SearchProtectToolbar_318a6663af

by malwarelabrobot on July 29th, 2014 in Malware Descriptions.

Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 318a6663af74b67d57dd3bbf4cb43861
SHA1: d5ecb527bd275dec14a53a3ee019d231ffabb03d
SHA256: 6ee9335a82aad1affb5a137595e47910e7d49cff70f5d9638b25ae67cabb71fa
SSDeep: 49152:GvyO10KduA6AVstWKTyEQ4bNpcK /iUPgZCTICUgX:MyOvdxSNpx /gxS
Size: 2050640 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: InstallX, LLC
Created at: 2014-04-16 21:44:24
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

dxtest.exe:868
wajam_validate.exe:208
wajam_validate.exe:1820
%original file name%.exe:372
ApnSetup.v7.exe:1324

The Trojan injects its code into the following process(es):

%original file name%.exe:1244

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:372 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\stub.log (10294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\autorun.txt (79 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\wrapper.xml (975 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\timings.txt (143 bytes)

The process %original file name%.exe:1244 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\waj_17f102f10\wajam_validate.exe (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EXMX05I1\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waj_17f102f10\wajam_validate.zip (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\41ABG5AN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.dll (13404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\318a6663af74b67d57dd3bbf4cb43861.log (464839 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\AskTB\asktbdet.zip (29028 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCCLog.txt (168898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Y5RD5657\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS.dll (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Y5RD5657\SCC[1].dll (22768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waj_17ffaf0\wajam_validate.exe (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X93WTD05\desktop.ini (67 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\dxtest.exe (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waj_17ffaf0\wajam_validate.zip (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.config (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\detectionrules.dat (57028 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\41ABG5AN\ENG.SCC.config[1].txt (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS2.zip (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCISDll.txt (39509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\AskTB\APNSetup.V7.exe (31584 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\waj_17ffaf0\wajam_validate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waj_17ffaf0\wajam_validate.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waj_17f102f10\wajam_validate.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waj_17f102f10\wajam_validate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waj_17ffaf0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\waj_17f102f10 (0 bytes)

The process ApnSetup.v7.exe:1324 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\APN-Stub\W3I-G-V7\Stb4fb6804c-1f03-4c4a-8781-156cfb443379.log (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Setup.ini (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Setup.ini (0 bytes)

Registry activity

The process dxtest.exe:868 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1088495441"
"Name" = "dxtest.exe"

[HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication]
"Name" = "dxtest.exe"

The process wajam_validate.exe:208 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 20 38 11 C0 C5 36 AE 25 D6 21 95 83 0E EC E9"

The process wajam_validate.exe:1820 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 20 E2 D9 8A D4 53 13 4E 7C 77 D1 93 21 07 87"

The process %original file name%.exe:372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 76 C5 03 49 EF 6C 21 17 26 C9 E8 C5 7D 4F 44"

The process %original file name%.exe:1244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\InstallIQ]
"test" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE C2 26 A3 30 15 90 66 43 11 26 72 C1 B1 04 5C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\InstallIQ]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"

[HKLM\SOFTWARE\InstallIQ]
"test"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"InstallIQ"

The process ApnSetup.v7.exe:1324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 A1 23 6B CD BC 46 84 73 71 99 96 2E 99 5D C8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
38212789a0f996c9f49d2646446c02f3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SCC.dll
d0f25e1b717ee325780b5c5a014f9623 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SymCCIS.dll
363a4a68a86441777924df8219aeb72c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\pkg_17f512c0\AskTB\APNSetup.V7.exe
858a016acfa24ade77aa475c08b4ac5a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\pkg_17f512c0\dxtest.exe
38212789a0f996c9f49d2646446c02f3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\Y5RD5657\SCC[1].dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: InstallX, LLC
Product Name: InstallIQ Installation Utility
Product Version: 2.140.0.0
Legal Copyright: Copyright (c)2013 InstallX, LLC. All rights reserved.
Legal Trademarks:
Original Filename: InstallIQ.exe
Internal Name: InstallIQ.exe
File Version: 2.140.0.0
File Description: InstallIQ Installation Utility
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 153581 153600 4.68023 93bbccb7e153fdf6610a2edb08fd1816
.text-de 159744 99155 99328 4.39339 517879cf2eb11e574a1abcabba2d6690
.text-co 262144 131437 131584 4.52533 c8c6be515c5194a6bc43e18e119347d9
.text-co 397312 95967 96256 4.44245 08dc1f242263654a876ada98010d2339
.text-co 495616 50627 50688 4.4462 7cf0283ef2df379495fff8eff058da6e
.text-co 548864 24521 24576 4.47551 6699fe976478a9437b081595c73ce5b4
.text-co 573440 12790 12800 4.45534 cc786ba726c375afdf24324839a0e8c5
.text-ti 589824 43443 43520 4.60677 7f259b839b5b5bf74775e63ee9cac8ca
.text-co 634880 20250 20480 4.41022 2455be945171d9099840487b5c44d67a
.text-co 655360 59 512 0.606205 60d907a8b7d94f9734c148bd362f26d9
.text-co 659456 12349 12800 4.39887 3fb1dff8e9caa70ef035f0862d2f8e2f
.text-co 675840 18560 18944 4.29724 bf32db1d490f303a0d30bf2fa3edd9e5
.text-co 696320 27433 27648 4.48725 450ff932562a48299b69fa945abb5779
.text-co 724992 54598 54784 4.43216 fca844fcaa4b617176450ddbcb4678f2
.text-co 782336 110190 110592 4.41479 5204e9433be98145655eb80e39189293
.text-co 892928 110483 110592 4.38543 1f21490826759f8d9427f6ab715c1a2a
.text-co 1003520 51001 51200 4.44739 30c602cba1e4d5556edc514fc1af4606
.text-co 1056768 14894 15360 4.37323 e63ca795aaf63f87e15af2e52e57e7dd
.text-co 1073152 263610 263680 4.59732 91a0ba7871d8845dc29f87f819233a9e
.rdata 1339392 398974 399360 3.7655 f0562fe9243658509efed968bc25d88f
.data 1740800 26948 16896 3.35275 a9248f9d5900f7093be12b260d95c63c
.data-de 1769472 45 512 0.014135 9475a59226943a3ad422e18169989f66
.data-co 1773568 176 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1777664 56 512 0.042395 3f87f818ead5cc7b24cb4244d077467a
.data-co 1781760 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1785856 52 512 0.042395 19be7e9350865857d150c2d60c760dcc
.data-co 1789952 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-ti 1794048 1176 1536 1.00003 250b1898ad11d0110e0c586383e68993
.data-co 1798144 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1802240 4 512 0.014135 d340f23a7d18057bb02252a3cb40b877
.data-co 1806336 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1810432 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1814528 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1818624 44 512 0.014135 9475a59226943a3ad422e18169989f66
.data-co 1822720 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1826816 80 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1830912 48 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1835008 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1839104 2932 3072 1.35622 483c2de6ccf72fa13e7c66b902facbf6
.rsrc 1843200 315412 315904 5.17773 3616818d0b36b1791eed2315a1d85aee

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://www187a.apnanalytics.com/tr.gif?anxa=APNStub&anxv=7.2.1.1&anxe=OfferCheckEvent&anxr=aEutjc5o&reason=unsupportedBrowser&tpid=W3I-G-V7&result=-1&ft=check&orgb=IE&udbr=iexplore.exe_0_6.0.2900.5512
hxxp://a568.d.akamai.net/upgrade/NSS/SymCCIS/Production/SCC.dll
hxxp://a568.d.akamai.net/upgrade/NSS/SymCCIS/Production/SCC/w3i/ENG.SCC.config.txt
hxxp://stats.norton.com/n/p?module=9160&product=SCC&version=4.6.0.11&language=09.01&os=5.1.2600.3.0&y=1033&a=w3i&b=false&c=nis&d=nis=1000;nss=1123&e=0x0&error=0&n=0&j=0&k=0&l=none&m=none&o=none&q=none&t=none&u=-1&v=none 63.245.197.112
hxxp://stats.norton.com/n/p?module=9151&product=SymCCIS&version=2.0.0.29&language=09.01&os=5.1.2600.3.0&y=1033&b=w3i&a=CallCriteriaChecker&f=10&c=false&d=false&e=0x0&error=0&j=nis&k=nis=1000;nss=1123&g=0.359&l=2.797 63.245.197.112
hxxp://www.wajam.com/install/valid?v=1&unique_id=8A49F6692FA995FFCB6A85F926695360
hxxp://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC.dll 184.84.243.41
hxxp://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/ENG.SCC.config.txt 184.84.243.41
phn.apnanalytics.com 199.36.100.187


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /upgrade/NSS/SymCCIS/Production/SCC.dll HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: liveupdate.symantecliveupdate.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "38212789a0f996c9f49d2646446c02f3:1402650668"
Last-Modified: Fri, 13 Jun 2014 09:09:28 GMT
Accept-Ranges: bytes
Content-Length: 167264
Content-Type: application/octet-stream
Cache-Control: max-age=891
Expires: Mon, 28 Jul 2014 04:27:45 GMT
Date: Mon, 28 Jul 2014 04:12:54 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........r.........
........................E...............................Q.............
......................Rich............PE..L......S...........!........
.>.......z....................................................@....
.....................Ew......tx..{....p..=............t..`........... 
......................................................................
..........text....`.......T......PEC2TO...... ....rsrc.... ...p.......
X.............. ....reloc...............r..............@..............
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.........................................................*..U..9k3e..O
.U...-.[O?wV|.........Uk .B..u3g5.I...jUi..c#.d.N.k.....jxf....f.....M
..k./K.>.'S(..8.......Wz.j.....Q.Q.z p...F.....Z...A.n..&...Id.....
..>o...5.1...&?.....cA.!.}L...>..u......D...c.~3.:.M%.d.......BU
.....o4[.$..|..n..$.vL<..~...Jd...uV.}....Q."..e..........Q...z..O.
P..;...R.qlm.z.......4.'..O.._.C..[..C...].._..`r.;[.c.9@2..,6..m1...x
.f=....d...9HR..?...A..?.f........>GUa..Q=^#\....<.e..e@r.)..y.Q
.J...{..<`*....~f.Q......p..V....P.BP...y..=...?.....>O.f.?.
<<< skipped >>>

GET /upgrade/NSS/SymCCIS/Production/SCC/w3i/ENG.SCC.config.txt HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: liveupdate.symantecliveupdate.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "b8dbac3cc2be258b539c305a828416aa:1395133614"
Last-Modified: Tue, 18 Mar 2014 09:06:50 GMT
Accept-Ranges: bytes
Content-Length: 3216
Content-Type: text/plain
Cache-Control: max-age=123
Expires: Mon, 28 Jul 2014 04:14:59 GMT
Date: Mon, 28 Jul 2014 04:12:56 GMT
Connection: keep-alive
...<..iy..}...e_.k.2..#r...-..\\^../..SG>Jc.G2...S... .d".!..:.\
..A...='.... .......^....0...>.y..G...X...(.v..u.._...z.....#.[....
yIie.......G.^1h...-.....7i........L(,.t......<.3....9.&.......q...
..]O.6..A..h...^.:q.....X4a;T.....2.[.h. ..................`S...u.....
.\.y.-...b...YVPT.CqXK....c....\,....R.N.[..2.[.h. ..SV.3..-......#.!u
......A.S...^......o..p"d#../q...-.......0a.3.g. ..A...........{xE...%
.ws=....d'Y....C...$..k.7...4.]|....Z..L..R.O._S?.g........n..G.v...d.
...!........\r.T...V.{.]h2.Z.]I...S.}.B..}..._%.n.t.6XK..rK.v.K...3Na.
.-...?......~_.....9..|............!fr.qON".H .......[.k..&..1l.>a2
......3.C.#.A.y.....zx......4.."......u...%.....t.Nsb.&r..NS..]/.c^.j(
z0M..pSn.:..t.....&~...E.|ab.L..(}..8..S._3...r....H.Y....0f...X<..
U.o....b.g..U...av.....P#W..,.4..x..._..Y..D.......s...K.....8.....?.H
.P.L..b.H..J.R..y...........R......'@.l.. k.. .z..m..8.9h.....3#...hkO
.AiD....W>1...3...J.....eVqE.H.......v....._.........f..-0....@:...
.&.`.M.{...O.Ew.O..c..P.....(c...a;T......M~.1*.........hL..l.A....F}&
lt;)K.#.T.n.#..h{...U.&.`.M.{.di<:hTh.(............y..!.[.-RJ\...._
...Tp.PD"#.".E.....gu,.3..o(X...ZL.....eX.(...y\....t..py1...EE...R...
.DOQ.H. .y......S.f...x]v.R...?..8|...........f..-0..Z...u.n.......
..`..;.5.(...S...EE...R..l..*.].F.....$.u%.".IT.F.....$...(c...]O.6..A
[email protected]...._..w.....(i...g. ..A..jyE. ..B..cH..{j,g........(..
....!....,..........N..W.Q.M...<'..U...~.$}.Z..]/...:U..@p(U...~.$}
@.......%..h_...O]3...y..I.!.R....a......l..D.9:...K. .r.s.xa...H.
<<< skipped >>>


GET /n/p?module=9160&product=SCC&version=4.6.0.11&language=09.01&os=5.1.2600.3.0&y=1033&a=w3i&b=false&c=nis&d=nis=1000;nss=1123&e=0x0&error=0&n=0&j=0&k=0&l=none&m=none&o=none&q=none&t=none&u=-1&v=none HTTP/1.1
User-Agent: Install Stub
Accept: */*
Host: stats.norton.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 13
Date: Mon, 28 Jul 2014 04:12:57 GMT
1406520777410....


GET /n/p?module=9151&product=SymCCIS&version=2.0.0.29&language=09.01&os=5.1.2600.3.0&y=1033&b=w3i&a=CallCriteriaChecker&f=10&c=false&d=false&e=0x0&error=0&j=nis&k=nis=1000;nss=1123&g=0.359&l=2.797 HTTP/1.1


User-Agent: Install Stub
Accept: */*
Host: stats.norton.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 13
Date: Mon, 28 Jul 2014 04:12:56 GMT
1406520777469HTTP/1.1 200 OK..Server: Apache-Coyote/1.1..Cache-Control
: no-cache..Pragma: no-cache..Content-Type: text/plain;charset=ISO-885
9-1..Content-Length: 13..Date: Mon, 28 Jul 2014 04:12:56 GMT..14065207
77469..



GET /install/valid?v=1&unique_id=8A49F6692FA995FFCB6A85F926695360 HTTP/1.1
Host: VVV.wajam.com


HTTP/1.1 200 OK
Date: Mon, 28 Jul 2014 04:12:59 GMT
Server: Apache
Set-Cookie: PHPSESSID=08u1aal3embvacof3t1ueao2i4; path=/; domain=.wajam.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: _wau=14065207797447980; expires=Tue, 28-Jul-2015 04:12:59 GMT; path=/; domain=.wajam.com
Set-Cookie: _wal=1406520779; expires=Tue, 28-Jul-2015 04:12:59 GMT; path=/; domain=.wajam.com
Set-Cookie: not_logged_unique_id=8A49F6692FA995FFCB6A85F926695360; expires=Tue, 28-Jul-2015 04:12:59 GMT; path=/; domain=.wajam.com
Set-Cookie: _waab=19,91,38,11,5,76,97,55,17,17; expires=Tue, 28-Jul-2015 04:12:59 GMT; path=/; domain=.wajam.com
Set-Cookie: not_logged_unique_id=8A49F6692FA995FFCB6A85F926695360; expires=Tue, 28-Jul-2015 04:12:59 GMT; path=/; domain=.wajam.com
Set-Cookie: _wal=1406520779; expires=Tue, 28-Jul-2015 04:12:59 GMT; path=/; domain=.wajam.com
Set-Cookie: not_logged_unique_id=8A49F6692FA995FFCB6A85F926695360; expires=Tue, 28-Jul-2015 04:12:59 GMT; path=/; domain=.wajam.com
Set-Cookie: _wal=1406520779; expires=Tue, 28-Jul-2015 04:12:59 GMT; path=/; domain=.wajam.com
Vary: Accept-Encoding
Content-Length: 1
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w53|U9XNz|U9XNz; path=/; domain=.wajam.com
0..

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_372:

.text
`.text-deS
`.text-com
`.text-co
`.text-ti
`.text-co;
`.text-co=0
`.text-co)k
`.text-coF
`.text-con
`.text-co9
`.text-co.:
`.rdata
@.data
.data-de-
.data-co
.data-co8
.data-co(
.data-co4
.data-ti
.data-co,
.data-coP
.data-co0
.data-cot
.rsrc
<-t}<.
CSShZ
D$
uDPh
CSSh3
CSSh8
CSSh=
CSShk
CSSh`
CSSho
FTPQW
1t.Ht
D$TCP
t.VSSQ
CSSh-
t5SSh3
<:%u4
t8Ht.HHt#
.FGy1
Af;FP}%S3
|$|.tD
#t.Ht
 2 34 567
u.SSV
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
Operation not permitted
Inappropriate I/O control operation
Broken pipe
operator
GetProcessWindowStation
CInstallIQApp::ReportIQUInstalls
c:\tfs.vs2012\admin\windows\main\installer.desktop.application\installer.desktop.application\InstallIQApp.h
0xX
Invalid CRT parameter
InstallIQApp.cpp
stubinfo.ini
autorun.txt
wrapper.xml
ProductFailUrl
CInstallIQApp::InstallProductUrl
Called InstallProductUrl on a restricted install!
Unable to launch product url, url is empty!
download failed!! url=
msiexec.exe /i "%s"
direct Product install finished, returncode=%d
https://installer.freeze.com/LogError.aspx
stub.log
noexe
timings.txt
Process exit code = %u (0xX)
Extraxt however is an .exe, still sending logfile
stub extract failed on exe
InstallIQStub.cpp
IQErrorSender.cpp
(%d more)
statsd.response.txt
Web.Installer.InstallIQ.CommError
Web.Installer.InstallIQ.InstallError
Web.Installer.InstallIQ.OfferDownloadError
Web.Installer.InstallIQ.OfferInstallError
Web.Installer.InstallIQ.OfferInstallFailed
offer was accepted but failed to download, HTTP error=%d
offer was accepted but failed to install. Err=%d
c:\tfs.vs2012\admin\windows\main\Installer.Common\Installer.Common.Dialogs\IQDialogMain.h
c:\tfs.vs2012\admin\windows\main\installer.desktop.application\installer.desktop.application\MainWnd.h
MainWnd.cpp
mainwnd.cpp
PostStartMsg
" style="position:absolute; top:0; left:0; z-index:9999;" onclick="$('#iq_heatmap').remove()" />
dialog.demo.xml
http://www.w3i.com
Skipping enable add-ons step because url is empty.
crterr:%d
HRESULT:0x%X
Win32Err:%d
@ line %d in function <%s>.
wininet.dll
Unknown error: %d
IDispatch error #%d
LoadLibrary failed in loading current exe:
CoreResource.cpp
CStringW.GetBuffer failed!
0xx
-- %s line %d --
L%d:d.d.d_d:d:d.d
[X]
%s_%x%x%x%x%x
CoreFile.cpp
%s. {%s} @ line %d in function <%s> in module %s.
HRESULT:0x%X
Win32Err:%d
HttpStatus:%d
Error:%d
http://
https://
ftp://
CoreThread.cpp
CoreProcess.cpp
ShellExecuteCommand:
CCoreProcess::ShellExecuteCommand
Failed to execute command:
CCoreProcess::ShellExecuteCommandAndWait
CCoreProcess::CloseProcessWindowsByModuleName
ntdll.dll
CCoreProcess::GetProcessExe32
CCoreProcess::GetProcessExe64
kernel32.dll
CoreTiming.cpp
CommandLine.cpp
Exception %X in module %s at: 0x%p.
dbghelp.dll
0x%p %s
CoreEvent.cpp
0.0.0.0
%u,%u,%u,%u
CoreXml.cpp
_ftprintf_s failed writing header to
]/Key/text()
CCoreXml::ParseRequiredKeyValue
CCoreXml::ParseRequiredKeyInt
%Y-%m-%dT%H:%M:%S
CCoreSystem::GetWindowsVersionId
CoreSystem.cpp
Missing windows version, check the code!!
SOFTWARE\Microsoft\Windows NT\CurrentVersion
%s (Build %d)
Unknown OS! Major: 0xX, Minor: 0xX
CCoreSystem::CacheWindowsInfo
%windows%
%system%
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Þsktop%
Þsktopdir%
%userprofile%
%firefoxprofiles%
%s0x%.2x%.2x%.2x%.2x%.2x%.2x-
SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322
SOFTWARE\Microsoft\.NETFramework\policy\v1.0
3321-3705
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
Iphlpapi.dll
%I64u%s
Alpha %d
PPC 6d
%windows%\Desktop
Advapi32.dll
shell32.dll
CoreVista.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_CONFIG
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
CCoreRegKey::Create
Warning: HKEY_CLASSES_ROOT opened for writing! This can lead to unpredictable results.
RegCreateKeyEx failed on key=
CCoreRegKey::Open
RegOpenKeyEx failed on key=
Registry key is not open! (
CCoreRegKey::GetValueType
CoreRegKey.cpp
CCoreRegKey::GetValueSize
CCoreRegKey::GetValueString
CCoreRegKey::GetValue
CCoreRegKey::SetValue
CCoreRegKey::DeleteValue
CCoreRegKey::DeleteKey
RegDeleteKeyExA
RegDeleteKeyEx failed on
RegDeleteKey failed on
CCoreRegKey::EnumSubKeys
CCoreRegKey::EnumValueNames
CCoreEntryPoint::CCoreEntryPoint
CCoreEntryPoint::LoadProcAddress
%s.%s
iexplore,ie.http
Failed to get IE version key!
Loading IE cookies for url:[
%a, %d-%b-%Y %H:%M:%S GMT
wrote %d cookies
cookie.dat
Vista.NoResult
Vista.SavedLow
Vista.NoCookies
domains.dat
cookie.ini
Vista.SetCookie
cookieman.exe
CoreInternetExplorer.cpp
-noframemerging "%s"
Unable to find iexplore.exe, using shell execute (with possible warnings)
iexplore.exe
ie.http\shell\open\command
Default search regkey not found (may be a brand new install)
EnumSubKeys failed!
ieframe.dll
url is empty!
Replacing existing provider url:
Error setting provider url!
DefaultSearchUrl
CCoreInternetExplorer::FindFirstHistoryUrl
FindFirstUrlCacheEntry() failed!!
findfirsturlfailed
CCoreInternetExplorer::FindNextHistoryUrl
FindUrlCache handle is null!! Did you call FindFirstHistoryUrl first??
FindNextUrlCacheEntry() failed!!
findnexturlfailed
CCoreInternetExplorer::FindCloseHistoryUrl
FindCloseUrlCache() failed!!
findcloseurlfailed
msgText is required!
msgTitle is required!
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
http\shell\open\command
CoreBrowser.cpp
Can't find shell associations or shell command reg keys!
Dll %s failed, resultcode = %x
SymCCIS2.zip
SymCCIS.dll
RunDLL productlist="%s" resultcodes="%s"
SCCLog.txt
SymCCIS_CheckCriteria.txt
___________________SCCLog.txt____________________
____________SymCCIS_CheckCriteria.txt____________
CoreDownloader.cpp
HTTP Status %d: %s
apiUrl is null!
API url is invalid!
%m/%d/%Y
wininet: HTTPSendRequest success - file block #
CoreWininet.cpp
wininet: HTTPSendRequest failed - file block #
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
wininet: connecting to %s:%d
HTTPSendRequest:
CCoreWininet::HTTPSendRequest
wininet: HttpOpenRequest failed!
httpopenrequest
wininet: Request handle is NULL after HttpSendRequest!
httpreqerr
unable to set wininet http decoding
Content-Type: application/x-www-form-urlencoded
wininet: HttpAddRequestHeaders (post flag) failed!
httpaddheaders
Range: bytes=%u-
Range: bytes=%u-%u
wininet: HttpAddRequestHeaders (range specification) failed!
httpaddheader
wininet: HttpSendRequest failed! (verb=
httpsendreq
httptimeout
wininet: HttpSendRequest failed!
wininet: HttpQueryInfo failed!
httpqueryinfo
httpproxy
wininet: Server responded with error: %d, %s. %s %s
httpstatus
wininet: HttpSendRequest: status OK received
wininet: HttpQueryInfo for content range failed!
wininet: HttpQueryInfo for file size failed!
wininet: Operation cancelled by caller.
Software\Microsoft\Windows\CurrentVersion\Internet Settings
CoreDownloadThread.cpp
01234567
PackageZlib.cpp
Error: %d bytes of %d read from file %s.
unzOpenCurrentFilePassword failed!
Error: %d bytes of %d were written to file %s.
unzOpenCurrentFilePassword failed! err=
Package.cpp
&#xX;
%s="%s"
%s='%s'
version="%s"
encoding="%s"
standalone="%s"
zip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll
1.2.7
deflate 1.2.7 Copyright 1995-2012 Jean-loup Gailly and Mark Adler
inflate 1.2.7 Copyright 1995-2012 Mark Adler
SQLite format 3
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
CREATE TABLE sqlite_master(
sql text
3.7.5
CREATE TEMP TABLE sqlite_temp_master(
IQDownloader.cpp
AddDownload failed! url=
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.comm\IQCommThread.h
iehost.CreateStandalone failed!
iehost.Navigate failed!
IE open url:
CIQComm::IEOpenUrl
openurlie
Shell open url:
CIQComm::ShellOpenUrl
ShellExecuteEx failed!
openurlshell
productfailurl
producturl
fastwelcomedisclosureurl
detectionurl
pingurl
postbackurl
logfileurl
ieaddonbarmonitorurl
addonprompturl
trusturl
uninstalloption.publisher
searchprotector.publisher
statsdurl
prddiscimageurl
urlmon
CIQWrapperConfig::PromptForPingUrl
IQWrapperConfig.cpp
PromptForPingUrl called in production mode!!
1234567890
00000000-0000-0000-0000-000000000000
Ping File (ping.*.dat; ping.*.xml)|ping.*.dat; ping.*.xml|Text Files (*.txt)|*.txt|All Files (*.*)|*.*||
%programfiles%\Free Offers from Freeze.com\control.txt
%programfiles%\Free Offers from InstallX\control.txt
rule.LoadXml failed! type=
Excluded detection rule: "%s" type="%s" id="%s"
Number of parsed rules is not equal to rule count, parsed=%d, count=%d
regkey
chromeprefs
firefoxprefs
IQXmlDetection.cpp
detectionrules.dat
IQDetectionManager.cpp
Unhandled case in IQDetectionManager.EvaluateRulesAccelerated!
%s: %0.2f
Chrome
Firefox
Invalid flag in ExecuteResult:
CIQXmlRequirements::ParseExecuteResult
Running requirement.OnCancel:
Running requirement.OnInstall:
Running requirement.OnExit:
requirement.OnCancel is empty, skipping.
Software\Microsoft\Windows\CurrentVersion\RunOnce
requirement.OnExit is empty, skipping.
%s[%d]
passed
CIQXmlRequirements::RunExecute
IQDetectionThread.cpp
IQProgressDialog.cpp
NULL dialog passed to AddDialog!
%programfiles%\Core Services\IETester\IETester.exe
explorer.exe
IQDialogMain.cpp
welcomestats.dat
IQDialogIE9AddOn.cpp
chromeextensioncount
chromeextension
IQXmlDialogDownload.cpp
IQXmlDialogOffer.cpp
|%s,%s
{prddiscimageurl}
IQXmlInstallItem.cpp
chrome
firefox
IQXmlDialog.cpp
betamsg
found for Fast Welcome!! hardcoding to exe
found for IQU in Fast Welcome!! hardcoding to exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallIQ Updater
Software\Microsoft\Windows\CurrentVersion\Uninstall\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}
Software\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall Helper
%programfiles%\W3i\InstallIQUpdater\InstallIQUpdater.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\{D322CFF6-BE33-47DA-BB9E-617C97B7AB36}
%programfiles%\W3i\UninstallHelper\UninstallHelper.exe
Invalid offer type=%s found in ping for %s.
Unknown offer type=%d in AddOffer. ConfigId=%s, OfferId=%s.
IQOfferManager.cpp
WaitForAllOffers: timed out waiting for %d offers after %d seconds.
Restarting Firefox...
Not restarting firefox; postback will open Firefox window..
Restarting Chrome...
Not restarting chrome; postback will open chrome window..
Chrome state=
control.txt
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.offers\IQOfferBase.h
CIQOfferBase::ExpandUrl
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.offers\IQOfferBaseInstall.h
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.offers\IQOfferBaseCustom.h
Setting offer checkbox value: key=
chk_chrome
chk_firefox
CIQOfferEXE::GetXpiFilename
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.offers\IQOfferEXE.h
postinstallexecute
cmdline_iexplore
/cmdline_iexplore
cmdline_chrome
cmdline_firefox
postinstallexecuteintegrity
firefoxinstalltype
firefoxpref
naffkeywordurl
LUA account detected, and flag lua_runasdesktopuser detected, forcing executeAsDesktopUser
stopchrome
CIQOfferEXE::OnInstall
iconurl
Firefox preferences set=
Icon offer (in exe config) detected, running icon install
CIQOfferEXE::RunOfferInstaller
chromecancel
User canceled during Chrome shutdown!
rundll32.exe "%s" %s
msiexec.exe /i "%s" %s
msiexec.exe /i "%s" /qn ALLUSERS=2 REBOOT=ReallySuppress
CIQOfferEXE::BuildCommandLine
User canceled during Firefox shutdown!
Could not find firefox exe to install
Offer is installing XPI for Firefox 8 or higher, enabling GUI.
"%s" "%s"
"%s" -install-global-extension "%s"
"%s" %s
#NAFFKEYWORDURL#
CIQOfferEXE::InstallXpi
CIQOfferEXE::CancelXpiInstall
IQOfferEXE.cpp
CIQOfferEXE::RunOfferInstallerAsDesktopUser
badprocesshandle
CIQOfferEXE::WaitForOfferInstaller
process exit code: %d
CIQOfferEXE::WaitForProcessStarted
CIQOfferEXE::WaitForRegistryValue
Looking for Key:
Registry key (64-bit) found.
Registry key found.
CIQOfferEXE::WaitForFile
CIQOfferEXE::StartAppRegistryValue
PostInstallExecute:
Skipping post-install execute due to Simulation mode..
Cannot run post-install execute, file does not exist:
PostInstallExecute command failed!
CIQOfferEXE::PostInstallExecute
CIQOfferEXE::HandleFirefoxOptions
http:
HandleFirefoxOptions called with incorrect preferences set in config!
upromise.com,tsInstallContext=w3i|#PRODUCTID#|,now 7,/,no
Diagnostics: running upromise.com cookie handling...
upromise.com
upromise.com cookie test for IE failed!
upromise.com cookie test for Firefox failed!
Firefox shutdown rejected!
CIQOfferEXE::InsertCookie
Setting cookies in low-integrity context (windows vista)
CIQOfferEXE::RunIconInstall
%s_%s.url
%programfiles%\Free Offers from Freeze.com
CIQOfferEXE::InstallDejebelDll
IQInstallSearchProtector.cpp
browser.startup.homepage
cannot set startpage; firefox is currently running!
CCoreFirefox::SetStartpage
browser.startup.page
Setting Offer option to %d
googlechrome
Setting Firefox StartPage:
Setting Chrome Startpage:
CIQOfferStartPage::SetFirefoxStartPage
CIQOfferStartPage::SetChromeStartPage
Failed to write Firefox pref!
failchromestartpage
Unable to set chrome startpage
Successfully set chrome startpage
IQOfferStartPage.cpp
startpageurl
oldstartpageurl
http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
http://dl.installiq.com/api/osd/osd.aspx
http://search.yahoo.com/favicon.ico
chromesearchprovider
chromename
dsapiurl
chromefaviconurl
chromekeyword
chromesuggesturl
Internet Explorer 6 doesn't support default search!
Missing url!
ie7nourl
Attempting to set Default Search via API exe
ie6scnourl
CIQOfferDefaultSearch::SetFirefoxSearchEngine
Simulation mode, setting Firefox default search engine:
Failed to write Yahoo xml for Firefox!
Failed to set keyword.URL Preference for Firefox!
Simulation mode, setting chrome default search engine:
CIQOfferDefaultSearch::SetChromeSearchEngine
chromefail
Failed to set default search from chrome
IQOfferDefaultSearch.cpp
oldsearchurl
searchurl
\apps.ini
toolbarurl
toolbarregkey
Missing data for firefox toolbar install! Name:
Failed to write Firefox pref (GUID)!
.guid
.Var1
Software\%s\Toolbar
heartbeat_url
cmdargs
http://airdownload.adobe.com/air/win/download/latest/AdobeAIRInstaller.exe
AdobeAirInstaller.exe
%programfiles%\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
"%s" %s "%s"
%windows%\Web\Wallpaper
InstallIQFirefoxLock
IQOfferBaseInstall.cpp
CIQOfferBaseInstall::WaitForFirefoxLock
Waiting for Firefox lock...
_firefoxLock is already created!
Releasing Firefox lock
Firefox lock status:
uninstalloption.exe
stopfirefox
ischromeaddon
chromeclassid
dynamic_separator_on_cmdline_append
config.ini
IQOfferBaseCustom.cpp
ini.WriteString failed!
lib\settings.db
insert into Application (ProductSessionId, ApplicationTypeId, ApplicationId) VALUES ('%s',%s,'%s')
Error; uninstalloption.exe doesn't exist (after download and extract!)
Failed to extract uninstall option exe!
Error copying uninstalloption.exe to program files!
error downloading uninstall option url!
downloadurl
%s - %s
IQOfferFile.cpp
templateurl
disclosureurl
previewurl
regkeyadd
ieregkey
images/disclosure/imageurl
firefox.
chrome.
%s (err=%d, info=%s)
IQOffer.cpp
CIQOffer::StopFirefox
Stop Firefox message not set!
CIQOffer::StopChrome
Stop Chrome message not set!
Bad RegKeyAdd config; not correct format: (missing hive \ )
Bad RegKeyAdd config; not correct format: (missing = )
Bad RegKeyAdd config; not correct format: (missing , )
RegKeyAdd:
unable to set regkey from following RegKeyAdd:
unable to set regkey from following IERegKey:
unrecognized values in RegKeyAdd:
unrecognized values in IERegKey:
IERegKeyAdd:
http://download.freeze.com/lm/
%s/*[%d]/text()
IQPing.cpp
CIQPing::Execute
ping.dat
CIQUReporter::SendOffersToIQU
%programdata%\W3i\UninstallHelper\iqu.ini
2.0.1.0
%s,%s
IQUReporter.cpp
%programdata%\W3i\UninstallHelper\import
CIQUReporter::OutputXmlData
Failed to save IQU data, too many import files in directory!
CoreXml.SaveFile failed!
freezewrap.xml
freezewrap%d.xml
CIQUReporter::CheckUHVersion
softwareinfo%d.xml
CIQUReporter::MakeSoftwareInfoRequest
softwareinfo.xml
Failed to save SoftwareInfo data, too many import files in directory!
http://dl.installiq.com/API/IQU/SoftwareInfo.aspx
CIQUReporter::RunUninstallHelper
"%s" /silent /noswinfo
http://installer.freeze.com/testpost.asp
http://dl.installiq.com/postback/V1/landing.aspx
opera
%d,%d,%d,%s,%s
%s,%d,%d,%d
WrapperConfig.LoadAutoRun failed!
WrapperConfig.LoadCommandLine failed!
WrapperConfig.Initialize failed!
WrapperConfig.LoadWrapper failed!
Software\Freeze.com\Installer
%Y%m%d%H%M%S
FreezeWrapEngine.cpp
Unable to copy old offere history values; unable to create new regkey location!
attempting to copy old offer history values to new key
Missing Detection URL
detecturlmissing
keyid
%m%d%Y
Missing template url for fast welcome!
Performing postback, returncode=%d, failed=%d, err=%d...
Downloading %s...
Product type is not supported in ExpressWay!
typenotsupported
/restart=%d
Diagnostics: running CookieManager.HandleCookies...
%s:%d
FF.GetCookiesError
FF.NoCookies
handling firefox cookies...
FF.SetCookies
firefox: set cookies
firefox: no cookies found
FF.SetCookieError
Error enumerating firefox cookies!
firefoxenum
getting firefox cookies for
CCookieManager::GetFirefoxCookies
IE.FoundCookies
IE.EnumCookieError
IE.NoCookies
Vista.ExtractError
Vista.CopiedLow
Vista.CreateLowError
handling chrome cookies
Chrome: no cookies found
Chrome.SetCookieError
Chrome.GetCookiesError
Chrome.NoCookies
getting Chrome cookies for
CCookieManager::GetChromeCookies
Chrome.SetCookies
Chrome: set cookies succeeded
Safari.GetCookiesError
Error enumerating chrome cookies!
chromeenum
Safari.SetCookieError
Safari.SetCookies
Safari.NoCookies
IQNotifyBarThread.cpp
PackageManager.cpp
SessionScraperThread.cpp
CoreIEHost.CreateExisting failed!
producturlmissing
ExpressWay Product Url is missing!
hkey is NULL!
subKey is NULL!
UniqueId.cpp
%s(%s);
CoreJSON2.cpp
Node path not valid; node "%s" in path "%s" is not type Node!
Encryption key not initialized!
\/:*?"<>|
Failed to create URL file!
createurlfilefail
ShellWindows.Item failed!
Shell.CreateInstance failed!
browser.search.selectedEngine
keyword.URL
browser.search.defaultenginename
firefox.exe,firefox.url,firefoxportableurl,firefoxurl,firefox
MozillaUIWindowClass
MozillaWindowClass
Software\Mozilla\Mozilla Firefox
Failed to get Firefox version key!
firefoxver
CCoreFirefox::GetVersion
Profile%d
Firefox versions prior to 3 are not supported by LoadProfileCookies!
Loading Firefox3 cookies for url:[
%appdata%\Mozilla\Firefox
profiles.ini
%s=%s
cookies.sqlite
Enumerating Firefox3 cookies for
Enumerating Firefox cookies for
Found partial cookie in Firefox profile:
cookies.txt
Setting Firefox3 cookie for
insert into moz_cookies (name, value, host, path, expiry) VALUES ('%s','%s','%s','%s','%d')
Firefox version is not sufficient for setting cookies!! Must be 3.x or higher
firefox.exe
-requestPending -osint -new-window "%s"
prefs.js
CCoreFirefox::GetPrefString
PathToExe
%programfiles%\Mozilla Firefox
CCoreFirefox::SetPrefString
user_pref("%s", %s%s%s);
CoreFirefox.cpp
CCoreFirefox::SetDefaultSearch
Can't set search engine while Firefox is running!
Setting Firefox default search engine:
searchUrl is empty!
suggestionUrl is empty!
SuggestionUrl=
SearchUrl=
http://www.mozilla.org/2006/browser/search/
Failed to write Yahoo search prefs for Firefox!
browser.search.order.1
downloads.sqlite
places.sqlite
browser.search.order.2
Failed to open downloads.sqlite database!
select source from moz_downloads where source like '%%%s%%' order by id desc
/SearchPlugin/Url
Failed to open places.sqlite database!
select url from moz_places where url like '%%%s%%' order by id desc
firefox pref: browser.search.param.yahoo-fr=
firefox pref: keyword.URL=
browser.search.param.yahoo-fr
CCoreChrome::SetCookie
c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreChrome.h
Chrome_WindowImpl_0
Chrome_WidgetWin_0
chrome.exe,chrome.hwd,chromehtml,chromiumhtml,chrome,chromium
%local_appdata%\Google\Chrome\User Data\Default\Cookies
Chrome_RenderWidgetHostHWND
Chrome_WidgetWin_1
select name, value, host_key, path, expires_utc from cookies where
host_key like '%
CCoreChrome; Cookie file does not exist
Loading Google Chrome cookies for url:[
Chrome cookie file does not exist
Enumerating Google Chrome cookies for
CCoreChrome::EnumCookiesLegacy
CCoreChrome::EnumCookiesV33
select host_key, name, value, path, expires_utc, encrypted_value from cookies where host_key like '%
select host_key, name, value, path, expires_utc from cookies where host_key like '%
Enumerating Google Chrome cookies (v33) for
chrome.dll
--new-window "%s"
Failed to decrypt chrome cookie:
Chrome cookie:
ChromeHTML\shell\open\command
%local_appdata%\Google\Chrome\Application
Unable to find chrome.exe, using shell execute (with possible warnings)
chrome.exe
%programfiles%\Google\Chrome\Application
CCoreChrome::GetStartpage
session/urls_to_restore_on_startup
session/startup_urls
CCoreChrome::GetStartupPages
CoreChrome.cpp
CCoreChrome::SetStartpage
CCoreChrome::SetStartPageOld
CCoreChrome::SetStartPageNew
%local_appdata%\Google\Chrome\User Data\Default\Web Data
SELECT value FROM meta WHERE key='Default Search Provider ID'
SELECT id, short_name, url FROM keywords where id = %s
CCoreChrome: Name param cannot be blank
CCoreChrome: keyword param cannot be blank
CCoreChrome::SetDefaultSearch
Found existing default search in Chrome: id=
failed to set Database keyword search!!
CCoreChrome: url param cannot be blank
http://www.yahoo.com/favicon.ico
failed to set database keyword search backup table!
Failed to set keyword hash!!
Chrome v25 or higher detected, skipping keyword_backup and keyword hashing..
Successfully set Default Search provider in chrome
keywords
CCoreChrome::SetDatabaseKeywordSearch
Successfully added default search data to keyword and meta tables
CCoreChrome::SetDatabaseKeywordSearchBackup
sql string is empty
UPDATE meta SET value='%s' WHERE key='Default Search Provider ID'
Successfully added default search data to keyword_backup and meta tables
CCoreChrome::FindSearchEntryID
keywords_backup
UPDATE meta SET value='%s' WHERE key='Default Search Provider ID Backup'
url like '%
url = '
SELECT id FROM keywords WHERE
keyword like '%
Setting existing default search in Chrome:
Error opening Chrome Web Data!
Please, don't change this Chrome setting
CCoreChrome::SetExistingDefaultSearchUrl
unable to set the database keyword hash!
Sqlite is not open!
SELECT id FROM keywords WHERE url='%s'
Looking up default search url:
CCoreChrome::LookupDefaultSearchUrl
LookupDefaultSearchUrl: id not found in row
CCoreChrome::IsPreferenceExist
SELECT id FROM keywords WHERE short_name='%s'
LookupDefaultSearchUrl: url not found in table
CCoreChrome::GetPreferenceInt
CCoreChrome::GetPreference
%local_appdata%\Google\Chrome\User Data\Default\Preferences
CCoreChrome::LoadChromePreferences
, suggest_url='%s'
WHERE id=%s
UPDATE %s set short_name='%s', keyword='%s', url='%s', favicon_url='%s'
, show_in_default_list=%s, safe_for_autoreplace=%s, input_encodings='%s'
short_name, keyword, favicon_url, url,
safe_for_autoreplace, originating_url, date_created, usage_count,
INSERT INTO %s (
'%s', '%s', '%s', '%s',
input_encodings, show_in_default_list, suggest_url, prepopulate_id,
created_by_policy, instant_url, last_modified, sync_guid) VALUES (
%s, '%s', %s, '%s')
CCoreChrome::GetHashData
%s, '%s', %s, %s,
'%s', %s, '%s', %s,
INSERT OR REPLACE INTO meta (key,value) VALUES (?,?)
SELECT id || short_name || keyword || favicon_url || url || safe_for_autoreplace || originating_url || date_created || usage_count || input_encodings || show_in_default_list || suggest_url || prepopulate_id || created_by_policy || instant_url || last_modified || sync_guid FROM keywords_backup ORDER BY id ASC
CCoreChrome::InsertHashSignature
select url from downloads_url_chains where url like '%%%s%%' order by id desc
%local_appdata%\Google\Chrome\User Data\Default\History
c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreSafari.h
Loading Safari cookies for url:[
safari.exe,safariurl,safari
%appdata%\Apple Computer\Safari\Cookies\Cookies.binarycookies
CoreSafari.cpp
%appdata%\Apple Computer\Safari\Cookies\Cookies.plist
Failed to get Safari version key!
-url "%s"
safari.exe
c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreOpera.h
EnumCookies is not implemented for Opera!
CCoreOpera::EnumCookies
CCoreOpera::SetCookie
SetCookie is not implemented for Opera!
CCoreOpera::LoadCookies
LoadCookies is not implemented for Opera!
opera.exe,opera.protocol,opera.url,opera,operanext,operastable
CCoreOpera::OpenUrl
OpenURL is not implemented for Opera!
opera.exe
launcher.exe
Software\Opera Software
%programfiles%\Opera Next
%programfiles%\Opera
CCoreFirefoxXpiInstaller::Install
CoreFirefoxXPIInstaller.cpp
install.rdf
CCoreFirefoxXpiInstaller::GetXpiInfo
xml.LoadBuffer failed on
Installing Firefox add-ons via package...
Firefox.exe not found!
CCoreFirefoxXpiInstaller::InstallAsPackage
Create install.rdf failed!
installiq.xpi
Error running Firefox!
Running Firefox to install add-ons:
xmlns:NC="http://home.netscape.com/NC-rdf#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">
[email protected]
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
*.*.*
CCoreFirefoxXpiInstaller::SetResult
Installed Firefox extension:
CCoreFirefoxXpiInstaller::CreateInstallRDF
Error creating install.rdf!
CCoreFirefoxXpiInstaller::GetExtensionsFolder
Can't get Firefox default profiles folder!
~nsu.tmp\
config.dat
Yahoo uninstall key not found
Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Software\Microsoft\Windows\CurrentVersion\Uninstall\
UninstallKey
Error replacing Yahoo Toolbar uninstall key!
ChromePriorSearchUrl
ChromeStartPage
UninstallKey=
FirefoxPriorStartPage
ChromePriorStartPage
FirefoxPriorSearchUrl
CoreBrowserOptionUninstaller.cpp
Not removing files because uninstallKey is empty
Error removing registry key from HKLM\
Bu_.exe
searchprotector.exe
config.xml
toolbar uninstall key was already replaced
replacing toolbar uninstall key
toolbar uninstall key not found, creating new add/remove entry...
Error replacing toolbar uninstall key!
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallX Search Protect for Yahoo
CoreSearchProtectorApp.cpp
CCoreSearchProtectorApp.ShutDown: window not found
Software\Microsoft\Windows\CurrentVersion\Run
/errorurl/text()
searchkeyword
chromesearch
chromestartpage
firefoxsearch
firefoxstartpage
errorurl
Software\Microsoft\Windows\CurrentVersion\Ext\Settings
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
CCoreFirefoxAddOn::LoadAddonDatabase
CoreFirefoxAddOn.cpp
%firefoxprofiles%\extensions.sqlite
SELECT active FROM addon where id = '%s'
extensions/settings/%s
CCoreDefaultSearchAPI::SetDefaultSearchByApiExe
dsapi.zip
dsurl
%s "%s"
KeyExists
SourceKey
hkey_local_machine
hkey_classes_root
hkey_current_user
hkey_current_config
multireg: key found:
multireg: unable to parse key:
multireg%d
1.1.0.6
//flag[%d]/text()
DetectionFile.cpp
Cannot evaluate .NET Version, .NET may not be installed!
wajam_validate.zip
extracted wajam exe file not found!
wajamexemissing
Unable to get returncode from wajam_validate.exe!
Timed out waiting for wajam_validate.exe!
wajam_validate.exe detection process result = %d
yahoo.com
google.com
ask.com
aol.com
live.com
msn.com
CDetectionYahooToolbar::IsInstalledFirefox
_firefox is NULL!
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
%firefoxprofiles%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf
DetectionFirefoxPrefs.cpp
CDetectionFirefoxPrefs::OnEvaluate
DetectionChromePrefs.cpp
_chrome is NULL!
CDetectionChromePrefs::OnEvaluate
DetectionCookie.cpp
CookieEvaluator.Add:
ApnStub.exe
asktbdet.zip
Ask detection process result = %d
/executeresult/text()
Missing ExecuteResult in requirement config!
/execute/text()
%programfiles%\iTunes\iTunes.exe
msnmsgr.exe
SOFTWARE\Microsoft\Windows Live\Messenger
ydetect.yhp
ydetect.ytb
ydetect.yas
Rules.cpp
RegKeyExists
)] disabled because of minimum windows version.
minwindowsversion
DetectionRule.cpp
Disabled; rule target is not Firefox
Disabled; Chrome is not installed
Disabled; Firefox is not installed
Disabled; rule target is not Chrome
CoreIEHost.cpp
m_WebBrowserEvents failed
IWebBrowser2 failed
_WebBrowserEvents failed
url1=
shell.Initialize failed!
url2=
_webBrowser->Quit failed!
Not initialized or _webBrowser is NULL!
Sending Quit to web browser...
CCoreIEHost::DeleteHistoryUrl
CCoreIEHost.OnDocumentComplete:
WebBrowser object is NULL!
Error: Collection didn't support IHTMLElementCollection!
*** set key code to 0 ****
Url is null!
%s, %s, l=0xx
[0x%X]
d:%s
CCoreSqlite::OpenDatabase
CCoreSqlite::CloseDatabase
CCoreSqlite::ExecuteStatement
sqlite3_exec failed, returned error:
CoreSqlite.cpp
dbexecerror
CCoreSqlite::StandardExecuteCallback
CCoreSqlite::PrepareCompiledStmt
Failed to prepare compiled statement, sqlite returned error: %d
sqliteerror
Cannot prepare statement, sql is empty!
sqlempty
CCoreSqlite::BindTextToCompiledStmt
CCoreSqlite::ExecuteCompiledStmt
bind text failed, errorcode=%d
CCoreSqlite::CheckStmtRowValid
sqlite3_step failed, errorcode=%d
sqlitestepfailed
Cannot get row results: statement has not executed!!
sqlite3_finalize failed, errorcode=%d
CCoreSqlite::CloseCompiledStmt
SQLITE_
d:d:d
d-d-d
d-d-d d:d:d
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
922337203685477580
API call with %s database connection pointer
RowKey
%s-shm
%s\etilqs_
OsError 0x%x (%u)
invalid page number %d
Recovered %d frames from WAL file %s
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
2nd reference to page %d
Failed to read ptrmap key=%d
Page %d:
unable to get the page. error code=%d
failed to get page %d
freelist leaf count too big on page %d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On page %d at right child:
Multiple uses for byte %d of page %d
Fragmentation of %d bytes reported as %d on page %d
Corruption detected in cell %d on page %d
Page %d is never used
Pointer map page %d is referenced
unknown database %s
Outstanding page count goes from %d to %d during this analysis
keyinfo(%d
%s(%d)
%s-mjX
foreign key constraint failed
bind on a busy prepared statement: [%s]
unable to use function %s in the requested context
zeroblob(%d)
cannot open savepoint - SQL statements in progress
no such savepoint: %s
abort at %d in [%s]: %s
constraint failed at %d in [%s]
cannot %s savepoint - SQL statements in progress
cannot rollback transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
sqlite_temp_master
cannot change %s wal mode from within a transaction
database table is locked: %s
statement aborts at %d: [%s] %s
cannot open virtual table: %s
cannot open view: %s
cannot open value of type %s
indexed
cannot open %s column for writing
no such column: "%s"
foreign key
misuse of aliased aggregate %s
%s: %s
not authorized to use function: %s
%s: %s.%s.%s
%s: %s.%s
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
variable number must be between ?1 and ?%d
too many SQL variables
Expression tree is too large (maximum depth %d)
too many columns in %s
EXECUTE %s%s SUBQUERY %d
%.*s"%w"%s
misuse of aggregate: %s()
sqlite_rename_trigger
sqlite_rename_parent
%s%.*s"%w"
sqlite_rename_table
type='trigger' AND (%s)
%s OR name=%Q
table %s may not be altered
view %s may not be altered
there is already another table or index with this name: %s
sqlite_
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_stat1
sqlite_altertab_%s
SELECT tbl, idx, stat FROM %Q.sqlite_stat1
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE tbl=%Q
database %s is already in use
invalid name: "%s"
too many attached databases - max %d
unable to open database: %s
no such database: %s
database %s is locked
sqlite_detach
cannot detach database %s
access to %s.%s.%s is prohibited
sqlite_attach
%s %T cannot reference objects in database %s
access to %s.%s is prohibited
object name reserved for internal use: %s
too many columns on %s
duplicate column name: %s
there is already an index named %s
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
default value of column [%s] is not constant
table "%s" has more than one primary key
no such collation sequence: %s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE %s %.*s
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
use DROP VIEW to delete view %s
DELETE FROM %s.sqlite_sequence WHERE name=%Q
table %s may not be dropped
use DROP TABLE to delete table %s
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
unknown column "%s" in foreign key definition
indexed columns are not unique
virtual tables may not be indexed
there is already a table named %s
table %s may not be indexed
views may not be indexed
table %s has no column named %s
index %s already exists
sqlite_autoindex_%s_%d
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
CREATE%s INDEX %.*s
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
a JOIN clause is required before %s
cannot modify %s because it is a view
unable to identify the object to be reindexed
table %s may not be modified
sqlite_source_id
sqlite_compileoption_used
sqlite_version
sqlite_compileoption_get
table %S has %d columns but %d values were supplied
%d values for %d columns
foreign key mismatch
%s.%s may not be NULL
PRIMARY KEY must be unique
table %S has no column named %s
no entry point [%s] in shared library [%s]
error during initialization: %s
sqlite3_extension_init
unable to open shared library [%s]
automatic extension loading failed: %s
foreign_keys
foreign_key_list
*** in database %s ***
unsupported encoding: %s
unsupported file format
malformed database schema (%s)
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
unknown or unsupported join type: %T %T%s%T
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
ORDER BY clause should come after %s not before
COMPOUND SUBQUERIES %d AND %d %s(%s)
no such index: %s
sqlite_subquery_%p_
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
no such table: %s
sqlite3_get_table() called with two or more incompatible queries
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
no such column: %s
no such trigger: %S
-- TRIGGER %s
cannot VACUUM - SQL statements in progress
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
PRAGMA vacuum_db.synchronous=OFF
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
vtable constructor did not declare schema: %s
vtable constructor failed: %s
table %s: xBestIndex returned an invalid plan
no such module: %s
%s AS %s
%s SUBQUERY %d
%s TABLE %s
%s USING INTEGER PRIMARY KEY
%s (rowid=?)
%s USING %s%sINDEX%s%s%s
%s (rowid
%s VIRTUAL TABLE INDEX %d:%s
%s (rowid>? AND rowid
%s (rowid>?)
cannot use index: %s
%s (~%lld rows)
at most %d tables in a join
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
unable to close due to unfinished backup operation
SQL logic error or missing database
unknown operation
large file support is disabled
no such vfs: %s
unknown database: %s
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
database corruption at line %d of [%.10s]
CoreIEControl.cpp
CoreHtmlDialog.cpp
onBeforeNavigate2 called, url=
CoreDialogCloseProcess.cpp
uxtheme.dll
urlarg:
%s/uninstallkeys/key[%d]/text()
/uninstallkeys/key
%s/uninstallkeys/key[%d]/attribute::type
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Unknown uninstall key type encountered, skipping lookup
Postback url is empty, skipping postback.
chromeaddonlogic
Target browser is unknown or unsupported; defaulting postback target browser to IE
chromeaddonLogic is true
postbackresponse.dat
norm.ieauto
alt.shell(2)
Opening Product Fail Url:
norm.shell(2)
norm.silent(3)
alt.ff
alt.chrome
alt.ie
IQPostback.cpp
alt.safari
alt.shell
Opening thank you page in Firefox:
Opening thank you page in Chrome:
Can't open thankyou page because the url is invalid:
Unable to open thankyou page.. turning off ShellExecute on URL (result may have still been launched)
ShellExecuteEx:
c:\tfs.vs2012\admin\windows\main\Installer.Common\Installer.Common.Dialogs\IQDialogManager.h
%s,%d,%d,%d,%d,%d,%d,%d,%d
icons
offers
%s,v=%s,id=%s,rc=%d,e=%d,v=%d,c=%d,a=%d,i=%d,%s,err=%d,cf=%d,acc=%d,%u,%u,%u,%u,exc=%d
%s,%s,%d,%d,%s,%s,%d
t=%s,c=%d
%s_%s.d.%s
Software\Microsoft\Windows\CurrentVersion\Uninstall
hklm,%s,%d,%s
hkcu,%s,%d,%s
%s,%d,%s,"%s",%s
%s:v=%s,rc=%d,os=%s,%s,%s|ie=%s
%s:v=%s,id=%s,rc=%d,f=%d,e=%d,i=%s,p=%s,pb=%s,ex=%s,tr=%s,px=%d
%s,v=%s,id=%s,os=%d,rc=%d,v=%s,c=%s,l=0xx,spp=%s,epp=%s
%s,%s,rc=%s
INST_ie7searchurl
%s,%s,rc=%s,%d
%s,%s,rc=%s,%u,%u
%s,%s,rc=%s,%u,%u,%u,%u,%u
,os=%d,msi=%d.%d
%system%\msiexec.exe
,os=%d,sp=%d
%s|%s
%s,%s,%u,%u,%d,%s
%s,v=%s,id=%s,rc=%d,%u,%u,%d,%u,%u,%d,acc=%d,%u,%u,%u
v=%s,id=%s,rc=%d,%u
%s,%s,%s,%s,%s
%s,v=%s,id=%s,rc=%d,acc=%d,%u,%u,%u,%u,%u,%u
%d,%d,%d,%d,%d,%d,%d
%s,%s,%s
[%d,%d]
%s,%d,%d
%s,%d,%d,%s,%s,%s,%d,%s
%s,%d,%d,%s,%s,%s
%s,%d,%d,%d,%s,%s,%d,%d,%d,%d,%d,%d
%s,%s,%s,%d,%s,%d,%s,%s,%s
%s,%s,%d,%s,%s
%s|%d|%s
%Y%m%d
%s,%d,%s,%s,%s,%s
%s,%d,%s,%d
addonpostbackurl
thankYouPageUrl=
IQAddOnStatus.cpp
addon postback url is empty!
addonpostback_response.html
c:\tfs.vs2012\admin\windows\main\Installer.Desktop.Application\ReleaseNoMFC\FreezeWrapWin.pdb
COMCTL32.dll
KERNEL32.dll
USER32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
PSAPI.DLL
VERSION.dll
USERENV.dll
InternetCrackUrlA
InternetCombineUrlA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
WININET.dll
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
UrlEscapeA
SHDeleteEmptyKeyA
SHLWAPI.dll
IsValidURL
urlmon.dll
RPCRT4.dll
GetProcessHeap
GetWindowsDirectoryA
GetCPInfo
EnumWindows
EnumChildWindows
GDI32.dll
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
ADVAPI32.dll
ShellExecuteExA
gdiplus.dll
CRYPT32.dll
GetKeyboardState
COMDLG32.dll
zcÁ
.?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@
.?AVCCoreStringUrl@@
.?AV?$CAtlArray@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@@ATL@@
.?AV?$CCoreEntryPoint@P6GJPAUHKEY__@@PBDKK@Z@@
.?AVCCoreRegKey@@
.?AVexecution_error@TinyXPath@@
.?AV?$CFlags@W4WebArgFlag@@@@
.?AV?$_Ref_count_obj@VCDetectionChromePrefs@@@std@@
.?AV?$_Ref_count_obj@VCDetectionFirefoxPrefs@@@std@@
.?AVCIQOfferEXE@@
.?AVCIQUReporter@@
.?AV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@PAXV?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V?$CElementTraits@PAX@2@@ATL@@
.?AV?$CFlags@W4CoreFirefoxCache@@@@
.?AVCCoreFirefox@@
.?AVCCoreChrome@@
.?AV?$_Func_impl@U?$_Callable_obj@V?$_Bind@$00XU?$_Pmf_wrap@P8CCoreChrome@@AEXPAVCCoreSqlite@@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@ZXV1@PAV2@PAV34@U_Nil@std@@U56@U56@U56@U56@@std@@QAVCCoreChrome@@AAV?$_Ph@$00@2@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@U_Nil@2@U72@U72@U72@@std@@$0A@@std@@V?$allocator@V?$_Func_class@XPAVCCoreSqlite@@U_Nil@std@@U23@U23@U23@U23@U23@@std@@@2@XPAVCCoreSqlite@@U_Nil@2@U52@U52@U52@U52@U52@@std@@
.?AV?$_Func_base@XPAVCCoreSqlite@@U_Nil@std@@U23@U23@U23@U23@U23@@std@@
.?AV?$CFlags@W4CoreChromeCache@@@@
.?AV?$_Bind@$00XU?$_Pmf_wrap@P8CCoreChrome@@AEXPAVCCoreSqlite@@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@ZXV1@PAV2@PAV34@U_Nil@std@@U56@U56@U56@U56@@std@@QAVCCoreChrome@@AAV?$_Ph@$00@2@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@U_Nil@2@U72@U72@U72@@std@@
.?AVCCoreOpera@@
.?AV?$CFlags@W4CoreOperaCache@@@@
.?AVCCoreFirefoxXpiInstaller@@
.?AVCCoreFirefoxAddOn@@
.?AVCCoreChromeExtension@@
.?AVCDetectionFirefoxPrefs@@
.?AVCDetectionChromePrefs@@
.?AVCCoreWebBrowserEvents@@
.?AUDWebBrowserEvents2@@
.?AV?$CAtlArray@UWebArg@@V?$CElementTraits@UWebArg@@@ATL@@@ATL@@
.?AVCCoreWebArgs@@
.?AVCCoreSqlite@@
.?AV?$CAtlArray@PAV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V12@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V32@@ATL@@V?$CElementTraits@PAV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V12@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V32@@ATL@@@2@@ATL@@
.?AVCCoreSqliteResult@@
.?AVCIQWebArgs@@
c:\%original file name%.exe
@.reloc
Vista.BadArgs
\cookie.ini
\cookie.dat
Vista.BadArgs2
Domain%d
Name%d
\cookie%d.dat
\cookie%d.ini
Vista.NoAppLow
Vista.WideFail
Vista.GetCookieFail
Vista.AllocFail
Vista.CreateFileError
Vista.WriteFileError
SetCookie%d
Vista.SetCookieError
Error: %d. %s
c:\tfs.vs2012\admin\windows\main\Installer.Desktop.Application\ReleaseNoMFC\Installer.CookieMan.pdb
3 3%3,323
dsapi.exe
~S.em
.oIJLHLLK
MN.LN
dsapi.exePK
T.qmu
Url 87
(.ALPO
.STBs
6.GQr
Hu.nbKzO
pI.sqO
Db.bE
B(P%S
u.oq$
]j.cA
==.vp
 g.oLWJ
wajam_validate.exe
wrapper.xmlPK
autorun.txtPK
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
@mscoree.dll
combase.dll
- CRT not initialized
- Attempt to initialize the CRT more than once.
- floating point support not loaded
USER32.DLL
777705555443332
5555443332
5555443332
mscoree.dll
Send Error Report
Send Error Report?
s de [email protected].
Debe cerrar Firefox para poder continuar. Presione OK (Aceptar) para cerrarlo ahora. Es probable que deba cerrarlo manualmente.
Please email Customer Support at [email protected] if you need further assistance.
To exit completely without installing your software, click the Cancel button.pFirefox must be closed before continuing. Press OK to close Firefox now. You may need to close Firefox manually.
We have created an error report that you can send to help improve #ProductName#. The report contains no Personally Identifiable Information (PII) and will only be used by us.
Would you like to submit this report?
n~Debe cerrar Chrome para poder continuar. Presione OK (Aceptar) para cerrarlo ahora. Es probable que deba cerrarlo manualmente.
InstallationmChrome must be closed before continuing. Press OK to close Chrome now. You may need to close Chrome manually.
This installation was unable to load the file specified. This is an installation program and should not be set as the default program for any file type.yYour browsers must be closed before continuing. Press OK to close your browsers now. You may need to close them manually.
2.140.0.0
InstallIQ.exe

%original file name%.exe_1244:




.text
`.text-deS
`.text-com
`.text-co
`.text-ti
`.text-co;
`.text-co=0
`.text-co)k
`.text-coF
`.text-con
`.text-co9
`.text-co.:
`.rdata
@.data
.data-de-
.data-co
.data-co8
.data-co(
.data-co4
.data-ti
.data-co,
.data-coP
.data-co0
.data-cot
.rsrc
<-t}<.
CSShZ
D$
uDPh
CSSh3
CSSh8
CSSh=
CSShk
CSSh`
CSSho
FTPQW
1t.Ht
D$TCP
t.VSSQ
CSSh-
t5SSh3
<:%u4
t8Ht.HHt#
.FGy1
Af;FP}%S3
|$|.tD
#t.Ht
 2 34 567
u.SSV
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
Operation not permitted
Inappropriate I/O control operation
Broken pipe
operator
GetProcessWindowStation
CInstallIQApp::ReportIQUInstalls
c:\tfs.vs2012\admin\windows\main\installer.desktop.application\installer.desktop.application\InstallIQApp.h
0xX
Invalid CRT parameter
InstallIQApp.cpp
stubinfo.ini
autorun.txt
wrapper.xml
ProductFailUrl
CInstallIQApp::InstallProductUrl
Called InstallProductUrl on a restricted install!
Unable to launch product url, url is empty!
download failed!! url=
msiexec.exe /i "%s"
direct Product install finished, returncode=%d
https://installer.freeze.com/LogError.aspx
stub.log
noexe
timings.txt
Process exit code = %u (0xX)
Extraxt however is an .exe, still sending logfile
stub extract failed on exe
InstallIQStub.cpp
IQErrorSender.cpp
(%d more)
statsd.response.txt
Web.Installer.InstallIQ.CommError
Web.Installer.InstallIQ.InstallError
Web.Installer.InstallIQ.OfferDownloadError
Web.Installer.InstallIQ.OfferInstallError
Web.Installer.InstallIQ.OfferInstallFailed
offer was accepted but failed to download, HTTP error=%d
offer was accepted but failed to install. Err=%d
c:\tfs.vs2012\admin\windows\main\Installer.Common\Installer.Common.Dialogs\IQDialogMain.h
c:\tfs.vs2012\admin\windows\main\installer.desktop.application\installer.desktop.application\MainWnd.h
MainWnd.cpp
mainwnd.cpp
PostStartMsg
" style="position:absolute; top:0; left:0; z-index:9999;" onclick="$('#iq_heatmap').remove()" />
dialog.demo.xml
http://www.w3i.com
Skipping enable add-ons step because url is empty.
crterr:%d
HRESULT:0x%X
Win32Err:%d
@ line %d in function <%s>.
wininet.dll
Unknown error: %d
IDispatch error #%d
LoadLibrary failed in loading current exe:
CoreResource.cpp
CStringW.GetBuffer failed!
0xx
-- %s line %d --
L%d:d.d.d_d:d:d.d
[X]
%s_%x%x%x%x%x
CoreFile.cpp
%s. {%s} @ line %d in function <%s> in module %s.
HRESULT:0x%X
Win32Err:%d
HttpStatus:%d
Error:%d
http://
https://
ftp://
CoreThread.cpp
CoreProcess.cpp
ShellExecuteCommand:
CCoreProcess::ShellExecuteCommand
Failed to execute command:
CCoreProcess::ShellExecuteCommandAndWait
CCoreProcess::CloseProcessWindowsByModuleName
ntdll.dll
CCoreProcess::GetProcessExe32
CCoreProcess::GetProcessExe64
kernel32.dll
CoreTiming.cpp
CommandLine.cpp
Exception %X in module %s at: 0x%p.
dbghelp.dll
0x%p %s
CoreEvent.cpp
0.0.0.0
%u,%u,%u,%u
CoreXml.cpp
_ftprintf_s failed writing header to
]/Key/text()
CCoreXml::ParseRequiredKeyValue
CCoreXml::ParseRequiredKeyInt
%Y-%m-%dT%H:%M:%S
CCoreSystem::GetWindowsVersionId
CoreSystem.cpp
Missing windows version, check the code!!
SOFTWARE\Microsoft\Windows NT\CurrentVersion
%s (Build %d)
Unknown OS! Major: 0xX, Minor: 0xX
CCoreSystem::CacheWindowsInfo
%windows%
%system%
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Þsktop%
Þsktopdir%
%userprofile%
%firefoxprofiles%
%s0x%.2x%.2x%.2x%.2x%.2x%.2x-
SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322
SOFTWARE\Microsoft\.NETFramework\policy\v1.0
3321-3705
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
Iphlpapi.dll
%I64u%s
Alpha %d
PPC 6d
%windows%\Desktop
Advapi32.dll
shell32.dll
CoreVista.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_CONFIG
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
CCoreRegKey::Create
Warning: HKEY_CLASSES_ROOT opened for writing! This can lead to unpredictable results.
RegCreateKeyEx failed on key=
CCoreRegKey::Open
RegOpenKeyEx failed on key=
Registry key is not open! (
CCoreRegKey::GetValueType
CoreRegKey.cpp
CCoreRegKey::GetValueSize
CCoreRegKey::GetValueString
CCoreRegKey::GetValue
CCoreRegKey::SetValue
CCoreRegKey::DeleteValue
CCoreRegKey::DeleteKey
RegDeleteKeyExA
RegDeleteKeyEx failed on
RegDeleteKey failed on
CCoreRegKey::EnumSubKeys
CCoreRegKey::EnumValueNames
CCoreEntryPoint::CCoreEntryPoint
CCoreEntryPoint::LoadProcAddress
%s.%s
iexplore,ie.http
Failed to get IE version key!
Loading IE cookies for url:[
%a, %d-%b-%Y %H:%M:%S GMT
wrote %d cookies
cookie.dat
Vista.NoResult
Vista.SavedLow
Vista.NoCookies
domains.dat
cookie.ini
Vista.SetCookie
cookieman.exe
CoreInternetExplorer.cpp
-noframemerging "%s"
Unable to find iexplore.exe, using shell execute (with possible warnings)
iexplore.exe
ie.http\shell\open\command
Default search regkey not found (may be a brand new install)
EnumSubKeys failed!
ieframe.dll
url is empty!
Replacing existing provider url:
Error setting provider url!
DefaultSearchUrl
CCoreInternetExplorer::FindFirstHistoryUrl
FindFirstUrlCacheEntry() failed!!
findfirsturlfailed
CCoreInternetExplorer::FindNextHistoryUrl
FindUrlCache handle is null!! Did you call FindFirstHistoryUrl first??
FindNextUrlCacheEntry() failed!!
findnexturlfailed
CCoreInternetExplorer::FindCloseHistoryUrl
FindCloseUrlCache() failed!!
findcloseurlfailed
msgText is required!
msgTitle is required!
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
http\shell\open\command
CoreBrowser.cpp
Can't find shell associations or shell command reg keys!
Dll %s failed, resultcode = %x
SymCCIS2.zip
SymCCIS.dll
RunDLL productlist="%s" resultcodes="%s"
SCCLog.txt
SymCCIS_CheckCriteria.txt
___________________SCCLog.txt____________________
____________SymCCIS_CheckCriteria.txt____________
CoreDownloader.cpp
HTTP Status %d: %s
apiUrl is null!
API url is invalid!
%m/%d/%Y
wininet: HTTPSendRequest success - file block #
CoreWininet.cpp
wininet: HTTPSendRequest failed - file block #
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
wininet: connecting to %s:%d
HTTPSendRequest:
CCoreWininet::HTTPSendRequest
wininet: HttpOpenRequest failed!
httpopenrequest
wininet: Request handle is NULL after HttpSendRequest!
httpreqerr
unable to set wininet http decoding
Content-Type: application/x-www-form-urlencoded
wininet: HttpAddRequestHeaders (post flag) failed!
httpaddheaders
Range: bytes=%u-
Range: bytes=%u-%u
wininet: HttpAddRequestHeaders (range specification) failed!
httpaddheader
wininet: HttpSendRequest failed! (verb=
httpsendreq
httptimeout
wininet: HttpSendRequest failed!
wininet: HttpQueryInfo failed!
httpqueryinfo
httpproxy
wininet: Server responded with error: %d, %s. %s %s
httpstatus
wininet: HttpSendRequest: status OK received
wininet: HttpQueryInfo for content range failed!
wininet: HttpQueryInfo for file size failed!
wininet: Operation cancelled by caller.
Software\Microsoft\Windows\CurrentVersion\Internet Settings
CoreDownloadThread.cpp
01234567
PackageZlib.cpp
Error: %d bytes of %d read from file %s.
unzOpenCurrentFilePassword failed!
Error: %d bytes of %d were written to file %s.
unzOpenCurrentFilePassword failed! err=
Package.cpp
&#xX;
%s="%s"
%s='%s'
version="%s"
encoding="%s"
standalone="%s"
zip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll
1.2.7
deflate 1.2.7 Copyright 1995-2012 Jean-loup Gailly and Mark Adler
inflate 1.2.7 Copyright 1995-2012 Mark Adler
SQLite format 3
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
CREATE TABLE sqlite_master(
sql text
3.7.5
CREATE TEMP TABLE sqlite_temp_master(
IQDownloader.cpp
AddDownload failed! url=
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.comm\IQCommThread.h
iehost.CreateStandalone failed!
iehost.Navigate failed!
IE open url:
CIQComm::IEOpenUrl
openurlie
Shell open url:
CIQComm::ShellOpenUrl
ShellExecuteEx failed!
openurlshell
productfailurl
producturl
fastwelcomedisclosureurl
detectionurl
pingurl
postbackurl
logfileurl
ieaddonbarmonitorurl
addonprompturl
trusturl
uninstalloption.publisher
searchprotector.publisher
statsdurl
prddiscimageurl
urlmon
CIQWrapperConfig::PromptForPingUrl
IQWrapperConfig.cpp
PromptForPingUrl called in production mode!!
1234567890
00000000-0000-0000-0000-000000000000
Ping File (ping.*.dat; ping.*.xml)|ping.*.dat; ping.*.xml|Text Files (*.txt)|*.txt|All Files (*.*)|*.*||
%programfiles%\Free Offers from Freeze.com\control.txt
%programfiles%\Free Offers from InstallX\control.txt
rule.LoadXml failed! type=
Excluded detection rule: "%s" type="%s" id="%s"
Number of parsed rules is not equal to rule count, parsed=%d, count=%d
regkey
chromeprefs
firefoxprefs
IQXmlDetection.cpp
detectionrules.dat
IQDetectionManager.cpp
Unhandled case in IQDetectionManager.EvaluateRulesAccelerated!
%s: %0.2f
Chrome
Firefox
Invalid flag in ExecuteResult:
CIQXmlRequirements::ParseExecuteResult
Running requirement.OnCancel:
Running requirement.OnInstall:
Running requirement.OnExit:
requirement.OnCancel is empty, skipping.
Software\Microsoft\Windows\CurrentVersion\RunOnce
requirement.OnExit is empty, skipping.
%s[%d]
passed
CIQXmlRequirements::RunExecute
IQDetectionThread.cpp
IQProgressDialog.cpp
NULL dialog passed to AddDialog!
%programfiles%\Core Services\IETester\IETester.exe
explorer.exe
IQDialogMain.cpp
welcomestats.dat
IQDialogIE9AddOn.cpp
chromeextensioncount
chromeextension
IQXmlDialogDownload.cpp
IQXmlDialogOffer.cpp
|%s,%s
{prddiscimageurl}
IQXmlInstallItem.cpp
chrome
firefox
IQXmlDialog.cpp
betamsg
found for Fast Welcome!! hardcoding to exe
found for IQU in Fast Welcome!! hardcoding to exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallIQ Updater
Software\Microsoft\Windows\CurrentVersion\Uninstall\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}
Software\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall Helper
%programfiles%\W3i\InstallIQUpdater\InstallIQUpdater.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\{D322CFF6-BE33-47DA-BB9E-617C97B7AB36}
%programfiles%\W3i\UninstallHelper\UninstallHelper.exe
Invalid offer type=%s found in ping for %s.
Unknown offer type=%d in AddOffer. ConfigId=%s, OfferId=%s.
IQOfferManager.cpp
WaitForAllOffers: timed out waiting for %d offers after %d seconds.
Restarting Firefox...
Not restarting firefox; postback will open Firefox window..
Restarting Chrome...
Not restarting chrome; postback will open chrome window..
Chrome state=
control.txt
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.offers\IQOfferBase.h
CIQOfferBase::ExpandUrl
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.offers\IQOfferBaseInstall.h
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.offers\IQOfferBaseCustom.h
Setting offer checkbox value: key=
chk_chrome
chk_firefox
CIQOfferEXE::GetXpiFilename
c:\tfs.vs2012\admin\windows\main\installer.common\installer.common.offers\IQOfferEXE.h
postinstallexecute
cmdline_iexplore
/cmdline_iexplore
cmdline_chrome
cmdline_firefox
postinstallexecuteintegrity
firefoxinstalltype
firefoxpref
naffkeywordurl
LUA account detected, and flag lua_runasdesktopuser detected, forcing executeAsDesktopUser
stopchrome
CIQOfferEXE::OnInstall
iconurl
Firefox preferences set=
Icon offer (in exe config) detected, running icon install
CIQOfferEXE::RunOfferInstaller
chromecancel
User canceled during Chrome shutdown!
rundll32.exe "%s" %s
msiexec.exe /i "%s" %s
msiexec.exe /i "%s" /qn ALLUSERS=2 REBOOT=ReallySuppress
CIQOfferEXE::BuildCommandLine
User canceled during Firefox shutdown!
Could not find firefox exe to install
Offer is installing XPI for Firefox 8 or higher, enabling GUI.
"%s" "%s"
"%s" -install-global-extension "%s"
"%s" %s
#NAFFKEYWORDURL#
CIQOfferEXE::InstallXpi
CIQOfferEXE::CancelXpiInstall
IQOfferEXE.cpp
CIQOfferEXE::RunOfferInstallerAsDesktopUser
badprocesshandle
CIQOfferEXE::WaitForOfferInstaller
process exit code: %d
CIQOfferEXE::WaitForProcessStarted
CIQOfferEXE::WaitForRegistryValue
Looking for Key:
Registry key (64-bit) found.
Registry key found.
CIQOfferEXE::WaitForFile
CIQOfferEXE::StartAppRegistryValue
PostInstallExecute:
Skipping post-install execute due to Simulation mode..
Cannot run post-install execute, file does not exist:
PostInstallExecute command failed!
CIQOfferEXE::PostInstallExecute
CIQOfferEXE::HandleFirefoxOptions
http:
HandleFirefoxOptions called with incorrect preferences set in config!
upromise.com,tsInstallContext=w3i|#PRODUCTID#|,now 7,/,no
Diagnostics: running upromise.com cookie handling...
upromise.com
upromise.com cookie test for IE failed!
upromise.com cookie test for Firefox failed!
Firefox shutdown rejected!
CIQOfferEXE::InsertCookie
Setting cookies in low-integrity context (windows vista)
CIQOfferEXE::RunIconInstall
%s_%s.url
%programfiles%\Free Offers from Freeze.com
CIQOfferEXE::InstallDejebelDll
IQInstallSearchProtector.cpp
browser.startup.homepage
cannot set startpage; firefox is currently running!
CCoreFirefox::SetStartpage
browser.startup.page
Setting Offer option to %d
googlechrome
Setting Firefox StartPage:
Setting Chrome Startpage:
CIQOfferStartPage::SetFirefoxStartPage
CIQOfferStartPage::SetChromeStartPage
Failed to write Firefox pref!
failchromestartpage
Unable to set chrome startpage
Successfully set chrome startpage
IQOfferStartPage.cpp
startpageurl
oldstartpageurl
http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
http://dl.installiq.com/api/osd/osd.aspx
http://search.yahoo.com/favicon.ico
chromesearchprovider
chromename
dsapiurl
chromefaviconurl
chromekeyword
chromesuggesturl
Internet Explorer 6 doesn't support default search!
Missing url!
ie7nourl
Attempting to set Default Search via API exe
ie6scnourl
CIQOfferDefaultSearch::SetFirefoxSearchEngine
Simulation mode, setting Firefox default search engine:
Failed to write Yahoo xml for Firefox!
Failed to set keyword.URL Preference for Firefox!
Simulation mode, setting chrome default search engine:
CIQOfferDefaultSearch::SetChromeSearchEngine
chromefail
Failed to set default search from chrome
IQOfferDefaultSearch.cpp
oldsearchurl
searchurl
\apps.ini
toolbarurl
toolbarregkey
Missing data for firefox toolbar install! Name:
Failed to write Firefox pref (GUID)!
.guid
.Var1
Software\%s\Toolbar
heartbeat_url
cmdargs
http://airdownload.adobe.com/air/win/download/latest/AdobeAIRInstaller.exe
AdobeAirInstaller.exe
%programfiles%\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
"%s" %s "%s"
%windows%\Web\Wallpaper
InstallIQFirefoxLock
IQOfferBaseInstall.cpp
CIQOfferBaseInstall::WaitForFirefoxLock
Waiting for Firefox lock...
_firefoxLock is already created!
Releasing Firefox lock
Firefox lock status:
uninstalloption.exe
stopfirefox
ischromeaddon
chromeclassid
dynamic_separator_on_cmdline_append
config.ini
IQOfferBaseCustom.cpp
ini.WriteString failed!
lib\settings.db
insert into Application (ProductSessionId, ApplicationTypeId, ApplicationId) VALUES ('%s',%s,'%s')
Error; uninstalloption.exe doesn't exist (after download and extract!)
Failed to extract uninstall option exe!
Error copying uninstalloption.exe to program files!
error downloading uninstall option url!
downloadurl
%s - %s
IQOfferFile.cpp
templateurl
disclosureurl
previewurl
regkeyadd
ieregkey
images/disclosure/imageurl
firefox.
chrome.
%s (err=%d, info=%s)
IQOffer.cpp
CIQOffer::StopFirefox
Stop Firefox message not set!
CIQOffer::StopChrome
Stop Chrome message not set!
Bad RegKeyAdd config; not correct format: (missing hive \ )
Bad RegKeyAdd config; not correct format: (missing = )
Bad RegKeyAdd config; not correct format: (missing , )
RegKeyAdd:
unable to set regkey from following RegKeyAdd:
unable to set regkey from following IERegKey:
unrecognized values in RegKeyAdd:
unrecognized values in IERegKey:
IERegKeyAdd:
http://download.freeze.com/lm/
%s/*[%d]/text()
IQPing.cpp
CIQPing::Execute
ping.dat
CIQUReporter::SendOffersToIQU
%programdata%\W3i\UninstallHelper\iqu.ini
2.0.1.0
%s,%s
IQUReporter.cpp
%programdata%\W3i\UninstallHelper\import
CIQUReporter::OutputXmlData
Failed to save IQU data, too many import files in directory!
CoreXml.SaveFile failed!
freezewrap.xml
freezewrap%d.xml
CIQUReporter::CheckUHVersion
softwareinfo%d.xml
CIQUReporter::MakeSoftwareInfoRequest
softwareinfo.xml
Failed to save SoftwareInfo data, too many import files in directory!
http://dl.installiq.com/API/IQU/SoftwareInfo.aspx
CIQUReporter::RunUninstallHelper
"%s" /silent /noswinfo
http://installer.freeze.com/testpost.asp
http://dl.installiq.com/postback/V1/landing.aspx
opera
%d,%d,%d,%s,%s
%s,%d,%d,%d
WrapperConfig.LoadAutoRun failed!
WrapperConfig.LoadCommandLine failed!
WrapperConfig.Initialize failed!
WrapperConfig.LoadWrapper failed!
Software\Freeze.com\Installer
%Y%m%d%H%M%S
FreezeWrapEngine.cpp
Unable to copy old offere history values; unable to create new regkey location!
attempting to copy old offer history values to new key
Missing Detection URL
detecturlmissing
keyid
%m%d%Y
Missing template url for fast welcome!
Performing postback, returncode=%d, failed=%d, err=%d...
Downloading %s...
Product type is not supported in ExpressWay!
typenotsupported
/restart=%d
Diagnostics: running CookieManager.HandleCookies...
%s:%d
FF.GetCookiesError
FF.NoCookies
handling firefox cookies...
FF.SetCookies
firefox: set cookies
firefox: no cookies found
FF.SetCookieError
Error enumerating firefox cookies!
firefoxenum
getting firefox cookies for
CCookieManager::GetFirefoxCookies
IE.FoundCookies
IE.EnumCookieError
IE.NoCookies
Vista.ExtractError
Vista.CopiedLow
Vista.CreateLowError
handling chrome cookies
Chrome: no cookies found
Chrome.SetCookieError
Chrome.GetCookiesError
Chrome.NoCookies
getting Chrome cookies for
CCookieManager::GetChromeCookies
Chrome.SetCookies
Chrome: set cookies succeeded
Safari.GetCookiesError
Error enumerating chrome cookies!
chromeenum
Safari.SetCookieError
Safari.SetCookies
Safari.NoCookies
IQNotifyBarThread.cpp
PackageManager.cpp
SessionScraperThread.cpp
CoreIEHost.CreateExisting failed!
producturlmissing
ExpressWay Product Url is missing!
hkey is NULL!
subKey is NULL!
UniqueId.cpp
%s(%s);
CoreJSON2.cpp
Node path not valid; node "%s" in path "%s" is not type Node!
Encryption key not initialized!
\/:*?"<>|
Failed to create URL file!
createurlfilefail
ShellWindows.Item failed!
Shell.CreateInstance failed!
browser.search.selectedEngine
keyword.URL
browser.search.defaultenginename
firefox.exe,firefox.url,firefoxportableurl,firefoxurl,firefox
MozillaUIWindowClass
MozillaWindowClass
Software\Mozilla\Mozilla Firefox
Failed to get Firefox version key!
firefoxver
CCoreFirefox::GetVersion
Profile%d
Firefox versions prior to 3 are not supported by LoadProfileCookies!
Loading Firefox3 cookies for url:[
%appdata%\Mozilla\Firefox
profiles.ini
%s=%s
cookies.sqlite
Enumerating Firefox3 cookies for
Enumerating Firefox cookies for
Found partial cookie in Firefox profile:
cookies.txt
Setting Firefox3 cookie for
insert into moz_cookies (name, value, host, path, expiry) VALUES ('%s','%s','%s','%s','%d')
Firefox version is not sufficient for setting cookies!! Must be 3.x or higher
firefox.exe
-requestPending -osint -new-window "%s"
prefs.js
CCoreFirefox::GetPrefString
PathToExe
%programfiles%\Mozilla Firefox
CCoreFirefox::SetPrefString
user_pref("%s", %s%s%s);
CoreFirefox.cpp
CCoreFirefox::SetDefaultSearch
Can't set search engine while Firefox is running!
Setting Firefox default search engine:
searchUrl is empty!
suggestionUrl is empty!
SuggestionUrl=
SearchUrl=
http://www.mozilla.org/2006/browser/search/
Failed to write Yahoo search prefs for Firefox!
browser.search.order.1
downloads.sqlite
places.sqlite
browser.search.order.2
Failed to open downloads.sqlite database!
select source from moz_downloads where source like '%%%s%%' order by id desc
/SearchPlugin/Url
Failed to open places.sqlite database!
select url from moz_places where url like '%%%s%%' order by id desc
firefox pref: browser.search.param.yahoo-fr=
firefox pref: keyword.URL=
browser.search.param.yahoo-fr
CCoreChrome::SetCookie
c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreChrome.h
Chrome_WindowImpl_0
Chrome_WidgetWin_0
chrome.exe,chrome.hwd,chromehtml,chromiumhtml,chrome,chromium
%local_appdata%\Google\Chrome\User Data\Default\Cookies
Chrome_RenderWidgetHostHWND
Chrome_WidgetWin_1
select name, value, host_key, path, expires_utc from cookies where
host_key like '%
CCoreChrome; Cookie file does not exist
Loading Google Chrome cookies for url:[
Chrome cookie file does not exist
Enumerating Google Chrome cookies for
CCoreChrome::EnumCookiesLegacy
CCoreChrome::EnumCookiesV33
select host_key, name, value, path, expires_utc, encrypted_value from cookies where host_key like '%
select host_key, name, value, path, expires_utc from cookies where host_key like '%
Enumerating Google Chrome cookies (v33) for
chrome.dll
--new-window "%s"
Failed to decrypt chrome cookie:
Chrome cookie:
ChromeHTML\shell\open\command
%local_appdata%\Google\Chrome\Application
Unable to find chrome.exe, using shell execute (with possible warnings)
chrome.exe
%programfiles%\Google\Chrome\Application
CCoreChrome::GetStartpage
session/urls_to_restore_on_startup
session/startup_urls
CCoreChrome::GetStartupPages
CoreChrome.cpp
CCoreChrome::SetStartpage
CCoreChrome::SetStartPageOld
CCoreChrome::SetStartPageNew
%local_appdata%\Google\Chrome\User Data\Default\Web Data
SELECT value FROM meta WHERE key='Default Search Provider ID'
SELECT id, short_name, url FROM keywords where id = %s
CCoreChrome: Name param cannot be blank
CCoreChrome: keyword param cannot be blank
CCoreChrome::SetDefaultSearch
Found existing default search in Chrome: id=
failed to set Database keyword search!!
CCoreChrome: url param cannot be blank
http://www.yahoo.com/favicon.ico
failed to set database keyword search backup table!
Failed to set keyword hash!!
Chrome v25 or higher detected, skipping keyword_backup and keyword hashing..
Successfully set Default Search provider in chrome
keywords
CCoreChrome::SetDatabaseKeywordSearch
Successfully added default search data to keyword and meta tables
CCoreChrome::SetDatabaseKeywordSearchBackup
sql string is empty
UPDATE meta SET value='%s' WHERE key='Default Search Provider ID'
Successfully added default search data to keyword_backup and meta tables
CCoreChrome::FindSearchEntryID
keywords_backup
UPDATE meta SET value='%s' WHERE key='Default Search Provider ID Backup'
url like '%
url = '
SELECT id FROM keywords WHERE
keyword like '%
Setting existing default search in Chrome:
Error opening Chrome Web Data!
Please, don't change this Chrome setting
CCoreChrome::SetExistingDefaultSearchUrl
unable to set the database keyword hash!
Sqlite is not open!
SELECT id FROM keywords WHERE url='%s'
Looking up default search url:
CCoreChrome::LookupDefaultSearchUrl
LookupDefaultSearchUrl: id not found in row
CCoreChrome::IsPreferenceExist
SELECT id FROM keywords WHERE short_name='%s'
LookupDefaultSearchUrl: url not found in table
CCoreChrome::GetPreferenceInt
CCoreChrome::GetPreference
%local_appdata%\Google\Chrome\User Data\Default\Preferences
CCoreChrome::LoadChromePreferences
, suggest_url='%s'
WHERE id=%s
UPDATE %s set short_name='%s', keyword='%s', url='%s', favicon_url='%s'
, show_in_default_list=%s, safe_for_autoreplace=%s, input_encodings='%s'
short_name, keyword, favicon_url, url,
safe_for_autoreplace, originating_url, date_created, usage_count,
INSERT INTO %s (
'%s', '%s', '%s', '%s',
input_encodings, show_in_default_list, suggest_url, prepopulate_id,
created_by_policy, instant_url, last_modified, sync_guid) VALUES (
%s, '%s', %s, '%s')
CCoreChrome::GetHashData
%s, '%s', %s, %s,
'%s', %s, '%s', %s,
INSERT OR REPLACE INTO meta (key,value) VALUES (?,?)
SELECT id || short_name || keyword || favicon_url || url || safe_for_autoreplace || originating_url || date_created || usage_count || input_encodings || show_in_default_list || suggest_url || prepopulate_id || created_by_policy || instant_url || last_modified || sync_guid FROM keywords_backup ORDER BY id ASC
CCoreChrome::InsertHashSignature
select url from downloads_url_chains where url like '%%%s%%' order by id desc
%local_appdata%\Google\Chrome\User Data\Default\History
c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreSafari.h
Loading Safari cookies for url:[
safari.exe,safariurl,safari
%appdata%\Apple Computer\Safari\Cookies\Cookies.binarycookies
CoreSafari.cpp
%appdata%\Apple Computer\Safari\Cookies\Cookies.plist
Failed to get Safari version key!
-url "%s"
safari.exe
c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreOpera.h
EnumCookies is not implemented for Opera!
CCoreOpera::EnumCookies
CCoreOpera::SetCookie
SetCookie is not implemented for Opera!
CCoreOpera::LoadCookies
LoadCookies is not implemented for Opera!
opera.exe,opera.protocol,opera.url,opera,operanext,operastable
CCoreOpera::OpenUrl
OpenURL is not implemented for Opera!
opera.exe
launcher.exe
Software\Opera Software
%programfiles%\Opera Next
%programfiles%\Opera
CCoreFirefoxXpiInstaller::Install
CoreFirefoxXPIInstaller.cpp
install.rdf
CCoreFirefoxXpiInstaller::GetXpiInfo
xml.LoadBuffer failed on
Installing Firefox add-ons via package...
Firefox.exe not found!
CCoreFirefoxXpiInstaller::InstallAsPackage
Create install.rdf failed!
installiq.xpi
Error running Firefox!
Running Firefox to install add-ons:
xmlns:NC="http://home.netscape.com/NC-rdf#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">
[email protected]
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
*.*.*
CCoreFirefoxXpiInstaller::SetResult
Installed Firefox extension:
CCoreFirefoxXpiInstaller::CreateInstallRDF
Error creating install.rdf!
CCoreFirefoxXpiInstaller::GetExtensionsFolder
Can't get Firefox default profiles folder!
~nsu.tmp\
config.dat
Yahoo uninstall key not found
Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Software\Microsoft\Windows\CurrentVersion\Uninstall\
UninstallKey
Error replacing Yahoo Toolbar uninstall key!
ChromePriorSearchUrl
ChromeStartPage
UninstallKey=
FirefoxPriorStartPage
ChromePriorStartPage
FirefoxPriorSearchUrl
CoreBrowserOptionUninstaller.cpp
Not removing files because uninstallKey is empty
Error removing registry key from HKLM\
Bu_.exe
searchprotector.exe
config.xml
toolbar uninstall key was already replaced
replacing toolbar uninstall key
toolbar uninstall key not found, creating new add/remove entry...
Error replacing toolbar uninstall key!
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallX Search Protect for Yahoo
CoreSearchProtectorApp.cpp
CCoreSearchProtectorApp.ShutDown: window not found
Software\Microsoft\Windows\CurrentVersion\Run
/errorurl/text()
searchkeyword
chromesearch
chromestartpage
firefoxsearch
firefoxstartpage
errorurl
Software\Microsoft\Windows\CurrentVersion\Ext\Settings
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
CCoreFirefoxAddOn::LoadAddonDatabase
CoreFirefoxAddOn.cpp
%firefoxprofiles%\extensions.sqlite
SELECT active FROM addon where id = '%s'
extensions/settings/%s
CCoreDefaultSearchAPI::SetDefaultSearchByApiExe
dsapi.zip
dsurl
%s "%s"
KeyExists
SourceKey
hkey_local_machine
hkey_classes_root
hkey_current_user
hkey_current_config
multireg: key found:
multireg: unable to parse key:
multireg%d
1.1.0.6
//flag[%d]/text()
DetectionFile.cpp
Cannot evaluate .NET Version, .NET may not be installed!
wajam_validate.zip
extracted wajam exe file not found!
wajamexemissing
Unable to get returncode from wajam_validate.exe!
Timed out waiting for wajam_validate.exe!
wajam_validate.exe detection process result = %d
yahoo.com
google.com
ask.com
aol.com
live.com
msn.com
CDetectionYahooToolbar::IsInstalledFirefox
_firefox is NULL!
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
%firefoxprofiles%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf
DetectionFirefoxPrefs.cpp
CDetectionFirefoxPrefs::OnEvaluate
DetectionChromePrefs.cpp
_chrome is NULL!
CDetectionChromePrefs::OnEvaluate
DetectionCookie.cpp
CookieEvaluator.Add:
ApnStub.exe
asktbdet.zip
Ask detection process result = %d
/executeresult/text()
Missing ExecuteResult in requirement config!
/execute/text()
%programfiles%\iTunes\iTunes.exe
msnmsgr.exe
SOFTWARE\Microsoft\Windows Live\Messenger
ydetect.yhp
ydetect.ytb
ydetect.yas
Rules.cpp
RegKeyExists
)] disabled because of minimum windows version.
minwindowsversion
DetectionRule.cpp
Disabled; rule target is not Firefox
Disabled; Chrome is not installed
Disabled; Firefox is not installed
Disabled; rule target is not Chrome
CoreIEHost.cpp
m_WebBrowserEvents failed
IWebBrowser2 failed
_WebBrowserEvents failed
url1=
shell.Initialize failed!
url2=
_webBrowser->Quit failed!
Not initialized or _webBrowser is NULL!
Sending Quit to web browser...
CCoreIEHost::DeleteHistoryUrl
CCoreIEHost.OnDocumentComplete:
WebBrowser object is NULL!
Error: Collection didn't support IHTMLElementCollection!
*** set key code to 0 ****
Url is null!
%s, %s, l=0xx
[0x%X]
d:%s
CCoreSqlite::OpenDatabase
CCoreSqlite::CloseDatabase
CCoreSqlite::ExecuteStatement
sqlite3_exec failed, returned error:
CoreSqlite.cpp
dbexecerror
CCoreSqlite::StandardExecuteCallback
CCoreSqlite::PrepareCompiledStmt
Failed to prepare compiled statement, sqlite returned error: %d
sqliteerror
Cannot prepare statement, sql is empty!
sqlempty
CCoreSqlite::BindTextToCompiledStmt
CCoreSqlite::ExecuteCompiledStmt
bind text failed, errorcode=%d
CCoreSqlite::CheckStmtRowValid
sqlite3_step failed, errorcode=%d
sqlitestepfailed
Cannot get row results: statement has not executed!!
sqlite3_finalize failed, errorcode=%d
CCoreSqlite::CloseCompiledStmt
SQLITE_
d:d:d
d-d-d
d-d-d d:d:d
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
922337203685477580
API call with %s database connection pointer
RowKey
%s-shm
%s\etilqs_
OsError 0x%x (%u)
invalid page number %d
Recovered %d frames from WAL file %s
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
2nd reference to page %d
Failed to read ptrmap key=%d
Page %d:
unable to get the page. error code=%d
failed to get page %d
freelist leaf count too big on page %d
btreeInitPage() returns error code %d
On tree page %d cell %d:
On page %d at right child:
Multiple uses for byte %d of page %d
Fragmentation of %d bytes reported as %d on page %d
Corruption detected in cell %d on page %d
Page %d is never used
Pointer map page %d is referenced
unknown database %s
Outstanding page count goes from %d to %d during this analysis
keyinfo(%d
%s(%d)
%s-mjX
foreign key constraint failed
bind on a busy prepared statement: [%s]
unable to use function %s in the requested context
zeroblob(%d)
cannot open savepoint - SQL statements in progress
no such savepoint: %s
abort at %d in [%s]: %s
constraint failed at %d in [%s]
cannot %s savepoint - SQL statements in progress
cannot rollback transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
sqlite_temp_master
cannot change %s wal mode from within a transaction
database table is locked: %s
statement aborts at %d: [%s] %s
cannot open virtual table: %s
cannot open view: %s
cannot open value of type %s
indexed
cannot open %s column for writing
no such column: "%s"
foreign key
misuse of aliased aggregate %s
%s: %s
not authorized to use function: %s
%s: %s.%s.%s
%s: %s.%s
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
variable number must be between ?1 and ?%d
too many SQL variables
Expression tree is too large (maximum depth %d)
too many columns in %s
EXECUTE %s%s SUBQUERY %d
%.*s"%w"%s
misuse of aggregate: %s()
sqlite_rename_trigger
sqlite_rename_parent
%s%.*s"%w"
sqlite_rename_table
type='trigger' AND (%s)
%s OR name=%Q
table %s may not be altered
view %s may not be altered
there is already another table or index with this name: %s
sqlite_
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_stat1
sqlite_altertab_%s
SELECT tbl, idx, stat FROM %Q.sqlite_stat1
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE tbl=%Q
database %s is already in use
invalid name: "%s"
too many attached databases - max %d
unable to open database: %s
no such database: %s
database %s is locked
sqlite_detach
cannot detach database %s
access to %s.%s.%s is prohibited
sqlite_attach
%s %T cannot reference objects in database %s
access to %s.%s is prohibited
object name reserved for internal use: %s
too many columns on %s
duplicate column name: %s
there is already an index named %s
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
default value of column [%s] is not constant
table "%s" has more than one primary key
no such collation sequence: %s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE %s %.*s
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
use DROP VIEW to delete view %s
DELETE FROM %s.sqlite_sequence WHERE name=%Q
table %s may not be dropped
use DROP TABLE to delete table %s
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
unknown column "%s" in foreign key definition
indexed columns are not unique
virtual tables may not be indexed
there is already a table named %s
table %s may not be indexed
views may not be indexed
table %s has no column named %s
index %s already exists
sqlite_autoindex_%s_%d
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
CREATE%s INDEX %.*s
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
a JOIN clause is required before %s
cannot modify %s because it is a view
unable to identify the object to be reindexed
table %s may not be modified
sqlite_source_id
sqlite_compileoption_used
sqlite_version
sqlite_compileoption_get
table %S has %d columns but %d values were supplied
%d values for %d columns
foreign key mismatch
%s.%s may not be NULL
PRIMARY KEY must be unique
table %S has no column named %s
no entry point [%s] in shared library [%s]
error during initialization: %s
sqlite3_extension_init
unable to open shared library [%s]
automatic extension loading failed: %s
foreign_keys
foreign_key_list
*** in database %s ***
unsupported encoding: %s
unsupported file format
malformed database schema (%s)
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
database schema is locked: %s
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
unknown or unsupported join type: %T %T%s%T
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
USE TEMP B-TREE FOR %s
ORDER BY clause should come after %s not before
COMPOUND SUBQUERIES %d AND %d %s(%s)
no such index: %s
sqlite_subquery_%p_
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
no such table: %s
sqlite3_get_table() called with two or more incompatible queries
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
no such column: %s
no such trigger: %S
-- TRIGGER %s
cannot VACUUM - SQL statements in progress
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
PRAGMA vacuum_db.synchronous=OFF
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
vtable constructor did not declare schema: %s
vtable constructor failed: %s
table %s: xBestIndex returned an invalid plan
no such module: %s
%s AS %s
%s SUBQUERY %d
%s TABLE %s
%s USING INTEGER PRIMARY KEY
%s (rowid=?)
%s USING %s%sINDEX%s%s%s
%s (rowid
%s VIRTUAL TABLE INDEX %d:%s
%s (rowid>? AND rowid
%s (rowid>?)
cannot use index: %s
%s (~%lld rows)
at most %d tables in a join
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
unable to close due to unfinished backup operation
SQL logic error or missing database
unknown operation
large file support is disabled
no such vfs: %s
unknown database: %s
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
database corruption at line %d of [%.10s]
CoreIEControl.cpp
CoreHtmlDialog.cpp
onBeforeNavigate2 called, url=
CoreDialogCloseProcess.cpp
uxtheme.dll
urlarg:
%s/uninstallkeys/key[%d]/text()
/uninstallkeys/key
%s/uninstallkeys/key[%d]/attribute::type
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Unknown uninstall key type encountered, skipping lookup
Postback url is empty, skipping postback.
chromeaddonlogic
Target browser is unknown or unsupported; defaulting postback target browser to IE
chromeaddonLogic is true
postbackresponse.dat
norm.ieauto
alt.shell(2)
Opening Product Fail Url:
norm.shell(2)
norm.silent(3)
alt.ff
alt.chrome
alt.ie
IQPostback.cpp
alt.safari
alt.shell
Opening thank you page in Firefox:
Opening thank you page in Chrome:
Can't open thankyou page because the url is invalid:
Unable to open thankyou page.. turning off ShellExecute on URL (result may have still been launched)
ShellExecuteEx:
c:\tfs.vs2012\admin\windows\main\Installer.Common\Installer.Common.Dialogs\IQDialogManager.h
%s,%d,%d,%d,%d,%d,%d,%d,%d
icons
offers
%s,v=%s,id=%s,rc=%d,e=%d,v=%d,c=%d,a=%d,i=%d,%s,err=%d,cf=%d,acc=%d,%u,%u,%u,%u,exc=%d
%s,%s,%d,%d,%s,%s,%d
t=%s,c=%d
%s_%s.d.%s
Software\Microsoft\Windows\CurrentVersion\Uninstall
hklm,%s,%d,%s
hkcu,%s,%d,%s
%s,%d,%s,"%s",%s
%s:v=%s,rc=%d,os=%s,%s,%s|ie=%s
%s:v=%s,id=%s,rc=%d,f=%d,e=%d,i=%s,p=%s,pb=%s,ex=%s,tr=%s,px=%d
%s,v=%s,id=%s,os=%d,rc=%d,v=%s,c=%s,l=0xx,spp=%s,epp=%s
%s,%s,rc=%s
INST_ie7searchurl
%s,%s,rc=%s,%d
%s,%s,rc=%s,%u,%u
%s,%s,rc=%s,%u,%u,%u,%u,%u
,os=%d,msi=%d.%d
%system%\msiexec.exe
,os=%d,sp=%d
%s|%s
%s,%s,%u,%u,%d,%s
%s,v=%s,id=%s,rc=%d,%u,%u,%d,%u,%u,%d,acc=%d,%u,%u,%u
v=%s,id=%s,rc=%d,%u
%s,%s,%s,%s,%s
%s,v=%s,id=%s,rc=%d,acc=%d,%u,%u,%u,%u,%u,%u
%d,%d,%d,%d,%d,%d,%d
%s,%s,%s
[%d,%d]
%s,%d,%d
%s,%d,%d,%s,%s,%s,%d,%s
%s,%d,%d,%s,%s,%s
%s,%d,%d,%d,%s,%s,%d,%d,%d,%d,%d,%d
%s,%s,%s,%d,%s,%d,%s,%s,%s
%s,%s,%d,%s,%s
%s|%d|%s
%Y%m%d
%s,%d,%s,%s,%s,%s
%s,%d,%s,%d
addonpostbackurl
thankYouPageUrl=
IQAddOnStatus.cpp
addon postback url is empty!
addonpostback_response.html
c:\tfs.vs2012\admin\windows\main\Installer.Desktop.Application\ReleaseNoMFC\FreezeWrapWin.pdb
COMCTL32.dll
KERNEL32.dll
USER32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
PSAPI.DLL
VERSION.dll
USERENV.dll
InternetCrackUrlA
InternetCombineUrlA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
WININET.dll
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
UrlEscapeA
SHDeleteEmptyKeyA
SHLWAPI.dll
IsValidURL
urlmon.dll
RPCRT4.dll
GetProcessHeap
GetWindowsDirectoryA
GetCPInfo
EnumWindows
EnumChildWindows
GDI32.dll
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
ADVAPI32.dll
ShellExecuteExA
gdiplus.dll
CRYPT32.dll
GetKeyboardState
COMDLG32.dll
zcÁ
.?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@
.?AVCCoreStringUrl@@
.?AV?$CAtlArray@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@@ATL@@
.?AV?$CCoreEntryPoint@P6GJPAUHKEY__@@PBDKK@Z@@
.?AVCCoreRegKey@@
.?AVexecution_error@TinyXPath@@
.?AV?$CFlags@W4WebArgFlag@@@@
.?AV?$_Ref_count_obj@VCDetectionChromePrefs@@@std@@
.?AV?$_Ref_count_obj@VCDetectionFirefoxPrefs@@@std@@
.?AVCIQOfferEXE@@
.?AVCIQUReporter@@
.?AV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@PAXV?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V?$CElementTraits@PAX@2@@ATL@@
.?AV?$CFlags@W4CoreFirefoxCache@@@@
.?AVCCoreFirefox@@
.?AVCCoreChrome@@
.?AV?$_Func_impl@U?$_Callable_obj@V?$_Bind@$00XU?$_Pmf_wrap@P8CCoreChrome@@AEXPAVCCoreSqlite@@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@ZXV1@PAV2@PAV34@U_Nil@std@@U56@U56@U56@U56@@std@@QAVCCoreChrome@@AAV?$_Ph@$00@2@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@U_Nil@2@U72@U72@U72@@std@@$0A@@std@@V?$allocator@V?$_Func_class@XPAVCCoreSqlite@@U_Nil@std@@U23@U23@U23@U23@U23@@std@@@2@XPAVCCoreSqlite@@U_Nil@2@U52@U52@U52@U52@U52@@std@@
.?AV?$_Func_base@XPAVCCoreSqlite@@U_Nil@std@@U23@U23@U23@U23@U23@@std@@
.?AV?$CFlags@W4CoreChromeCache@@@@
.?AV?$_Bind@$00XU?$_Pmf_wrap@P8CCoreChrome@@AEXPAVCCoreSqlite@@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@ZXV1@PAV2@PAV34@U_Nil@std@@U56@U56@U56@U56@@std@@QAVCCoreChrome@@AAV?$_Ph@$00@2@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@U_Nil@2@U72@U72@U72@@std@@
.?AVCCoreOpera@@
.?AV?$CFlags@W4CoreOperaCache@@@@
.?AVCCoreFirefoxXpiInstaller@@
.?AVCCoreFirefoxAddOn@@
.?AVCCoreChromeExtension@@
.?AVCDetectionFirefoxPrefs@@
.?AVCDetectionChromePrefs@@
.?AVCCoreWebBrowserEvents@@
.?AUDWebBrowserEvents2@@
.?AV?$CAtlArray@UWebArg@@V?$CElementTraits@UWebArg@@@ATL@@@ATL@@
.?AVCCoreWebArgs@@
.?AVCCoreSqlite@@
.?AV?$CAtlArray@PAV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V12@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V32@@ATL@@V?$CElementTraits@PAV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V12@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V32@@ATL@@@2@@ATL@@
.?AVCCoreSqliteResult@@
.?AVCIQWebArgs@@
c:\%original file name%.exe
@.reloc
Vista.BadArgs
\cookie.ini
\cookie.dat
Vista.BadArgs2
Domain%d
Name%d
\cookie%d.dat
\cookie%d.ini
Vista.NoAppLow
Vista.WideFail
Vista.GetCookieFail
Vista.AllocFail
Vista.CreateFileError
Vista.WriteFileError
SetCookie%d
Vista.SetCookieError
Error: %d. %s
c:\tfs.vs2012\admin\windows\main\Installer.Desktop.Application\ReleaseNoMFC\Installer.CookieMan.pdb
3 3%3,323
dsapi.exe
~S.em
.oIJLHLLK
MN.LN
dsapi.exePK
T.qmu
Url 87
(.ALPO
.STBs
6.GQr
Hu.nbKzO
pI.sqO
Db.bE
B(P%S
u.oq$
]j.cA
==.vp
 g.oLWJ
wajam_validate.exe
wrapper.xmlPK
autorun.txtPK
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
@mscoree.dll
combase.dll
- CRT not initialized
- Attempt to initialize the CRT more than once.
- floating point support not loaded
USER32.DLL
777705555443332
5555443332
5555443332
mscoree.dll
Send Error Report
Send Error Report?
s de [email protected].
Debe cerrar Firefox para poder continuar. Presione OK (Aceptar) para cerrarlo ahora. Es probable que deba cerrarlo manualmente.
Please email Customer Support at [email protected] if you need further assistance.
To exit completely without installing your software, click the Cancel button.pFirefox must be closed before continuing. Press OK to close Firefox now. You may need to close Firefox manually.
We have created an error report that you can send to help improve #ProductName#. The report contains no Personally Identifiable Information (PII) and will only be used by us.
Would you like to submit this report?
n~Debe cerrar Chrome para poder continuar. Presione OK (Aceptar) para cerrarlo ahora. Es probable que deba cerrarlo manualmente.
InstallationmChrome must be closed before continuing. Press OK to close Chrome now. You may need to close Chrome manually.
This installation was unable to load the file specified. This is an installation program and should not be set as the default program for any file type.yYour browsers must be closed before continuing. Press OK to close your browsers now. You may need to close them manually.
2.140.0.0
InstallIQ.exe

%original file name%.exe_1244_rwx_00EC0000_00002000:




The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.

%original file name%.exe_1244_rwx_00F10000_00002000:




The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.

%original file name%.exe_1244_rwx_10001000_00082000:




SSSSh
t%SWh
1.3.6.1.4.1.311.10.3.5
1.3.6.1.4.1.311.10.3.6
1.3.6.1.5.5.7.3.3
2.5.4.6
2.5.4.8
2.5.4.7
2.5.4.10
2.5.4.11
2.5.4.3
WINTRUST.dll
CRYPT32.dll
{X-X-X-XX-XXXXXX}
operator
GetProcessWindowStation
SCC_CheckCriteria_Web
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
2.0.0.29
CryptCATCatalogInfoFromContext
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CertGetEnhancedKeyUsage
CertNameToStrW
CertGetNameStringW
URLOpenStreamW
urlmon.dll
DeleteUrlCacheEntryW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
WININET.dll
KERNEL32.dll
USER32.dll
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
ADVAPI32.dll
ShellExecuteExW
SHELL32.dll
ole32.dll
SHLWAPI.dll
USERENV.dll
GetProcessHeap
GetWindowsDirectoryW
GetCPInfo
MsgWaitForMultipleObjectsEx
RegEnumKeyExW
RegQueryInfoKeyW
OLEAUT32.dll
SHDeleteKeyW
SHDeleteEmptyKeyW
SYMCCIS.dll
zcÁ
c:\%original file name%.exe
0xX
..\Source\ccVerifyTrustStatic.cpp
%SymEFA%
EFACli.dll
CLSID\%s\LocalServer32
CLSID\%s\InprocServer32
NTDLL.DLL
..\Source\ccVerifyTrustImpl.cpp
..\Source\FileCache.cpp
g..\Source\VerifyFile.cpp
..\Source\ccVerifyTrustPolicy.cpp
..\Source\CatalogIterator.cpp
..\Source\CatalogFileHash.cpp
WinTrust.dll
..\Source\CatalogContext.cpp
..\Source\ccSymModuleLifetimeMgrImpl.cpp
%s, %s, %s, %s(%ld)
..\Source\ccModule.cpp
..\Source\ccSystemInfo.cpp
..\Source\ccRegistry.cpp
..\Source\ccStringConvert.cpp
CSIDL_WINDOWS
SOFTWARE\Microsoft\Windows\CurrentVersion
..\Source\ccPathExpansion.cpp
\\?\UNC
..\Source\ccSplitPath.cpp
..\Source\ccOSInfo.cpp
\wpeutil.dll
\FACTORY.exe
\wpeinit.exe
..\Source\ccMemory.cpp
..\Source\ccFile.cpp
..\Source\ccWow64FsRedirection.cpp
%s\%s
CIsolation::GetRegistryHive(): RegOpenKeyEx() returned ERROR_FILE_NOT_FOUND
CIsolation::GetRegistryHive(): RegOpenKeyEx() returned ERROR_ACCESS_DENIED
isolate.ini
%COMMON_SILO_DATA%
..\Source\ccEncryptedString.cpp
..\Source\ccSynchronize.cpp
..\Source\ccSymDllLifetimeMgr.cpp
kernel32.dll
KERNEL32.DLL
PSAPI.DLL
..\Source\ccPEBReader.cpp
..\Source\ccPrivilege.cpp
..\Source\ccSymIndexValueCollectionImpl.cpp
AWTSAPI32.DLL
..\Source\ccSymDllLifetimeMgrLocal.cpp
..\Source\ccSymIndexValueCollection.cpp
..\Source\ccSymValueCollection.cpp
ÌROOT%
rcPFRes.dll
rcPxyEvt.dll
rcProxy.dll
rcSvcHst.dll
rcEmlPxy.dll
rcLgView.dll
rcErrDsp.dll
rcAlert.dll
rcApp.dll
ccEmlPxy.dll
ccGLog.dll
ccJobMgr.dll
ccGEvt.dll
ccIPC.dll
ccRkSn.dll
PFPriv.dll
ccPxyIns.dll
ccPxyEvt.dll
ccInst64.dll
ccEvtCli.dll
ccTrstPc.dll
ccSvc.dll
ccEraser.dll
OEHeur.dll
ccCharCv.dll
ccInst.dll
DefUtDCD.dll
ccScanw.dll
ccScan.dll
dec_abi.dll
ccDec.dll
ccALEng.dll
ccErrDsp.dll
ccProSub.dll
ccVrTrst.dll
ccSetEvt.dll
ccSet.dll
ccAlert.dll
..\Source\ccArchive.cpp
..\Source\ccDummyArchive.cpp
..\Source\ccInstanceFactory.cpp
..\Source\ccSymValueCollectionConvert.cpp
..\Source\ccSymStreamArchive.cpp
Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion
ÌROOT%\
ÌDATA%\
..\Source\ccSymInstalledApps.cpp
..\Source\ccSymDigest.cpp
..\Source\ccSymKeyValueCollectionImpl.cpp
..\Source\ccSymMemoryImpl.cpp
Archive.Write(CMemoryImpl::CSerializeImpl::Version) == FALSE
Archive.Read(nVersion) == FALSE
..\Source\ccSymStringImpl.cpp
Archive.Write(CStringImpl::Version) == FALSE
..\Source\ccSymInstanceFactoryImpl.cpp
t..\Source\ccMessageLock.cpp
..\Source\ccSymKeyValueCollection.cpp
..\Source\ccSymPersist.cpp
ÌROOT%\ccSet.dll
..\Source\ccSymObjectRepository.cpp
CommonClient\OBJID\%s
..\Source\ccMemoryArchive.cpp
..\Source\ccSymMemoryStreamImpl.cpp
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
FileDownloader::callURLOpenStream
CHttpRequest::CHttpRequest
CHttpRequest::~CHttpRequest
CHttpRequest::RequestPage
CHttpRequest::ParseURLW
https
[s d, d - d:d:d:d]
%s %ld
%s %s
%s 0x%x
http://cps.qalabs.symantec.com/teams/isp/symccis
http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Staging
http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production
SymCCIS.dll
SCC.dll
OfferUI.dll
SymInstallStub.exe
SymCCISDll.txt
Total CheckCriteria execution time in seconds =
NortonOfferEngineImpl::CheckCriteria_Web
downloadStubInstallerExe() failed, HR =
Failed to delete existing SCC.dll, GetLastError =
NortonOfferEngineImpl::downloadStubInstallerExe
Failed to delete existing SymInstallStub.exe, GetLastError =
NortonOfferEngineImpl::buildComponentDownloadURL
NortonOfferEngineImpl::getTestEnvironmentRootURL
NortonOfferEngineImpl::getISExeDestPath
getISExeDestPath() returned =
NortonOfferEngineImpl::sendPingForCheckCriteriaWeb
NortonOfferEngineImpl::getCheckCriteriaPingDataWeb
NortonOfferEngineImpl::getStubInstallerCmdLine
getStubInstallerCmdLine() returned =
NortonOfferEngineImpl::deleteDeclineCountRegKeyForThisProduct
NortonOfferEngineImpl::deleteDeclineCountParentKeyIfNoMoreProductsExist
Deleting DeclineCount subkey for partner =
Failed to create/open DECLINE_COUNT_REG_KEY
Advapi32.dll
http://stats.norton.com/n/p?
PingData::SendCheckCriteriaWebPing
PingData::createBaseURL
PingData::getCheckCriteriaPingURL
PingData::getCheckCriteriaWebPingURL
PingData::getInstallProductsPingURL
PingData::getOfferAcceptancePingURL
pingURL =
X.X
%u.%u.%u.%u.%u
Utility::LaunchProcessWithShellExecute
ShellExecuteEx failed, GetLastError =
; 5->>>>
000000000
00000000000001

%original file name%.exe_1244_rwx_10084000_00002000:




NRTN_OfferEngine_CheckCriteria_Web
kernel32.dll
urlmon.dll
URLOpenStreamW
WININET.dll
USER32.dll
MsgWaitForMultipleObjectsEx
ADVAPI32.dll
SHELL32.dll
ole32.dll
SHLWAPI.dll
USERENV.dll
OLEAUT32.dll
2.0.0.29


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    dxtest.exe:868
    wajam_validate.exe:208
    wajam_validate.exe:1820
    %original file name%.exe:372
    ApnSetup.v7.exe:1324

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\stub.log (10294 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\autorun.txt (79 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\wrapper.xml (975 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\timings.txt (143 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\waj_17f102f10\wajam_validate.exe (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EXMX05I1\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\waj_17f102f10\wajam_validate.zip (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\41ABG5AN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SCC.dll (13404 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\318a6663af74b67d57dd3bbf4cb43861.log (464839 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\AskTB\asktbdet.zip (29028 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SCCLog.txt (168898 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Y5RD5657\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS.dll (11704 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Y5RD5657\SCC[1].dll (22768 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\waj_17ffaf0\wajam_validate.exe (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X93WTD05\desktop.ini (67 bytes)
    %System%\wbem\Logs\wbemprox.log (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\dxtest.exe (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\waj_17ffaf0\wajam_validate.zip (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SCC.config (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\detectionrules.dat (57028 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\41ABG5AN\ENG.SCC.config[1].txt (740 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS2.zip (161 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SymCCISDll.txt (39509 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_17f512c0\AskTB\APNSetup.V7.exe (31584 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\APN-Stub\W3I-G-V7\Stb4fb6804c-1f03-4c4a-8781-156cfb443379.log (821 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Setup.ini (1 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now