MD5: d6166268b3bfe57e9b5aa066e70583c0
SHA1: 47d8247b9aa51af355ad31d4be9187d22dd75ab7
SHA256: a80ee6e3cbc439289af9dbd1f3d1413bf04748ea0aa6e583f482a71ff83c4826
SSDeep: 12288:Ql/NiIoYAbvZO7wNJgHO78VN4zN8EMDOVUjW3Xg8oSABBN:QZjoY4EEyHWqN6KjzbPN
Size: 561984 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-03-26 15:49:32
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

mixvideoplayersetup.exe:1872
WPFFontCache_v0400.exe:3116
DeleteTasks.exe:556
LTV2.exe:2188
LTV2.exe:644
LTV2.exe:1008

The Trojan injects its code into the following process(es):

MixVideoPlayer.exe:2900
%original file name%.exe:1512
BrowserWeb.exe:2172

Mutexes

The following mutexes were created/opened:

__DDrawExclMode__
__DDrawCheckExclMode__
DDrawDriverObjectListMutex
DDrawWindowListMutex
CTF.TMD.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Asm.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Compart.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.LBES.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
ShimCacheMutex
RasPbFile
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
DBWinMutex
ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZonesCounterMutex
oleacc-msaa-loaded

File activity

The process mixvideoplayersetup.exe:1872 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\SimpleSC.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\nsProcess.dll (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
%Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\BrowserWeb.exe (2392 bytes)
%Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
%Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
%Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\System.dll (11 bytes)
%Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
%Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\NSISdl.dll (14 bytes)
%Program Files%\MixVideoPlayer\uninstall.exe (4489 bytes)
%Program Files%\MixVideoPlayer\icon.ico (12536 bytes)
%Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
%Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
%Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
%Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
%Program Files%\MixVideoPlayer\references\ffmpeg.zip (899796 bytes)
%Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
%Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
%Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
%Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
%Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\FrameworkControl.exe (14184 bytes)
%Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
%Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
%Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
%Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
%Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\mixUpdater.exe (13368 bytes)
%Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayer.exe (76078 bytes)
%Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\ZipDLL.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp (177700 bytes)
%Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
%Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
%Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
%Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (12536 bytes)
%Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Microsoft.Win32.TaskScheduler.dll (8560 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
%Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\ffmpeg.exe (202301 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\folder.png (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\AccessControl.dll (13 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
%Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
%Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\DeleteTasks.exe (10 bytes)
%Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\LTVNetSdk.dll (15 bytes)
%Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\SimpleSC.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\NSISdl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\AccessControl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\ZipDLL.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk1.tmp (0 bytes)

The process MixVideoPlayer.exe:2900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\analytics[1].js (740 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (406 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\jquery.min[1].js (3480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\MainBanner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\400x400[1].jpg (1550 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\jquery.min[1].js (3155 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (585 bytes)
%System%\d3d9caps.tmp (1324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\jquery.min[2].js (3480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\show_ads[1].js (7 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (3263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\banner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\analytics[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\ga[1].js (1435 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (3933 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\arw[1].png (342 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (0 bytes)
%System%\d3d9caps.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)

The process %original file name%.exe:1512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\MixVideoPlayerSetup[1].exe (1718416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\loadingBar[1].gif (8947 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\loading-install[1].gif (1443 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\i-download[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\msjava[1].dll (465777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\style[1].css (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\style[1].css (5083 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5cbdaf19-bcd7-447e-a36f-976113cb9444\mixvideoplayersetup.exe (1718416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\bullet-short[1].gif (54 bytes)
%System%\wbem\Logs\wbemprox.log (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\progress-bar[1].png (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\24bd55ee4bb11e18ad3415c14ca58423e19e4d80f1c0cc5b1b63b2c93e261b7f0716dc432d9693a74872531afae5912dc397ea7d448fcd23[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\MixVideoPlayerSetup[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\03d25c23ba97343629db2fc60d1ed245f67f03b0a93c2bacf1aafddfe029c5617400bba10bf0d32a5c44757455d57fb761ad145145f1aa6c[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\28e0cc3c6c4b3f312e2ccdf75b1a7efee1d662a015564af42d6ee7bb7c71932c126a7a9d673555f1453bb67206ca78ab25506139521ee60d[1].txt (0 bytes)

Registry activity

The process mixvideoplayersetup.exe:1872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\mixp.flv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\.mp4]
"(Default)" = "mixp.mp4"

[HKCR\mixp.flv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.3gp\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\.mkv]
"(Default)" = "mixp.mkv"

[HKCR\mixp.aac]
"(Default)" = "mixp media file (.aac)"

[HKCR\.mpeg]
"(Default)" = "mixp.mpeg"

[HKCR\mixp.mkv\shell]
"(Default)" = "Play"

[HKCR\mixp.mkv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpeg\shell]
"(Default)" = "Play"

[HKCR\mixp.wmv]
"(Default)" = "mixp media file (.wmv)"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".3gp" = ""

[HKCR\.flv]
"(Default)" = "mixp.flv"

[HKCR\.wma]
"mixp.backup" = "WMAFile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayVersion" = "v1.0.0.22"

[HKCR\.mpg]
"(Default)" = "mixp.mpg"

[HKCR\.mov]
"(Default)" = "mixp.mov"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\mixp.wmv\shell]
"(Default)" = "Play"

[HKCR\.avi]
"(Default)" = "mixp.avi"

[HKCR\mixp.mp4\shell]
"(Default)" = "Play"

[HKCR\mixp.3gp\shell]
"(Default)" = "Play"

[HKCR\mixp.mp3\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mov\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCR\mixp.3gp\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.divx]
"(Default)" = "mixp media file (.divx)"

[HKCR\mixp.mkv]
"(Default)" = "mixp media file (.mkv)"

[HKCR\.wma]
"(Default)" = "mixp.wma"

[HKCR\.aif]
"(Default)" = "mixp.aif"

[HKCR\mixp.avi\shell\Play]
"(Default)" = "Play"

[HKCR\.wav]
"mixp.backup" = "soundrec"

[HKCR\mixp.flv\shell]
"(Default)" = "Play"

[HKCR\.aif]
"mixp.backup" = "AIFFFile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayIcon" = "%Program Files%\MixVideoPlayer\icon.ico"

[HKCR\mixp.mov\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.mpeg\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"Publisher" = "SoftForce LLC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayName" = "MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".AAC" = ""

[HKCR\mixp.aif\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.divx\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mp4\shell\Play]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpeg" = ""

[HKCR\mixp.wmv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mov]
"(Default)" = "mixp media file (.mov)"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".aif" = ""

[HKCR\mixp.3gp]
"(Default)" = "mixp media file (.3gp)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Internet Explorer\Styles]
"MaxScriptStatements" = "4294967295"

[HKCR\mixp.mov\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\mixp.mpg]
"(Default)" = "mixp media file (.mpg)"

[HKCR\mixp.mp4\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpeg]
"(Default)" = "mixp media file (.mpeg)"

[HKCR\mixp.divx\shell\Play]
"(Default)" = "Play"

[HKCR\.wav]
"(Default)" = "mixp.wav"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".flv" = ""

[HKCR\mixp.avi]
"(Default)" = "mixp media file (.avi)"

[HKCR\mixp.wma]
"(Default)" = "mixp media file (.wma)"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 03 38 6B FD 2A 4E 10 A3 E9 34 D9 45 FC 18 FB"

[HKCR\.divx]
"(Default)" = "mixp.divx"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".divx" = ""

[HKCR\mixp.mp4\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.avi\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".wma" = ""

[HKCR\Applications\MixVideoPlayer.exe]
"FriendlyAppName" = "MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mkv" = ""
".wmv" = ""

[HKCR\mixp.3gp\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"iexplore.exe" = "11001"

[HKCR\mixp.wav\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.wma\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.wmv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"EstimatedSize" = "44045"

[HKCR\mixp.wmv\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.aif\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mpg\shell\Play]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\mixp.mp3\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.avi\shell]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"UninstallString" = "%Program Files%\MixVideoPlayer\uninstall.exe"

[HKCR\mixp.mp4]
"(Default)" = "mixp media file (.mp4)"

[HKCR\Applications\MixVideoPlayer.exe]
"(Default)" = ""

[HKCR\mixp.mp3\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.aac\shell\Play]
"(Default)" = "Play"

[HKCR\.aac]
"(Default)" = "mixp.aac"

[HKCR\mixp.aif]
"(Default)" = "mixp media file (.aif)"

[HKCR\mixp.avi\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCR\mixp.mp3]
"(Default)" = "mixp media file (.mp3)"

[HKCR\.mp3]
"mixp.backup" = "mp3file"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".avi" = ""

[HKCR\.mpg]
"mixp.backup" = "mpegfile"

[HKCR\mixp.aif\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\Applications\MixVideoPlayer.exe\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.flv]
"(Default)" = "mixp media file (.flv)"

[HKCR\mixp.divx\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mkv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wav\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\mixp.aac\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\mixp.aac\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wav\shell]
"(Default)" = "Play"

[HKCR\mixp.wav\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mkv\shell\Play]
"(Default)" = "Play"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mov" = ""

[HKCR\mixp.mpg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mov\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".MP3" = ""

[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"InstallDir" = "%Program Files%\MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mp4" = ""

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"BrowserWeb.exe" = "11001"

[HKCR\mixp.mpeg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wma\shell]
"(Default)" = "Play"

[HKCR\.wmv]
"mixp.backup" = "WMVFile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\mixp.aif\shell]
"(Default)" = "Play"

[HKCR\mixp.aac\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCR\mixp.flv\shell\Play]
"(Default)" = "Play"

[HKCR\.3gp]
"(Default)" = "mixp.3gp"

[HKCR\.avi]
"mixp.backup" = "avifile"

[HKCR\.wmv]
"(Default)" = "mixp.wmv"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpg" = ""

[HKCR\mixp.mpg\shell]
"(Default)" = "Play"

[HKCR\mixp.wma\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\.mp3]
"(Default)" = "mixp.mp3"

[HKCR\mixp.mpeg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.wav]
"(Default)" = "mixp media file (.wav)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".WAV" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\mixp.divx\shell]
"(Default)" = "Play"

[HKCR\.mpeg]
"mixp.backup" = "mpegfile"

[HKCR\mixp.mp3\shell]
"(Default)" = "Play"

[HKCR\mixp.wma\shell\Play]
"(Default)" = "Play"

The process WPFFontCache_v0400.exe:3116 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B 01 4D FC 50 30 8F E6 23 07 E7 B1 3D B9 70 45"

[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process DeleteTasks.exe:556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 DA D9 1A AE B1 84 D3 2A B5 20 4C 14 2F E4 F7"

The process MixVideoPlayer.exe:2900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "28"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2A 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DF 07 06 00 01 00 1D 00 01 00 02 00 31 00 99 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "28"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "MixVideoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DF 07 06 00 01 00 1D 00 01 00 02 00 31 00 99 00"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 87 22 61 41 85 D3 C3 D7 2F A6 49 72 F4 E3 80"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"

The process LTV2.exe:2188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 75 6F 44 5D FF C4 A4 BA 1E 53 8C F7 EC D5 07"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The process LTV2.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 52 E7 B4 8A 55 E1 4B 46 31 C8 0A FF 82 EF 6D"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level"

The process LTV2.exe:1008 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 32 71 21 B8 D4 5F A7 77 9C 6A 3F DF 16 12 38"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The process %original file name%.exe:1512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\5cbdaf19-bcd7-447e-a36f-976113cb9444]
"mixvideoplayersetup.exe" = "mixvideoplayersetup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1427377772"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 1B 31 A4 DA E9 45 FA 87 0F AC CF 08 F0 4A 11"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process BrowserWeb.exe:2172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 9D 9A 64 30 85 DF 0D F6 B0 18 BC E1 94 2E A1"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 836
d73ac008c2d24f989b873c36182c201e
78ffc795770b4c6e28c2226e46e3ae49
2ea7b797fae64d3b6233ee45f7cb2c5e
c85bc7e4cdc51df76db8447f33782ff6
0bfa5d276e82aa024458aaeb393aeaf2
77abb69572c86ffe65217114f470451a
a21d32fdbfaaccc1e026964923624c59
b03e70c1d3b89608ce3abc018c4fad78
c1d4f9072604b3b783318d2a52ef16c5
d2ce68240db2ddfdd3151543d8042c82
55cb5ff50014b05c62862b420bf3d013
f719b7373f8f206a75d672990c89b295
9990b53d2b7f0c6b06ceae1d416e9a05
afc20a5a2592ec8027cf629b59d3653a
cfd9f12ae578d37b6fb17727ed65ce9a
a5141ae4001bbee91ad07a4d5da95e8e
ff7b0c61250234c5f3b35f596677c77c
27c01a2f608e7624ea1cf1a54e6e9ee5
1332d9210c02cd4a6ab807dcbd40ca12
97753cd310d63d16618d7fd434863447
0faecc146fa84e05ae5eba6cdf7a0b55
e4af23e86cf9231d6675b908c1ae2f09
fa239133138d27b4b0223523113d403c
54ad4f9a28c8640dd9f179c03597774a
04e6cb47c5ad8021204e47acbb0d5a0f

URLs

URL	IP
hxxp://5efl2.x.incapdns.net/?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj3E5zc6Myks0Ggk9v1z9nrR000.&ce_cid=20Wzkj3E5zc6Myks0Ggk9v1z9nrR000.
hxxp://85.12.5.2/sdb/84/MixVideoPlayerSetup.exe
hxxp://wsf13-1390884529.us-east-1.elb.amazonaws.com/?s1=&s2=&s3=
hxxp://ommzz.exclusiverewards.7015.info/?sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68
hxxp://5.135.246.48/28e0cc3c6c4b3f312e2ccdf75b1a7efee1d662a015564af42d6ee7bb7c71932c126a7a9d673555f1453bb67206ca78ab25506139521ee60d
hxxp://5.135.246.48/__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater
hxxp://5.135.246.48/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.10.2/jquery.min.js
hxxp://ommzz.exclusiverewards.7015.info/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style.css
hxxp://ommzz.exclusiverewards.7015.info/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style-ie.css
hxxp://ommzz.exclusiverewards.7015.info/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/js/script.js
hxxp://85.12.5.2/sdb/df/ffmpeg.zip
hxxp://5.135.246.48/03d25c23ba97343629db2fc60d1ed245f67f03b0a93c2bacf1aafddfe029c5617400bba10bf0d32a5c44757455d57fb761ad145145f1aa6c
hxxp://ltv-pre.tguhost.com/ltv/install/?idapp=23&action=install&mac=0050563B0E71&country=US	54.213.145.21
hxxp://85.12.5.2/sdb/1d/MixVideoPlayerUpdate.xml?0f7ffa2d-3a2c-40d4-bdb3-e1a4de826a29
hxxp://85.12.5.2/sdb/1d/MixVideoPlayerUpdate.xml?4d3f9682-5545-409e-a9ec-d3d801da01cc
hxxp://85.12.5.2/sdb/e0/WebBrowser.xml?7b753ff9-5f91-4922-861a-0b62376ad33d
hxxp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup.exe
hxxp://staticrr.mixvideoplayer.com/sdb/df/ffmpeg.zip
hxxp://api.bestinstallfile.com/28e0cc3c6c4b3f312e2ccdf75b1a7efee1d662a015564af42d6ee7bb7c71932c126a7a9d673555f1453bb67206ca78ab25506139521ee60d
hxxp://www.webtrackerplus.com/?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj3E5zc6Myks0Ggk9v1z9nrR000.&ce_cid=20Wzkj3E5zc6Myks0Ggk9v1z9nrR000.	192.230.78.223
hxxp://api.bestinstallfile.com/03d25c23ba97343629db2fc60d1ed245f67f03b0a93c2bacf1aafddfe029c5617400bba10bf0d32a5c44757455d57fb761ad145145f1aa6c
hxxp://3p6.popularfastchannel.com/?s1=&s2=&s3=	23.21.45.1
hxxp://api.bestinstallfile.com/__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js	216.58.209.170
hxxp://staticrr.mixvideoplayer.com/sdb/1d/MixVideoPlayerUpdate.xml?4d3f9682-5545-409e-a9ec-d3d801da01cc
hxxp://api.bestinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif
hxxp://staticrr.mixvideoplayer.com/sdb/1d/MixVideoPlayerUpdate.xml?0f7ffa2d-3a2c-40d4-bdb3-e1a4de826a29
hxxp://staticrr.mixvideoplayer.com/sdb/e0/WebBrowser.xml?7b753ff9-5f91-4922-861a-0b62376ad33d

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack

Traffic

GET /sdb/84/MixVideoPlayerSetup.exe HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:01:24 GMT

Content-Type: application/octet-stream

Content-Length: 3687070

Last-Modified: Thu, 25 Jun 2015 08:15:57 GMT

Connection: keep-alive

ETag: "558bb8bd-38429e"

Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^..........^2.......p....@.........
.................`...............................................t....
......8...............................................................
.............p...............................text....].......^........
.......... ..`.rdata.......p.......b..............@[email protected]....\......
.....v..............@....ndata...................................rsrc.
..8............z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>

GET /?s1=&s2=&s3= HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 3p6.popularfastchannel.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Content-Type: text/html

Date: Mon, 29 Jun 2015 01:01:24 GMT

Location: hXXp://oMMzz.exclusiverewards.7015.info/?sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68

Server: nginx/1.2.8

X-Powered-By: PHP/5.3.23

Content-Length: 0

Connection: keep-alive
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Date: Mon, 29
 Jun 2015 01:01:24 GMT..Location: hXXp://oMMzz.exclusiverewards.7015.i
nfo/?sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-
r10845-t68..Server: nginx/1.2.8..X-Powered-By: PHP/5.3.23..Content-Len
gth: 0..Connection: keep-alive..

GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://ommzz.exclusiverewards.7015.info/?sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Tue, 09 Jul 2013 11:31:25 GMT

Date: Fri, 26 Jun 2015 10:03:39 GMT

Expires: Sat, 25 Jun 2016 10:03:39 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 32822

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 226672

Alternate-Protocol: 80:quic,p=0
.............{...0.{....U.sD.N...3.u.4i.8....h?..J.A..@-....;.lX(.....
.i-b..z.ls....._.......d4.....G.28z2......S..e..VQ...8.:[.......Q^\...
2.......}T..b...m.Iv....HUn.d.M.....?..]....XT..uT.e......q.>.D..Q.
/...nV.r...J.227/....P..)vp.H,..^l.|!....yb%..e.A.......J\.E.....J.U|.
.Z....._W..@\..UT~...*.m\Tw.B.G.r#nes$E\...(.o.nG..*L*|#.`/n..|x.....|
..|T...!.....z..up:...o.......x&O......../_..>./.u.......a..c......
...Y0.{.x\....'..A..T..r_..7........./.O.'g5.~A.-Dx.?/....ky.E..a-.n.|
.`..B..q.......: .E.................U.z..X.8.....*vq...2..]..'<%..S
r).C.N6....F.......x.........i...,*c...7.\p.G.h.zq...MRVq..u..y.....BH
...|.M.*.........*.............4..6..w...X.&....}....>....A.......$
.q.q.#..B.s.W.....^.Q.J...*..c(.U.J.J..S.Ty;..y....=o.p-`...X.*/.[...:
s.[..n".i...q...*)..W....S..&..'...g..X<..1L.w.x..?........7g....AF
@...........T....$....8S..du..x43.n.`..=..C.......w.s......(.RQ.......
x.f......}..n.QQ._.....Rd..Q...70.Y6.o`.. ....#1...x?.......oGI.*.....
_.e.].....:p......}lv.,....3..QEU...z2uVd...../c.8...z..?Y."?>.q...
;.7.=.%[email protected]~........q..\...u......LW.....ac>.`V
..........W.W[..K.h0.W..7...iQDw>..[\..z....cQ.T,tv....h..)5.......
.......Vr....p|.........x./.....\.|....c%][email protected].^..j/[email protected]
/....;...|/h..F..%..M.H..y...%p.D.{..:c.._...H......ME..N..:TA.....H..
.......3..:[email protected]...........
lup..J.u......P..(...~..W.[Z.....0|.C1....X.....v...HDC....2rz.`..5pl)
l..}.g{)..)bB."..8.,A)ao/e..l. {../.A;..u.q.A].%....,e.....NN.`.;K
<<< skipped >>>

POST /28e0cc3c6c4b3f312e2ccdf75b1a7efee1d662a015564af42d6ee7bb7c71932c126a7a9d673555f1453bb67206ca78ab25506139521ee60d HTTP/1.1

User-Agent: dBrowser 2 CallGetResponse:2

Host: api.bestinstallfile.com

Content-Length: 4038

Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51B8A93E962C0C6C7C6FD68E8538140D7179A18D7BCE232EF1C1C0A61A0FC128EFA35879CE800C42FE7ED6DD7260C2A734FD494B2C250259201C61772E42F1834C5441D06379FFA40F46894C31933E48BDA957A476C0D2DA52AB22D25163CA51C0265C33430C2CCDC2445DB733784FAF2387F2028217CF16B47693BE71A94A31D04FEC270C62AA77F5607A856310D3163700B9358E90F7D346FCC65CFCEB261A852FC730CFC5512A46C99D7521B0CEB0A7AB836EB90C4968390E70FBE66142A024A56DCD1FF2C37F69104A76D9C65E8C995026485C84E02B717CB69E1DEE79A5B7163A85418804D4732B853988DC447F077EDBE26ADDD2D6491B936C16D6FDA0CBE8C32A9E47A43291E06605D7327A003427FA57088F709FEA77EF306CA4BFEF54BDAEDF7E4F54FF66DB4CD09C36F722294E15B4466C6626B87D934840432CEAB2D0F2D5CD256D16454ADD9ACD51EA2376FD7ABDAC2DC20C1CE4FC529377AACD629FFED22A89B2F4422D24E82882AF7AA2C1A16BB81C3838A8D3EB3E18BBEF18D60DC1B234AC6A358521720470391E8CFDF41099A29F798B6EC70E827139413E513DA51D7708F4957B91AC64EBB6FD47BCACAF081BD0D876AEEB0C3A09A3ED5BA4F85EBBC8F97F88B9899F77E1B84AD58BCEBFBA8B236534DAF1C60FCFEF16CB364963AB371E91C1C08792FDC29952F850
HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:01:28 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: keep-alive
7..MAXTHX...0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 29 Jun 2015 
01:01:28 GMT..Content-Type: text/plain..Transfer-Encoding: chunked..Co
nnection: keep-alive..7..MAXTHX...0......


GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: api.bestinstallfile.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:01:28 GMT

Content-Type: image/gif

Content-Length: 54

Last-Modified: Fri, 27 Feb 2015 14:06:53 GMT

Connection: keep-alive

ETag: "54f079fd-36"

Accept-Ranges: bytes
GIF89a.............!.......,...................P..U..;HTTP/1.1 200 OK.
.Server: nginx..Date: Mon, 29 Jun 2015 01:01:28 GMT..Content-Type: ima
ge/gif..Content-Length: 54..Last-Modified: Fri, 27 Feb 2015 14:06:53 G
MT..Connection: keep-alive..ETag: "54f079fd-36"..Accept-Ranges: bytes.
.GIF89a.............!.......,...................P..U..;..

GET /ltv/install/?idapp=23&action=install&mac=0050563B0E71&country=US HTTP/1.1

Host: ltv-pre.tguhost.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Content-Type: xml

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.3.10-1ubuntu3.7

Cache-Control: no-cache

Date: Mon, 29 Jun 2015 01:02:01 GMT
39..<?xml version="1.0" encoding="utf-8"?>.<result>1</r
esult>..0..

GET /sdb/e0/WebBrowser.xml?7b753ff9-5f91-4922-861a-0b62376ad33d HTTP/1.1

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:02:18 GMT

Content-Type: text/xml

Content-Length: 4250

Last-Modified: Mon, 18 May 2015 14:02:04 GMT

Connection: keep-alive

ETag: "5559f0dc-109a"

Accept-Ranges: bytes
<Popup>..<Version>1.0.0.10</Version>.    <Enabled
>true</Enabled>..<Size height="768" width="1000"/>.    
<FrecuencyPerHour>3</FrecuencyPerHour>.    <MaxWindows&
gt;4</MaxWindows>.    <LaunchDate>07/01/2015</LaunchDat
e>.    <Url container="popup">hXXp://VVV.wbredirect.com</U
rl>..<UrlNotAllowedCountries countries="AE,IR,IL,EG,CN,BA,RS,TH,
IN,CZ,ID,VN,PH,PK" container="popup">hXXp://network.adsmarket.com/c
lick/jGJunWecqZmOZnCXYcp6w4iQa5xgn36bi2SYm2Gif5mJkGqXXpt-lbdia5hhn3qX&
lt;/UrlNotAllowedCountries>.    <UrlByRegister>...<Url con
tainer="browser" key="HKLM\SOFTWARE" priority="5"><![CDATA[http:
//n149adserv.com/ads?key=8a35d9a5b93c671dcef88419ab81871b&width=0&heig
ht=0]]></Url>...<Url container="browser" key="HKLM\SOFTWAR
E\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 3 Client" prior
ity="5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffce
ee148f60ea374f6&width=0&height=0]]></Url>...<Url container
="browser" key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta
ll\RaidCall" priority="5"><![CDATA[hXXp://n149adserv.com/ads?key
=0d8448124f556ffceee148f60ea374f6&width=0&height=0]]></Url>..
.<Url container="browser" key="HKLM\SOFTWARE\Microsoft\Windows\Curr
entVersion\Uninstall\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" priority=
"5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffceee14
8f60ea374f6&width=0&height=0]]></Url>...<Url container
<<< skipped >>>

GET /sdb/1d/MixVideoPlayerUpdate.xml?4d3f9682-5545-409e-a9ec-d3d801da01cc HTTP/1.1

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:02:14 GMT

Content-Type: text/xml

Content-Length: 671

Last-Modified: Thu, 25 Jun 2015 08:28:33 GMT

Connection: keep-alive

ETag: "558bbbb1-29f"

Accept-Ranges: bytes
<?xml version="1.0" encoding="UTF-8"?>..<LastVersion>...&l
t;url>hXXp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup
.exe</url>...<version>1.0.0.22</version>...<Track
Activity>true</TrackActivity>...<TrackErrors>true</T
rackErrors>...<vast active="true">....<adnum>3</adnu
m>....<adurl countries="US,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,J
P,CA,IR,AU,NL,ID,CO,PK">.....<![CDATA[hXXp://ads.adaptv.advertis
ing.com/a/h/fUUYX443fr3iHLf1b0DAy3MvZmqN m4YhR8Ql84ugxaUwnVer0nkAl4RaF
w4ippAh4iKfLnbLyk=?cb=[CACHE_BREAKER]&pageUrl=apps://mixvideop
layer.com&eov=eov]]>....</adurl>...</vast>...<Coll
ectorLTV>collector-pre.ltv-analytics.com:8080</CollectorLTV>.
.</LastVersion>HTTP/1.1 200 OK..Server: nginx..Date: Mon, 29 Jun
 2015 01:02:14 GMT..Content-Type: text/xml..Content-Length: 671..Last-
Modified: Thu, 25 Jun 2015 08:28:33 GMT..Connection: keep-alive..ETag:
 "558bbbb1-29f"..Accept-Ranges: bytes..<?xml version="1.0" encoding
="UTF-8"?>..<LastVersion>...<url>hXXp://staticrr.mixvid
eoplayer.com/sdb/84/MixVideoPlayerSetup.exe</url>...<version&
gt;1.0.0.22</version>...<TrackActivity>true</TrackActiv
ity>...<TrackErrors>true</TrackErrors>...<vast activ
e="true">....<adnum>3</adnum>....<adurl countries="U
S,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,JP,CA,IR,AU,NL,ID,CO,PK">....
.<![CDATA[hXXp://ads.adaptv.advertising.com/a/h/fUUYX443fr3iHLf
<<< skipped >>>

GET /__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater HTTP/1.1

Accept: */*

Proxy-Authorization: Basic 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: api.bestinstallfile.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:01:28 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 814

Connection: keep-alive

Vary: Accept-Language

Content-Language: en

Accept-Ranges: bytes
.<!--finish Videoupdater-->....<div class="finish">..<h
1>........Setup Wizard.......</h1>..<p style="margin-top: 
15px; font-size: 13px;">You have succesfully installed the software
 below and they are ready to be used:</p>....<div class="item
s">...<ul>....<li class="check">%mapp%</li>......
</ul>..</div>....<div class="clear"></div>....
<p>Recommended offers:</p>......<div class="list-toolba
rs" id="alloffers">....<ul class="_FinishOffers">....</ul&
gt;...</div>....<!--...<div class="banner">......<if
rame src="hXXp://n149adserv.com/ads?key=09879bcf6e631312a2c4d02d9cae27
2f&width=300&height=250" frameborder='0' scrolling='no' width='300' he
ight='250'></iframe>...</div> ..-->.........<inpu
t id="_Bexit" class="_Bexit close absol" tabindex="2" type="submit" na
me="nombre" onclick='onExit()' value="Close">....</div>..HTTP
/1.1 200 OK..Server: nginx..Date: Mon, 29 Jun 2015 01:01:28 GMT..Conte
nt-Type: text/html; charset=utf-8..Content-Length: 814..Connection: ke
ep-alive..Vary: Accept-Language..Content-Language: en..Accept-Ranges: 
bytes...<!--finish Videoupdater-->....<div class="finish">
..<h1>........Setup Wizard.......</h1>..<p style="margi
n-top: 15px; font-size: 13px;">You have succesfully installed the s
oftware below and they are ready to be used:</p>....<div clas
s="items">...<ul>....<li class="check">%mapp%</l
<<< skipped >>>

POST /03d25c23ba97343629db2fc60d1ed245f67f03b0a93c2bacf1aafddfe029c5617400bba10bf0d32a5c44757455d57fb761ad145145f1aa6c HTTP/1.1

User-Agent: dBrowser 3 CallGetResponse:3

Host: api.bestinstallfile.com

Content-Length: 4038

Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51B8A93E962C0C6C7C6FD68E8538140D7179A18D7BCE232EF1C1C0A61A0FC128EFA35879CE800C42FE7ED6DD7260C2A734FD494B2C250259201C61772E42F1834C5441D06379FFA40F46894C31933E48BDA957A476C0D2DA52AB22D25163CA51C0265C33430C2CCDC2445DB733784FAF2387F2028217CF16B47693BE71A94A31D04FEC270C62AA77F5607A856310D3163700B9358E90F7D346FCC65CFCEB261A852FC730CFC5512A46C99D7521B0CEB0A7AB836EB90C4968390E70FBE66142A024A56DCD1FF2C37F69104A76D9C65E8C995026485C84E02B717CB69E1DEE79A5B7163A85418804D4732B853988DC447F077EDBE26ADDD2D6491B936C16D6FDA0CBE8C32A9E47A43291E06605D7327A003427FA57088F709FEA77EF306CA4BFEF54BDAEDF7E4F54FF66DB4CD09C36F722294E15B4466C6626B87D934840432CEAB2D0F2D5CD256D16454ADD9ACD51EA2376FD7ABDAC2DC20C1CE4FC529377AACD629FFED22A89B2F4422D24E82882AF7AA2C1A16BB81C3838A8D3EB3E18BBEF18D60DC1B234AC6A358521720470391E8CFDF41099A29F798B6EC70E827139413E513DA51D7708F4957B91AC64EBB6FD47BCACAF081BD0D876AEEB0C3A09A3ED5BA4F85EBBC8F97F88B9899F77E1B84AD58BCEBFBA8B236534DAF1C60FCFEF16CB364963AB371E91C1C08792FDC29952F850
HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:01:58 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: keep-alive
7..MAXTHX...0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 29 Jun 2015 
01:01:58 GMT..Content-Type: text/plain..Transfer-Encoding: chunked..Co
nnection: keep-alive..7..MAXTHX...0..

GET /sdb/1d/MixVideoPlayerUpdate.xml?0f7ffa2d-3a2c-40d4-bdb3-e1a4de826a29 HTTP/1.1

Host: staticrr.mixvideoplayer.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:02:02 GMT

Content-Type: text/xml

Content-Length: 671

Last-Modified: Thu, 25 Jun 2015 08:28:33 GMT

Connection: keep-alive

ETag: "558bbbb1-29f"

Accept-Ranges: bytes
<?xml version="1.0" encoding="UTF-8"?>..<LastVersion>...&l
t;url>hXXp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup
.exe</url>...<version>1.0.0.22</version>...<Track
Activity>true</TrackActivity>...<TrackErrors>true</T
rackErrors>...<vast active="true">....<adnum>3</adnu
m>....<adurl countries="US,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,J
P,CA,IR,AU,NL,ID,CO,PK">.....<![CDATA[hXXp://ads.adaptv.advertis
ing.com/a/h/fUUYX443fr3iHLf1b0DAy3MvZmqN m4YhR8Ql84ugxaUwnVer0nkAl4RaF
w4ippAh4iKfLnbLyk=?cb=[CACHE_BREAKER]&pageUrl=apps://mixvideop
layer.com&eov=eov]]>....</adurl>...</vast>...<Coll
ectorLTV>collector-pre.ltv-analytics.com:8080</CollectorLTV>.
.</LastVersion>HTTP/1.1 200 OK..Server: nginx..Date: Mon, 29 Jun
 2015 01:02:02 GMT..Content-Type: text/xml..Content-Length: 671..Last-
Modified: Thu, 25 Jun 2015 08:28:33 GMT..Connection: keep-alive..ETag:
 "558bbbb1-29f"..Accept-Ranges: bytes..<?xml version="1.0" encoding
="UTF-8"?>..<LastVersion>...<url>hXXp://staticrr.mixvid
eoplayer.com/sdb/84/MixVideoPlayerSetup.exe</url>...<version&
gt;1.0.0.22</version>...<TrackActivity>true</TrackActiv
ity>...<TrackErrors>true</TrackErrors>...<vast activ
e="true">....<adnum>3</adnum>....<adurl countries="U
S,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,JP,CA,IR,AU,NL,ID,CO,PK">....
.<![CDATA[hXXp://ads.adaptv.advertising.com/a/h/fUUYX443fr3iHLf
<<< skipped >>>

HEAD /sdb/84/MixVideoPlayerSetup.exe HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Host: staticrr.mixvideoplayer.com

Content-Length: 0

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:01:24 GMT

Content-Type: application/octet-stream

Content-Length: 3687070

Last-Modified: Thu, 25 Jun 2015 08:15:57 GMT

Connection: keep-alive

ETag: "558bb8bd-38429e"

Accept-Ranges: bytes

GET /?sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ommzz.exclusiverewards.7015.info

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Mon, 29 Jun 2015 01:01:25 GMT

Content-Type: text/html

Transfer-Encoding: chunked

X-Powered-By: HHVM/3.8.0-dev

Cache-Control: no-cache

Expires: Mon, 01 Jan 2001 00:00:00 GMT

X-Sov: 73001201

X-Rot: 227198

X-Source: Mini

Pragma: no-cache

Vary: Accept-Encoding

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: ci_session=uopeR/3WWVlAfSARC/Of2SST4EhqwqO3xqbbCG4pi6MwodcltfHtwmo29KQFN5KQtK731Q4SIgW5nYvON9jl+KjkjMexQjy1ns7XWJqr4Gx6JJYjomt8u2bicGVmGTedql9jy+4NMNBEUb18js+TJudziTSuGwsi3PlhlMUSqbNX9O6wyqiO7gn5RFzx1Cxq37ojnNaqKGiCzZClz9CMcxm+23Nn0SUvGOUF8rYfr7t5uY8MtvptKl3rnaf0K4rqfq4ramLjvo8Cz1ife1X7jNC6ZaMX2+dZpLa5hzU+GporfquxOnDBimeGN3kbKZXzHMc8d81Qdg/izSIDLSD7xazRdn5fpzYHFb9XIXlTaP7jJfZsaWYYjZkYB7FH/JORqV7UBaofIjgaJyOvdxJ9kxBGVpeRNVbuk4hTJWFHuRGY1Arb+0e+UYzafFdtVPCr0vHc6TY1SsnXgVy3ryrs0Q==; expires=Tue, 30-Jun-2015 01:01:24 GMT; Max-Age=86400; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: id=XNSX.-r10845-t68; expires=Tue, 30-Jun-2015 01:03:04 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: SITE_ID=73001201; expires=Tue, 30-Jun-2015 01:03:04 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: sov=73001201; expires=Tue, 30-Jun-2015 01:03:04 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tov=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: mov=nr.ytsurvey.mini; expires=Tue, 30-Jun-2015 01:03:04 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: redid=10845; expires=Tue, 30-Jun-2015 01:03:04 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: gsid=68; expires=Tue, 30-Jun-2015 01:03:04 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: URI=sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68; expires=Tue, 30-Jun-2015 01:03:04 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: templateid=2582; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: version=227198; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][expand_enable]=-1; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][alert_enable]=1; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][audio_enable]=0; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][pop_enable]=0; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tags[227198][expand_enable]=-1; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tags[227198][alert_enable]=1; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tags[227198][audio_enable]=0; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tags[227198][pop_enable]=0; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: content=227198; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: token=9e149e6e8448a42eeb019da57968800d; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: rpm=52; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: vid=689928; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: log_73001201=1; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.exclusiverewards.7015.info

Set-Cookie: id=XNSX.-r10845-t68; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: SITE_ID=73001201; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: sov=73001201; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tov=227198; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: mov=nr.ytsurvey.mini; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: redid=10845; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: gsid=68; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: tags[2582][iframe_enable]=0; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.ommzz.exclusiverewards.7015.info

Set-Cookie: noshid=djfhjhltnlhrfnhnfn; expires=Tue, 30-Jun-2015 01:03:05 GMT; Max-Age=86500; path=/; domain=.7015.info

Content-Encoding: gzip
e7c.............[{o....[....P..%ER.....k..H.d...h...(.1E.$....ytm...Px
.0.........N.......7...{I.e.rd..M.W..{.y...Dm.....~|e.u....'j..D......
D.W.,.X.r...y......O.?...y*...........k..fz..m[SXS|ZP<m. .....Q.W..
..^(.WX./....-.......W.#.......{...s...................._.w...r.<[ 
..h*.....\....J.uu..fYk....[lZ]~.d...t....l.....bE~*vu.x.U.k%1.....u.q
.6&...m.......k....V..6]...=gC...\Z..zq..........uC_.x.k.~m..t...m.Z.W
.s4cA.....y...D.;>..H|.Q.?.j.:'(..........0......#4_W7T.BE...8w...3
.O......A69.#.G...T.j..........j....[&...#.....]...T>?...... ..\...
....}pE]....?M...B.. ..Ej......*$f.....\..y>d#...9......>5?5.o..
.[P........U 0(...'~..6...I......Zx..?...4u../.._c..'....P..}.[...I...
w.....k|...........1.#..F.....<1.W......p..*S.B.....m...i.fK..a....
...V.V.&...Z...0{0}d...q......4T.]P.KmA....."..G...#chIU75...U.=s...P.
|5.....b...Jx.?LN...q)J..U.0FG...,....x.y........Qj.O....b.6......|.^.
.e!..9S.]........#.z...n..c.k..!...e..`....).]..C.b.........?d\=..\..;
W...T...Q(&......&...B......7..Zv...z-...`.>.....Q...t...}........l
.r4gR..`..ND.R...W'.........pb.{..f.n...E....Fx.s.;.g.?..P$ ...6I...F.
......{t..o.E.(| [email protected]:.k.=.{..x.".w.g.Eh~.w..u......F..M
..n9g.N`.....A.....4.I..h|J[".......k%;"..Z.S......'....%&.Q?b.3`...|.
lO.KP..R...A.Y.[ .9...y.K....0...{.#... ....~.8........X....y.'4..\.&l
t;[email protected]..?....L.......aq.%.;.1j..(...Y......u.MX9.
DJ_.xQ:....0.I......."...F./j^..... ...%2....V......`.2..pr....H....u.
.m........J"..> C..'.Q{..%-.8...../.........$qL&.... .S.....m..
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style.css HTTP/1.1

Accept: */*

Referer: hXXp://ommzz.exclusiverewards.7015.info/?sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ommzz.exclusiverewards.7015.info

Connection: Keep-Alive

Cookie: ci_session=uopeR/3WWVlAfSARC/Of2SST4EhqwqO3xqbbCG4pi6MwodcltfHtwmo29KQFN5KQtK731Q4SIgW5nYvON9jl+KjkjMexQjy1ns7XWJqr4Gx6JJYjomt8u2bicGVmGTedql9jy+4NMNBEUb18js+TJudziTSuGwsi3PlhlMUSqbNX9O6wyqiO7gn5RFzx1Cxq37ojnNaqKGiCzZClz9CMcxm+23Nn0SUvGOUF8rYfr7t5uY8MtvptKl3rnaf0K4rqfq4ramLjvo8Cz1ife1X7jNC6ZaMX2+dZpLa5hzU+GporfquxOnDBimeGN3kbKZXzHMc8d81Qdg/izSIDLSD7xazRdn5fpzYHFb9XIXlTaP7jJfZsaWYYjZkYB7FH/JORqV7UBaofIjgaJyOvdxJ9kxBGVpeRNVbuk4hTJWFHuRGY1Arb+0e+UYzafFdtVPCr0vHc6TY1SsnXgVy3ryrs0Q==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; tags[227198][pop_enable]=0;
HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Mon, 29 Jun 2015 01:01:32 GMT

Content-Type: text/css

Last-Modified: Fri, 11 Oct 2013 18:30:45 GMT

Transfer-Encoding: chunked

Expires: Thu, 23 Jun 2016 01:01:32 GMT

Cache-Control: max-age=31104000

Pragma: public

Cache-Control: public, must-revalidate, proxy-revalidate

Content-Encoding: gzip
9ec.............Z[o...~...5A1;.:.%.....L6.,....E.7..(..%*.............
l[`k#...9<......,....'...o.~u.v...7.....Td..<...>...9.E..@<
;.'...I.3..%J=..(.P.B...(d<zx.. .(....a.pT.|.!..%.*....(..xLPL.....
.%<.....y....=..U8 P.a.P%[email protected]. .....(D5.(". %.aM...q.j..E.%,.
`../3.p.d...<F.......<GB.]$..$R.....$b...].........]....N....I..
y-...~..ZT....]..7'.:9Q\.....S....<'............!...C..8..xl{.u.\'.
N@<....7.[.,.DI2..0\p'&.l.IxTW.......r.[^.}...t.2..........I..Z....
...EL"^b)}........B.%.wiKViP2I.srBb.}D....@A?.............Br.&I.Zu..3.
....>uj]4 .;.~..Y.sG:....sF.!.M...4..X9/......."F...|.vB....md..h.F
.-0..D......_..-.D.-UT.;..b....S)&.B..(._;.........yLNQ.........1.1rpI
1.?....hr#=.. m8Z.....!..v`'y|..%.....fxG....6.m3L...M>.......s.`..
.LpLB......x.3f4v......H%|.b...U.c..F..<........p...,.l.....Lc.....
zC..K......m......(..K.....u6k=..a..9Z.:=..j.....1.\.....f.Q.V.......^
N...U..q...f.8RN.......).J.r,j.......m..eOn.t>..gA....R......m.R...
.E...>..&....E.]6Zn.M..R-..8...:....u..._..C..s....b?,.s%......`.h.
vf!.........LnLs.J..F'..HG.......5.4f.C ......mo...7...r.....&..Z...;.
.d. oJ.z...F.L..'p.....E.e..q..ptP>.......]Mx.eK..&...*i...:...AZ~"
73......C....Smp..V3...C..ZHZ.........F.... ..G>..*..w.8A....(;ky]J
....Z.....&.)._.u.^....A..2Afo'm.6......3.Kg5^`....Z-..........F.".:.c
....=..G<.5a.3)..u.Gl%.......b_tP.....d^.N ...gO..........|..%.v;.J
&.......s...X. ....~.X.t=.....&..v.]'..J...6...../.$....K......-.r2 ..
.7.fn.GJYf...B..."..W....NZ.V....:5,2.m...l.hk..M.S..'.....;e. HRJ
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/js/script.js HTTP/1.1

Accept: */*

Referer: hXXp://ommzz.exclusiverewards.7015.info/?sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ommzz.exclusiverewards.7015.info

Connection: Keep-Alive

Cookie: ci_session=uopeR/3WWVlAfSARC/Of2SST4EhqwqO3xqbbCG4pi6MwodcltfHtwmo29KQFN5KQtK731Q4SIgW5nYvON9jl+KjkjMexQjy1ns7XWJqr4Gx6JJYjomt8u2bicGVmGTedql9jy+4NMNBEUb18js+TJudziTSuGwsi3PlhlMUSqbNX9O6wyqiO7gn5RFzx1Cxq37ojnNaqKGiCzZClz9CMcxm+23Nn0SUvGOUF8rYfr7t5uY8MtvptKl3rnaf0K4rqfq4ramLjvo8Cz1ife1X7jNC6ZaMX2+dZpLa5hzU+GporfquxOnDBimeGN3kbKZXzHMc8d81Qdg/izSIDLSD7xazRdn5fpzYHFb9XIXlTaP7jJfZsaWYYjZkYB7FH/JORqV7UBaofIjgaJyOvdxJ9kxBGVpeRNVbuk4hTJWFHuRGY1Arb+0e+UYzafFdtVPCr0vHc6TY1SsnXgVy3ryrs0Q==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; tags[227198][pop_enable]=0; 
HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Mon, 29 Jun 2015 01:01:32 GMT

Content-Type: application/javascript

Last-Modified: Fri, 11 Oct 2013 18:30:48 GMT

Transfer-Encoding: chunked

Expires: Thu, 23 Jun 2016 01:01:32 GMT

Cache-Control: max-age=31104000

Pragma: public

Cache-Control: public, must-revalidate, proxy-revalidate

Content-Encoding: gzip
9c0..............iw.6... .....LIv.m..]?'N.^.g7i..q.(..XS.J.>bi.....
.......$....`........} ....>..e.._.d...;.........v2xM.4..HY........
..w.h..}gCF...o.%........... S..,...2.....E.....$...q..lLD.\d..{....[.
...N.l....v..By...a.e<.D.[....'.i|6...z....x...u~.F..d..V*$..-....^
.-..Rj.cqU.{7 [email protected]..].$.5..7mc$./..)-..$...=..).....k...9Ox(...e..C
.z..&..\Y.\_.../..HQ....Q.GC.Ac...F..Qi.A.....i......|...Q..L\R. .J}l[
..=?...$.s.d....\s......c......@7^0...mD.X&.b.|.Ax>.D.FN.9.......-.
f..........D..SFf>.."....i...&..`E:..w..{.fd!.q.2...IP$.66."H.?. ..
_....'...%..........i...F .b.......g({....V.$B.d..1....3g..P........3.
.9..q...?.`!O,.<.R9lt..Y..p....Lb.D....%.1.P...h2...6.\>"..#....
.....A......8....U....)....$D.....L...8..9.J.8.{..K.%.[\..[.o...!]c.S;
m).[.Z.....)...m.p.\...T..#py..Q"......9..P..E..<..|.lS...]r$L.a...
= M....."......hV..mr..._U2.J<..f<...TJ.....H8..*"@L..m.]p.%...Y
8..1......E.Ji1. .F}..l/....EvlO.......P..Z..G.S....X..4...A;mv..e..G.
clV.TU..U...a.....!.`O.9..V....vVx..._.....B...8N.A=Vk......wY_......{
...1.....T..S2.r.......H......k..aytM..b...c<...6...ri1..A.V..^...V
T....q..'.6..L.C..p L....ZU ...)...h......~..nW..h9.s.e..F3.M...v.Z...
D...Z..;...(.t.......`A.. M.9...p..z..S(]y-.....@...._\.P.f.v6..1hTK.:
*..`.-7....{.CT..P..%j...m.b....;I.\...a..r.3.'...YG.Z.Wf.*z.F.^.%6..m
......S.....X.3.g.WB..S....t....'.....'...Pj..k....j.NV..eu....(..2T.b
.)[email protected]/j....a.....W.J./<...v..7....:;....MA........n.....p....@
..y7.dT..ts..R..8.....B.L;lA.F<m1U.ZN[.l;-.............W%..;:y.
<<< skipped >>>

GET /sdb/df/ffmpeg.zip HTTP/1.0

Host: staticrr.mixvideoplayer.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 29 Jun 2015 01:01:37 GMT

Content-Type: application/zip

Content-Length: 10143125

Last-Modified: Thu, 21 May 2015 14:48:41 GMT

Connection: close

ETag: "555df049-9ac595"

Accept-Ranges: bytes
PK........o..F=........X}.....ffmpeg.exe..}`T..?|o...Vo...D.ukc......]
H..Q#.....E..*.F......uX...Z....P..W._..XP..........E..^.9.3s.-..{~..O
Z.wg...9s.......6-S.4....j.bM.y.#....G...h....8u.^..Sk&.45...........?
7.r........{.-.7.._q...?.:...G...VuT...*..u^v.(..-...O.8A..q.V3M.~..m.
..l.......3$...O.[.G..W...gj^.....'[.dk..S.........{..4.o7....I.....nl
..s....lzA_c........'.....g/..}_J..A...W..>.v.....5m........O.....V
...)%.h..*z.o.....S....D........{.l.iH.......R. j.X>.....g.........
.e...]...............~:^Bo........>....pg.z....t...I..H............
..x.. .~.W.v..H./..>.u.F......RI.f........m..7iA...A....K.-..5....(
.Y..AM..E.....3.T.?...S.af[]..5...O..u..=...yv7.4.......'...e.Y.R..Y..
.o.-..W.Nl..O.].G....../[email protected]..@!...
,...~E)...x..o..C.....<3....[.....Y.n....2T.....#.}@.a.C>.....l.
...\.....u....|.(8a>d.8.....Q..Cr.^.9...@f..."..%...x...s;(........
.loX7..~y6..u#.%...S...PI/...D.d...~.7.......:.j...X C..~F.Q ....HXt.*
-.?..$..tK.....u...u....6...z..{..vj..Oh.......|.k.....Z..K...]7..n...
l...w.-{.mT..i.P.x.....&....o..tq.....N7..X....E...gS..0..9f.I.;.:...`
..........A..$..( [email protected]....'....s;...q;..]..._;.a...g..ma......:
..m......f.|.....N....3..../.q..P.kA6=..j..I.....,.!ji>rB7......U..
..-&..\....Q..).27..=.................... ...4...z.E.[..p:#?..F..w...'
8".R.,. .....P..u.=.<.P...../.J...%6....._..<..&#.'.......?....o
...Xpc...[..\.d.X=..E(-..8(.x s4.P...y.....z__*.:.......l~{mG[.....p.P
qW...X.zQ...... ...5..6.....)./...:...#._......oH.?...7..G.;<.-
<<< skipped >>>

GET /?page=ec&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1208733&clickid=20Wzkj3E5zc6Myks0Ggk9v1z9nrR000.&ce_cid=20Wzkj3E5zc6Myks0Ggk9v1z9nrR000. HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.webtrackerplus.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Mon, 29 Jun 2015 01:01:23 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

location: hXXp://3p6.popularfastchannel.com/?s1=&s2=&s3=

Set-Cookie: SERVERID=web2; path=/

Set-Cookie: visid_incap_227739=J6R6//94Rsmjzp8ziy1NhuOYkFUAAAAAQUIPAAAAAACk5vRDs7rCb9G2TrhTN9Fa; expires=Tue, 27 Jun 2017 20:44:36 GMT; path=/; Domain=.webtrackerplus.com

Set-Cookie: incap_ses_323_227739=txwAAMhAxgvgFokr/YZ7BOOYkFUAAAAAD4SuWLM25 U4SMToh1WjXQ==; path=/; Domain=.webtrackerplus.com

Set-Cookie: ___utmvmFPupvfO=bXfomZbdgrD; path=/; Max-Age=900

Set-Cookie: ___utmvaFPupvfO=BZI.mKPH; path=/; Max-Age=900

Set-Cookie: ___utmvbFPupvfO=RZr

    XezOOall: atn; path=/; Max-Age=900

X-Iinfo: 8-88992396-88992398 NNNN CT(116 -1 0) RT(1435539683207 0) q(0 0 1 1) r(2 2) U5

X-CDN: Incapsula
0..

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style-ie.css HTTP/1.1

Accept: */*

Referer: hXXp://ommzz.exclusiverewards.7015.info/?sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ommzz.exclusiverewards.7015.info

Connection: Keep-Alive

Cookie: ci_session=uopeR/3WWVlAfSARC/Of2SST4EhqwqO3xqbbCG4pi6MwodcltfHtwmo29KQFN5KQtK731Q4SIgW5nYvON9jl+KjkjMexQjy1ns7XWJqr4Gx6JJYjomt8u2bicGVmGTedql9jy+4NMNBEUb18js+TJudziTSuGwsi3PlhlMUSqbNX9O6wyqiO7gn5RFzx1Cxq37ojnNaqKGiCzZClz9CMcxm+23Nn0SUvGOUF8rYfr7t5uY8MtvptKl3rnaf0K4rqfq4ramLjvo8Cz1ife1X7jNC6ZaMX2+dZpLa5hzU+GporfquxOnDBimeGN3kbKZXzHMc8d81Qdg/izSIDLSD7xazRdn5fpzYHFb9XIXlTaP7jJfZsaWYYjZkYB7FH/JORqV7UBaofIjgaJyOvdxJ9kxBGVpeRNVbuk4hTJWFHuRGY1Arb+0e+UYzafFdtVPCr0vHc6TY1SsnXgVy3ryrs0Q==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=djfhjhltnlhrfnhnfn&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; tags[227198][pop_enable]
HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Mon, 29 Jun 2015 01:01:32 GMT

Content-Type: text/css

Last-Modified: Fri, 11 Oct 2013 18:30:44 GMT

Transfer-Encoding: chunked

Expires: Thu, 23 Jun 2016 01:01:32 GMT

Cache-Control: max-age=31104000

Pragma: public

Cache-Control: public, must-revalidate, proxy-revalidate

Content-Encoding: gzip
269.............S...0.=o.b....6!....;{.zh{GN.....:N...{'v`.......x..{.
...)...AT1..<......j...9L..5....E3.c..f.....F..g[..-Z.LxX.'.N..9<
;....m.`.....f.PI-*<..,..Kn.T.....V.zk.yn.[..Tuh.%,I.k..f<G$.V.l
.C7..B...1....r..z.#^b......e.A..\[email protected].:l$.i..s....w/:#Qu.`.<..
.....[A.4D{..V....*..=..;{.#..e..1.:8..I.e6.?....N....a.Qh.w.....~.-.h
...i.V..Y.Ai..wkD5.c..q=.v.....q....I......3......F...b*%......2..|p..
......d.-}.l.Q..M...8...Dc.\...y|........i..\./..N.L.......l.$.S.\.~&l
t;P`..[a..^.....hz....x..J.M.1}...2.c7.KrnE.oH.2^,...1....".......!9..
3.zi.^w.......7..`k=kdM7... ..N6........&?.Nt.U........./%g.L.....S.'.
..K.h.O.....0..HTTP/1.1 200 OK..Server: nginx/1.6.3..Date: Mon, 29 Jun
 2015 01:01:32 GMT..Content-Type: text/css..Last-Modified: Fri, 11 Oct
 2013 18:30:44 GMT..Transfer-Encoding: chunked..Expires: Thu, 23 Jun 2
016 01:01:32 GMT..Cache-Control: max-age=31104000..Pragma: public..Cac
he-Control: public, must-revalidate, proxy-revalidate..Content-Encodin
g: gzip..269.............S...0.=o.b....6!....;{.zh{GN.....:N...{'v`...
....x..{....)...AT1..<......j...9L..5....E3.c..f.....F..g[..-Z.LxX.
'.N..9<....m.`.....f.PI-*<..,..Kn.T.....V.zk.yn.[..Tuh.%,I.k..f&
lt;G$.V.l.C7..B...1....r..z.#^b......e.A..\[email protected].:l$.i..s....w/:#Qu
.`.<.......[A.4D{..V....*..=..;{.#..e..1.:8..I.e6.?....N....a.Qh.w.
....~.-.h...i.V..Y.Ai..wkD5.c..q=.v.....q....I......3......F...b*%....
..2..|p........d.-}.l.Q..M...8...Dc.\...y|........i..\./..N.L.......l.
$.S.\.~<P`..[a..^.....hz....x..J.M.1}...2.c7.KrnE.oH.2^,...1...
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

`.rsrc

J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI

j.hTwV

j.hHzV

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug

FJN[[[[[_mx$.6>ACINSU]etuv",,:EP_cjs{|*./;DLV_gjy{ -3>>DP^kp FDKWany

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h

EQW]]]]]ett{'*02?CCRTam||%-9::HQT]alq"(-1??JSU^ekyy"#$$.=JYgkpt|}#')1=KZ[]]^ksy')6?AGN]`nox'.05=AP^fq{}--68ETW]cqv|}$,79GP]lov'(--;EMVYaly#&'4@FGS\eooq *-03AJQ\]]hllz'

GHIIIIIIKSbqvw(.46BCHPTUXYfr{LKOQ]huw|

BQS`````ln|&-7;DMO[ddrtv'5CGGLTWfu!#' 3<<KZbo{{FRWYamx&2?M\ffoz$(6CGP

IT[_____gvCN]ffqv%,7@LNSW]an|*AMSVXbp{!#034<ACLVXdkr .1=@OT`cky')),

GMQ\\\\\defghno{(-6CRaeix}"&-;EMT`ky|'-1

LX^hhhhhmuxz"$/>HJQVV[\dqx#' 8GHQ]ju%% 9:>?KNVeop| '(39>@ITcpx$%*67CGGUW

N\cmmmmmp{{} 0?CDGMXaht (.<=?ILWZiwyz$/49;DHKMSWdsy(56DGS`mv!LR^eghkxy

NX]fffffjkxzCJXamny|".3:GUbkm| -59ESW

CHKQQQQQVao|#-;IT]iip|)0=DQTZbiiov}ICF

GHIIIIIIKW`oxx %89COO^eenop{$*08FLOPUa

()$^.* ?[]|\-{},:=!

GMQ\\\\\]ijkqqu!)-448AAFHUWZant}.69GMU_fnnwz',,6>?NRajy!/4:FOOT]^apvy"&0

invalid _N_type: %d

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale

CHKQQQQQ[dps##%'*./25@JSYekrz>BNZblr! 3?HKZ]hp|)4BPTcrt '5;JJY[iijjx)19FUaoo|*.28;;COXgv%,.<AMOXcdivv

AIP[[[[[^hmns "" 0=>LZiqt!07BGQ[gt"$' 57BEFLXfn|-<DMY`hnv *1;GQYer#;FRY[chlnr{}#.:=FJY]lx)*3AEHW]lt#.<FLRT[_fqt"1>LY^aijw"LKT\^divz'58DLYYY\\_nvz&,9GOPYhkx)15@FST__nu$019>KXguz!#'0456:FS`cr{)888FKR[_mu %,:;JNSVaahhvw!,4>>AAIP\`cklquz!% 2ALST\cqx{ 5BFISSZemox')7<DIOSV^cipv}"08>BKX^_n{#&17?@KKKUdmmq}.7@EOTVZgjv|,6@BJPW\_bir".044<IQ_`hv&47<DNVckq|*038EFQ\

NSTTTTTT_ghhs$1@KN[^dr{)-:IU\kuuw%,49ADGHS_ahqwx$.69FKN]bkz| 1;DEQT\jx$%-1=BGLWcp|-9EIX\ktz"#-8?IP\`bfjmmt (/:EQ]dkns})2>FO^eglqz|"(4:FTU[inpy|#014?@MZhrs"(2:DMZgghpz}&/48=CCOXbo (-02:>HWeq{*-<FKUU[cqx"&'28<EKR_cko{$$:;;?KTcpty"*37;;=DEIT`blw{#0>BFKQZ[hrwx| 0;E

IsWindowsServer

CHKQQQQQZcgmmmmt!),2=FMOZfq}#()3>>>HINXgmw %*7CMZ`kw CELPYcosy),1=HJX`hu&2@@MY]agjjr )8GT[]kp| )45:GG

GHIIIIIIJMX__loruz{&,01@CRT[cpyy!,;;DOP]cmmx'''0>BJXgv%(23@NQW[[`hox'.22

LX^hhhhhou'FGQQYcfhs#&19<BFJVakq %,2@G

GetExternal.cpp

AIP[[[[[abgqrs#(.9GNV[^ggjltx%'456<>CKVWX^hot#)39CFFRTcp $,:GIMNRU]iruuy

GHIIIIIIMVXgu%2<>EFIUdpy)5@JMSS[ioo|$2>K

GHIIIIIIWdlty678CNY\``ehu$3:EM[^ls|%/7:IR`nvv'(,9;DQVelw?EEQSVboy'-2:@OSX]er!#08DPTWakv|(07:HQSVcr

AIP[[[[[abbly"0:GVZ]diw'69GLYZ\dm|'/<=ADP]ggjryz#,9:AIX]_hq (*6?BBGPU_jmn}& 4=DSS\crt!",,,377;DEJKWbiw{"

DSSbbbbbm{!.066;JXbcrt%4:IKNWao{$3?L[[^_

helpJavaScript.cpp

BQS`````cr!(-68GRVWetux ,-9>BCCRT^dmw&5CCMNVajx'5<@EFTZ[fo|,,27<?HST`efqv!(-19EIJV`mxx%&(/3;AEO]fs|(7<BP

GHIIIIIIX_`mmtw! --8BCKUVVep}'6;>GLNT^`dfhtv$ ./49ENYdeory555:IWfss %,

NetBase.cpp

GMQ\\\\\ems#179=?IWbijt} .:APPRTWWes .9FQWeho}$6DO]gkuwz!>BIUYfu#&118AHT\krrz{* .4<DNZ`krx}!!&09DLZ

ERV]]]]]bffo{'./23BLOP[ao{{*66@DMNZeft(DFT__ilxx"),06ABCMZ`cgsz|'/0=HS[emp!!"#$(,59;DJMYdejn{(-4ALUdpzz|$'*9<BDHUciily).7:GQZacfhptw!&./;HWfly)/0<GGS[dhnwx'1?MN[`ffsy

NX]fffffkww".5>MXanooqx!'/8@NP_kx))7?DRacqy!!/0>BESW\^djmx!%*6@KTbbqz$28AFLPSXcrt4=LMVX]hu{,5@BHQ\dls

PictureEx.cpp

c:\logFile.txt

Error opening key.

Key not found.

CheckRegistryKeyExistance

SetStringKey

"exeId":"

inflate 1.1.3 Copyright 1995-1998 Mark Adler

1.1.3

CWebBrowser2

mb_00000000-0000-0000-0807-060504030201

mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A

mb_01010101-0101-0101-0101-010101010101

mb_58585858-5858-5858-5858-585858585858

mb_4c4c4544-0000-2010-8020-80c04f202020

mb_11111111-2222-3333-4444-555555555555

mb_11111111-1111-1111-1111-111111111111

mb_00020003-0004-0005-0006-000700080009

mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F

mb_8E275844-178F-44A8-ACEB-A7D7E5178C63

mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F

mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_07090201-0103-0301-0807-060504030201

mb_03000200-0400-0500-0006-000700080009

mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE

mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_00000000-0000-0000-0000-000000000000

0.0.0.0

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp

CNotSupportedException

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

m_msgCur = {

m_pszExeName =

m_nCmdShow =

m_lpCmdLine =

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Warning: no message line prompt for ID 0xX.

Warning: OnUpdateKeyIndicator - unknown indicator 0xX.

Warning: scroll bars in frame windows may cause unusual behaviour.

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl

CCmdTarget

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp

SENDING control notification %d from control id 0xX to %hs window.

SENDING command id 0xX to %hs target.

No handler for command ID 0xX, disabling it.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp

m_nMsgLast =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp

Error: failed to load message box prompt string 0xx.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp

Warning: unknown WM_MEASUREITEM for menu item 0xX.

hhctrl.ocx

Implementation Warning: control notification = $%X.

Warning: not executing disabled command %d

hWnd = $X (nIDC=$X) is not a %hs.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp

IOleInPlaceObject not supported on OLE control (dialog ID %d).

Persistence not supported on OLE control %ls.

%d. Column ordinal %d: Binding as native data type

%d. Column ordinal %d: Binding a COM object

%d. Column ordinal %d: Binding as an IStream object

%d. Column ordinal %d: Binding as an ISequentialStream object

neither ISequentialStream nor IStream are supported!

IStream is supported

FISequentialStream is supported

Testing streams support...

%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory

%d. Column ordinal %d: Binding length and status ONLY

Number of columns: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h

Unsupported DBTYPE (%d) in column %d

$@Column %d not bound

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp

IGNORING command id 0xX sent to %hs dialog.

Routing command id 0xX to app.

Routing command id 0xX to owner window.

Warning: Creating dialog from within a COleControlModule application is not a supported scenario.

Warning: ExecuteDlgInit failed during dialog init.

ERROR: Dialog with IDD 0xX must have the child style.

ERROR: Dialog with IDD 0xX must be invisible.

ERROR: Cannot find dialog template with IDD 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp

Error: no data exchange control with ID 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp

m_ps.rcPaint =

m_ps.fErase =

m_ps.hdc =

lgpn.lopnColor =

lgpn.lopnWidth.x (width) =

lgpn.lopnStyle =

lb.lbColor =

lb.lbHatch =

lb.lbStyle =

lf.lfFaceName =

lf.lfPitchAndFamily =

lf.lfQuality =

lf.lfClipPrecision =

lf.lfOutPrecision =

lf.lfCharSet =

lf.lfStrikeOut =

lf.lfUnderline =

lf.lfItalic =

lf.lfWeight =

lf.lfOrientation =

lf.lfEscapement =

lf.lfWidth =

lf.lfHeight =

bm.bmBitsPixel =

bm.bmPlanes =

bm.bmWidthBytes =

bm.bmWidth =

bm.bmHeight =

bm.bmType =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp

CHttpConnection

CHttpFile

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp

Unknown status: %d

Internet ctxt=%d:

Warning: throwing CInternetException for error %d

Warning: Extended error reported with no response info

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp

Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp

WM_HOTKEY

WM_SETHOTKEY

WM_IDLEUPDATECMDUI

WM_DDE_EXECUTE

WM_KEYLAST

WM_SYSKEYUP

WM_SYSKEYDOWN

WM_KEYUP

WM_KEYDOWN

WM_VKEYTOITEM

WM_CTLCOLORMSGBOX

WM_USER 0xX

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp

Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.

Warning: failed to reclaim %d bytes for memory safety pool.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp

Error: failed to load AfxFormatString string 0xx.

Error: illegal string index requested %d.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp

a %hs object at $%p, %u bytes long

an invalid object at $%p, %u bytes long

faulted while dumping object at $%p, %u bytes long

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp

m_bz.hTask =

m_bz.hResource =

m_bz.lpszTemplate =

m_bz.hInstance =

m_bz.lCustData =

m_bz.lpszCaption =

m_bz.hWndOwner =

m_bz.dwFlags =

m_bz.cbStruct =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c

f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf

f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale

f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

%s_%0x

%s(%d) :

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c

Client hook allocation failure at file %hs line %d.

Memory allocated at %hs(%d).

Client hook re-allocation failure at file %hs line %d.

HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory after end of heap buffer.

HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory before start of heap buffer.

CRT detected that the application wrote to a heap buffer that was freed.

crt block at 0x%p, subtype %x, %Iu bytes long.

client block at 0x%p, subtype %x, %Iu bytes long.

%hs(%d) :

#File Error#(%d) :

Data: <%s> %s

f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c

_CrtDbgReport: String too long or IO Error

Debug %s!

Program: %s%s%s%s%s%s%s%s%s%s%s%s

f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c

%s(%d) : %s

_CrtDbgReport: String too long or Invalid characters in String

f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c

f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c

This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.

- Attempt to initialize the CRT more than once.

- CRT not initialized

Please contact the application's support team for more information.

- floating point support not loaded

f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c

GetProcessWindowStation

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c

ADVAPI32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\read.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c

USER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c

portuguese-brazilian

f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c

operator

Run-Time Check Failure #%d - %s

%s%s%s%s

%s%s%p%s%ld%s%d%s

user32.dll

f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c

MSPDB80.DLL

RegCloseKey

RegOpenKeyExA

f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp

MaxCore.cpp

.?AVCCmdTarget@@

MaxCoreDlg.cpp

.?AVCWebBrowser2@@

.?AVExecuteBase@@

.?AVExecuteFacade@@

Idispimp.cpp

.PAVCInternetException@@

.PAVCFileException@@

Text.cpp

.PAVCOleException@@

.PAVCException@@

.PAVCObject@@

.PAVCMemoryException@@

.PAVCSimpleException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCResourceException@@

.PAVCArchiveException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.PAVCOleDispatchException@@

zcÁ

R<u.pr

kC-O}

z%CMH

]%uce

o?.DCtO

Ñj\

[.NQ#

NpB0%xm

zcMD

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

RegOpenKeyExW

RegCreateKeyExW

RegOpenKeyW

RegEnumKeyW

RegCreateKeyW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

ShellExecuteW

ShellExecuteExW

UrlUnescapeW

URLDownloadToFileW

GetKeyState

CreateDialogIndirectParamW

UnhookWindowsHookEx

SetWindowsHookExW

HttpQueryInfoW

HttpSendRequestW

HttpOpenRequestW

InternetOpenUrlW

InternetCanonicalizeUrlW

InternetCrackUrlW

(.fFb#

1')3-=#3=') '#

hs.SS

<5"95"95"90

;$.:'.:$&:)

(08(03`-035(F*(.RK-

1>" (0:1

(($40 ,( 0 ,4$,0 0 ,

.text

`.rdata

@.data

.rsrc

@.reloc

M\.EW

ghgH%u3

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PAD

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

dbghelp.dll

GDI32.dll

IPHLPAPI.DLL

ole32.dll

OLEACC.dll

OLEAUT32.dll

oledlg.dll

RPCRT4.dll

SHELL32.dll

SHLWAPI.dll

urlmon.dll

USER32.dll

WININET.dll

WINSPOOL.DRV

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h

AtlThrow: hr = 0x%x

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xstring

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =

Id: = index: = score: ] %c

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory

Total list score: d

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =

std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   

hWarning: implicit LoadString(%u) failed

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *

invalid operator<

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec

ExtractIcon.cpp

std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   

std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []

std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =

_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h

std::vector<wchar_t,class std::allocator<wchar_t> >::operator []

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   

std::vector<class argument,class std::allocator<class argument> >::operator []

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   

start.gif

std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

Gstd::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *

%s%s%s

HX

_hd_%S

0mb_%S

SELECT * FROM Win32_OperatingSystem

CACHE_S_FORMATETC_NOTSUPPORTED

CO_E_SERVER_EXEC_FAILURE

MK_E_INTERMEDIATEINTERFACENOTSUPPORTED

OLE_E_ADVISENOTSUPPORTED

REGDB_E_KEYMISSING

UCACHE_E_FIRST...CACHE_E_LAST

CACHE_S_FIRST...CACHE_S_LAST

CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST

CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST

CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST

CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST

CLIPBRD_E_FIRST...CLIPBRD_E_LAST

CLIPBRD_S_FIRST...CLIPBRD_S_LAST

CONVERT10_E_FIRST...CONVERT10_E_LAST

CONVERT10_S_FIRST...CONVERT10_S_LAST

CO_E_FIRST...CO_E_LAST

CO_S_FIRST...CO_S_LAST

DATA_E_FIRST...DATA_E_LAST

DATA_S_FIRST...DATA_S_LAST

DRAGDROP_E_FIRST...DRAGDROP_E_LAST

DRAGDROP_S_FIRST...DRAGDROP_S_LAST

ENUM_E_FIRST...ENUM_E_LAST

ENUM_S_FIRST...ENUM_S_LAST

INPLACE_E_FIRST...INPLACE_E_LAST

INPLACE_S_FIRST...INPLACE_S_LAST

MARSHAL_E_FIRST...MARSHAL_E_LAST

MARSHAL_S_FIRST...MARSHAL_S_LAST

MK_E_FIRST...MK_E_LAST

MK_S_FIRST...MK_S_LAST

OLEOBJ_E_FIRST...OLEOBJ_E_LAST

OLEOBJ_S_FIRST...OLEOBJ_S_LAST

OLE_E_FIRST...OLE_E_LAST

OLE_S_FIRST...OLE_S_LAST

REGDB_E_FIRST...REGDB_E_LAST

REGDB_S_FIRST...REGDB_S_LAST

VIEW_E_FIRST...VIEW_E_LAST

VIEW_S_FIRST...VIEW_S_LAST

FACILITY_WINDOWS

severity: %s, facility: %s ($lX)

range: %s ($lX)

%s ($lX)

Warning: constructing COleException, scode = %s.

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h

ntdll.dll

kernel32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

%s%s.dll

%s (%s:%d)

Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Error: failed to execute DDE command '%s'.

Warning: DDE command '%s' ignored because window is disabled.

pMRU: open file (%d) '%s'.

Can't register window class named %s

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

accKeyboardShortcut

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h

commctrl_DragListMsg

Kf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

Binding entry %d failed. Status: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h

GetData failed - HRESULT = 0x%X

m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)

ERROR: Dialog named '%s' must have the child style.

ERROR: Dialog named '%s' must be invisible.

ERROR: Cannot find dialog template named '%s'.

CLSID\%s

Interface\%s

mfcm90ud.dll

QueryInterface(%s) failed

QueryInterface(%s) succeeded

Kcomctl32.dll

Kcomdlg32.dll

Kshell32.dll

Kf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

hXXp://

connecting to socket address '%s'

resolved name for %s!

resolving name for %s

Warning: destroying an open %s with handle %8.8X

Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.

LHTTP/1.0

WININET.DLL

Warning: could not get volume information '%s'.

Warning: could not parse the path '%s'. Path is too long.

Warning: could not parse the path '%s'.

CFile exception: %hs, File %s, OS error information = %ld.

AppMsg

WinMsg

CmdRouting

0xx

%s: hwnd=0xX, msg = 0xX (0xX, 0xX)

%s: hwnd=0xX, msg = %hs (0xX, 0xX)

%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d

%s: Execute '%s'.

Warning: OleInitialize returned scode = %s.

mscoree.dll

nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring

Nf:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp

%S(%d) :

ppCategory && pfnCrtDbgReport

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h

mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE

wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)

wcscpy_s(szExeName, 260, L"<program name unknown>")

__crtMessageWindowW

f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c

_CrtCheckMemory()

_CrtIsValidHeapPointer(pUserData)

_CrtSetDbgFlag

(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)

_CrtMemCheckpoint

f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c

f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c

nf:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c

("Invalid MBCS character sequence passed to strftime",0)

("Invalid MBCS character sequence passed into strftime",0)

f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h

("Corrupted pointer passed to _freea", 0)

f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c

W_CrtSetReportHook2

strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")

strcpy_s(szExeName, 260, "<program name unknown>")

__crtMessageWindowA

f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c

f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c

fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0

_CrtSetReportMode

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c

nRptType >= 0 && nRptType < _CRT_ERRCNT

wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")

strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportA

strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")

wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportW

((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))

f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c

f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")

strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")

_NMSG_WRITE

f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c

f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c

WUSER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c

f:\dd\vctools\crt_bld\self_x86\crt\src\close.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c

f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\write.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c

strcpy_s(resultstr, resultsize, autofos.man)

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c

_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2

f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\open.c

0 && "Only UTF-16 little endian & UTF-8 is supported for reads"

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c

("CRT Logic error during setenv",0)

__crtsetenv

c:\%original file name%.exe

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.

#Unable to load mail system support.

%original file name%.exe_1512_rwx_00401000_001E2000:

J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI

j.hTwV

j.hHzV

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug

FJN[[[[[_mx$.6>ACINSU]etuv",,:EP_cjs{|*./;DLV_gjy{ -3>>DP^kp FDKWany

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h

EQW]]]]]ett{'*02?CCRTam||%-9::HQT]alq"(-1??JSU^ekyy"#$$.=JYgkpt|}#')1=KZ[]]^ksy')6?AGN]`nox'.05=AP^fq{}--68ETW]cqv|}$,79GP]lov'(--;EMVYaly#&'4@FGS\eooq *-03AJQ\]]hllz'

GHIIIIIIKSbqvw(.46BCHPTUXYfr{LKOQ]huw|

BQS`````ln|&-7;DMO[ddrtv'5CGGLTWfu!#' 3<<KZbo{{FRWYamx&2?M\ffoz$(6CGP

IT[_____gvCN]ffqv%,7@LNSW]an|*AMSVXbp{!#034<ACLVXdkr .1=@OT`cky')),

GMQ\\\\\defghno{(-6CRaeix}"&-;EMT`ky|'-1

LX^hhhhhmuxz"$/>HJQVV[\dqx#' 8GHQ]ju%% 9:>?KNVeop| '(39>@ITcpx$%*67CGGUW

N\cmmmmmp{{} 0?CDGMXaht (.<=?ILWZiwyz$/49;DHKMSWdsy(56DGS`mv!LR^eghkxy

NX]fffffjkxzCJXamny|".3:GUbkm| -59ESW

CHKQQQQQVao|#-;IT]iip|)0=DQTZbiiov}ICF

GHIIIIIIKW`oxx %89COO^eenop{$*08FLOPUa

()$^.* ?[]|\-{},:=!

GMQ\\\\\]ijkqqu!)-448AAFHUWZant}.69GMU_fnnwz',,6>?NRajy!/4:FOOT]^apvy"&0

invalid _N_type: %d

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale

CHKQQQQQ[dps##%'*./25@JSYekrz>BNZblr! 3?HKZ]hp|)4BPTcrt '5;JJY[iijjx)19FUaoo|*.28;;COXgv%,.<AMOXcdivv

AIP[[[[[^hmns "" 0=>LZiqt!07BGQ[gt"$' 57BEFLXfn|-<DMY`hnv *1;GQYer#;FRY[chlnr{}#.:=FJY]lx)*3AEHW]lt#.<FLRT[_fqt"1>LY^aijw"LKT\^divz'58DLYYY\\_nvz&,9GOPYhkx)15@FST__nu$019>KXguz!#'0456:FS`cr{)888FKR[_mu %,:;JNSVaahhvw!,4>>AAIP\`cklquz!% 2ALST\cqx{ 5BFISSZemox')7<DIOSV^cipv}"08>BKX^_n{#&17?@KKKUdmmq}.7@EOTVZgjv|,6@BJPW\_bir".044<IQ_`hv&47<DNVckq|*038EFQ\

NSTTTTTT_ghhs$1@KN[^dr{)-:IU\kuuw%,49ADGHS_ahqwx$.69FKN]bkz| 1;DEQT\jx$%-1=BGLWcp|-9EIX\ktz"#-8?IP\`bfjmmt (/:EQ]dkns})2>FO^eglqz|"(4:FTU[inpy|#014?@MZhrs"(2:DMZgghpz}&/48=CCOXbo (-02:>HWeq{*-<FKUU[cqx"&'28<EKR_cko{$$:;;?KTcpty"*37;;=DEIT`blw{#0>BFKQZ[hrwx| 0;E

IsWindowsServer

CHKQQQQQZcgmmmmt!),2=FMOZfq}#()3>>>HINXgmw %*7CMZ`kw CELPYcosy),1=HJX`hu&2@@MY]agjjr )8GT[]kp| )45:GG

GHIIIIIIJMX__loruz{&,01@CRT[cpyy!,;;DOP]cmmx'''0>BJXgv%(23@NQW[[`hox'.22

LX^hhhhhou'FGQQYcfhs#&19<BFJVakq %,2@G

GetExternal.cpp

AIP[[[[[abgqrs#(.9GNV[^ggjltx%'456<>CKVWX^hot#)39CFFRTcp $,:GIMNRU]iruuy

GHIIIIIIMVXgu%2<>EFIUdpy)5@JMSS[ioo|$2>K

GHIIIIIIWdlty678CNY\``ehu$3:EM[^ls|%/7:IR`nvv'(,9;DQVelw?EEQSVboy'-2:@OSX]er!#08DPTWakv|(07:HQSVcr

AIP[[[[[abbly"0:GVZ]diw'69GLYZ\dm|'/<=ADP]ggjryz#,9:AIX]_hq (*6?BBGPU_jmn}& 4=DSS\crt!",,,377;DEJKWbiw{"

DSSbbbbbm{!.066;JXbcrt%4:IKNWao{$3?L[[^_

helpJavaScript.cpp

BQS`````cr!(-68GRVWetux ,-9>BCCRT^dmw&5CCMNVajx'5<@EFTZ[fo|,,27<?HST`efqv!(-19EIJV`mxx%&(/3;AEO]fs|(7<BP

GHIIIIIIX_`mmtw! --8BCKUVVep}'6;>GLNT^`dfhtv$ ./49ENYdeory555:IWfss %,

NetBase.cpp

GMQ\\\\\ems#179=?IWbijt} .:APPRTWWes .9FQWeho}$6DO]gkuwz!>BIUYfu#&118AHT\krrz{* .4<DNZ`krx}!!&09DLZ

ERV]]]]]bffo{'./23BLOP[ao{{*66@DMNZeft(DFT__ilxx"),06ABCMZ`cgsz|'/0=HS[emp!!"#$(,59;DJMYdejn{(-4ALUdpzz|$'*9<BDHUciily).7:GQZacfhptw!&./;HWfly)/0<GGS[dhnwx'1?MN[`ffsy

NX]fffffkww".5>MXanooqx!'/8@NP_kx))7?DRacqy!!/0>BESW\^djmx!%*6@KTbbqz$28AFLPSXcrt4=LMVX]hu{,5@BHQ\dls

PictureEx.cpp

c:\logFile.txt

Error opening key.

Key not found.

CheckRegistryKeyExistance

SetStringKey

"exeId":"

inflate 1.1.3 Copyright 1995-1998 Mark Adler

1.1.3

CWebBrowser2

mb_00000000-0000-0000-0807-060504030201

mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A

mb_01010101-0101-0101-0101-010101010101

mb_58585858-5858-5858-5858-585858585858

mb_4c4c4544-0000-2010-8020-80c04f202020

mb_11111111-2222-3333-4444-555555555555

mb_11111111-1111-1111-1111-111111111111

mb_00020003-0004-0005-0006-000700080009

mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F

mb_8E275844-178F-44A8-ACEB-A7D7E5178C63

mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F

mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_07090201-0103-0301-0807-060504030201

mb_03000200-0400-0500-0006-000700080009

mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE

mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

mb_00000000-0000-0000-0000-000000000000

0.0.0.0

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp

CNotSupportedException

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

m_msgCur = {

m_pszExeName =

m_nCmdShow =

m_lpCmdLine =

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Warning: no message line prompt for ID 0xX.

Warning: OnUpdateKeyIndicator - unknown indicator 0xX.

Warning: scroll bars in frame windows may cause unusual behaviour.

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl

CCmdTarget

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp

SENDING control notification %d from control id 0xX to %hs window.

SENDING command id 0xX to %hs target.

No handler for command ID 0xX, disabling it.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp

m_nMsgLast =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp

Error: failed to load message box prompt string 0xx.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp

Warning: unknown WM_MEASUREITEM for menu item 0xX.

hhctrl.ocx

Implementation Warning: control notification = $%X.

Warning: not executing disabled command %d

hWnd = $X (nIDC=$X) is not a %hs.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp

IOleInPlaceObject not supported on OLE control (dialog ID %d).

Persistence not supported on OLE control %ls.

%d. Column ordinal %d: Binding as native data type

%d. Column ordinal %d: Binding a COM object

%d. Column ordinal %d: Binding as an IStream object

%d. Column ordinal %d: Binding as an ISequentialStream object

neither ISequentialStream nor IStream are supported!

IStream is supported

FISequentialStream is supported

Testing streams support...

%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory

%d. Column ordinal %d: Binding length and status ONLY

Number of columns: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h

Unsupported DBTYPE (%d) in column %d

$@Column %d not bound

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp

IGNORING command id 0xX sent to %hs dialog.

Routing command id 0xX to app.

Routing command id 0xX to owner window.

Warning: Creating dialog from within a COleControlModule application is not a supported scenario.

Warning: ExecuteDlgInit failed during dialog init.

ERROR: Dialog with IDD 0xX must have the child style.

ERROR: Dialog with IDD 0xX must be invisible.

ERROR: Cannot find dialog template with IDD 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp

Error: no data exchange control with ID 0xX.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp

m_ps.rcPaint =

m_ps.fErase =

m_ps.hdc =

lgpn.lopnColor =

lgpn.lopnWidth.x (width) =

lgpn.lopnStyle =

lb.lbColor =

lb.lbHatch =

lb.lbStyle =

lf.lfFaceName =

lf.lfPitchAndFamily =

lf.lfQuality =

lf.lfClipPrecision =

lf.lfOutPrecision =

lf.lfCharSet =

lf.lfStrikeOut =

lf.lfUnderline =

lf.lfItalic =

lf.lfWeight =

lf.lfOrientation =

lf.lfEscapement =

lf.lfWidth =

lf.lfHeight =

bm.bmBitsPixel =

bm.bmPlanes =

bm.bmWidthBytes =

bm.bmWidth =

bm.bmHeight =

bm.bmType =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp

CHttpConnection

CHttpFile

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp

Unknown status: %d

Internet ctxt=%d:

Warning: throwing CInternetException for error %d

Warning: Extended error reported with no response info

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp

Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp

WM_HOTKEY

WM_SETHOTKEY

WM_IDLEUPDATECMDUI

WM_DDE_EXECUTE

WM_KEYLAST

WM_SYSKEYUP

WM_SYSKEYDOWN

WM_KEYUP

WM_KEYDOWN

WM_VKEYTOITEM

WM_CTLCOLORMSGBOX

WM_USER 0xX

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp

Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.

Warning: failed to reclaim %d bytes for memory safety pool.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp

Error: failed to load AfxFormatString string 0xx.

Error: illegal string index requested %d.

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp

a %hs object at $%p, %u bytes long

an invalid object at $%p, %u bytes long

faulted while dumping object at $%p, %u bytes long

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp

m_bz.hTask =

m_bz.hResource =

m_bz.lpszTemplate =

m_bz.hInstance =

m_bz.lCustData =

m_bz.lpszCaption =

m_bz.hWndOwner =

m_bz.dwFlags =

m_bz.cbStruct =

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c

f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf

f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale

f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

%s_%0x

%s(%d) :

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c

Client hook allocation failure at file %hs line %d.

Memory allocated at %hs(%d).

Client hook re-allocation failure at file %hs line %d.

HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory after end of heap buffer.

HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.

CRT detected that the application wrote to memory before start of heap buffer.

CRT detected that the application wrote to a heap buffer that was freed.

crt block at 0x%p, subtype %x, %Iu bytes long.

client block at 0x%p, subtype %x, %Iu bytes long.

%hs(%d) :

#File Error#(%d) :

Data: <%s> %s

f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c

_CrtDbgReport: String too long or IO Error

Debug %s!

Program: %s%s%s%s%s%s%s%s%s%s%s%s

f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c

%s(%d) : %s

_CrtDbgReport: String too long or Invalid characters in String

f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c

f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c

This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.

- Attempt to initialize the CRT more than once.

- CRT not initialized

Please contact the application's support team for more information.

- floating point support not loaded

f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c

GetProcessWindowStation

f:\dd\vctools\crt_bld\self_x86\crt\src\output.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c

ADVAPI32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\read.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c

USER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c

f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c

portuguese-brazilian

f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c

operator

Run-Time Check Failure #%d - %s

%s%s%s%s

%s%s%p%s%ld%s%d%s

user32.dll

f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c

MSPDB80.DLL

RegCloseKey

RegOpenKeyExA

f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp

MaxCore.cpp

.?AVCCmdTarget@@

MaxCoreDlg.cpp

.?AVCWebBrowser2@@

.?AVExecuteBase@@

.?AVExecuteFacade@@

Idispimp.cpp

.PAVCInternetException@@

.PAVCFileException@@

Text.cpp

.PAVCOleException@@

.PAVCException@@

.PAVCObject@@

.PAVCMemoryException@@

.PAVCSimpleException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCResourceException@@

.PAVCArchiveException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.PAVCOleDispatchException@@

zcÁ

R<u.pr

kC-O}

z%CMH

]%uce

o?.DCtO

Ñj\

[.NQ#

NpB0%xm

zcMD

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

RegOpenKeyExW

RegCreateKeyExW

RegOpenKeyW

RegEnumKeyW

RegCreateKeyW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

ShellExecuteW

ShellExecuteExW

UrlUnescapeW

URLDownloadToFileW

GetKeyState

CreateDialogIndirectParamW

UnhookWindowsHookEx

SetWindowsHookExW

HttpQueryInfoW

HttpSendRequestW

HttpOpenRequestW

InternetOpenUrlW

InternetCanonicalizeUrlW

InternetCrackUrlW

(.fFb#

1')3-=#3=') '#

hs.SS

<5"95"95"90

;$.:'.:$&:)

(08(03`-035(F*(.RK-

1>" (0:1

(($40 ,( 0 ,4$,0 0 ,

.text

`.rdata

@.data

.rsrc

@.reloc

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h

AtlThrow: hr = 0x%x

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector

std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xstring

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *

std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =

std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =

Id: = index: = score: ] %c

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory

Total list score: d

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *

std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =

std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *

std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   

hWarning: implicit LoadString(%u) failed

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *

invalid operator<

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc

std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec

ExtractIcon.cpp

std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm

std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --

std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *

std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   

std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []

std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =

_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *

%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h

std::vector<wchar_t,class std::allocator<wchar_t> >::operator []

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *

std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   

std::vector<class argument,class std::allocator<class argument> >::operator []

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *

std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   

start.gif

std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   

std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

Gstd::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==

std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *

%s%s%s

HX

_hd_%S

0mb_%S

SELECT * FROM Win32_OperatingSystem

CACHE_S_FORMATETC_NOTSUPPORTED

CO_E_SERVER_EXEC_FAILURE

MK_E_INTERMEDIATEINTERFACENOTSUPPORTED

OLE_E_ADVISENOTSUPPORTED

REGDB_E_KEYMISSING

UCACHE_E_FIRST...CACHE_E_LAST

CACHE_S_FIRST...CACHE_S_LAST

CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST

CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST

CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST

CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST

CLIPBRD_E_FIRST...CLIPBRD_E_LAST

CLIPBRD_S_FIRST...CLIPBRD_S_LAST

CONVERT10_E_FIRST...CONVERT10_E_LAST

CONVERT10_S_FIRST...CONVERT10_S_LAST

CO_E_FIRST...CO_E_LAST

CO_S_FIRST...CO_S_LAST

DATA_E_FIRST...DATA_E_LAST

DATA_S_FIRST...DATA_S_LAST

DRAGDROP_E_FIRST...DRAGDROP_E_LAST

DRAGDROP_S_FIRST...DRAGDROP_S_LAST

ENUM_E_FIRST...ENUM_E_LAST

ENUM_S_FIRST...ENUM_S_LAST

INPLACE_E_FIRST...INPLACE_E_LAST

INPLACE_S_FIRST...INPLACE_S_LAST

MARSHAL_E_FIRST...MARSHAL_E_LAST

MARSHAL_S_FIRST...MARSHAL_S_LAST

MK_E_FIRST...MK_E_LAST

MK_S_FIRST...MK_S_LAST

OLEOBJ_E_FIRST...OLEOBJ_E_LAST

OLEOBJ_S_FIRST...OLEOBJ_S_LAST

OLE_E_FIRST...OLE_E_LAST

OLE_S_FIRST...OLE_S_LAST

REGDB_E_FIRST...REGDB_E_LAST

REGDB_S_FIRST...REGDB_S_LAST

VIEW_E_FIRST...VIEW_E_LAST

VIEW_S_FIRST...VIEW_S_LAST

FACILITY_WINDOWS

severity: %s, facility: %s ($lX)

range: %s ($lX)

%s ($lX)

Warning: constructing COleException, scode = %s.

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h

ntdll.dll

kernel32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

%s%s.dll

%s (%s:%d)

Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

Error: failed to execute DDE command '%s'.

Warning: DDE command '%s' ignored because window is disabled.

pMRU: open file (%d) '%s'.

Can't register window class named %s

Afx:%p:%x:%p:%p:%p

Afx:%p:%x

WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.

accKeyboardShortcut

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h

commctrl_DragListMsg

Kf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

Binding entry %d failed. Status: %d

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h

GetData failed - HRESULT = 0x%X

m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)

ERROR: Dialog named '%s' must have the child style.

ERROR: Dialog named '%s' must be invisible.

ERROR: Cannot find dialog template named '%s'.

CLSID\%s

Interface\%s

mfcm90ud.dll

QueryInterface(%s) failed

QueryInterface(%s) succeeded

Kcomctl32.dll

Kcomdlg32.dll

Kshell32.dll

Kf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

hXXp://

connecting to socket address '%s'

resolved name for %s!

resolving name for %s

Warning: destroying an open %s with handle %8.8X

Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.

LHTTP/1.0

WININET.DLL

Warning: could not get volume information '%s'.

Warning: could not parse the path '%s'. Path is too long.

Warning: could not parse the path '%s'.

CFile exception: %hs, File %s, OS error information = %ld.

AppMsg

WinMsg

CmdRouting

0xx

%s: hwnd=0xX, msg = 0xX (0xX, 0xX)

%s: hwnd=0xX, msg = %hs (0xX, 0xX)

%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d

%s: Execute '%s'.

Warning: OleInitialize returned scode = %s.

ole32.dll

mscoree.dll

nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring

Nf:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp

%S(%d) :

ppCategory && pfnCrtDbgReport

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h

f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl

f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h

mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE

wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)

wcscpy_s(szExeName, 260, L"<program name unknown>")

__crtMessageWindowW

f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c

_CrtCheckMemory()

_CrtIsValidHeapPointer(pUserData)

_CrtSetDbgFlag

(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)

_CrtMemCheckpoint

f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c

f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c

nf:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c

("Invalid MBCS character sequence passed to strftime",0)

("Invalid MBCS character sequence passed into strftime",0)

f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h

("Corrupted pointer passed to _freea", 0)

f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c

f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c

W_CrtSetReportHook2

strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")

strcpy_s(szExeName, 260, "<program name unknown>")

__crtMessageWindowA

f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c

f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c

f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c

fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0

_CrtSetReportMode

f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c

nRptType >= 0 && nRptType < _CRT_ERRCNT

wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")

strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportA

strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")

wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")

_VCrtDbgReportW

((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))

f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c

f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c

f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c

KERNEL32.DLL

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)

strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")

strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")

_NMSG_WRITE

f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c

f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c

WUSER32.DLL

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp

f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c

f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c

f:\dd\vctools\crt_bld\self_x86\crt\src\close.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c

f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c

f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\write.c

f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl

f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c

strcpy_s(resultstr, resultsize, autofos.man)

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c

_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2

f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c

f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c

f:\dd\vctools\crt_bld\self_x86\crt\src\open.c

0 && "Only UTF-16 little endian & UTF-8 is supported for reads"

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c

f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c

f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c

f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c

f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c

("CRT Logic error during setenv",0)

__crtsetenv

c:\%original file name%.exe

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.

#Unable to load mail system support.

iexplore.exe_1744:

%?9-*09,*19}*09

.text

`.data

.rsrc

msvcrt.dll

KERNEL32.dll

NTDLL.DLL

USER32.dll

SHLWAPI.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

rsabase.dll

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

watson.microsoft.com

IEWatsonURL

%s -h %u

iedw.exe

Iexplore.XPExceptionFilter

jscript.DLL

mshtml.dll

mlang.dll

urlmon.dll

wininet.dll

shdocvw.DLL

browseui.DLL

comctl32.DLL

IEXPLORE.EXE

iexplore.pdb

ADVAPI32.dll

MsgWaitForMultipleObjects

IExplorer.EXE

IIIIIB(II<.Fg

7?_____ZZSSH%

)z.UUUUUUUU

,....Qym

````2```

{.QLQIIIKGKGKGKGKGKG

;33;33;0

8888880

8887080

browseui.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

Windows

Operating System

6.00.2900.5512

WPFFontCache_v0400.exe_3116:

.text

`.data

@.rsrc

@.reloc

t1Ht.Ht

Ht.Ht

8Y%u(

Ht.Ht$Ht

tGHt;Ht.Ht$Ht

!!"$%%&$%%&())*

%s %s line %d

SHELL32.dll

RPCRT4.dll

MSVCR100_CLR0400.dll

KERNEL32.dll

ADVAPI32.dll

RegNotifyChangeKeyValue

RegCloseKey

RegQueryInfoKeyW

RegOpenKeyExW

GetSystemWindowsDirectoryW

_crt_debugger_hook

_amsg_exit

wpffontcache_v0400.pdb

.?AVMalformedKeyException@@

.?AVNotSupportedException@@

6666666666666666

666666666666

6666666

8888888

!"#$%&'()* ,-./

0000000000000

#@$@$@$@$

@:@$@$@$@$@$@$@$@$@$@$

!"#$%&'()* ,-./0

%&'(gggg)* ,..........................................................................................MMMM..

4444444444444

#$%&'()* 

!!!!"#$%&'()* ,-./0123456789:;<=

KEYW

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="wpffontcache_v0400" type="win32"></assemblyIdentity><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

4 4}455<5

:":&:*:.:2:

0!0&0,03090?0

1 1$1(1,1014181

>0>8>`>~>

1$1@1\1|1

Software\Microsoft\Avalon.Graphics

kernel32.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

MARLETT.TTF

E\\?\

\WPFFontCache_v0400-System.dat

{2da8dded-086f-4cb9-a77f-b974b9cb0186}

\\?\UNC\

{00000000-0000-0000-0000-000000000000}

\\?\Volume

yKERNEL32.DLL

KeySize

ElementMalformedKeyTask

CacheMissReportReceivedTask

wpffontcache_v0400.exe

4.0.30319.1 built by: RTMRel

.NET Framework

4.0.30319.1

MixVideoPlayer.exe_2900_rwx_03CF0000_00010000:

PresentationFramework.classic

PresentationFramework.Aero

MixVideoPlayer.exe_2900_rwx_04940000_0000A000:

WindowsFormsIntegration

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   mixvideoplayersetup.exe:1872
   WPFFontCache_v0400.exe:3116
   DeleteTasks.exe:556
   LTV2.exe:2188
   LTV2.exe:644
   LTV2.exe:1008
   

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:
   

   %Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\SimpleSC.dll (1856 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\nsProcess.dll (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
   %Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
   %Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
   %Program Files%\MixVideoPlayer\BrowserWeb.exe (2392 bytes)
   %Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
   %Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
   %Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
   %Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\System.dll (11 bytes)
   %Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
   %Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
   %Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\NSISdl.dll (14 bytes)
   %Program Files%\MixVideoPlayer\uninstall.exe (4489 bytes)
   %Program Files%\MixVideoPlayer\icon.ico (12536 bytes)
   %Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
   %Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
   %Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
   %Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
   %Program Files%\MixVideoPlayer\references\ffmpeg.zip (899796 bytes)
   %Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
   %Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
   %Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
   %Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
   %Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
   %Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
   %Program Files%\MixVideoPlayer\FrameworkControl.exe (14184 bytes)
   %Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
   %Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
   %Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
   %Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
   %Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
   %Program Files%\MixVideoPlayer\mixUpdater.exe (13368 bytes)
   %Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
   %Program Files%\MixVideoPlayer\MixVideoPlayer.exe (76078 bytes)
   %Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\ZipDLL.dll (6360 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp (177700 bytes)
   %Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
   %Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
   %Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
   %Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (12536 bytes)
   %Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
   %Program Files%\MixVideoPlayer\Microsoft.Win32.TaskScheduler.dll (8560 bytes)
   %Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
   %Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
   %Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
   %Program Files%\MixVideoPlayer\references\ffmpeg.exe (202301 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\references\folder.png (472 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp\AccessControl.dll (13 bytes)
   %Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
   %Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
   %Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
   %Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
   %Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
   %Program Files%\MixVideoPlayer\DeleteTasks.exe (10 bytes)
   %Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
   %Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
   %Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
   %Program Files%\MixVideoPlayer\LTVNetSdk.dll (15 bytes)
   %Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)
   %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (511 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\analytics[1].js (740 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (406 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\jquery.min[1].js (3480 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\MainBanner[1].htm (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\400x400[1].jpg (1550 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\jquery.min[1].js (3155 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (585 bytes)
   %System%\d3d9caps.tmp (1324 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\jquery.min[2].js (3480 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\show_ads[1].js (7 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (3263 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\banner[1].htm (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\analytics[1].htm (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
   %Documents and Settings%\%current user%\Cookies\index.dat (14648 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\ga[1].js (1435 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (3933 bytes)
   %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1024 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\arw[1].png (342 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\MixVideoPlayerSetup[1].exe (1718416 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\loadingBar[1].gif (8947 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\loading-install[1].gif (1443 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\i-download[1].png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\msjava[1].dll (465777 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\style[1].css (114 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\style[1].css (5083 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\5cbdaf19-bcd7-447e-a36f-976113cb9444\mixvideoplayersetup.exe (1718416 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\bullet-short[1].gif (54 bytes)
   %System%\wbem\Logs\wbemprox.log (684 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\progress-bar[1].png (1 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.