Application.Limewire.A_b79e1e468d

by malwarelabrobot on July 23rd, 2015 in Malware Descriptions.

not-a-virus:AdWare.Win32.TopMoxie.e (Kaspersky), Application.Limewire.A (AdAware), Trojan.Win32.Alureon.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan, Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: b79e1e468d6781682cf7de038d46c542
SHA1: 215859d80dc621e7059cbd161ab8b24b468cb195
SHA256: e41b11e7b894da36784e1415e678174b2befc6fc5f52e0e8af7bd75704c66f82
SSDeep: 98304:ZS5bVIj1pq62qEAudIOG4XmwxaHewTvdJ9IlS:s5bas1qEDyOzJwj77
Size: 4074901 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: no certificate found
Created at: 2002-06-24 21:22:31
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Application creates the following process(es):

MsiExec.exe:740
MsiExec.exe:1880
%original file name%.exe:188
IDriver.exe:412

The Application injects its code into the following process(es):

IDriver.exe:1928

Mutexes

The following mutexes were created/opened:

ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZonesCounterMutex
RasPbFile
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
c:!documents and settings!adm!cookies!
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
WininetProxyRegistryMutex
WininetConnectionMutex
ShimCacheMutex

File activity

The process MsiExec.exe:740 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\ls_license.txt (19620 bytes)

The process %original file name%.exe:188 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\HMNHLGIO\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~1.tmp (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is2\Setup.INI (29 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\HJHQ6B1O\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is2\isscript.msi (81132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is2\0x0409.ini (345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is2\ISScript.isc (77 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CT48K6BI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is2\_ISMSIDEL.INI (553 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_is2\LimeWire.msi (1858338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LTQCY2RD\isscript[1].msi (697332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LTQCY2RD\desktop.ini (67 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_is2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_MSI5166._IS (0 bytes)

The process IDriver.exe:1928 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\ISRT.DLL (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\setup.inx (382480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\IsConfig.INI (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSI8.tmp (48184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\_ISUSER.DLL (24240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSIA.tmp (48184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSI7.tmp (100800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSI9.tmp (61144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\_ISRES.DLL (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\String1033.txt (223380 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\My Documents\My Pictures (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSI8.tmp (0 bytes)
C:\MSI74d62.tmp (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSIA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSI7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MSI9.tmp (0 bytes)

Registry activity

The process MsiExec.exe:740 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 2A 2E 4C 18 6A 25 BB DB 14 20 EC F1 04 C0 67"

The process MsiExec.exe:1880 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCR\Interface\{777C89E3-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A09-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A0A-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupProgress"

[HKCR\Interface\{777C8A07-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{777C8A16-5C36-11D5-ABAF-00B0D02332EB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{777C8A0D-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupMainWindow2"

[HKCR\Interface\{777C8A08-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupWindowImage"

[HKCR\Interface\{777C8A06-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89E2-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A0F-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupMainWindow4"

[HKCR\Interface\{777C8A13-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A12-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89E8-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{777C89DF-5C36-11D5-ABAF-00B0D02332EB}\InprocServer32]
"(Default)" = "%Program Files%\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll"

[HKCR\Interface\{777C8A0D-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89EA-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A12-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupWindowBillBoards"

[HKCR\TypeLib\{777C89DE-5C36-11D5-ABAF-00B0D02332EB}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Common Files\InstallShield\Driver\7\Intel 32\"

[HKCR\Interface\{777C8A0B-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A0A-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A0E-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupMainWindow3"

[HKCR\CLSID\{777C8A16-5C36-11D5-ABAF-00B0D02332EB}\InprocServer32]
"(Default)" = "%Program Files%\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll"

[HKCR\Interface\{777C8A06-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupGUIObject"

[HKCR\Interface\{777C8A0F-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\IPW.User\CLSID]
"(Default)" = "{777C8A16-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89F1-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{777C8A05-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A13-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A0A-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A0D-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A06-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A06-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A13-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F7-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A0F-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F1-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupObjectClass"

[HKCR\Interface\{777C8A09-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{777C89DF-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "InstallShield Script Engine"

[HKCR\Interface\{777C8A13-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupRebootable"

[HKCR\Interface\{777C89ED-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A08-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89E2-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{777C8A16-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "InstallShield setup user interafce"

[HKCR\Interface\{777C89E2-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A06-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\IPW.User.1\CLSID]
"(Default)" = "{777C8A16-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\IPW.ScriptEngine]
"(Default)" = "InstallShield Script Engine"

[HKCR\CLSID\{777C8A16-5C36-11D5-ABAF-00B0D02332EB}\VersionIndependentProgID]
"(Default)" = "IPW.User"

[HKCR\IPW.User]
"(Default)" = "InstallShield setup user interafce"

[HKCR\CLSID\{777C8A05-5C36-11D5-ABAF-00B0D02332EB}\InProcServer32]
"(Default)" = "%Program Files%\Common Files\InstallShield\Driver\7\Intel 32\Objps7.dll"

[HKCR\Interface\{777C8A11-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A07-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A08-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\IPW.User.1]
"(Default)" = "InstallShield setup user interafce"

[HKCR\CLSID\{777C89DF-5C36-11D5-ABAF-00B0D02332EB}\ProgID]
"(Default)" = "IPW.ScriptEngine.1"

[HKCR\Interface\{777C8A09-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupWindowText"

[HKCR\Interface\{777C8A09-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A07-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F8-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A11-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\IPW.ScriptEngine.1]
"(Default)" = "InstallShield Script Engine"

[HKCR\Interface\{777C8A0B-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A0A-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89EC-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\TypeLib\{777C89DE-5C36-11D5-ABAF-00B0D02332EB}\1.0]
"(Default)" = "InstallShield Script 1.0 Type Library"

[HKCR\Interface\{777C89E1-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C89DE-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A10-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupSDMessage"

[HKCR\Interface\{777C89F9-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89EF-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\TypeLib\{777C89DE-5C36-11D5-ABAF-00B0D02332EB}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TypeLib\{777C8A14-5C36-11D5-ABAF-00B0D02332EB}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{777C89EE-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A08-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F1-5C36-11D5-ABAF-00B0D02332EB}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{777C8A05-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{777C89E1-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89E3-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C89DE-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A12-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\CLSID\{777C8A16-5C36-11D5-ABAF-00B0D02332EB}\ProgID]
"(Default)" = "IPW.User.1"

[HKCR\Interface\{777C8A10-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A10-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A0D-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\IPW.ScriptEngine.1\CLSID]
"(Default)" = "{777C89DF-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89E2-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupScriptEngine2"

[HKCR\CLSID\{777C8A05-5C36-11D5-ABAF-00B0D02332EB}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{777C89FB-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A0C-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A08-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A0C-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\IPW.ScriptEngine\CLSID]
"(Default)" = "{777C89DF-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\TypeLib\{777C89DE-5C36-11D5-ABAF-00B0D02332EB}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll"

[HKCR\Interface\{777C8A05-5C36-11D5-ABAF-00B0D02332EB}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{777C8A0B-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupProgress2"

[HKCR\Interface\{777C8A0C-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A09-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A0E-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"
"Version" = "1.0"

[HKCR\Interface\{777C89E3-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A07-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupUserInterface"

[HKCR\Interface\{777C8A11-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A0C-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupMainWindow"

[HKCR\CLSID\{777C89DF-5C36-11D5-ABAF-00B0D02332EB}\VersionIndependentProgID]
"(Default)" = "IPW.ScriptEngine"

[HKCR\TypeLib\{777C8A14-5C36-11D5-ABAF-00B0D02332EB}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll"

[HKCR\Interface\{777C89E1-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupScriptEngine"

[HKCR\Interface\{777C8A0F-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89E3-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A12-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A0E-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89E8-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A11-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A10-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A13-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F0-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89E3-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupScriptController"

[HKCR\Interface\{777C89E8-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C89DE-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89E8-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupScriptError"

[HKCR\Interface\{777C8A05-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupServiceProvider"

[HKCR\Interface\{777C8A0F-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A10-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{777C89DF-5C36-11D5-ABAF-00B0D02332EB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{777C8A11-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupMultiMedia"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 88 1F 59 68 97 47 58 C7 23 76 68 5B 89 27 2D"

[HKCR\Interface\{777C8A12-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89E2-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C89DE-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89E8-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A01-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C89E1-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A07-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{777C8A14-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A0A-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A0C-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{777C8A14-5C36-11D5-ABAF-00B0D02332EB}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Common Files\InstallShield\Driver\7\Intel 32\"

[HKCR\Interface\{777C8A05-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{777C8A05-5C36-11D5-ABAF-00B0D02332EB}"

[HKCR\Interface\{777C8A0D-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{777C8A14-5C36-11D5-ABAF-00B0D02332EB}\1.0]
"(Default)" = "Setup UI 1.0 Type Library"

[HKCR\Interface\{777C89E1-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A0E-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A0B-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A0B-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

The process %original file name%.exe:188 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 56 AD 1F 32 60 6D 8D 2E 27 3C 8F AE 48 84 99"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2D69A20EC4F0CD19037FD6D6246B1EE0EC41BA22]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 BD C0 6E DA"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
"2D69A20EC4F0CD19037FD6D6246B1EE0EC41BA22"

The process IDriver.exe:1928 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 AB 08 BF 47 EA 19 65 C6 4B 13 CD 93 91 A7 78"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

The process IDriver.exe:412 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCR\Interface\{777C89E9-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupLogService"

[HKCR\Interface\{135F108E-AD38-11D5-ABCD-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{D211D430-D52F-11D4-AB86-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9BC-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{99BDE2B6-D79E-11D4-AB87-00B0D02332EB}\ProgID]
"(Default)" = "ISInstallDriver.StringTable.1"

[HKCR\CLSID\{99BDE2B6-D79E-11D4-AB87-00B0D02332EB}\VersionIndependentProgID]
"(Default)" = "ISInstallDriver.StringTable"

[HKCR\Interface\{3147B9E0-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupComponent"

[HKCR\CLSID\{A52D1D8E-BCCA-11D4-AB7D-00B0D02332EB}\ProgID]
"(Default)" = "ISInstallDriver.InstallDriver.1"

[HKCR\Interface\{4EAEAA3C-FD20-11D4-AB92-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\IDriver.EXE]
"AppID" = "{E4A51076-BCD3-11D4-AB7D-00B0D02332EB}"

[HKCR\Interface\{3147B9A3-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89EC-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F8-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89EB-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9C1-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9C1-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9DC-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9AE-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89F7-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9B7-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupRegistry"

[HKCR\Interface\{E4A51081-BCD3-11D4-AB7D-00B0D02332EB}]
"(Default)" = "IISInstallDriver"

[HKCR\Interface\{777C89FF-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9BC-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupRegistry2"

[HKCR\Interface\{3147B9D2-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B984-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F7-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupBasicFeature"

[HKCR\Interface\{3147B9AE-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C445860A-9BE8-11D5-ABBF-00B0D02332EB}]
"(Default)" = "IInstallDriverVersion"

[HKCR\Interface\{C0E3CD3A-E8DA-11D4-84B0-00B0D023B209}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B98C-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\{E4A51076-BCD3-11D4-AB7D-00B0D02332EB}]
"(Default)" = "InstallShield InstallDriver"

[HKCR\Interface\{777C8A02-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89EA-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C8A04-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{D211D430-D52F-11D4-AB86-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9CD-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9D9-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9BC-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{D72FDDC4-672E-4D49-A8A6-0CDD039B2FAE}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9D2-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupFileRegistrar"

[HKCR\Interface\{3147B999-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89F8-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupBasicFeatureStateEvents"

[HKCR\TypeLib\{3147B9F7-D11F-11D4-AB83-00B0D02332EB}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{3147B989-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{7B1E910E-9744-11D5-ABBF-00B0D02332EB}]
"(Default)" = "IMsiServer2"

[HKCR\CLSID\{A52D1D8E-BCCA-11D4-AB7D-00B0D02332EB}]
"AppID" = "{E4A51076-BCD3-11D4-AB7D-00B0D02332EB}"

[HKCR\Interface\{E4A51081-BCD3-11D4-AB7D-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F8-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B997-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B99D-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\CLSID\{99BDE2B6-D79E-11D4-AB87-00B0D02332EB}\LocalServer32]
"(Default)" = "C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe"

[HKCR\Interface\{777C89FE-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89EB-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupLogDB2"

[HKCR\Interface\{3147B9DC-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\TypeLib\{3147B9F7-D11F-11D4-AB83-00B0D02332EB}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe"

[HKCR\Interface\{777C89ED-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{135F108E-AD38-11D5-ABCD-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89FD-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9CA-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89FC-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9F0-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{5F13E632-D79E-11D4-AB87-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A00-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{82843E72-7263-11D5-ABB6-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B99D-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89FE-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A02-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\ISInstallDriver.InstallDriver.1]
"(Default)" = "InstallShield InstallDriver"

[HKCR\Interface\{777C89F7-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89E9-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B98C-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupSharedFiles"

[HKCR\Interface\{777C89FC-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{D211D430-D52F-11D4-AB86-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{82843E72-7263-11D5-ABB6-00B0D02332EB}]
"(Default)" = "ISetupInitializationProgress"

[HKCR\Interface\{5F13E632-D79E-11D4-AB87-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9BC-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9E6-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C8A00-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupFileErrors"

[HKCR\ISInstallDriver.StringTable.1]
"(Default)" = "InstallShield InstallDriver String Table"

[HKCR\TypeLib\{00020430-0000-0000-C000-000000000046}\1.0\FLAGS]
"(Default)" = "1"

[HKCR\Interface\{3147B9EC-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9EC-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupStringTable"

[HKCR\Interface\{777C89F0-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A01-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupTransferEvents"

[HKCR\Interface\{3147B9AE-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9B2-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupTypes"

[HKCR\Interface\{3147B9D9-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupCABFile"

[HKCR\Interface\{C0E3CD3A-E8DA-11D4-84B0-00B0D023B209}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A01-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B992-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9C6-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{E4A51081-BCD3-11D4-AB7D-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F3-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9D2-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7B1E910E-9744-11D5-ABBF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{C445860A-9BE8-11D5-ABBF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{C0E3CD3A-E8DA-11D4-84B0-00B0D023B209}]
"(Default)" = "IMSIMsgHandler"

[HKCR\Interface\{3147B9A9-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupMedia2"

[HKCR\Interface\{777C89F3-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5F13E632-D79E-11D4-AB87-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89F0-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{A52D1D8E-BCCA-11D4-AB7D-00B0D02332EB}\LocalServer32]
"(Default)" = "C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe"

[HKCR\Interface\{3147B9B2-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89E9-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A00-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{4EAEAA3C-FD20-11D4-AB92-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C0E3CD3A-E8DA-11D4-84B0-00B0D023B209}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B99D-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupInfo"

[HKCR\Interface\{777C89F4-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F6-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89FD-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{D211D430-D52F-11D4-AB86-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{82843E72-7263-11D5-ABB6-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89FB-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C445860A-9BE8-11D5-ABBF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9A9-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89FC-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89FE-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89FC-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F9-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9A3-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7B1E910E-9744-11D5-ABBF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9BC-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B992-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9B7-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9E6-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{D211D430-D52F-11D4-AB86-00B0D02332EB}]
"(Default)" = "ISetupCABFileMsi"

[HKCR\Interface\{3147B9F0-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupObjectHolder"

[HKCR\Interface\{3147B9EC-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B984-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupReboot"

[HKCR\Interface\{3147B9D9-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{E4A51081-BCD3-11D4-AB7D-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{99BDE2B6-D79E-11D4-AB87-00B0D02332EB}]
"(Default)" = "InstallShield InstallDriver String Table"

[HKCR\Interface\{3147B9CA-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9B7-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89EC-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CD D7 74 2E F2 3C C9 F8 61 39 83 64 DD 19 3F 60"

[HKCR\Interface\{777C89F0-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89EF-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A01-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B997-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89F7-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89F4-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9B7-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9AE-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupType"

[HKCR\Interface\{777C89F7-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\ISInstallDriver.InstallDriver\CLSID]
"(Default)" = "{A52D1D8E-BCCA-11D4-AB7D-00B0D02332EB}"

[HKCR\Interface\{3147B99D-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9CA-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9DC-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89EF-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B999-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B999-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9D9-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5F13E632-D79E-11D4-AB87-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89EA-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E4A51081-BCD3-11D4-AB7D-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89ED-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89EE-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89EB-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{3147B9F7-D11F-11D4-AB83-00B0D02332EB}\1.0]
"(Default)" = "InstallShield Windows Installer Setup Kernel 1.0 Type Library"

[HKCR\Interface\{135F108E-AD38-11D5-ABCD-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9CA-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89FF-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B98C-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89ED-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9D2-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89F6-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B989-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89F9-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupFeature"

[HKCR\Interface\{C445860A-9BE8-11D5-ABBF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{82843E72-7263-11D5-ABB6-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9A3-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{4EAEAA3C-FD20-11D4-AB92-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B999-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89F8-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\TypeLib\{00020430-0000-0000-C000-000000000046}\1.0\0\win32]
"(Default)" = "%System%\stdole32.tlb"

[HKCR\Interface\{777C8A00-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89FD-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89FB-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\ISInstallDriver.InstallDriver]
"(Default)" = "InstallShield InstallDriver"

[HKCR\Interface\{3147B989-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9F0-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B992-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9B7-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89F8-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9C1-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89ED-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9E6-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89FB-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{135F108E-AD38-11D5-ABCD-00B0D02332EB}]
"(Default)" = "IISInstallDriverForceRemove"

[HKCR\Interface\{777C89E9-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B997-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9C1-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupShellLink"

[HKCR\Interface\{C0E3CD3A-E8DA-11D4-84B0-00B0D023B209}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89F4-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\ISInstallDriver.StringTable.1\CLSID]
"(Default)" = "{99BDE2B6-D79E-11D4-AB87-00B0D02332EB}"

[HKCR\Interface\{777C89EF-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89EE-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89EB-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9F0-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9E0-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9E0-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89F9-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89EC-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupFeatureLog"

[HKCR\Interface\{777C8A01-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{3147B9F7-D11F-11D4-AB83-00B0D02332EB}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Common Files\InstallShield\Driver\7\Intel 32\"

[HKCR\Interface\{3147B9EC-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F0-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupFeatureLogs"

[HKCR\Interface\{777C89FF-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{D72FDDC4-672E-4D49-A8A6-0CDD039B2FAE}]
"(Default)" = "IMsiServer2001"

[HKCR\Interface\{3147B9A9-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89F3-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupObject"

[HKCR\Interface\{3147B989-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupReboot2"

[HKCR\Interface\{777C89E9-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{4EAEAA3C-FD20-11D4-AB92-00B0D02332EB}]
"(Default)" = "IMsiServer"

[HKCR\Interface\{777C8A02-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B989-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F4-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupObjectContext"

[HKCR\Interface\{777C89F9-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C8A00-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9A3-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupMedia"

[HKCR\Interface\{777C89EE-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89FE-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupTransferErrorInfo"

[HKCR\CLSID\{A52D1D8E-BCCA-11D4-AB7D-00B0D02332EB}]
"(Default)" = "InstallShield InstallDriver"

[HKCR\Interface\{3147B9E0-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89EF-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9CA-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupShell"

[HKCR\Interface\{D72FDDC4-672E-4D49-A8A6-0CDD039B2FAE}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{D72FDDC4-672E-4D49-A8A6-0CDD039B2FAE}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9CD-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9F0-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89EC-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F3-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89F6-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9CD-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9E6-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupComponents"

[HKCR\Interface\{777C89EA-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{C445860A-9BE8-11D5-ABBF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9DC-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupCABFiles"

[HKCR\Interface\{777C89FD-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A02-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9B2-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9D2-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B999-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupTextSubstitution"

[HKCR\ISInstallDriver.InstallDriver.1\CLSID]
"(Default)" = "{A52D1D8E-BCCA-11D4-AB7D-00B0D02332EB}"

[HKCR\Interface\{777C89F4-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{5F13E632-D79E-11D4-AB87-00B0D02332EB}]
"(Default)" = "IInstallDriverStringTable"

[HKCR\Interface\{3147B9C6-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupShellLink2"

[HKCR\Interface\{3147B984-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{135F108E-AD38-11D5-ABCD-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A04-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89EE-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupOpType"

[HKCR\Interface\{777C89EF-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupOpTypes"

[HKCR\Interface\{777C89EA-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupLogDB"

[HKCR\Interface\{3147B9C6-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{A52D1D8E-BCCA-11D4-AB7D-00B0D02332EB}\VersionIndependentProgID]
"(Default)" = "ISInstallDriver.InstallDriver"

[HKCR\Interface\{777C89F0-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9A9-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B984-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\ISInstallDriver.StringTable\CLSID]
"(Default)" = "{99BDE2B6-D79E-11D4-AB87-00B0D02332EB}"

[HKCR\Interface\{3147B9C6-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A04-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\{E4A51076-BCD3-11D4-AB7D-00B0D02332EB}]
"RunAs" = "Interactive User"

[HKCR\Interface\{3147B9E6-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9B2-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{4EAEAA3C-FD20-11D4-AB92-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9EC-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9DC-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A04-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9C6-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C8A04-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupDriver"

[HKCR\Interface\{777C89ED-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupOpSequence"

[HKCR\Interface\{777C89EA-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F6-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupObjects"

[HKCR\Interface\{3147B984-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9C1-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89FE-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B98C-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9CD-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupShell2"

[HKCR\Interface\{D72FDDC4-672E-4D49-A8A6-0CDD039B2FAE}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F3-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9CD-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C8A01-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B98C-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89FF-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9A3-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B992-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B9B2-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89F6-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B9A9-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89EE-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3147B99D-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\ISInstallDriver.StringTable]
"(Default)" = "InstallShield InstallDriver String Table"

[HKCR\Interface\{3147B9D9-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B9E0-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3147B997-D11F-11D4-AB83-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{777C89F9-5C36-11D5-ABAF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7B1E910E-9744-11D5-ABBF-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{82843E72-7263-11D5-ABB6-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7B1E910E-9744-11D5-ABBF-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{3147B992-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupFileService"

[HKCR\Interface\{3147B9AE-D11F-11D4-AB83-00B0D02332EB}\TypeLib]
"(Default)" = "{3147B9F7-D11F-11D4-AB83-00B0D02332EB}"

[HKCR\Interface\{777C89EB-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89FF-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupFileErrorInfo"

[HKCR\Interface\{777C89FC-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupFilesCost"

[HKCR\Interface\{777C89FD-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupTransfer"

[HKCR\Interface\{777C89FB-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupFeatures"

[HKCR\Interface\{3147B997-D11F-11D4-AB83-00B0D02332EB}]
"(Default)" = "ISetupCopyFiles"

[HKCR\Interface\{777C8A02-5C36-11D5-ABAF-00B0D02332EB}]
"(Default)" = "ISetupTransferEvents2"

[HKCR\Interface\{777C89FB-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{777C89EC-5C36-11D5-ABAF-00B0D02332EB}\TypeLib]
"Version" = "1.0"

Dropped PE files

MD5 File path
b9b9af3f2feb0f1bdac947908637f15d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\ISRT.DLL
d95b37e3e9dc956905cdf45f960ad52b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\_ISRES.DLL
3e5fa5d994ae3c8a91cdf6d36a198d25 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\_ISUSER.DLL
f6e015da6bbf4f2036650c246f019f3c c:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
b9b9af3f2feb0f1bdac947908637f15d c:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll
d284423b7d5da40c712dee45a25191d1 c:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
717d2d0cfdf85a69754ce559e8c97def c:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
d95b37e3e9dc956905cdf45f960ad52b c:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
25e83534f526974ac6228b0f46045ebc c:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: LimeWire LLC
Product Name: LimeWire
Product Version: 2.96.0000
Legal Copyright: 751
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.96.0000
File Description: Setup Launcher
Comments:
Language: Spanish (Spain, International Sort)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 124058 126976 4.47393 935dd6e11aa7a98cdc360948edca8140
.rdata 131072 14832 16384 3.48982 c3dad73eccefe126c286be52c6e891d7
.data 147456 35480 20480 2.00078 0fd860ffa2abab641a458e5a4c58c5b8
.rsrc 184320 47384 49152 4.98191 b8b069d2ffb1f5d6817397a2519c941a

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 9
2f8c7e8df30e5d0c294138d8dca98cdf
d14cbbd12f38f08784acfa4e18ac685c
2e245cf17870cff1e661c8c8890ae2e4
d60e5e21faa1cfe9e7d72ab2b7b4669f
696cb67b8bd455abe93348d766b14876
71c5056ffeb7df70fe815912986c1cba
8a9dae196703355f3f26ac85e94580d7
9fc88f4f1f563a3b56390b6b68db9312
b5a874e63fcb3e07d51b5f3f139592e9

URLs

URL IP
hxxp://www.installengine.com/cert02/isengine/isscript.msi 64.14.29.58


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /cert02/isengine/isscript.msi HTTP/1.1
Referer: hXXp://VVV.installengine.com/cert02/isengine/isscript.msi
User-Agent: dwplayer
Host: VVV.installengine.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Length: 633856
Content-Type: application/octet-stream
Last-Modified: Tue, 15 Oct 2002 23:31:18 GMT
Accept-Ranges: bytes
ETag: "027f8f5a274c21:d93b"
X-Powered-By: ASP.NET
Date: Wed, 22 Jul 2015 01:24:00 GMT
Set-Cookie: flexnet-http-cookie-122925=5ccba3d8d17f16f9aef7f08eb3ae32d9960b72b524fc537c6146a32d382600c5c5821ac8;expires=Wed, 22-Jul-2015 01:25:01 GMT;path=/;httponly
........................>...................................8......
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.................................^....................................
.................................../..................................
......... ...!..."...#...$...%...&...'...(...)...*... ...,...-.......1
...0.......2...3...4...5...6...7...E...d...:...;...<...=...>...?
[email protected]...\...`...G...H...I...J...K...L...M...N...O...P..
.Q...R...S...T...U...V...W...X...Y...Z...[.......]..._...a...b.......c
...e...f...............h...i...j...k...l...u...n...o...p...q...r...s..
.t...g...v...w...x...y...z...{...|...}...~...........R.o.o.t. .E.n.t.r
.y....................................................................
........F............0X.|[email protected]
.t.i.o.n...........................(..."..............................
................._...x.......@H.?.C.A.E.D1H...........................
......................................................................
.....F....*......@H.?dA/B6H...........................................
..................................................................
<<< skipped >>>

The Application connects to the servers at the folowing location(s):

%original file name%.exe_188:

.text
`.rdata
@.data
.rsrc
t%SWVVVVVVh
tOSSSSh0u
SSSSh0u
SShxDB
SShhDB
PSSSSSSh
PSSh\UB
PSShTUB
__MSVCRT_HEAP_SELECT
user32.dll
VERSION.dll
SHELL32.dll
COMCTL32.dll
GetWindowsDirectoryA
KERNEL32.dll
MsgWaitForMultipleObjects
ExitWindowsEx
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
GetCPInfo
RegOpenKeyA
NO_KEY_VALUE
_ISMSIDEL.INI
CmdLine
hXXps://
hXXp://
PTF://
Referer: %s
wintrust.dll
WTHelperGetProvCertFromChain
CertCompareCertificate
crypt32.dll
Forcing item moniker %s into ROT...
CLSID\%s
EvalMarker.dat
Setup.iss
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion
PASSWORD
Software\InstallShield\ISWI\7.0\SetupExeLog
NoSuppressRebootKey
SETUPEXEDIR
CertKey
ISScript.Msi
SupportOS
{7E76A8D6-33D1-0032-16C3-4593092861D0}
{E7E2C871-090A-C372-F9AE-C3C6A988D260}
{6741C120-01BA-87F9-8734-5FB9DA8A4445}
Software\Microsoft\Windows\CurrentVersion\Installer
Microsoft(R) .NET Framework
dotnetredistSp1.exe
dotnetredist.exe
dotnetfx.exe
%s /a "%s"%s
%s /f%s "%s" %s
%s /j%s "%s" %s
%s /x "%s" %s
/p"%s" %s
%s /p "%s" %s
%s /i "%s" %s
%s %s
%s="%s"
%s TRANSFORMS="%s"
%s%s%s;%s
"%s" %s /l%d /t"%s" /e"%s" /v"%s" %s
"%s" /k %s /l%d /t"%s" /e"%s" /w /v"%s" %s
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnceEx
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
System\CurrentControlSet\Control\Windows
1.20.1827.0
Msi.DLL
"%s" /c:"msiinst /delayrebootq"
"%s" /q
2.0.2600.0
%s /g %s /g %s
%s /g %s /g %s /s
4.70.0.1300
WinInet.dll
SHFolder.dll
Software\Microsoft\Windows\CurrentVersion\Uninstall\%s
{31EE4FE8-7F9C-11D5-ABB8-00B0D02332EB}
d.d %s%s
DataCabInSetupExe
Data.Cab
MSIEXEC.EXE
INSTMSIW.EXE
INSTMSIA.EXE
Setup.INI
Setup.bmp
msi.dll
0x0%s.ini
%s"%s"
.rdata
.debug
%d: %s
%s,%u
%u.%u.%u.%u
InternetCanonicalizeUrlA
HttpEndRequestA
HttpSendRequestExA
HttpSendRequestA
HttpOpenRequestA
FtpFindFirstFileA
HttpQueryInfoA
InternetCreateUrlA
InternetCrackUrlA
InternetOpenUrlA
wininet.dll
RPAWINET.DLL
AutoConfigURL
Software\Microsoft\Windows\CurrentVersion\Internet Settings
netscape.exe
FTP_ProxyPort
FTP_Proxy
HTTPS_ProxyPort
HTTPS_Proxy
https=
HTTP_ProxyPort
HTTP_Proxy
http=
\prefs.js
\nsreg.dat
"network.proxy.autoconfig_url"
"network.proxy.no_proxies_on"
"network.proxy.ftp_port"
"network.proxy.ftp"
"network.proxy.ssl_port"
"network.proxy.ssl"
"network.proxy.http_port"
"network.proxy.http"
network.proxy.type
Range: bytes=%d-
zcÁ
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_is2
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_is2\Setup.INI
c:\%original file name%.exe
version="1.0.0.0"
name="InstallShield.Setup"
<description>InstallShield.Setup</description>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
!"#$%&'()* ,
 (%U#n
.aFg\3z
sPTF://
Software\Microsoft\Active Setup\Installed Components\%s
{1C370964-514B-321C-7237-2B4FD86D8568}
{021122EA-49DC-4aeb-9D15-DCEAD9BAB1BC}
{F1B13231-13BE-1231-5401-486BA763DEB6}
{F279058C-50B2-4BE4-60C9-369CACF06821}
{78705f0d-e8db-4b2d-8193-982bdda15ecd}
{9B29D757-088E-E8C9-2535-AA319B92C00A}
%*.*f
2.96.0000
Please enter the password
Password:
/Error extracting '%s' to the temporary location'Error reading setup initialization file

IDriver.exe_1928:

.text
`.rdata
@.data
.rsrc
SSShP
PSShh
PSSh@)H
PSSSSSSh
AUTPRX32.DLL
__MSVCRT_HEAP_SELECT
user32.dll
GetWindowsDirectoryA
WinExec
KERNEL32.dll
ExitWindowsEx
MsgWaitForMultipleObjects
CreateDialogIndirectParamA
USER32.dll
GDI32.dll
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
msi.dll
RPCRT4.dll
COMCTL32.dll
VERSION.dll
GetCPInfo
<Support>
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
SELECT FileSize FROM File WHERE File = '%s'
SELECT * FROM Feature WHERE Feature_Parent = '%s' ORDER By Display
SELECT Directory_ FROM Component WHERE Component = '%s'
SELECT Component_ FROM FeatureComponents WHERE Feature_ = '%s'
SELECT * FROM ISFeatureExtended WHERE Feature_ = '%s'
SELECT * FROM ISRequiredFeature WHERE RequiringFeature = '%s'
oleaut32.dll
RegisterFile%d
SOFTWARE\Microsoft\Windows\CurrentVersion
%d.%d.%d.%d
%hx.rra
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnceEx\InstallShieldSetup
SELECT Feature_ FROM ISSetupTypeFeatures WHERE ISSetupType_ = '%s'
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
PendingFileRenameOperations
WININIT.INI
_hk%d
ID_%d
SELECT * FROM Directory WHERE Directory = '%s'
SELECT * FROM `Binary` WHERE `Name`= '%s'
Function %s - Unknown exception: %s
Function %s - Error %d in %s:%s
SELECT * FROM `CustomAction` WHERE `Action` = '%s'
Could delete CA DLL, error is %d
Could free module for CA DLL, error is %d
Custom Action Call failed, error is %d
Could find function in DLL, error is %d
Failed to extract Binary for DLL CA, error is %d
Software\Policies\Microsoft\Windows\Installer
ISInstallDriver.InstallDriver.1
ISInstallDriver.InstallDriver
ISInstallDriver.StringTable.1
ISInstallDriver.StringTable
/beta %s
Failed to CreateItemMoniker %s, error is: 0x%lx
AppID\IDriver.EXE
AppID\{E4A51076-BCD3-11D4-AB7D-00B0D02332EB}
CLSID\{A52D1D8E-BCCA-11D4-AB7D-00B0D02332EB}
IDriver.EXE
{E4A51076-BCD3-11D4-AB7D-00B0D02332EB}
Forcing item moniker %s into ROT...
CLSID\%s
URLUpdateInfo
URLInfoAbout
IsConfig.INI
_ISUSER.DLL
_ISRES.DLL
ISRT.DLL
Ready to initialize ForceRemove, Product code is %s
Main script execution failed, error is 0x%lx
Ready to remove all, full command line = %s
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_%s
You must be an Administrator to remove this application. To remove this application, you can log on as an administrator, or contact your technical support group for assistance.
InstallShield Support files extracted.
Failed to extract support files, error is %d
Command Line: %s
Package Path: %s
InstallShield Install driver started, version:%s.%s.%s.%s
7.07.262.0
APPHELP.DLL
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\
InitScript operation failed, error is 0x%lx
Ready to initialize simple UI support.
Ready to initialize full UI support.
Setup Service operation failed, error is 0x%lx
Open Script operation failed, error is 0x%lx
Inside Initialize, ref count is %d
Rpcrt4.dll
%d.mst
Failed to open script '%s', error is %d
Opening script: %s
Software\InstallShield\ISWI\7.0\SetupExeLog
Software\InstallShield\ISWI\3.0\SetupExeLog
Failed to launch action '%s', error is %d
Failed to query Sequence table, error is %d
SUPPORTDIR
BF0CA59A-039C-11D5-AB96-00B0D02332EB
%s%s.ini
Setup.ini
Failed to extract string.txt, error is %d
String%d.txt
Failed to extract _IsUser.dll, Ignore it.
_ISUser%d.dll
Failed to extract _IsRes.dll, error is %d
_ISRES%d.DLL
Failed to extract ISRT.dll, error is %d
Failed to extract setup.inx, error is %d
setup.inx
Extract supporting files
Installer\Products\%s
Failed to CoCreateinstance when preparing for Force Remove product %s, result is 0x%lx
Failed to call Prepare method, when preparing for Force Remove product %s, result is 0x%lx
Failed to close InstallExecuteSequence view handle, error is 0x%lx
Failed to close InstallExecuteSequence view, error is 0x%lx
Failed to close InstallExecuteSequence new record handle, error is 0x%lx
Failed to modify InstallExecuteSequence view, error is 0x%lx
Failed to set InstallExecuteSequence::Sequence, error is 0x%lx
Failed to set InstallExecuteSequence::Action, error is 0x%lx
Failed to create InstallExecuteSequence record, error is 0x%lx
Failed to close InstallExecuteSequence record handle, error is 0x%lx
Failed to get InstallExecuteSequence::Sequence, error is 0x%lx
Failed to execute InstallExecuteSequence view, error is 0x%lx
Failed to open InstallExecuteSequence view, error is 0x%lx
SELECT * FROM `InstallExecuteSequence`
ISScriptBridge.dll
Failed to execute CustomAction view, error is 0x%lx
Failed to start RPC listening, error is %d
Failed to register RPC handle, error is %d
Failed to set RPC protocol, error is %d
InternetCanonicalizeUrlA
HttpEndRequestA
HttpSendRequestExA
HttpSendRequestA
HttpOpenRequestA
FtpFindFirstFileA
HttpQueryInfoA
InternetCreateUrlA
InternetCrackUrlA
InternetOpenUrlA
wininet.dll
RPAWINET.DLL
AutoConfigURL
Software\Microsoft\Windows\CurrentVersion\Internet Settings
\mozver.dat
netscp6.exe
netscape.exe
FTP_ProxyPort
FTP_Proxy
HTTPS_ProxyPort
HTTPS_Proxy
https=
HTTP_ProxyPort
HTTP_Proxy
http=
\prefs.js
\nsreg.dat
\Mozilla\registry.dat
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
"network.proxy.autoconfig_url"
"network.proxy.no_proxies_on"
"network.proxy.ftp_port"
"network.proxy.ftp"
"network.proxy.ssl_port"
"network.proxy.ssl"
"network.proxy.http_port"
"network.proxy.http"
network.proxy.type
Range: bytes=%d-
zcÁ
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
!"#$%&'()* ,
InstallShield Windows Installer Setup Kernel 1.0 Type Library
#operations
setup.exe
Reports
IMSIMsgHandler
support
passed
supported
Hotkey
^.hdr
operation
OR_KEY
OR_KEYHIVE
OI_KEY
PasswordProtected
Password
ProxyPassword
osWindows95
osWindows98
osWindowsMillennium
Portuguese_Brazilian
Portuguese_Standard
bstrSetupExe
SupportDir
ShowCmd
CreateKey
hkey
DeleteKey
phkey
CloseKey
EnumKey
pKeys
KeyExists
ExistingCmdLine
CmdLine
MsiViewExecute
LaunchMsiExec
MSIMsgHandler
*\G{00020430-0000-0000-C000-000000000046}#1.0#0#C:\WINNT\System32\StdOle32.tlb#
5CC8A589-D21D-11D4-AB83-00B0D02332EB
5CC8A588-D21D-11D4-AB83-00B0D02332EB
Software\Microsoft\Windows\CurrentVersion\Uninstall\
UNINSTALLKEY
\Setup.ilg
hXXp://
hXXps://
PTF://
r\InstallShield\engine\6\Intel 32\ilog.dll
setup.ilg
*.lnk
explorer.exe
IWININIT.INI
_isuser.dll
_isres.dll
<DISK1TARGET>\setup.exe
tsetup.ini
String1033.txt
Setup.iss
7.07.262
InstallDriver.EXE
Invalid ID<An operation was attempted without opening the Log database.

MsiExec.exe_740:

.text
`.data
.rsrc
msvcrt.dll
ADVAPI32.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
ole32.dll
msi.dll
WinHttpOpen
WinHttpConnect
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
RegDeleteKeyExW
SQLInstallDriverExW
SQLConfigDriverW
SQLRemoveDriverW
SQLInstallTranslatorExW
SQLRemoveTranslatorW
SQLConfigDataSourceW
SQLInstallerErrorW
SQLInstallDriverManagerW
SQLRemoveDriverManagerW
UrlCanonicalizeW
UrlCombineW
UrlIsW
UrlIsFileUrlW
UrlGetPartW
PathCreateFromUrlW
DeleteUrlCacheEntryW
URLDownloadToCacheFileW
SetThreadExecutionState
GetSystemWindowsDirectoryW
NtRenameKey
NtOpenKey
TermsrvLogInstallIniFileEx
WTHelperGetProvCertFromChain
CertDuplicateCertificateContext
CertFreeCertificateContext
ReportFault
ApphelpFixMsiPackageExe
msiexec.pdb
PSSSSSSh
SSSSht
_acmdln
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyExW
RegGetKeySecurity
MsgWaitForMultipleObjects
ntdll.dll
name="MSIExec"
version="4.0.0.0"
<description> Windows installer setup service </description>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
Msi.Package
Windows Installer Package
Msi.Patch
Windows Installer Patch
APPID\%s
%s\DefaultIcon
%s\CLSID
CLSID\%s
CLSID\%s\ProgId
Msi.dll
MsiRegMv.Exe
MsiExecCA32
Software\Microsoft\Windows\CurrentVersion\Installer
{lX-0000-0000-C000-000000000046}
ISMIF32.DLL
RICHED20.DLL
%d.d.%.4d.%d
REINSTALL=ALL REINSTALLMODE=%s
Error: %d. %s.
Software\Policies\Microsoft\Windows\Installer
Failed to connect to server. Error: 0x%X
FDeleteRegTree: Unable to delete subkey: %s
Interface\{lX-0000-0000-C000-000000000046}\NumMethods
3.1.4000
3.0.3790
%d.%d.%d
CLSID\{lX-0000-0000-C000-000000000046}\DllVersion
FIsKeyLocalSystemOrAdminOwned: Could not get owner security info.
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: %s not owned by System or Admin. Deleting key   subkeys.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System or Admin. Deleting key   subkeys.
PurgeUserOwnedInstallerKeys: Could not open key '%s'
OpenProcessToken failed with %d
passive
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key   subkeys and re-creating.
SetInstallerACLs: Could not create Installer key.
kernel32.dll
WINHTTP
fusion.dll
URLMON
RPCRT4
Windows
3.1.4001.5512
msiexec
msiexec.exe
Windows Installer - Unicode


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    MsiExec.exe:740
    MsiExec.exe:1880
    %original file name%.exe:188
    IDriver.exe:412

  2. Delete the original Application file.
  3. Delete or disinfect the following files created/modified by the Application:

    %Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\ls_license.txt (19620 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\HMNHLGIO\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~1.tmp (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_is2\Setup.INI (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\HJHQ6B1O\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_is2\isscript.msi (81132 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_is2\0x0409.ini (345 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_is2\ISScript.isc (77 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CT48K6BI\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (400 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_is2\_ISMSIDEL.INI (553 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_is2\LimeWire.msi (1858338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LTQCY2RD\isscript[1].msi (697332 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LTQCY2RD\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\ISRT.DLL (2105 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\setup.inx (382480 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\IsConfig.INI (39 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\MSI8.tmp (48184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\_ISUSER.DLL (24240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\MSIA.tmp (48184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\MSI7.tmp (100800 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\MSI9.tmp (61144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\_ISRES.DLL (1425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{9967E93B-6F5E-4744-80D6-BEB0229F42C4}\String1033.txt (223380 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now