2$4,

@6$>4"8,

<2"<2#;2";2!:2!:1"<4$;2#90"4

8/!8/!8/!8.!7. 7. 7. 7. 6-

80 90"2(

6- 6- 6-

JJJ...SSS

/,)/,)?:7

tGHt.Ht&

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

USER32.DLL

Seed: %d

D:\build\autobuild\e957a850ea619703\downloader\Release\downloader.pdb

RegOpenKeyExW

ole32.dll

OLEAUT32.dll

URLOpenBlockingStreamW

urlmon.dll

WINTRUST.dll

VERSION.dll

GetConsoleOutputCP

zcÁ

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

3.44484<4@4

"hXXp://crl.verisign.com/tss-ca.crl0

hXXp://ocsp.verisign.com0

Thawte Certification1

0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0

2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.

3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D

hXXps://VVV.verisign.com/rpa0

hXXp://ocsp.verisign.com0?

3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0

.Class 3 Public Primary Certification Authority0

hXXps://VVV.verisign.com/cps0*

#hXXp://logo.verisign.com/vslogo.gif0

hXXp://ocsp.verisign.com01

hXXp://crl.verisign.com/pca3.crl0)

hXXp://VVV.yandex.ru0

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

4O4

3:3?3!4.444`4

2(3,3034383

mscoree.dll

KERNEL32.DLL

WUSER32.DLL

dhXXp://legal.yandex.ru/elements_agreement/

_Hyperlink_Object_Pointer_\{AFEED740-CC6D-47c5-831D-9848FD916EEF}

%Program Files%\DAEMON Tools Lite\DT_free_Rus_YandexBar1022.exe

DAEMON Tools Lite ve Yandex.Bar

Yandex.Bar

Instalovat Yandex.Bar Seznam Edition

Nastavit Seznam.cz jako domovskou str

m Yandex.Baru Seznam Edition souhlas

Yandex.Bar v barv

tu Yandex.Bar v barv

by Seznam.cz

The file "%s" is signed and the signature was verified.

The file "%s" is not signed.

An unknown error occurred trying to verify the signature of the "%s" file.

Error is: 0x%x.

For using type: downloader.exe --partner <name> [--distr <params>] [--try] <download try count> [--sync]

Oops after %d bytes.

File downloading complete: %s, size: %d

Speed: %dKBs

File doesn't exist: %s

Can't create file '%s'

Error: 0x%x

Exit code: 0x%x

Can't get exit code. Error: 0x%x

Downloading installer: %s

try %d

HRESULT: 0xX

Distr: %s

Try to run: %s %s

%d.%d.%d

Val: %d

templ: %s

%s: %s

New partner name: %s

url: %s

name: %s

fb: %s

lt: %s

\downloader.log

cmd: %s

ver: %s

os: %s

elevated: %s

\seed.txt

Params: '%s'

hXXp://downloader.yandex.net/yandex-pack/downloader/info.rss

hXXp://download.yandex.ru/yandex-pack/downloader/info.rss

hXXp://downloader.yandex.net/yandex-pack/

YandexPackSetup.exe

YandexSearch.exe

DebugURL

downloader.yandex.net

download.yandex.ru

suffix: %s

%d.%d.%d.%d

0.1.0.16

download.exe

DT Yandex Setup.exe

WMIADAP.EXE_3440:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

USER32.dll

msvcrt.dll

wbemcomn.dll

OLEAUT32.dll

ole32.dll

loadperf.dll

`.bik

PSSSSSSh

WMIADAP.exe

?CloseSubKey@CRegistry@@AAEXXZ

?CreateOpen@CRegistry@@QAEJPAUHKEY__@@PBGPAGKKPAU_SECURITY_ATTRIBUTES@@PAK@Z

?DeleteCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBG@Z

?DeleteCurrentKeyValue@CRegistry@@QAEKPBG@Z

?DeleteKey@CRegistry@@QAEJPAVCHString@@@Z

?GetCurrentBinaryKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGPAEPAK@Z

?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z

?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGPAEPAK@Z

?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAK@Z

?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z

?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHStringArray@@@Z

?GetCurrentKeyValue@CRegistry@@QAEKPBGAAK@Z

?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z

?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHStringArray@@@Z

?GetCurrentRawKeyValue@CRegistry@@AAEKPAUHKEY__@@PBGPAXPAK3@Z

?GetCurrentRawSubKeyValue@CRegistry@@AAEKPBGPAXPAK2@Z

?GetCurrentSubKeyCount@CRegistry@@QAEKXZ

?GetCurrentSubKeyName@CRegistry@@QAEKAAVCHString@@@Z

?GetCurrentSubKeyPath@CRegistry@@QAEKAAVCHString@@@Z

?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAK@Z

?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z

?GetCurrentSubKeyValue@CRegistry@@QAEKPBGPAXPAK@Z

?GetLongestSubKeySize@CRegistry@@QAEKXZ

?GethKey@CRegistry@@QAEPAUHKEY__@@XZ

?LocateKeyByNameOrValueName@CRegistrySearch@@QAEHPAUHKEY__@@PBG1PAPBGKAAVCHString@@3@Z

?NextSubKey@CRegistry@@QAEKXZ

?Open@CRegistry@@QAEJPAUHKEY__@@PBGK@Z

?OpenAndEnumerateSubKeys@CRegistry@@QAEJPAUHKEY__@@PBGK@Z

?OpenLocalMachineKeyAndReadValue@CRegistry@@QAEJPBG0AAVCHString@@@Z

?OpenSubKey@CRegistry@@AAEKXZ

?RewindSubKeys@CRegistry@@QAEXXZ

?SearchAndBuildList@CRegistrySearch@@QAEHVCHString@@AAVCHPtrArray@@00HPAUHKEY__@@@Z

?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAK@Z

?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z

?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHStringArray@@@Z

?SetCurrentKeyValue@CRegistry@@QAEKPBGAAK@Z

?SetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z

?SetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHStringArray@@@Z

?SetCurrentKeyValueExpand@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z

?myRegCreateKeyEx@CRegistry@@AAEJPAUHKEY__@@PBGKPAGKKQAU_SECURITY_ATTRIBUTES@@PAPAU2@PAK@Z

?myRegDeleteKey@CRegistry@@AAEJPAUHKEY__@@PBG@Z

?myRegDeleteValue@CRegistry@@AAEJPAUHKEY__@@PBG@Z

?myRegEnumKey@CRegistry@@AAEJPAUHKEY__@@KPAGK@Z

?myRegEnumValue@CRegistry@@AAEJPAUHKEY__@@KPAGPAK22PAE2@Z

?myRegOpenKeyEx@CRegistry@@AAEJPAUHKEY__@@PBGKKPAPAU2@@Z

?myRegQueryInfoKey@CRegistry@@AAEJPAUHKEY__@@PAGPAK22222222PAU_FILETIME@@@Z

?myRegQueryValueEx@CRegistry@@AAEJPAUHKEY__@@PBGPAK2PAE2@Z

?myRegSetValueEx@CRegistry@@AAEJPAUHKEY__@@PBGKKPBEK@Z

QSSh0

Invalid parameter passed to C runtime function.

ntdll.dll

RegCloseKey

RegOpenKeyExW

RegCreateKeyExW

RegEnumKeyW

RegDeleteKeyW

RegQueryInfoKeyW

_amsg_exit

_acmdln

?Report@CEventLog@@QAEHGKVCInsertionString@@000000000@Z

WMIADAP.pdb

<assemblyIdentity version="1.0.0.0"

<requestedExecutionLevel level="asInvoker" uiAccess="false"/>

5m6z6

%s_x

%s_x_

Global\WMI_SysEvent_Semaphore_%d

WinMSGWMIADAP

\\.\root\cimv2

WMIADAP Msg window

\\.\root\wmi

PSAPI.DLL

x=%s

Describes all the counters supported via WMI Hi-Performance providers

_new.ini

xx %s%s.ini

xx %s

\\.\ROOT\cimv2:__ClassProviderRegistration.provider="\\\\.\\root\\cimv2:__Win32Provider.Name=\"WmiPerfClass\""

WmiApRes.dll

%s\%s

6.1.7600.16385 (win7_rtm.090713-1255)

wmicookr.dll

Windows

Operating System

6.1.7600.16385

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

DAEMONLite4.41.exe:3616
sidebar.exe:1808
%original file name%.exe:1796
rundll32.exe:3972
DrvInst.exe:2628
DrvInst.exe:3532
DrvInst.exe:4052
SetupHelper.exe:2904
regsvr32.exe:1428
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe (1151 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DAEMONLite4.41.exe (5340 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\zone-it.com.url (198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\zone-it.com.nfo (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\KOB.dll (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\x.bat (964 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\Readme2.vbs (75 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\RUN.exe (2192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\Ã Â¹â‚¬Ã Â¸â€žÃ Â¸Â£Ã Â¸â€Ã Â¸Â´Ã Â¸â€¢.txt (133 bytes)
C:\Windows\inf\setupapi.dev.log (478 bytes)
C:\Windows\System32\DriverStore\infpub.dat (248 bytes)
C:\Windows\Temp\Tar4716.tmp (2712 bytes)
C:\Windows\Temp\Tar45E8.tmp (2712 bytes)
C:\Windows\Temp\Tar4659.tmp (2712 bytes)
C:\Windows\Temp\Tar4598.tmp (2712 bytes)
C:\Windows\System32\DriverStore\infstrng.dat (1036 bytes)
C:\Windows\Temp\Cab45E7.tmp (48 bytes)
C:\Windows\Temp\Tar4628.tmp (2712 bytes)
C:\Windows\Temp\Cab4658.tmp (48 bytes)
C:\Windows\Temp\Cab4627.tmp (48 bytes)
C:\Windows\Temp\Cab4715.tmp (48 bytes)
C:\Windows\inf\oem10.PNF (7501 bytes)
C:\Windows\System32\drivers\SET46FE.tmp (1281 bytes)
C:\Windows\Temp\Cab4597.tmp (48 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F62.tmp (1281 bytes)
C:\Windows\System32\DriverStore\FileRepository\dtsoftbus01.inf_x86_neutral_1cc2711e3c419337\dtsoftbus01.PNF (14978 bytes)
C:\Windows\Temp\Tar415A.tmp (2712 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F50.tmp (7 bytes)
C:\Windows\Temp\Tar4127.tmp (2712 bytes)
C:\Windows\Temp\Tar417B.tmp (2712 bytes)
C:\Windows\inf\oem10.inf (1 bytes)
C:\Windows\System32\DriverStore\INFCACHE.0 (1523 bytes)
C:\Windows\Temp\Tar4139.tmp (2712 bytes)
C:\Windows\Temp\Cab417A.tmp (48 bytes)
C:\Windows\Temp\Cab4138.tmp (48 bytes)
C:\Windows\System32\DriverStore\infstor.dat (308 bytes)
C:\Windows\Temp\Cab4126.tmp (48 bytes)
C:\Windows\Temp\Cab40C7.tmp (48 bytes)
C:\Windows\Temp\Tar40C8.tmp (2712 bytes)
C:\Windows\Temp\Cab4159.tmp (48 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F51.tmp (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider.png (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_bottom.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Grabbing.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives4.png (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\setuphlp.dll (267063 bytes)
%Program Files%\DAEMON Tools Lite\DTLite.exe (316919 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_middle.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\add_slot.png (906 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drive_controls.png (10 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SLV.dll (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHS.dll (1597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_bottom.png (627 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ESN.dll (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\virtual_drive.js (226 bytes)
%Program Files%\DAEMON Tools Lite\imgengine.dll (11663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\no_slot.png (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\NLB.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\TRK.dll (2461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_selected.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_out.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_drive_disable.png (505 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SRL.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\warning_48.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_hint_right.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives0.png (547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_news_display_top.gif (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar43EA.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\content_bottom.gif (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\MNDManager.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives0.png (23 bytes)
C:\Windows\System32\catroot2\dberr.txt (1255 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\down_drive.png (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_2.png (209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab1.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\down_drive.png (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\no_drive_select.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_bottom_links_news.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab2.png (1340 bytes)
%Program Files%\DAEMON Tools Lite\SPTDinst-x86.exe (21234 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HYE.dll (3398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_out.png (893 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_left.png (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\RUS.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\content_bottom.gif (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED3.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_9.png (502 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HRV.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_window.png (11 bytes)
%Program Files%\DAEMON Tools Lite\DT.gadget (33248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab3.png (995 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin3_pro.jpg (1873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\style.css (851 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_right.png (137 bytes)
%Program Files%\DAEMON Tools Lite\DTCommonRes.dll (109567 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_selected.png (606 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\skins_gallery_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc341B.tmp (799348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_middle.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab1.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_tab.gif (535 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_selected.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_top.png (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab3.png (1155 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_over.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BIH.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_bottom_links_news.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_top_right.png (168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_top.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\DTGadget_icon.png (1910 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_out.png (597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dell_slot.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_controls_icons.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives2.png (8 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ARA.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_bottom.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SVE.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_window.png (824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KOR.dll (1597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\read.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\skin_select.gif (295 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\help.png (896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\unmounted.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar438B.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DEU.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drive_controls.png (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tabgrey.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_selected.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_hint.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_window.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives2.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_drive_hover.png (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\unmounted.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_middle.png (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\DTSetupHelper.exe (6532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_over.png (744 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\IND.dll (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_news_display_top.gif (134 bytes)
%Program Files%\DAEMON Tools Lite\Lang\PLK.dll (3616 bytes)
%Program Files%\DAEMON Tools Lite\Lang\BGR.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FRA.dll (5114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\feedback.png (761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drive_select.png (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drive_controls.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\no_drive_select.png (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\make_img.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_out.png (811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drag.png (1359 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SKY.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_bottom_right.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_selected.png (606 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3EE5.tmp (1281 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ITA.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KAT.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drive_select.png (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Grabbing.ico (1 bytes)
%Program Files%\DAEMON Tools Lite\DT_free_Rus_YandexBar1022.exe (84187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives3.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_selected.png (871 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives4.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\prop_.png (1096 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HUN.dll (3312 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HEB.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\01_attached_unmounted.png (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\CHT.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\inf.png (686 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_7.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_over.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_top.png (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_right.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LTH.dll (3722 bytes)
%Program Files%\DAEMON Tools Lite\Lang\CSY.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_3.png (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab438A.tmp (51 bytes)
%Program Files%\DAEMON Tools Lite\Lang\NOR.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_icon.png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_1.png (311 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_bottom.gif (424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\content_bottom.gif (282 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget_pro.xml (913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab1.ico (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_6.png (171 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget_lite.xml (913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SKY.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives1.png (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\settings.html (856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\1.png (122 bytes)
%Program Files%\DAEMON Tools Lite\Lang\DEU.dll (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab2.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_out.png (669 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives0.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\down_drive_hover.png (348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_top.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\skin_gallery.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_drive.png (943 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ELL.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar4379.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED4.tmp (1 bytes)
%Program Files%\DAEMON Tools Lite\Lang\LTH.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\skin_select.gif (295 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives1.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_over.png (402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png (500 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ENU.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar44EC.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_top.png (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\MNDManager.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\add_drive.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_out.png (471 bytes)
%Program Files%\DAEMON Tools Lite\Lang\TRK.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab44EB.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\settings.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_middle.png (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab448B.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_bottom.png (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Grabbing.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\1.png (122 bytes)
%Program Files%\DAEMON Tools Lite\Lang\KOR.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_icon.png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_out.png (797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\error.png (809 bytes)
%Program Files%\DAEMON Tools Lite\Lang\FRA.dll (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\mount_n_drive.html (2 bytes)
%Program Files%\DAEMON Tools Lite\uninst.exe (66912 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\lines.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_drive.png (903 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png (1536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_unread.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message.css (995 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider_left.png (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\message.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_selected.png (362 bytes)
%Program Files%\DAEMON Tools Lite\DTShellHlp.exe (98771 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_refresh.png (800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\main_controls_icons.png (964 bytes)
%Program Files%\DAEMON Tools Lite\Lang\UKR.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slot_button1.gif (859 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar448C.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_middle.gif (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\shortcut_hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_news_display_middle.gif (59 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HUN.dll (3398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_middle.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives3.png (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_bottom.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\1.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\down_drive_hover.png (348 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\Uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives1.png (7 bytes)
%Program Files%\DAEMON Tools Lite\Lang\PTB.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\DTGadget_icon.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\chenge_view.png (575 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_bottom_links_news.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_out.png (597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\lines.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss.gif (635 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin2.jpg (633 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_selected.png (385 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_bottom.png (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\JPN.dll (1921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_over.png (642 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\add_image.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ESN.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\mounted.png (433 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ARA.dll (3398 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ROM.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_bottom_left.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_middle.png (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ENU.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\close.png (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\IND.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\DTGadget_icon.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab3.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_butts.gif (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_news_display_top.gif (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\feedback.png (761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\drive_slotes.js (1309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\popup_window.css (103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\feedback.png (761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\1.png (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PLK.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\left_right_butts.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slot_button.gif (852 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\down_drive_hover.png (348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_selected.png (750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drive_select.png (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHT.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\photoshop.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\01_attached_mounted.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_drive_disable.png (904 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_bottom.png (140 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_drive_disable.png (505 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\SetupHelper.exe (1856 bytes)
%Program Files%\DAEMON Tools Lite\dtsoftbus01.sys (232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_icon.png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab2.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_refresh.png (759 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\global_settings.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\chenge_view.png (575 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_divider_left.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\rss.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\1.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_out.png (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HRV.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_refresh.png (800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_divider_right.png (135 bytes)
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_butts.gif (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\unread.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\jquery-1.3.1.min.js (2333 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives2.png (1724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\make_img.css (103 bytes)
%Program Files%\DAEMON Tools Lite\InstallGadget.exe (12536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin3.jpg (578 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FIN.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_unread.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\shortcut_hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\mounted.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_middle.gif (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\unmounted.png (1 bytes)
%Program Files%\DAEMON Tools Lite\DTHelper.exe (19152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_over.png (157 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ITA.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab441A.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\gadget.js (454 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_window_small.png (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_selected.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_over.png (374 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\photoshop.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ROM.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_selected.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_drive_hover.png (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\lines.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\shortcut_hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar447B.tmp (2712 bytes)
%Program Files%\DAEMON Tools Lite\Lang\LVI.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tabblue.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SRL.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\help.png (896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_out.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\add_image.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_window_small.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\help.png (896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_over.png (642 bytes)
%Program Files%\DAEMON Tools Lite\Lang\KAT.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\json_parse.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_top.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_top_left.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin2_pro.jpg (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_butt.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_window.png (1162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\add_image.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\no_drive_select.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget.xml (913 bytes)
C:\ProgramData\DAEMON Tools Lite\license.dat (2156 bytes)
%Program Files%\DAEMON Tools Lite\Engine.dll (132485 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab43E9.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_icon_pro.png (960 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_controls_icons.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\mounted.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_butt.png (1 bytes)
%Program Files%\DAEMON Tools Lite\DTGadget32.dll (10136 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives3.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\prop_.png (804 bytes)
%Program Files%\DAEMON Tools Lite\Lang\AFK.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\main_controls_icons.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_drive.png (903 bytes)
%Program Files%\DAEMON Tools Lite\dtsoftbus01.inf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives4.png (962 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider_right.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin1_pro.jpg (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_top.png (137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DAN.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_selected.png (465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\dtcom.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_controls_icons.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab4378.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_over.png (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LVI.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\gadjet_scripts.js (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_left.png (137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message.css (995 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\down_drive.png (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_drive_hover.png (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\System.dll (11 bytes)
%Program Files%\DAEMON Tools Lite\SPTDinst-x64.exe (24832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_selected.png (465 bytes)
%Program Files%\DAEMON Tools Lite\Lang\BIH.dll (3616 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SVE.dll (3616 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\dtsetup.ini (1358 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab1.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\chenge_view.png (677 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\skins_gallery_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_8.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_butt.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab447A.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\AFK.dll (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar441B.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab1.ico (16 bytes)
%Program Files%\DAEMON Tools Lite\DTGadget64.dll (12088 bytes)
%Program Files%\DAEMON Tools Lite\Lang\FIN.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\MNDManager.ico (1150 bytes)
%Program Files%\DAEMON Tools Lite\Lang\DAN.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_selected.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin1.jpg (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_selected.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\style.css (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_out.png (669 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\warning.png (3 bytes)
%Program Files%\DAEMON Tools Lite\Lang\RUS.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_bottom.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HEB.dll (2473 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_butts.gif (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_over.png (891 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ELL.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\photoshop.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_middle.gif (897 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\prop_.png (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NLB.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\mount.html (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\JPN.dll (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CSY.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\style.css (1093 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_unread.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab1.ico (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\UKR.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\rss.js (988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_over.png (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\1.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PTB.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BGR.dll (3730 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HYE.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SLV.dll (1921 bytes)
%Program Files%\DAEMON Tools Lite\dtsoftbus01.cat (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_bottom.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NOR.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\main_controls_icons.png (488 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget.html (9 bytes)
%Program Files%\DAEMON Tools Lite\Lang\CHS.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe (187244 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat (2712 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite" = "%Program Files%\DAEMON Tools Lite\DTLite.exe -autorun"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.