Trojan.Win32.IEDummy_d7e9a65da6

by malwarelabrobot on June 8th, 2015 in Malware Descriptions.

Gen:Variant.Strictor.82398 (B) (Emsisoft), Trojan.Win32.IEDummy.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: d7e9a65da62456748ed70c298e0218b8
SHA1: eb06a19b9d3dfdf4eb9dab520e32b9b3498b8417
SHA256: 7fae533fb8db9952758319e3f8fd74e04a4ed8eb9aaffd021470663afd425a6f
SSDeep: 12288:Al/NiIoYAbvZO7wNJgHO78VN4zN8EMDOVUjW3Xg8oSABBf:AZjoY4EEyHWqN6KjzbPf
Size: 561992 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-03-26 15:49:32
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

mixvideoplayersetup.exe:1680
WPFFontCache_v0400.exe:4044
DeleteTasks.exe:3136
LTV2.exe:1128
LTV2.exe:3376
LTV2.exe:2132

The Trojan injects its code into the following process(es):

MixVideoPlayer.exe:3900
%original file name%.exe:340
BrowserWeb.exe:3368

Mutexes

The following mutexes were created/opened:

DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
CTF.TMD.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Asm.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Compart.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.LBES.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
ShimCacheMutex
RasPbFile
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
DBWinMutex
ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZonesCounterMutex
oleacc-msaa-loaded

File activity

The process mixvideoplayersetup.exe:1680 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
%Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\AccessControl.dll (15 bytes)
%Program Files%\MixVideoPlayer\BrowserWeb.exe (2392 bytes)
%Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
%Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
%Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
%Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
%Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\NSISdl.dll (15 bytes)
%Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
%Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
%Program Files%\MixVideoPlayer\uninstall.exe (3865 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\nsProcess.dll (4 bytes)
%Program Files%\MixVideoPlayer\icon.ico (12536 bytes)
%Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
%Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
%Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
%Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
%Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
%Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
%Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
%Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
%Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
%Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\FrameworkControl.exe (12024 bytes)
%Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
%Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
%Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
%Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
%Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
%Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
%Program Files%\MixVideoPlayer\mixUpdater.exe (13368 bytes)
%Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
%Program Files%\MixVideoPlayer\MixVideoPlayer.exe (82435 bytes)
%Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
%Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
%Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
%Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
%Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (12536 bytes)
%Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\SimpleSC.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\ZipDLL.dll (6360 bytes)
%Program Files%\MixVideoPlayer\Microsoft.Win32.TaskScheduler.dll (8560 bytes)
%Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
%Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
%Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp (183067 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
%Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
%Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
%Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
%Program Files%\MixVideoPlayer\DeleteTasks.exe (10 bytes)
%Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
%Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\System.dll (11 bytes)
%Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
%Program Files%\MixVideoPlayer\LTVNetSdk.dll (14 bytes)
%Program Files%\MixVideoPlayer\references\folder.png (472 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\SimpleSC.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\nsProcess.dll (0 bytes)
%Program Files%\MixVideoPlayer\references\ffmpeg.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\ZipDLL.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\NSISdl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\AccessControl.dll (0 bytes)

The process MixVideoPlayer.exe:3900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\400x400[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (811 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\arw[1].png (342 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\banner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\analytics[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\24076105-12002703[1].gif (5 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (635 bytes)
%System%\d3d9caps.tmp (2648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\show_ads[1].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\jquery.min[2].js (3480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\MainBanner[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\jquery.min[1].js (3480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\analytics[1].js (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\jquery.min[1].js (3155 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (4447 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\ga[1].js (1435 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\arw[1].png (342 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (5820 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (3920 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1024 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\arw[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (0 bytes)
%System%\d3d9caps.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)

The process %original file name%.exe:340 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\msjava[1].dll (465777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\d994d9b8-adc1-49f2-b1f8-68d491dfe8cd\mixvideoplayersetup.exe (1792168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\progress-bar[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\i-download[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\style[1].css (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\style[1].css (5353 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\MixVideoPlayerSetup[1].exe (1792168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\loading-install[1].gif (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\bullet-short[1].gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\loadingBar[1].gif (7812 bytes)
%System%\wbem\Logs\wbemprox.log (675 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\8aa77db7d6cfa52686caace456bcf6854761923c3750809b0f50e9018ef3951d71903399e800525b74f49676e4e1db0729fc57620c996347[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\b5ee652b78024589c9e518e3ea8a54713cc4045e7709cc97691ffb2ed00bf5ea54fc6701c95e935247d04875373b938e2d86daaea4a473da[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\MixVideoPlayerSetup[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\695911ddfa3f19b5545394ef8929fec3b6c4d45d525f2061fb29dfef2419ca4aa09929582fb50428ba4362c32c01f1ec40ee6892d0cc77a2[1].txt (0 bytes)

Registry activity

The process mixvideoplayersetup.exe:1680 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\mixp.flv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\.mp4]
"(Default)" = "mixp.mp4"

[HKCR\mixp.flv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.3gp\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\.mkv]
"(Default)" = "mixp.mkv"

[HKCR\mixp.aac]
"(Default)" = "mixp media file (.aac)"

[HKCR\.mpeg]
"(Default)" = "mixp.mpeg"

[HKCR\mixp.mkv\shell]
"(Default)" = "Play"

[HKCR\mixp.mkv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpeg\shell]
"(Default)" = "Play"

[HKCR\mixp.wmv]
"(Default)" = "mixp media file (.wmv)"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".3gp" = ""

[HKCR\.flv]
"(Default)" = "mixp.flv"

[HKCR\.wma]
"mixp.backup" = "WMAFile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayVersion" = "v1.0.0.18"

[HKCR\.mpg]
"(Default)" = "mixp.mpg"

[HKCR\.mov]
"(Default)" = "mixp.mov"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\mixp.wmv\shell]
"(Default)" = "Play"

[HKCR\.avi]
"(Default)" = "mixp.avi"

[HKCR\mixp.mp4\shell]
"(Default)" = "Play"

[HKCR\mixp.3gp\shell]
"(Default)" = "Play"

[HKCR\mixp.mp3\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mov\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCR\mixp.3gp\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.divx]
"(Default)" = "mixp media file (.divx)"

[HKCR\mixp.mkv]
"(Default)" = "mixp media file (.mkv)"

[HKCR\.wma]
"(Default)" = "mixp.wma"

[HKCR\.aif]
"(Default)" = "mixp.aif"

[HKCR\mixp.avi\shell\Play]
"(Default)" = "Play"

[HKCR\.wav]
"mixp.backup" = "soundrec"

[HKCR\mixp.flv\shell]
"(Default)" = "Play"

[HKCR\.aif]
"mixp.backup" = "AIFFFile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayIcon" = "%Program Files%\MixVideoPlayer\icon.ico"

[HKCR\mixp.mov\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.mpeg\shell\Play]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"Publisher" = "SoftForce LLC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"DisplayName" = "MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".AAC" = ""

[HKCR\mixp.aif\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.divx\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mp4\shell\Play]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpeg" = ""

[HKCR\mixp.wmv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mov]
"(Default)" = "mixp media file (.mov)"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".aif" = ""

[HKCR\mixp.3gp]
"(Default)" = "mixp media file (.3gp)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Internet Explorer\Styles]
"MaxScriptStatements" = "4294967295"

[HKCR\mixp.mov\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\mixp.mpg]
"(Default)" = "mixp media file (.mpg)"

[HKCR\mixp.mp4\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpeg]
"(Default)" = "mixp media file (.mpeg)"

[HKCR\mixp.divx\shell\Play]
"(Default)" = "Play"

[HKCR\.wav]
"(Default)" = "mixp.wav"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".flv" = ""

[HKCR\mixp.avi]
"(Default)" = "mixp media file (.avi)"

[HKCR\mixp.wma]
"(Default)" = "mixp media file (.wma)"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 D2 D3 0B FC 13 9D EB 5C B4 99 C2 22 90 3F EE"

[HKCR\.divx]
"(Default)" = "mixp.divx"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".divx" = ""

[HKCR\mixp.mp4\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.avi\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".wma" = ""

[HKCR\Applications\MixVideoPlayer.exe]
"FriendlyAppName" = "MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mkv" = ""
".wmv" = ""

[HKCR\mixp.3gp\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"iexplore.exe" = "11001"

[HKCR\mixp.wav\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.wma\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.wmv\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"EstimatedSize" = "9808"

[HKCR\mixp.wmv\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.aif\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mpg\shell\Play]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\mixp.mp3\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.avi\shell]
"(Default)" = "Play"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer]
"UninstallString" = "%Program Files%\MixVideoPlayer\uninstall.exe"

[HKCR\mixp.mp4]
"(Default)" = "mixp media file (.mp4)"

[HKCR\Applications\MixVideoPlayer.exe]
"(Default)" = ""

[HKCR\mixp.mp3\shell\Play]
"(Default)" = "Play"

[HKCR\mixp.aac\shell\Play]
"(Default)" = "Play"

[HKCR\.aac]
"(Default)" = "mixp.aac"

[HKCR\mixp.aif]
"(Default)" = "mixp media file (.aif)"

[HKCR\mixp.avi\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCR\mixp.mp3]
"(Default)" = "mixp media file (.mp3)"

[HKCR\.mp3]
"mixp.backup" = "mp3file"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".avi" = ""

[HKCR\.mpg]
"mixp.backup" = "mpegfile"

[HKCR\mixp.aif\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\Applications\MixVideoPlayer.exe\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.flv]
"(Default)" = "mixp media file (.flv)"

[HKCR\mixp.divx\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.mkv\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wav\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\mixp.aac\shell]
"(Default)" = "Play"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\mixp.aac\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mpg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wav\shell]
"(Default)" = "Play"

[HKCR\mixp.wav\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mkv\shell\Play]
"(Default)" = "Play"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mov" = ""

[HKCR\mixp.mpg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.mov\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".MP3" = ""

[HKLM\SOFTWARE\MixVideoPlayer\MixVideoPlayer]
"InstallDir" = "%Program Files%\MixVideoPlayer"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mp4" = ""

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"BrowserWeb.exe" = "11001"

[HKCR\mixp.mpeg\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\mixp.wma\shell]
"(Default)" = "Play"

[HKCR\.wmv]
"mixp.backup" = "WMVFile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\mixp.aif\shell]
"(Default)" = "Play"

[HKCR\mixp.aac\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCR\mixp.flv\shell\Play]
"(Default)" = "Play"

[HKCR\.3gp]
"(Default)" = "mixp.3gp"

[HKCR\.avi]
"mixp.backup" = "avifile"

[HKCR\.wmv]
"(Default)" = "mixp.wmv"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".mpg" = ""

[HKCR\mixp.mpg\shell]
"(Default)" = "Play"

[HKCR\mixp.wma\shell\Play\command]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe /m %1"

[HKCR\.mp3]
"(Default)" = "mixp.mp3"

[HKCR\mixp.mpeg\DefaultIcon]
"(Default)" = "%Program Files%\MixVideoPlayer\MixVideoPlayer.exe"

[HKCR\mixp.wav]
"(Default)" = "mixp media file (.wav)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCR\Applications\MixVideoPlayer.exe\SupportedTypes]
".WAV" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\mixp.divx\shell]
"(Default)" = "Play"

[HKCR\.mpeg]
"mixp.backup" = "mpegfile"

[HKCR\mixp.mp3\shell]
"(Default)" = "Play"

[HKCR\mixp.wma\shell\Play]
"(Default)" = "Play"

The process WPFFontCache_v0400.exe:4044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 08 82 A2 D7 84 5F D6 B9 99 BD 38 43 44 C4 49"

[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process DeleteTasks.exe:3136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 C4 92 01 9A C1 EB 6F 1C BE D4 FD 2F 85 12 A5"

The process MixVideoPlayer.exe:3900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "16"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DF 07 06 00 00 00 07 00 01 00 10 00 07 00 25 02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "16"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "MixVideoPlayer.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DF 07 06 00 00 00 07 00 01 00 10 00 07 00 25 02"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 80 1E 0F 82 EB 13 AF 1C 04 54 D7 AF 0D 67 5C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{AEE1C666-383B-477D-8CF5-4B80BD084E9A}\0000]
"Attach.ToDesktop" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MixVideoPlayer\DEBUG]
"Trace Level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"

The process LTV2.exe:1128 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 55 F5 F8 A3 97 8D 5B D0 6C B4 8A 97 B7 5C 59"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LTV2\DEBUG]
"Trace Level"

The process LTV2.exe:3376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C3 CB F6 CA BB 05 E8 7C EC FA 8B 94 16 30 69 DF"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The process LTV2.exe:2132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 05 CB C1 A3 0F 83 60 ED 0A E0 97 91 1F 2F 25"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The process %original file name%.exe:340 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1427377772"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 15 AF A4 8D 3B EE 5B 30 34 53 40 CE A8 CD 96"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\d994d9b8-adc1-49f2-b1f8-68d491dfe8cd]
"mixvideoplayersetup.exe" = "mixvideoplayersetup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process BrowserWeb.exe:3368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 C1 1D 7F CC 2E EF CE 6C 1F 9E 66 2E 69 CD ED"

Dropped PE files

MD5 File path
0a15d50f19c97ed4236b88e1d901004a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\d994d9b8-adc1-49f2-b1f8-68d491dfe8cd\mixvideoplayersetup.exe
f894e7068ee5f5b4489d7acdde7112c9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nse3.tmp\AccessControl.dll
7caaf58a526da33c24cbe122e7839693 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nse3.tmp\NSISdl.dll
d63975ce28f801f236c4aca5af726961 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nse3.tmp\SimpleSC.dll
2dc35ddcabcb2b24919b9afae4ec3091 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nse3.tmp\ZipDLL.dll
faa7f034b38e729a983965c04cc70fc1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nse3.tmp\nsProcess.dll
0a15d50f19c97ed4236b88e1d901004a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\MixVideoPlayerSetup[1].exe
67986ec074b86590e110a76480f7da99 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\msjava[1].dll
1725d3d92b5823a127002653a8f83a25 c:\Program Files\MixVideoPlayer\BrowserWeb.exe
e292b05501c3f8a572adb2af3bdac652 c:\Program Files\MixVideoPlayer\DeleteTasks.exe
c8831f6bab3bdac3184cfe6342285b42 c:\Program Files\MixVideoPlayer\FrameworkControl.exe
52b1e3025e9982013926d8bfa9f63d53 c:\Program Files\MixVideoPlayer\LTV2.exe
426cf211fe0f02d46a810ce6d1410e51 c:\Program Files\MixVideoPlayer\LTVNetSdk.dll
69f5b8f16afa0e00862f442401aed9ee c:\Program Files\MixVideoPlayer\Microsoft.Win32.TaskScheduler.dll
c0bbfbdfe1c019459b4fb09a6ec00c99 c:\Program Files\MixVideoPlayer\MixVideoPlayer.exe
c1c6c4fdb0ab4f220c7655ffb37624f7 c:\Program Files\MixVideoPlayer\NLog.dll
5e02ddaf3b02e43e532fc6a52b04d14b c:\Program Files\MixVideoPlayer\Newtonsoft.Json.dll
ad26d090ecf26d18496c9e3f44a7141d c:\Program Files\MixVideoPlayer\PhotoLoader.dll
fc7d210f85d5edae1a0d44c86016dcf1 c:\Program Files\MixVideoPlayer\Sider.dll
42d33fccae817596da60007a52d8005f c:\Program Files\MixVideoPlayer\Snowplow.Tracker.dll
53406e9988306cbd4537677c5336aba4 c:\Program Files\MixVideoPlayer\dotNetFx40_Full_setup.exe
99c95c044f780209b1fda39ec8e76da6 c:\Program Files\MixVideoPlayer\mixUpdater.exe
1910d297328aec93214fbc1cdab6b3cf c:\Program Files\MixVideoPlayer\policy.2.0.taglib-sharp.dll
c56aa0c915ded810350bb3873704a6e6 c:\Program Files\MixVideoPlayer\references\Interop.SHDocVw.dll
c1c7beb5231bb058c1a669a05b8701ca c:\Program Files\MixVideoPlayer\references\NDde.dll
1232f5d749700a818908cc163befed18 c:\Program Files\MixVideoPlayer\references\Newtonsoft.Json.dll
ad26d090ecf26d18496c9e3f44a7141d c:\Program Files\MixVideoPlayer\references\PhotoLoader.dll
2ce9d6746d60f3f3905dcf15c996a01d c:\Program Files\MixVideoPlayer\references\mixChecker.exe
1910d297328aec93214fbc1cdab6b3cf c:\Program Files\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll
3fd25de85281f92de0d4e4a6b7bdb03e c:\Program Files\MixVideoPlayer\references\taglib-sharp.dll
3fd25de85281f92de0d4e4a6b7bdb03e c:\Program Files\MixVideoPlayer\taglib-sharp.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX0 4096 1462272 0 0 d41d8cd98f00b204e9800998ecf8427e
UPX1 1466368 520192 519168 5.54468 4c0753151f24482528c099c30504caa9
.rsrc 1986560 36864 36864 3.88912 04834f22bd35f2435f42d2566e203845

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 828
d73ac008c2d24f989b873c36182c201e
c1d4f9072604b3b783318d2a52ef16c5
d2ce68240db2ddfdd3151543d8042c82
55cb5ff50014b05c62862b420bf3d013
f719b7373f8f206a75d672990c89b295
9990b53d2b7f0c6b06ceae1d416e9a05
afc20a5a2592ec8027cf629b59d3653a
cfd9f12ae578d37b6fb17727ed65ce9a
a5141ae4001bbee91ad07a4d5da95e8e
ff7b0c61250234c5f3b35f596677c77c
27c01a2f608e7624ea1cf1a54e6e9ee5
1332d9210c02cd4a6ab807dcbd40ca12
97753cd310d63d16618d7fd434863447
0faecc146fa84e05ae5eba6cdf7a0b55
e4af23e86cf9231d6675b908c1ae2f09
fa239133138d27b4b0223523113d403c
54ad4f9a28c8640dd9f179c03597774a
04e6cb47c5ad8021204e47acbb0d5a0f
1eed1826c8e74bb09dee985ec0e45ba0
39ca02dc25905438288e0a343a43e13e
e6ff61d0038126613e1b97df941dbdfd
5018940b74695043d1c67424e469ee58
52bb2557bfe97402addeb2db94485365
df059e69ca8a238ca2a4a52a8a340e47
a2862d8cb34e731c6e7a6b3d626d9062
e08a0cbe900fd248f0d506eaf0545300

URLs

URL IP
hxxp://maxirg00.maxisrv.com/d5/msjava.dll
hxxp://maxirg00.maxisrv.com/bcf43006add0ff0a164589925d0bdca9d076860c388eb24ac0c254b1b429826a3a07f670dc9db1d9e642ba07f3a3b52755e966118d8c0209ca0fc4d8da06bcb87363db1825456f8d96f21c348ed93e3817832c62ae6adc01
hxxp://maxirg00.maxisrv.com/695911ddfa3f19b5545394ef8929fec3b6c4d45d525f2061fb29dfef2419ca4aa09929582fb50428ba4362c32c01f1ec40ee6892d0cc77a2
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css
hxxp://maxirg00.maxisrv.com/__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en
hxxp://maxirg00.maxisrv.com/maxpower-static/apps/34/68794/css/style.css
hxxp://maxirg00.maxisrv.com/__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif
hxxp://ww0.maxisrv.com/BesH3gE9/pop-up/
hxxp://maxirg00.maxisrv.com/84/MixVideoPlayerSetup.exe
hxxp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0 204.155.152.38
hxxp://network.adsmarket.com/click/jGJunWecqZmOZnCXYcp6w4iQa5xhnYOYi2SYmGakfZSJkGqaYKOBl7dia5lgnHuX?dp=NTN8NDAxfFVBfDF8MXx8|8d98075ed8edf8e376dd0b45fd1a3ee5-17-44|a2e2c230-0cb2-11e5-8e44-f8bc125381b8 193.169.104.1
hxxp://5efl2.x.incapdns.net/?page=m-2-lynx&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1242113&clickid=20U7OV4z5VR4rtf63xKxtt1z1pb7000.&ce_cid=20U7OV4z5VR4rtf63xKxtt1z1pb7000.
hxxp://wsf13-1390884529.us-east-1.elb.amazonaws.com/?s1=&s2=&s3=
hxxp://maxirg00.maxisrv.com/8aa77db7d6cfa52686caace456bcf6854761923c3750809b0f50e9018ef3951d71903399e800525b74f49676e4e1db0729fc57620c996347
hxxp://maxirg00.maxisrv.com/__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater
hxxp://maxirg00.maxisrv.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif
hxxp://nakzz.exclusiverewards.startree.science/?sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.10.2/jquery.min.js
hxxp://nakzz.exclusiverewards.startree.science/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style.css
hxxp://nakzz.exclusiverewards.startree.science/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style-ie.css
hxxp://nakzz.exclusiverewards.startree.science/templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/js/script.js
hxxp://maxirg00.maxisrv.com/b5ee652b78024589c9e518e3ea8a54713cc4045e7709cc97691ffb2ed00bf5ea54fc6701c95e935247d04875373b938e2d86daaea4a473da
hxxp://ltv-pre.tguhost.com/ltv/install/?idapp=23&action=install&mac=000C298A8B37&country=US 54.213.145.21
hxxp://staticrr.tgusrv.com/sdb/e0/WebBrowser.xml?059c108c-c348-4810-a742-e27ee5505615
hxxp://staticrr.tgusrv.com/sdb/1d/MixVideoPlayerUpdate.xml?f2b04e88-02bc-4bf2-8128-a9bd05d237eb
hxxp://ltv-pre.tguhost.com/ltv/install/?idapp=23&action=installinf&mac=000C298A8B37 54.213.145.21
hxxp://ltv-pre.tguhost.com/ltv/activity/?idapp=23&action=start&mac=000C298A8B37 54.213.145.21
hxxp://landings-ss-1797368240.us-west-2.elb.amazonaws.com/banner.html?uid=1427473144715k7T02w5vKZ
hxxp://api.bestinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css 5.196.157.0
hxxp://api.bestinstallfile.com/__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en 5.196.157.0
hxxp://www.webtrackerplus.com/?page=m-2-lynx&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1242113&clickid=20U7OV4z5VR4rtf63xKxtt1z1pb7000.&ce_cid=20U7OV4z5VR4rtf63xKxtt1z1pb7000. 192.230.78.223
hxxp://api.bestinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif 5.196.157.0
hxxp://api.bestinstallfile.com/695911ddfa3f19b5545394ef8929fec3b6c4d45d525f2061fb29dfef2419ca4aa09929582fb50428ba4362c32c01f1ec40ee6892d0cc77a2 5.196.157.0
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js 216.58.209.170
hxxp://api.bestinstallfile.com/bcf43006add0ff0a164589925d0bdca9d076860c388eb24ac0c254b1b429826a3a07f670dc9db1d9e642ba07f3a3b52755e966118d8c0209ca0fc4d8da06bcb87363db1825456f8d96f21c348ed93e3817832c62ae6adc01 5.196.157.0
hxxp://nhsdr.bestinstallfile.com/84/MixVideoPlayerSetup.exe 5.196.157.0
hxxp://api.bestinstallfile.com/b5ee652b78024589c9e518e3ea8a54713cc4045e7709cc97691ffb2ed00bf5ea54fc6701c95e935247d04875373b938e2d86daaea4a473da 5.196.157.0
hxxp://api.bestinstallfile.com/__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater 5.196.157.0
hxxp://3p6.popularfastchannel.com/?s1=&s2=&s3= 54.243.122.193
hxxp://api.bestinstallfile.com/__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater 5.196.157.0
hxxp://api.bestinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png 5.196.157.0
hxxp://api.bestinstallfile.com/maxpower-static/apps/34/68794/css/style.css 5.196.157.0
hxxp://api.bestinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif 5.196.157.0
hxxp://www.mixvideoplayer.com/banner.html?uid=1427473144715k7T02w5vKZ 52.10.139.14
hxxp://staticrr.mixvideoplayer.com/sdb/e0/WebBrowser.xml?059c108c-c348-4810-a742-e27ee5505615 85.12.5.2
hxxp://api.bestinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png 5.196.157.0
hxxp://static.api.bestinstallfile.com/d5/msjava.dll 5.135.246.48
hxxp://staticrr.mixvideoplayer.com/sdb/1d/MixVideoPlayerUpdate.xml?f2b04e88-02bc-4bf2-8128-a9bd05d237eb 85.12.5.2
hxxp://api.bestinstallfile.com/maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif 5.196.157.0
hxxp://www.bestinstallfile.com/BesH3gE9/pop-up/ 5.135.246.49
hxxp://api.bestinstallfile.com/8aa77db7d6cfa52686caace456bcf6854761923c3750809b0f50e9018ef3951d71903399e800525b74f49676e4e1db0729fc57620c996347 5.196.157.0


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /sdb/e0/WebBrowser.xml?059c108c-c348-4810-a742-e27ee5505615 HTTP/1.1
Host: staticrr.mixvideoplayer.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:16:03 GMT
Content-Type: text/xml
Content-Length: 4250
Last-Modified: Mon, 18 May 2015 14:02:05 GMT
Connection: keep-alive
ETag: "5559f0dd-109a"
Accept-Ranges: bytes
<Popup>..<Version>1.0.0.10</Version>.    <Enabled
>true</Enabled>..<Size height="768" width="1000"/>.    
<FrecuencyPerHour>3</FrecuencyPerHour>.    <MaxWindows&
gt;4</MaxWindows>.    <LaunchDate>07/01/2015</LaunchDat
e>.    <Url container="popup">hXXp://VVV.wbredirect.com</U
rl>..<UrlNotAllowedCountries countries="AE,IR,IL,EG,CN,BA,RS,TH,
IN,CZ,ID,VN,PH,PK" container="popup">hXXp://network.adsmarket.com/c
lick/jGJunWecqZmOZnCXYcp6w4iQa5xgn36bi2SYm2Gif5mJkGqXXpt-lbdia5hhn3qX&
lt;/UrlNotAllowedCountries>.    <UrlByRegister>...<Url con
tainer="browser" key="HKLM\SOFTWARE" priority="5"><![CDATA[http:
//n149adserv.com/ads?key=8a35d9a5b93c671dcef88419ab81871b&width=0&heig
ht=0]]></Url>...<Url container="browser" key="HKLM\SOFTWAR
E\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 3 Client" prior
ity="5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffce
ee148f60ea374f6&width=0&height=0]]></Url>...<Url container
="browser" key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta
ll\RaidCall" priority="5"><![CDATA[hXXp://n149adserv.com/ads?key
=0d8448124f556ffceee148f60ea374f6&width=0&height=0]]></Url>..
.<Url container="browser" key="HKLM\SOFTWARE\Microsoft\Windows\Curr
entVersion\Uninstall\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" priority=
"5"><![CDATA[hXXp://n149adserv.com/ads?key=0d8448124f556ffceee14
8f60ea374f6&width=0&height=0]]></Url>...<Url container
<<< skipped >>>


GET /?s1=&s2=&s3= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 3p6.popularfastchannel.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Date: Sun, 07 Jun 2015 01:15:10 GMT
Location: hXXp://NaKzz.exclusiverewards.startree.science/?sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68
Server: nginx/1.2.8
X-Powered-By: PHP/5.3.23
Content-Length: 0
Connection: keep-alive
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Date: Sun, 07
 Jun 2015 01:15:10 GMT..Location: hXXp://NaKzz.exclusiverewards.startr
ee.science/?sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNS
X.-r10845-t68..Server: nginx/1.2.8..X-Powered-By: PHP/5.3.23..Content-
Length: 0..Connection: keep-alive..



HEAD /84/MixVideoPlayerSetup.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: nhsdr.bestinstallfile.com
Content-Length: 0
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:08 GMT
Content-Type: application/octet-stream
Content-Length: 3789056
Connection: keep-alive
Last-Modified: Fri, 05 Jun 2015 11:17:44 GMT
ETag: "55718558-39d100"
Accept-Ranges: bytes



GET /?page=m-2-lynx&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1242113&clickid=20U7OV4z5VR4rtf63xKxtt1z1pb7000.&ce_cid=20U7OV4z5VR4rtf63xKxtt1z1pb7000. HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.webtrackerplus.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 07 Jun 2015 01:15:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
location: hXXp://3p6.popularfastchannel.com/?s1=&s2=&s3=
Set-Cookie: SERVERID=web5; path=/
Set-Cookie: visid_incap_227739=1Y/1PAb8RoOPJgcVY5vBOh2bc1UAAAAAQUIPAAAAAAA0vSXt9XZ6eAvGyhK3DqPo; expires=Mon, 05 Jun 2017 08:58:27 GMT; path=/; Domain=.webtrackerplus.com
Set-Cookie: incap_ses_323_227739= P2KSywBbR0OKwPr84Z7BB2bc1UAAAAAxL9vvtPrcRr52 xptd1NUA==; path=/; Domain=.webtrackerplus.com
Set-Cookie: ___utmvmFPupvfO=RdmBOaCDaiF; path=/; Max-Age=900
Set-Cookie: ___utmvaFPupvfO=dXY.Kyhn; path=/; Max-Age=900
Set-Cookie: ___utmvbFPupvfO=rZz
    XNBOValz: Etc; path=/; Max-Age=900
X-Iinfo: 7-128068459-128068463 NNNN CT(114 -1 0) RT(1433639709003 1) q(0 0 1 13) r(2 2) U5
X-CDN: Incapsula
0..



GET /click/jGJunWecqZmOZnCXYcp6w4iQa5xhnYOYi2SYmGakfZSJkGqaYKOBl7dia5lgnHuX?dp=NTN8NDAxfFVBfDF8MXx8|8d98075ed8edf8e376dd0b45fd1a3ee5-17-44|a2e2c230-0cb2-11e5-8e44-f8bc125381b8 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: network.adsmarket.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.6.2
Date: Sun, 07 Jun 2015 01:15:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.38
Set-Cookie: ce-visitor-iWZrnWWe=imGOnH3Bft6Nh4uZoN-wmouphN2i33veiaGbnF6bepI; expires=Wed, 22-Jul-2015 01:15:09 GMT; path=/; domain=network.adsmarket.com
Set-Cookie: ce-click-iWRsnGSffZe3ZGuZZZx6nYtmag=iWRsnGSffZe3ZGuZZZx6nYtmag; expires=Mon, 08-Jun-2015 01:15:09 GMT; path=/; domain=network.adsmarket.com
Location: hXXp://VVV.webtrackerplus.com/?page=m-2-lynx&a_aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1242113&clickid=20U7OV4z5VR4rtf63xKxtt1z1pb7000.&ce_cid=20U7OV4z5VR4rtf63xKxtt1z1pb7000.
0..HTTP/1.1 302 Moved Temporarily..Server: nginx/1.6.2..Date: Sun, 07 
Jun 2015 01:15:09 GMT..Content-Type: text/html..Transfer-Encoding: chu
nked..Connection: keep-alive..X-Powered-By: PHP/5.4.38..Set-Cookie: ce
-visitor-iWZrnWWe=imGOnH3Bft6Nh4uZoN-wmouphN2i33veiaGbnF6bepI; expires
=Wed, 22-Jul-2015 01:15:09 GMT; path=/; domain=network.adsmarket.com..
Set-Cookie: ce-click-iWRsnGSffZe3ZGuZZZx6nYtmag=iWRsnGSffZe3ZGuZZZx6nY
tmag; expires=Mon, 08-Jun-2015 01:15:09 GMT; path=/; domain=network.ad
smarket.com..Location: hXXp://VVV.webtrackerplus.com/?page=m-2-lynx&a_
aid=51ccedn87de7&pubid=415891&prgid=152873&cpnid=1242113&clickid=20U7O
V4z5VR4rtf63xKxtt1z1pb7000.&ce_cid=20U7OV4z5VR4rtf63xKxtt1z1pb7000...0
..



GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style-ie.css HTTP/1.1
Accept: */*
Referer: hXXp://nakzz.exclusiverewards.startree.science/?sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: nakzz.exclusiverewards.startree.science
Connection: Keep-Alive
Cookie: ci_session=yOD2kszKwUcO5UeNUiYZU0Ni7Hy9WMSZxq1mEz0iFWdC57iP3mjsyF1+mwm7wyglY4K5OvbsxxeQ7DeMAPzXUkzi/N5etF5oi/3XFc4NW4o0hFvCD0lEOQcz1gTLHsQHPOiSK3B/Pobp4JWJTzjDTaAOAlh6sW7X8KXWRfF4i5p+Y6GEJCmGf9Px7IhVfHweOFX3+chdULR5wMmv7vFmNOmjtjS8QwgulXr/X0rimYwWHNNpNxgln2iB8Q0KUXB+eFnZNZQQTxzywxXdsycYhNHrBe5Cn/ZJ4J3z5Ms23h+Si3t/RI1xC+fMEzBztNscstmemJqAqqfC/shg5HQBMnY+OGBj1gyImD0H8d15qRDVPBMUyShzdkfhK5qotpV3XE+slUOjrcsDnLcIi92h4SYdLBpJugnkpT4NQeYqn6gOKT046DHOFqdBfPnlDRoK0yKBtcld7danE5WTV/19/g==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; tags[227
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Sun, 07 Jun 2015 01:15:33 GMT
Content-Type: text/css
Last-Modified: Fri, 11 Oct 2013 18:30:44 GMT
Transfer-Encoding: chunked
Expires: Wed, 01 Jun 2016 01:15:33 GMT
Cache-Control: max-age=31104000
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Encoding: gzip
269.............S...0.=o.b....6!....;{.zh{GN.....:N...{'v`.......x..{.
...)...AT1..<......j...9L..5....E3.c..f.....F..g[..-Z.LxX.'.N..9<
;....m.`.....f.PI-*<..,..Kn.T.....V.zk.yn.[..Tuh.%,I.k..f<G$.V.l
.C7..B...1....r..z.#^b......e.A..\[email protected].:l$.i..s....w/:#Qu.`.<..
.....[A.4D{..V....*..=..;{.#..e..1.:8..I.e6.?....N....a.Qh.w.....~.-.h
...i.V..Y.Ai..wkD5.c..q=.v.....q....I......3......F...b*%......2..|p..
......d.-}.l.Q..M...8...Dc.\...y|........i..\./..N.L.......l.$.S.\.~&l
t;P`..[a..^.....hz....x..J.M.1}...2.c7.KrnE.oH.2^,...1....".......!9..
3.zi.^w.......7..`k=kdM7... ..N6........&?.Nt.U........./%g.L.....S.'.
..K.h.O.....0..HTTP/1.1 200 OK..Server: nginx/1.6.0..Date: Sun, 07 Jun
 2015 01:15:33 GMT..Content-Type: text/css..Last-Modified: Fri, 11 Oct
 2013 18:30:44 GMT..Transfer-Encoding: chunked..Expires: Wed, 01 Jun 2
016 01:15:33 GMT..Cache-Control: max-age=31104000..Pragma: public..Cac
he-Control: public, must-revalidate, proxy-revalidate..Content-Encodin
g: gzip..269.............S...0.=o.b....6!....;{.zh{GN.....:N...{'v`...
....x..{....)...AT1..<......j...9L..5....E3.c..f.....F..g[..-Z.LxX.
'.N..9<....m.`.....f.PI-*<..,..Kn.T.....V.zk.yn.[..Tuh.%,I.k..f&
lt;G$.V.l.C7..B...1....r..z.#^b......e.A..\[email protected].:l$.i..s....w/:#Qu
.`.<.......[A.4D{..V....*..=..;{.#..e..1.:8..I.e6.?....N....a.Qh.w.
....~.-.h...i.V..Y.Ai..wkD5.c..q=.v.....q....I......3......F...b*%....
..2..|p........d.-}.l.Q..M...8...Dc.\...y|........i..\./..N.L.......l.
$.S.\.~<P`..[a..^.....hz....x..J.M.1}...2.c7.KrnE.oH.2^,...1...
<<< skipped >>>


GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/style.css HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:06 GMT
Content-Type: text/css
Content-Length: 19034
Last-Modified: Tue, 03 Mar 2015 18:13:58 GMT
Connection: keep-alive
ETag: "54f5f9e6-4a5a"
Accept-Ranges: bytes
/* Template Template Videoupdater */...article,aside,details,figcaptio
n,figure,.footer,header,hgroup,menu,nav,section {..display:block;.}.p,
 h5, h4, h3, h2, h1, span, ul, li, form, input, textarea {..margin:0;.
.padding:0;.}.body {..margin:0 auto;..background-color:#323333;..width
: 555px;..height: 458px;..color:#b5b5b5;..font-family:Arial, Helvetica
, sans-serif;..scrollbar-face-color: #666666;..scrollbar-highlight-col
or: #999999;..scrollbar-3dlight-color: #333333;..scrollbar-shadow-colo
r: #333333;..scrollbar-darkshadow-color: #333333;..scrollbar-arrow-col
or: #CCCCCC;..scrollbar-track-color: #333333;.}...videupdater a, .vide
updater span {..color:#b5b5b5;.}...clear {..clear:both;..height:0px;..
overflow:inherit;..display: none;.}..li {..list-style: none;.}./******
***************//*********************//*********************//*******
**************//********./* estilo para poner los botones del box.html
 todos en display none */.._Bnext, .._Bexit, .._Bdecline, .._Bomit {..
/*display:none;*/.}./*************************************************
*/..container {..float:left;..width:555px;..height: 458px;..background
-color:#323333;..margin: 0 auto;.}../*****************Template Win_Lin
k*****************/......minimize {..float: right;..width: 45px;..posi
tion: relative;..margin-right: -45px;..right: 45px;..margin-top: 12px;
..z-index: 9999;.}....minimize ul li {..display: inline;..float: left;
.}...minimize li {....float: left;..}  ....minimize .button-min {..col
or: #636363;..text-decoration: none;..border: none;..font-size: 17
<<< skipped >>>


GET /d5/msjava.dll HTTP/1.1
Accept: */*
Proxy-Authorization: Basic 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: static.api.bestinstallfile.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:00 GMT
Content-Type: application/octet-stream
Content-Length: 940304
Connection: keep-alive
Last-Modified: Thu, 26 Feb 2015 12:10:03 GMT
ETag: "54ef0d1b-e5910"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L.....C8
...........#...............................k..........................
......m...............................`#..te..........................
......................................................................
...........................text............................... ..`.dat
a...d"......."[email protected].............................
..@[email protected][email protected]@...0[.8M..... 8W...
4.D8a...4.D8l...6.D8y...5.D8............KERNEL32.dll.NTDLL.DLL.GDI32.d
ll.USER32.dll.ADVAPI32.dll.OLEAUT32.dll.ole32.dll.....................
......................................................................
......................................................................
......................................................................
......................................................................
............................................ .........................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /BesH3gE9/pop-up/ HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Jun 2015 01:15:08 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: hXXp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0
<html>..<head><title>301 Moved Permanently</title
></head>..<body bgcolor="white">..<center><h1&
gt;301 Moved Permanently</h1></center>..<hr><cent
er>nginx</center>..</body>..</html>..HTTP/1.1 301
 Moved Permanently..Server: nginx..Date: Sun, 07 Jun 2015 01:15:08 GMT
..Content-Type: text/html..Content-Length: 178..Connection: keep-alive
..Location: hXXp://n149adserv.com/ads?key=5d7c4c519bcd79cc1dca058af3cf
ebbc&width=0&height=0..<html>..<head><title>301 Move
d Permanently</title></head>..<body bgcolor="white">
..<center><h1>301 Moved Permanently</h1></center&
gt;..<hr><center>nginx</center>..</body>..<
/html>....



GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://nakzz.exclusiverewards.startree.science/?sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Tue, 09 Jul 2013 11:31:25 GMT
Date: Wed, 03 Jun 2015 21:57:10 GMT
Expires: Thu, 02 Jun 2016 21:57:10 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 32822
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 271102
Alternate-Protocol: 80:quic,p=0
.............{...0.{....U.sD.N...3.u.4i.8....h?..J.A..@-....;.lX(.....
.i-b..z.ls....._.......d4.....G.28z2......S..e..VQ...8.:[.......Q^\...
2.......}T..b...m.Iv....HUn.d.M.....?..]....XT..uT.e......q.>.D..Q.
/...nV.r...J.227/....P..)vp.H,..^l.|!....yb%..e.A.......J\.E.....J.U|.
.Z....._W..@\..UT~...*.m\Tw.B.G.r#nes$E\...(.o.nG..*L*|#.`/n..|x.....|
..|T...!.....z..up:...o.......x&O......../_..>./.u.......a..c......
...Y0.{.x\....'..A..T..r_..7........./.O.'g5.~A.-Dx.?/....ky.E..a-.n.|
.`..B..q.......: .E.................U.z..X.8.....*vq...2..]..'<%..S
r).C.N6....F.......x.........i...,*c...7.\p.G.h.zq...MRVq..u..y.....BH
...|.M.*.........*.............4..6..w...X.&....}....>....A.......$
.q.q.#..B.s.W.....^.Q.J...*..c(.U.J.J..S.Ty;..y....=o.p-`...X.*/.[...:
s.[..n".i...q...*)..W....S..&..'...g..X<..1L.w.x..?........7g....AF
@...........T....$....8S..du..x43.n.`..=..C.......w.s......(.RQ.......
x.f......}..n.QQ._.....Rd..Q...70.Y6.o`.. ....#1...x?.......oGI.*.....
_.e.].....:p......}lv.,....3..QEU...z2uVd...../c.8...z..?Y."?>.q...
;.7.=.%[email protected]~........q..\...u......LW.....ac>.`V
..........W.W[..K.h0.W..7...iQDw>..[\..z....cQ.T,tv....h..)5.......
.......Vr....p|.........x./.....\.|....c%][email protected].^..j/[email protected]
/....;...|/h..F..%..M.H..y...%p.D.{..:c.._...H......ME..N..:TA.....H..
.......3..:[email protected]...........
lup..J.u......P..(...~..W.[Z.....0|.C1....X.....v...HDC....2rz.`..5pl)
l..}.g{)..)bB."..8.,A)ao/e..l. {../.A;..u.q.A].%....,e.....NN.`.;K
<<< skipped >>>


GET /sdb/1d/MixVideoPlayerUpdate.xml?f2b04e88-02bc-4bf2-8128-a9bd05d237eb HTTP/1.1
Host: staticrr.mixvideoplayer.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:16:03 GMT
Content-Type: text/xml
Content-Length: 671
Last-Modified: Fri, 05 Jun 2015 11:17:56 GMT
Connection: keep-alive
ETag: "55718564-29f"
Accept-Ranges: bytes
<?xml version="1.0" encoding="UTF-8"?>..<LastVersion>...&l
t;url>hXXp://staticrr.mixvideoplayer.com/sdb/84/MixVideoPlayerSetup
.exe</url>...<version>1.0.0.20</version>...<Track
Activity>true</TrackActivity>...<TrackErrors>true</T
rackErrors>...<vast active="true">....<adnum>3</adnu
m>....<adurl countries="US,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,J
P,CA,IR,AU,NL,ID,CO,PK">.....<![CDATA[hXXp://ads.adaptv.advertis
ing.com/a/h/fUUYX443fr3iHLf1b0DAy3MvZmqN m4YhR8Ql84ugxaUwnVer0nkAl4RaF
w4ippAh4iKfLnbLyk=?cb=[CACHE_BREAKER]&pageUrl=apps://mixvideop
layer.com&eov=eov]]>....</adurl>...</vast>...<Coll
ectorLTV>collector-pre.ltv-analytics.com:8080</CollectorLTV>.
.</LastVersion>HTTP/1.1 200 OK..Server: nginx..Date: Sun, 07 Jun
 2015 01:16:03 GMT..Content-Type: text/xml..Content-Length: 671..Last-
Modified: Fri, 05 Jun 2015 11:17:56 GMT..Connection: keep-alive..ETag:
 "55718564-29f"..Accept-Ranges: bytes..<?xml version="1.0" encoding
="UTF-8"?>..<LastVersion>...<url>hXXp://staticrr.mixvid
eoplayer.com/sdb/84/MixVideoPlayerSetup.exe</url>...<version&
gt;1.0.0.20</version>...<TrackActivity>true</TrackActiv
ity>...<TrackErrors>true</TrackErrors>...<vast activ
e="true">....<adnum>3</adnum>....<adurl countries="U
S,RU,BR,MX,DE,FR,IN,GB,ES,TR,AR,IT,IL,JP,CA,IR,AU,NL,ID,CO,PK">....
.<![CDATA[hXXp://ads.adaptv.advertising.com/a/h/fUUYX443fr3iHLf
<<< skipped >>>


GET /84/MixVideoPlayerSetup.exe HTTP/1.1
Accept: */*
Proxy-Authorization: Basic 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: nhsdr.bestinstallfile.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:08 GMT
Content-Type: application/octet-stream
Content-Length: 3789056
Connection: keep-alive
Last-Modified: Fri, 05 Jun 2015 11:17:44 GMT
ETag: "55718558-39d100"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................t...|...B...:............@..............
............0'[email protected]........@!
.@....................`...............................................
........................................text....s.......t.............
..... ..`.rdata... .......,...x..............@[email protected].... ...........
[email protected]...@..
..@!.....................@[email protected].....'[email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>


GET /ltv/install/?idapp=23&action=installinf&mac=000C298A8B37 HTTP/1.1
Host: ltv-pre.tguhost.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Content-Type: xml
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.7
Cache-Control: no-cache
Date: Sun, 07 Jun 2015 01:16:07 GMT
40..<?xml version="1.0" encoding="utf-8"?>.<result>5197574
2</result>..0..HTTP/1.1 200 OK..Server: nginx..Content-Type: xml
..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PH
P/5.3.10-1ubuntu3.7..Cache-Control: no-cache..Date: Sun, 07 Jun 2015 0
1:16:07 GMT..40..<?xml version="1.0" encoding="utf-8"?>.<resu
lt>51975742</result>..0......


GET /ltv/activity/?idapp=23&action=start&mac=000C298A8B37 HTTP/1.1


Host: ltv-pre.tguhost.com


HTTP/1.1 200 OK
Server: nginx
Content-Type: xml
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.7
Cache-Control: no-cache
Date: Sun, 07 Jun 2015 01:16:07 GMT
40..<?xml version="1.0" encoding="utf-8"?>.<result>6851800
7</result>..0..HTTP/1.1 200 OK..Server: nginx..Content-Type: xml
..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PH
P/5.3.10-1ubuntu3.7..Cache-Control: no-cache..Date: Sun, 07 Jun 2015 0
1:16:07 GMT..40..<?xml version="1.0" encoding="utf-8"?>.<resu
lt>68518007</result>..0..



GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loading-install.gif HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:06 GMT
Content-Type: image/gif
Content-Length: 7928
Last-Modified: Fri, 27 Feb 2015 14:06:59 GMT
Connection: keep-alive
ETag: "54f07a03-1ef8"
Accept-Ranges: bytes
GIF89a..........DCD...:::.........qqq............555...zzziii}}}......
.........aaaQQQeee...%%%.........VVV...lll...............,,,...YYY...)
))...uuuJJJNNN!"!...]]]...101.................................\[\.....
....#$#KLK.../0/KKK[\[`_`...GGG'''...???............///......ccc...sss
ddd```...###.........SSS...777...VVV...888...xxx...............{|{{{{g
hg............kmk444XXX......OOOWWW...222...333!..NETSCAPE2.0.....!..X
MP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" x
mpMM:InstanceID="xmp.iid:C7B15D6E6C0511E4901AB7B77D879212" xmpMM:Docum
entID="xmp.did:C7B15D6F6C0511E4901AB7B77D879212"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:C7B15D6C6C0511E4901AB7B77D879212" stRef
:documentID="xmp.did:C7B15D6D6C0511E4901AB7B77D879212"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>................................................................
..................................................................~}|{
zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;
:9876543210/.-, *)('&%$#"! .................................!.....
<<< skipped >>>

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/loadingBar.gif HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:06 GMT
Content-Type: image/gif
Content-Length: 77170
Last-Modified: Fri, 27 Feb 2015 14:07:01 GMT
Connection: keep-alive
ETag: "54f07a05-12d72"
Accept-Ranges: bytes
GIF89a|..............................c........"..y..4.....H.....i.....
/..1..2.....M.....W...........v...........-..u........0..1.. ..... ...
.....*.....!.....*.....,..{........z..s.....5........&.."..(..(..,..2.
.4..8..).. ..u..... ..$.....z..m...........*......../..*.....,........
...4..".....%..'.. ..............%........(../..............!.........
.....8.....&..3.....)..... ../........%..4.....!..NETSCAPE2.0.....!..X
MP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" x
mpMM:InstanceID="xmp.iid:C7B15D6A6C0511E4901AB7B77D879212" xmpMM:Docum
entID="xmp.did:C7B15D6B6C0511E4901AB7B77D879212"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:C7B15D686C0511E4901AB7B77D879212" stRef
:documentID="xmp.did:C7B15D696C0511E4901AB7B77D879212"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>................................................................
..................................................................~}|{
zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;
:9876543210/.-, *)('&%$#"! .................................!.....
<<< skipped >>>

GET /__maxpower__/render_screen/2014/11/a888aa68-73d0-11e4-b71d-06a3579b0dab/screen_variation=videoUpdater HTTP/1.1


Accept: */*
Proxy-Authorization: Basic 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 814
Connection: keep-alive
Vary: Accept-Language
Content-Language: en
Accept-Ranges: bytes
.<!--finish Videoupdater-->....<div class="finish">..<h
1>........Setup Wizard.......</h1>..<p style="margin-top: 
15px; font-size: 13px;">You have succesfully installed the software
 below and they are ready to be used:</p>....<div class="item
s">...<ul>....<li class="check">%mapp%</li>......
</ul>..</div>....<div class="clear"></div>....
<p>Recommended offers:</p>......<div class="list-toolba
rs" id="alloffers">....<ul class="_FinishOffers">....</ul&
gt;...</div>....<!--...<div class="banner">......<if
rame src="hXXp://n149adserv.com/ads?key=09879bcf6e631312a2c4d02d9cae27
2f&width=300&height=250" frameborder='0' scrolling='no' width='300' he
ight='250'></iframe>...</div> ..-->.........<inpu
t id="_Bexit" class="_Bexit close absol" tabindex="2" type="submit" na
me="nombre" onclick='onExit()' value="Close">....</div>..HTTP
/1.1 200 OK..Server: nginx..Date: Sun, 07 Jun 2015 01:15:12 GMT..Conte
nt-Type: text/html; charset=utf-8..Content-Length: 814..Connection: ke
ep-alive..Vary: Accept-Language..Content-Language: en..Accept-Ranges: 
bytes...<!--finish Videoupdater-->....<div class="finish">
..<h1>........Setup Wizard.......</h1>..<p style="margi
n-top: 15px; font-size: 13px;">You have succesfully installed the s
oftware below and they are ready to be used:</p>....<div clas
s="items">...<ul>....<li class="check">%mapp%</l
<<< skipped >>>

POST /b5ee652b78024589c9e518e3ea8a54713cc4045e7709cc97691ffb2ed00bf5ea54fc6701c95e935247d04875373b938e2d86daaea4a473da HTTP/1.1


User-Agent: dBrowser 3 CallGetResponse:3
Host: api.bestinstallfile.com
Content-Length: 4038
Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51B8A93E962C0C6C7C6FD68E8538140D7179A18D7BCE232EF1C1C0A61A0FC128EFA35879CE800C42FE7ED6DD7260C2A734FD494B2C250259201C61772E42F1834C5441D06379FFA40F46894C31933E48BDA957A476C0D2DA52AB22D25163CA51C0265C33430C2CCDC2445DB733784FAF2387F2028217CF16B47693BE71A94A31D04FEC270C62AA77F5607A856310D3163700B9358E90F7D346FCC65CFCEB261A852FC730CFC5512A46C99D7521B0CEB0A7AB836EB90C4968390E70FBE66142A024A56DCD1FF2C37F69104A76D9C65E8C995026485C84E02B717CB69E1DEE79A5B7163A85418804D4732B853988DC447F077EDBE26ADDD2D6491B936C16D6FDA0CBE8C32A9E47A43291E06605D7327A003427FA57088F709FEA77EF306CA4BFEF54BDAEDF7E4F54FF66DB4CD09C36F722294E15B4466C6626B87D934840432CEAB2D0F2D5CD256D16454ADD9ACD51EA2376FD7ABDAC2DC20C1CE4FC529377AACD629FFED22A89B2F4422D24E82882AF7AA2C1A16BB81C3838A8D3EB3E18BBEF18D60DC1B234AC6A358521720470391E8CFDF41099A29F798B6EC70E827139413E513DA51D7708F4957B91AC64EBB6FD47BCACAF081BD0D876AEEB0C3A09A3ED5BA4F85EBBC8F97F88B9899F77E1B84AD58BCEBFBA8B236534DAF1C60FCFEF16CB364963AB371E91C1C08792FDC29952F850
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:39 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
7..MAXTHX...0..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 07 Jun 2015 
01:15:39 GMT..Content-Type: text/plain..Transfer-Encoding: chunked..Co
nnection: keep-alive..7..MAXTHX...0..



GET /ltv/install/?idapp=23&action=install&mac=000C298A8B37&country=US HTTP/1.1
Host: ltv-pre.tguhost.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Content-Type: xml
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.7
Cache-Control: no-cache
Date: Sun, 07 Jun 2015 01:15:39 GMT
39..<?xml version="1.0" encoding="utf-8"?>.<result>1</r
esult>..0..



GET /banner.html?uid=1427473144715k7T02w5vKZ HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mixvideoplayer.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Type: text/html
Date: Sun, 07 Jun 2015 01:16:08 GMT
ETag: "9000bb-d94-512930b5278c0"
Last-Modified: Tue, 31 Mar 2015 10:27:23 GMT
Server: nginx
Set-Cookie: lpsl_banner.html=c0b126e4f64fd4070909030dedac1e7c 1433726168; Path=/; Expires=Mon, 08-Jun-15 01:16:08 GMT;Domain=VVV.mixvideoplayer.com
Vary: Accept-Encoding
Content-Length: 1676
Connection: keep-alive
...........W.S.8.... Ts.. ~..J.0...w<...1.e.[q...J2I....Jv.........
j..~.K.}.B9....4.7z....<R"1...."......m....re,en...}.....=...9.t...
.,.$.m.G..b...l.q8&...,.mL...1.<....2f..W..iN9......R.. k...g.!.g.C
~....}:.x.H.q..W..T&..B._iD.y.g..J.#....b.'BNs....C......S'f,N...pB.j.
...p.....\..}.....f..0.=.....YB.J...d*.P.Bc.....x.b.....n.]...fq.2..}.
Y.E...Zo... ...!...&,...{ |..I..i...D...q..{^>..1..XvPkC.?6 E.3.YF.
.)8...~`..K. ..d.Q.P.. .5...`....}5.l._....Z'.[...^......7....O....;.[
.......h".'Nr.....,A\..$..J...]p.d.....y].kXp.$9.../.#.....&....'5....



GET /ads?key=5d7c4c519bcd79cc1dca058af3cfebbc&width=0&height=0 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n149adserv.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: epomUUID=a2e2c230-0cb2-11e5-8e44-f8bc125381b8; Domain=.n149adserv.com; Expires=Sat, 02-Jun-2035 01:15:08 GMT; Path=/
Set-Cookie: ep_5d7c4c519bcd79cc1dca058af3cfebbc=1433639708117|401; Domain=.n149adserv.com; Expires=Mon, 08-Jun-2015 01:15:08 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Content-Length: 966
Date: Sun, 07 Jun 2015 01:15:07 GMT
<html><head><!--401:53--></head><body leftm
argin='0' topmargin='0' marginwidth='0' marginheight='0' style='backgr
ound-color:transparent; width: 100%; text-align: center;'><meta 
http-equiv="refresh" content="0; url=hXXp://network.adsmarket.com/clic
k/jGJunWecqZmOZnCXYcp6w4iQa5xhnYOYi2SYmGakfZSJkGqaYKOBl7dia5lgnHuX?dp=
NTN8NDAxfFVBfDF8MXx8|8d98075ed8edf8e376dd0b45fd1a3ee5-17-44|a2e2c230-0
cb2-11e5-8e44-f8bc125381b8" /><script type="text/javascript">
var params = {}; var res = []; if (localStorage!==null && typeof local
Storage!==null && typeof localStorage != "undefined" &&  typeof localS
torage.epomCookies != "undefined") params = JSON.parse(localStorage.ep
omCookies); for (var p in params) res.push(p   "="   params[p]);new Im
age().src = "hXXp://n149adserv.com" "/im" "pressi" "on.gif?b=401" "&p=
53&ch=&ap=&cps=&c" "=44&l=UA" "&h=779600ed937f7360290ff85a25c65591&t="
 new Date().getTime() "&s=2c4187605f97e2015e94b7758ed3ea61&" res.join(
'&');</script></body></html>..
<<< skipped >>>


GET /bcf43006add0ff0a164589925d0bdca9d076860c388eb24ac0c254b1b429826a3a07f670dc9db1d9e642ba07f3a3b52755e966118d8c0209ca0fc4d8da06bcb87363db1825456f8d96f21c348ed93e3817832c62ae6adc01 HTTP/1.1
Accept: */*
Proxy-Authorization: Basic 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
eec..0f5071480ceaa14a440c0ddc9b77d78e775d92f29e75ea067e09d7b1fd4429a19
bbe499cc181d296482b2b155f95313309a223481acff9ddee9893be39840a2074ae431
e1a949c44c6cebe5ce456f8773c5ca8e6db3dadcb610904c7947b80eb10010dab60dea
4d857cd52a94ceed3cc1d800b8ea8cc46d9fe4237d3f84f1e00408a8a80e75b5c6602f
3e9fba7092a9526ef23f61d9b2ee14bcb1a1d75c426a1a2d08593cfa8ef14ad23e93a8
d66436c6ad06ad138b690667a7630fc1dce3da0b1af38d48a7cdfc029e2b666a5bd66e
eef257ff642e681f7700ff654ce20dd74f35b329ac889e5b53868ebba1e785df46f9a9
fd8458c2ccb4b6f4c097f0ae42714ec585ef0b6d67860df0199a8d9812ac3fb1a138b9
838b3b3d7ddb190704c7f6543e4690c7580c31515ed0e36ec86377678a3c1150ae248b
6bc61b9f951dda1309c7c931eb7826bad666e9d19f419133117ca717cb8b48ff3f7110
ec85121d1274bcd65c1536dbad017087b7b7a76b21e74de1f572d2790410f39c747b6a
ba8d4c79adf9b53d85836fb7fb200a469d59a90d9fa2b0b3899e39b191f9708b1a0c83
18b355afaa077b3e0840dec7312056397ff0ca42192855e50f0a2c5d8697260f0cea67
c9904a5a37c5da579adadf0bacd94558d2537e684c9a10a8c4c67cb9f7d12306bd9017
fa031cd531b5f4ad2e9c2c00b5c0010f747170c70e959d93c7eba7ab9a0add37a1c6d5
d8f5581f6fc21f88f644b4dfbdcaf6f400437cea676574125020775cac0fadb460e850
bf279aebc677a94080e41d83db431928aa4d88c224a1c90dfc3ac82a8e3f0752436a3e
28a9ed41d7603802ba6903bb36237156a8793e0a23d8a037467068561bc758369efbcb
236a9d98f07caa0268a7609f208a0f50950587840d181d139d7dc9cc4554abdb50a419
69e6c33c255888d890c98f8a8e06cede42220257a51db577bf1c22fbfa82ca87d2fc11
c5b7b1df9d55053ac5ba51ad2efc358ba9565d2c13194b52e15e51c0314eda5173f8eb
21a279ea309425d1bd251d2e48b9e8ee45d0c748677e5f943d2970134965973e40
<<< skipped >>>

POST /695911ddfa3f19b5545394ef8929fec3b6c4d45d525f2061fb29dfef2419ca4aa09929582fb50428ba4362c32c01f1ec40ee6892d0cc77a2 HTTP/1.1


User-Agent: dBrowser 1 CallGetResponse:1
Host: api.bestinstallfile.com
Content-Length: 2758
Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6C29F5997166EF97A418F915F82A9AD7FC77F5FC74ED02F99799278738B97993DFA484DED0643C147AF1F76E6047AAC12B04F4D1B9014C49B2B9206253F7B816F613C3C2381141BF9CF3270815E833E217C84153888AF84AD3B25072B7234318ADB6B796AA64B779F2A2FFAABF95EFDC11241AEEFDE629155B76CCA2A4F117755C06DE1498E9C37CD98B521F0FD403F13CB01AF0E4FBF71138F6A88730187FF335D1D49628715144B0C70D3E9EFE7F238A0BD4DC3850AA17491D1411F679F649D153C8BB58D807D75C71D684597E3C53158883877E2B2DF5F9835210215BF8B4E424D54C9DC1B0382804C82DF6DE430D6286F4EC32EFA9C0879E0B5195F873EC93EFD9028384F794BA8001AAD0EFD2F57163951F48C0543140FA71C2CC25B1E684F083496E91153CD0189459D14D516740D975556EED463D549149C64F7817B04107DF3BD3AADB9D05FF4CA61C16FFA52B0B03FC804758BA2BBFE11F6894C15F67736AE213BCEFDF4413BB9970F70654B7C300116460FAB905A38A5DA3C219D77E5831422B475F8B98F771450C586E4A98C88422A4D2D55FEBEE8C1F50ED3ADDFD386B54BF360ED09327D06513E427FC52942CDABED860F111BDC58F37DAE1E5804B1D324B29777FFAC9632ED0D917F4E2248AF23B7B71F695AF748841602CCAB4C9C1AE20FB19194BE091E0473A3F10155839159F39D6F3E214794CCBA7519CA5A4640C97FFA3822F34CD7DECFE5253E6F5174F71615E7B4A511A96AE360D51CD33B6E803EC4587E00F7ABA679F9E761A3A25D92E107FEB662888D7119708C2ADF11E2F8B0966F45D228EF5963AC1CC6D27AA0644310EAA5088161C2C7E149BED5C76FB36C5CD2587FD058855B0D9BA
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:06 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
7..MAXTHX...0......


GET /__maxpower__/render_template/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab?language_code=en HTTP/1.1


Accept: */*
Proxy-Authorization: Basic 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2387
Connection: keep-alive
Vary: Accept-Language
Content-Language: en
Accept-Ranges: bytes
..<!--Template VideoUpdater-->..<div class="container">.&l
t;div class="videupdater">. <div class="minimize">.  <ul&g
t;.    <li><span onclick="minimizeWindow();" class="button-mi
n">-</span></li>.    <li><span id="_Bexit" onc
lick="onExit()" class="button-min">x</span></li>.  <
/ul>.</div>..<div id="_frameContainer" class="content">
..  ..</div>...<!-- buttons -->.<div class="buttons">
;..  <!--botones derecha -->.  .  <input id="_Bnext" class="_
Bnext grey right" buttonText="Next" tabindex="0" type="submit" value="
Next »" onclick='onAccept();'>.  ..  <!--botones izquierda
 -->..  .  <input id="_Bomit" class="_Bomit normal-close leftnow
idth" tabindex="3" type="submit" name="nombre" value="Skip All" onclic
k='onOmit();'>.  .  .  <input id="_Bdecline" class="_Bdecline no
rmal-close leftnowidth" tabindex="1" type="submit"  name="nombre" valu
e="Decline"  onclick='onDecline();'>.  ..  <div class="clear">
;</div>.</div>..  ..<div class="contact">.  <div 
class="contact-in" style="height: 20px;">..    <ul>.      <
;li><a target='_blank' class="first _TitPrivacy">Privacy Poli
cy</a></li>.      <li><a target='_blank' class="_
TitSetup">Setup info</a></li>.      <li><a tar
get='_blank' class="_TitFree">Why is this free?</a></li>
;.      <li><a target='_blank' class="_TitHelp">Help&l
<<< skipped >>>

GET /maxpower-static/apps/34/68794/css/style.css HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:06 GMT
Content-Type: text/css
Content-Length: 114
Last-Modified: Mon, 16 Mar 2015 11:21:34 GMT
Connection: keep-alive
ETag: "5506bcbe-72"
Accept-Ranges: bytes
/* mapp MixVideoPlayer */....welcome ul  {...width:210px;..float: left
; ..}...welcome ul li {..margin-top: 10px;.}....


GET /__maxpower__/render_screen/2014/11/8b9c3fb4-73d0-11e4-925e-06a3579b0dab/screen_variation=videoUpdater HTTP/1.1


Accept: */*
Proxy-Authorization: Basic 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 961
Connection: keep-alive
Vary: Accept-Language
Content-Language: en
Accept-Ranges: bytes
..<!--Intall Videoupdater-->..<div class="install">..    &
lt;h1>Installation Progress</h1>.    .    <p>This Downl
oad Manager will minimize to your system tray shortly to allow you to 
work on other items while your selections install. To restore this win
dow, simply click on the icon in your system tray.</p>.    .    
  <div class="install-loading">.    </div>.    <div cla
ss="progress-bar">.        <div class="_TotalProgressLevel progr
ess-level" ></div>            .    </div>....<div cl
ass="clear" style="height:10px; display:block;"></div>.     &
lt;div class="_ProgressInstallingText" style="display:none; text-align
: center; margin-left: 45px; width: 422px;"><p>Installing ...
</p></div>.    .    <div class="_ProgressText" style="d
isplay:none;  margin-left: 33px;">.        <p>Process: <sp
an class="_ProgressTextDownloaded"></span>  of <span 
class="_ProgressTextTotal"></span> (<span class="_Progress
TextPercentage"></span> %)</p>.    </div>..   .  
 .</div>.....


GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/i-download.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:06 GMT
Content-Type: image/png
Content-Length: 1433
Last-Modified: Fri, 27 Feb 2015 14:06:57 GMT
Connection: keep-alive
ETag: "54f07a01-599"
Accept-Ranges: bytes
.PNG........IHDR...*...*.....J.^.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:24FEED836BEF11E4901AB7
B77D879212" xmpMM:DocumentID="xmp.did:24FEED846BEF11E4901AB7B77D879212
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24FEED816BEF11E4
901AB7B77D879212" stRef:documentID="xmp.did:24FEED826BEF11E4901AB7B77D
879212"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>lW1.....IDATx.b|[email protected]...#...k..
...!..T?.&..}_......{....`..?....{..z...'..a..C*....'V.....&VV"M...eWT
...{..X...b..\\.M.LHP.:..0.v..9..?.>.W.......ax....X...MM.........~
.xA.d....".nTT............/w..c,...!.....\T..;w.Z.......D.K......O....
G.......E..$X.D...9..../......K..$...JD.CF_............>.......Lc.f
.U.$.7.NqJK...".....|}.<|[email protected]..^.T.......d.....9
8.>..w RNK.*....C.._.<..q.....mX.)...?..D.l!.{<...7o......\..
......W.....^.|,?..v.;p.B..B..r..d.~B.........X%....b-<..c {9.Im.O.
.........Z?l...v\. ...F.0_B.5....IEND.B`.....
<<< skipped >>>

GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/progress-bar.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:06 GMT
Content-Type: image/png
Content-Length: 1392
Last-Modified: Fri, 27 Feb 2015 14:07:04 GMT
Connection: keep-alive
ETag: "54f07a08-570"
Accept-Ranges: bytes
.PNG........IHDR...|.........L.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:15582AE06BF411E4901AB7
B77D879212" xmpMM:DocumentID="xmp.did:15582AE16BF411E4901AB7B77D879212
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24FEED896BEF11E4
901AB7B77D879212" stRef:documentID="xmp.did:24FEED8A6BEF11E4901AB7B77D
879212"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>[email protected]~:52u.....,.g...e.
.<..l..F...|.E.....G....n..g......V..v.^.C..?... .........k..Bc.Y.V
....._....E.(...T.eR...`yn..i.{t...-{tB..{\5......y..s..4kyn<=\5.KV
:......u..l..QK.)z.n.........c......\....N.=EG..w..^.Xh......~....w...
>..S.dy.H.$5.@.^o..........t...5.N|...>....3..H.....(.3..`Ft....
......y..~8^...1OC..x....it&W@it..."..=^MV..WA.$.....W...D6.....v.y...
....Pis..2.W:..^..........-.lx>P......3$CR...}.<..5*......f,vl]c
.i...k...xN.|>o6......P......z..p8..cv.....o.....&..m.c....IEND.B`.
....
<<< skipped >>>

POST /8aa77db7d6cfa52686caace456bcf6854761923c3750809b0f50e9018ef3951d71903399e800525b74f49676e4e1db0729fc57620c996347 HTTP/1.1


User-Agent: dBrowser 2 CallGetResponse:2
Host: api.bestinstallfile.com
Content-Length: 4038
Cache-Control: no-cache

cdata=86394263D6DED7AD3ED013DFEF7E64F6FD7F7EB6471F6E1008FAF67D6BFDB01B26EAAA801BC7C09F4151D3761C9F974F6921D434084F69EB0E2262EC981EFAF4B71B6DE53AB1621839F9301B469E85E3DEEA269604ED17849843D57DA5D052460EA403F0E2730A705291EE1BB655062579317F3835A3F1C8D611E8D59DE4E29330C729C3611175A91D6C4B2CA57BF51B8A93E962C0C6C7C6FD68E8538140D7179A18D7BCE232EF1C1C0A61A0FC128EFA35879CE800C42FE7ED6DD7260C2A734FD494B2C250259201C61772E42F1834C5441D06379FFA40F46894C31933E48BDA957A476C0D2DA52AB22D25163CA51C0265C33430C2CCDC2445DB733784FAF2387F2028217CF16B47693BE71A94A31D04FEC270C62AA77F5607A856310D3163700B9358E90F7D346FCC65CFCEB261A852FC730CFC5512A46C99D7521B0CEB0A7AB836EB90C4968390E70FBE66142A024A56DCD1FF2C37F69104A76D9C65E8C995026485C84E02B717CB69E1DEE79A5B7163A85418804D4732B853988DC447F077EDBE26ADDD2D6491B936C16D6FDA0CBE8C32A9E47A43291E06605D7327A003427FA57088F709FEA77EF306CA4BFEF54BDAEDF7E4F54FF66DB4CD09C36F722294E15B4466C6626B87D934840432CEAB2D0F2D5CD256D16454ADD9ACD51EA2376FD7ABDAC2DC20C1CE4FC529377AACD629FFED22A89B2F4422D24E82882AF7AA2C1A16BB81C3838A8D3EB3E18BBEF18D60DC1B234AC6A358521720470391E8CFDF41099A29F798B6EC70E827139413E513DA51D7708F4957B91AC64EBB6FD47BCACAF081BD0D876AEEB0C3A09A3ED5BA4F85EBBC8F97F88B9899F77E1B84AD58BCEBFBA8B236534DAF1C60FCFEF16CB364963AB371E91C1C08792FDC29952F850
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:12 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
7..MAXTHX...0......


GET /maxpower-static/templates/2014/11/71be70f4-73cf-11e4-b71d-06a3579b0dab/css/images/bullet-short.gif HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.bestinstallfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jun 2015 01:15:12 GMT
Content-Type: image/gif
Content-Length: 54
Last-Modified: Fri, 27 Feb 2015 14:06:53 GMT
Connection: keep-alive
ETag: "54f079fd-36"
Accept-Ranges: bytes
GIF89a.............!.......,...................P..U..;HTTP/1.1 200 OK.
.Server: nginx..Date: Sun, 07 Jun 2015 01:15:12 GMT..Content-Type: ima
ge/gif..Content-Length: 54..Last-Modified: Fri, 27 Feb 2015 14:06:53 G
MT..Connection: keep-alive..ETag: "54f079fd-36"..Accept-Ranges: bytes.
.GIF89a.............!.......,...................P..U..;..



GET /?sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: nakzz.exclusiverewards.startree.science
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Sun, 07 Jun 2015 01:15:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
X-Powered-By: PHP/5.3.3
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: ci_session=yOD2kszKwUcO5UeNUiYZU0Ni7Hy9WMSZxq1mEz0iFWdC57iP3mjsyF1+mwm7wyglY4K5OvbsxxeQ7DeMAPzXUkzi/N5etF5oi/3XFc4NW4o0hFvCD0lEOQcz1gTLHsQHPOiSK3B/Pobp4JWJTzjDTaAOAlh6sW7X8KXWRfF4i5p+Y6GEJCmGf9Px7IhVfHweOFX3+chdULR5wMmv7vFmNOmjtjS8QwgulXr/X0rimYwWHNNpNxgln2iB8Q0KUXB+eFnZNZQQTxzywxXdsycYhNHrBe5Cn/ZJ4J3z5Ms23h+Si3t/RI1xC+fMEzBztNscstmemJqAqqfC/shg5HQBMnY+OGBj1gyImD0H8d15qRDVPBMUyShzdkfhK5qotpV3XE+slUOjrcsDnLcIi92h4SYdLBpJugnkpT4NQeYqn6gOKT046DHOFqdBfPnlDRoK0yKBtcld7danE5WTV/19/g==; expires=Mon, 08-Jun-2015 01:15:32 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
X-Source: Mini
Set-Cookie: id=XNSX.-r10845-t68; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: SITE_ID=73001201; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: sov=73001201; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tov=deleted; expires=Sat, 07-Jun-2014 01:15:31 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: mov=nr.ytsurvey.mini; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: redid=10845; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: gsid=68; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: ref=deleted; expires=Sat, 07-Jun-2014 01:15:31 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: URI=sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: templateid=2582; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: version=227198; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tags[2582][expand_enable]=-1; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tags[2582][alert_enable]=1; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tags[2582][audio_enable]=0; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tags[2582][pop_enable]=0; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tags[227198][expand_enable]=-1; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tags[227198][alert_enable]=1; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tags[227198][audio_enable]=0; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tags[227198][pop_enable]=0; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: content=227198; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: vid=89572; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: log_73001201=1; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.exclusiverewards.startree.science
Set-Cookie: id=XNSX.-r10845-t68; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: SITE_ID=73001201; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: sov=73001201; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: tov=227198; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: mov=nr.ytsurvey.mini; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: redid=10845; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: gsid=68; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Set-Cookie: ref=deleted; expires=Sat, 07-Jun-2014 01:15:31 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
X-Sov: 73001201
X-Rot: 227198
Set-Cookie: tags[2582][iframe_enable]=0; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.nakzz.exclusiverewards.startree.science
Expires: Mon, 01 Jan 2001 00:00:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: noshid=hrhjvtnlvjxjxz; expires=Mon, 08-Jun-2015 01:17:12 GMT; path=/; domain=.startree.science
Content-Encoding: gzip
d37.............[.o....Y. ....7....ImY..:k...b.C...$=Y.).%)..0 ..~...(
<...u..b.eM\;v.....P.......H.....X".....w.{..O....o.....E.tZ. O....
T...zy".*Mf..P....*c.,4.Sh..R.;.tv.,.....Ko...u'..1..j.n^r...C.s..T,.;
.w..e.J,G.8......{..v?w..#.....{.-....=d.q....v.w7.q.}..........L)'.  
.f...l.6/.r.]eC^1... .j.5.Em9M............%....-U...R..........i..0ux.
.......k.z..k.Z........x..tc.......*7....oW4u..T.....\..s.....W...6/..
......F.lG..2.="M.....$P..J..J....@[email protected]...*y.16Y....Dg*ÙQ."..._
M..Z..n:-[....F[.9.....?!EJ.U..a..............:....,.~pKY.S....s...A}.
!..V.(.[Z....[..Lp;A..E..3%.z...........&.i.0v<)..jY. .q.......>
D../.[.P..\...{......x~.t.O..s.X&~.A.&....._........1t.D#.c...P.%u.U..
.<.. .q...CV.@. -...S.......^......C..u.J....KU........o.....TW.XMS
l{^......P7x.][email protected]..
p.w...^.-......[A...uK1..C......)<=.3a...i...:')*j........W.......=
cz....... "y....jB..t...S).{........e$.. .S&.p..|Gp..>..........._.
.!....r.{....}....X:w.......&c..,7b#:?f....K...!............k...2...u.
.}p.=..P....f.....Y..6...7(.8..G.......U.&......f...p.. &.z$3w.}.n..1.
...q.3..#..<...3.."gFh.Q..)......8#4...........J..3c.......}.f.....
...z../.9.'..f{.dBz.&......{.D{....../BK`.....@b.^.......||...........
g.F.PX.`.o(....*.e..\g..>.zK...h...q....s6....akE..s..m88B.hI.H....
..#....!.[k*A..zQ..a3..E..1..^ ..1....O..qU}.......<#,a....T.v.....
...$.<."r...=`..7.Q>}..0......>.=yS.c<.w..W..0.19..`e.B..6
........(...-;&B........qA)Ug.^...*$....=....s`{.gRutfa...X.s.=.p.
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/css/style.css HTTP/1.1


Accept: */*
Referer: hXXp://nakzz.exclusiverewards.startree.science/?sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: nakzz.exclusiverewards.startree.science
Connection: Keep-Alive
Cookie: ci_session=yOD2kszKwUcO5UeNUiYZU0Ni7Hy9WMSZxq1mEz0iFWdC57iP3mjsyF1+mwm7wyglY4K5OvbsxxeQ7DeMAPzXUkzi/N5etF5oi/3XFc4NW4o0hFvCD0lEOQcz1gTLHsQHPOiSK3B/Pobp4JWJTzjDTaAOAlh6sW7X8KXWRfF4i5p+Y6GEJCmGf9Px7IhVfHweOFX3+chdULR5wMmv7vFmNOmjtjS8QwgulXr/X0rimYwWHNNpNxgln2iB8Q0KUXB+eFnZNZQQTxzywxXdsycYhNHrBe5Cn/ZJ4J3z5Ms23h+Si3t/RI1xC+fMEzBztNscstmemJqAqqfC/shg5HQBMnY+OGBj1gyImD0H8d15qRDVPBMUyShzdkfhK5qotpV3XE+slUOjrcsDnLcIi92h4SYdLBpJugnkpT4NQeYqn6gOKT046DHOFqdBfPnlDRoK0yKBtcld7danE5WTV/19/g==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; tags[227198
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sun, 07 Jun 2015 01:15:33 GMT
Content-Type: text/css
Last-Modified: Fri, 11 Oct 2013 18:30:45 GMT
Transfer-Encoding: chunked
Expires: Wed, 01 Jun 2016 01:15:33 GMT
Cache-Control: max-age=31104000
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Encoding: gzip
9ec.............Z[o...~...5A1;.:.%.....L6.,....E.7..(..%*.............
l[`k#...9<......,....'...o.~u.v...7.....Td..<...>...9.E..@<
;.'...I.3..%J=..(.P.B...(d<zx.. .(....a.pT.|.!..%.*....(..xLPL.....
.%<.....y....=..U8 P.a.P%[email protected]. .....(D5.(". %.aM...q.j..E.%,.
`../3.p.d...<F.......<GB.]$..$R.....$b...].........]....N....I..
y-...~..ZT....]..7'.:9Q\.....S....<'............!...C..8..xl{.u.\'.
N@<....7.[.,.DI2..0\p'&.l.IxTW.......r.[^.}...t.2..........I..Z....
...EL"^b)}........B.%.wiKViP2I.srBb.}D....@A?.............Br.&I.Zu..3.
....>uj]4 .;.~..Y.sG:....sF.!.M...4..X9/......."F...|.vB....md..h.F
.-0..D......_..-.D.-UT.;..b....S)&.B..(._;.........yLNQ.........1.1rpI
1.?....hr#=.. m8Z.....!..v`'y|..%.....fxG....6.m3L...M>.......s.`..
.LpLB......x.3f4v......H%|.b...U.c..F..<........p...,.l.....Lc.....
zC..K......m......(..K.....u6k=..a..9Z.:=..j.....1.\.....f.Q.V.......^
N...U..q...f.8RN.......).J.r,j.......m..eOn.t>..gA....R......m.R...
.E...>..&....E.]6Zn.M..R-..8...:....u..._..C..s....b?,.s%......`.h.
vf!.........LnLs.J..F'..HG.......5.4f.C ......mo...7...r.....&..Z...;.
.d. oJ.z...F.L..'p.....E.e..q..ptP>.......]Mx.eK..&...*i...:...AZ~"
73......C....Smp..V3...C..ZHZ.........F.... ..G>..*..w.8A....(;ky]J
....Z.....&.)._.u.^....A..2Afo'm.6......3.Kg5^`....Z-..........F.".:.c
....=..G<.5a.3)..u.Gl%.......b_tP.....d^.N ...gO..........|..%.v;.J
&.......s...X. ....~.X.t=.....&..v.]'..J...6...../.$....K......-.r2 ..
.7.fn.GJYf...B..."..W....NZ.V....:5,2.m...l.hk..M.S..'.....;e. HRJ
<<< skipped >>>

GET /templates/_common/_templates/browser_survey_SMARTKEYS_MASTER_lightbox_UA/js/script.js HTTP/1.1


Accept: */*
Referer: hXXp://nakzz.exclusiverewards.startree.science/?sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: nakzz.exclusiverewards.startree.science
Connection: Keep-Alive
Cookie: ci_session=yOD2kszKwUcO5UeNUiYZU0Ni7Hy9WMSZxq1mEz0iFWdC57iP3mjsyF1+mwm7wyglY4K5OvbsxxeQ7DeMAPzXUkzi/N5etF5oi/3XFc4NW4o0hFvCD0lEOQcz1gTLHsQHPOiSK3B/Pobp4JWJTzjDTaAOAlh6sW7X8KXWRfF4i5p+Y6GEJCmGf9Px7IhVfHweOFX3+chdULR5wMmv7vFmNOmjtjS8QwgulXr/X0rimYwWHNNpNxgln2iB8Q0KUXB+eFnZNZQQTxzywxXdsycYhNHrBe5Cn/ZJ4J3z5Ms23h+Si3t/RI1xC+fMEzBztNscstmemJqAqqfC/shg5HQBMnY+OGBj1gyImD0H8d15qRDVPBMUyShzdkfhK5qotpV3XE+slUOjrcsDnLcIi92h4SYdLBpJugnkpT4NQeYqn6gOKT046DHOFqdBfPnlDRoK0yKBtcld7danE5WTV/19/g==; id=XNSX.-r10845-t68; SITE_ID=73001201; sov=73001201; mov=nr.ytsurvey.mini; redid=10845; gsid=68; URI=sov=73001201&hid=hrhjvtnlvjxjxz&redid=10845&gsid=68&id=XNSX.-r10845-t68; templateid=2582; path=browser_survey_SMARTKEYS_MASTER_lightbox_UA; version=227198; tags[2582][expand_enable]=-1; tags[2582][alert_enable]=1; tags[2582][audio_enable]=0; tags[2582][pop_enable]=0; tags[227198][expand_enable]=-1; tags[227198][alert_enable]=1; tags[227198][audio_enable]=0; tags[227198]
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Sun, 07 Jun 2015 01:15:29 GMT
Content-Type: application/javascript
Last-Modified: Fri, 11 Oct 2013 18:30:48 GMT
Transfer-Encoding: chunked
Expires: Wed, 01 Jun 2016 01:15:29 GMT
Cache-Control: max-age=31104000
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Encoding: gzip
9c0..............iw.6... .....LIv.m..]?'N.^.g7i..q.(..XS.J.>bi.....
.......$....`........} ....>..e.._.d...;.........v2xM.4..HY........
..w.h..}gCF...o.%........... S..,...2.....E.....$...q..lLD.\d..{....[.
...N.l....v..By...a.e<.D.[....'.i|6...z....x...u~.F..d..V*$..-....^
.-..Rj.cqU.{7 [email protected]..].$.5..7mc$./..)-..$...=..).....k...9Ox(...e..C
.z..&..\Y.\_.../..HQ....Q.GC.Ac...F..Qi.A.....i......|...Q..L\R. .J}l[
..=?...$.s.d....\s......c......@7^0...mD.X&.b.|.Ax>.D.FN.9.......-.
f..........D..SFf>.."....i...&..`E:..w..{.fd!.q.2...IP$.66."H.?. ..
_....'...%..........i...F .b.......g({....V.$B.d..1....3g..P........3.
.9..q...?.`!O,.<.R9lt..Y..p....Lb.D....%.1.P...h2...6.\>"..#....
.....A......8....U....)....$D.....L...8..9.J.8.{..K.%.[\..[.o...!]c.S;
m).[.Z.....)...m.p.\...T..#py..Q"......9..P..E..<..|.lS...]r$L.a...
= M....."......hV..mr..._U2.J<..f<...TJ.....H8..*"@L..m.]p.%...Y
8..1......E.Ji1. .F}..l/....EvlO.......P..Z..G.S....X..4...A;mv..e..G.
clV.TU..U...a.....!.`O.9..V....vVx..._.....B...8N.A=Vk......wY_......{
...1.....T..S2.r.......H......k..aytM..b...c<...6...ri1..A.V..^...V
T....q..'.6..L.C..p L....ZU ...)...h......~..nW..h9.s.e..F3.M...v.Z...
D...Z..;...(.t.......`A.. M.9...p..z..S(]y-.....@...._\.P.f.v6..1hTK.:
*..`.-7....{.CT..P..%j...m.b....;I.\...a..r.3.'...YG.Z.Wf.*z.F.^.%6..m
......S.....X.3.g.WB..S....t....'.....'...Pj..k....j.NV..eu....(..2T.b
.)[email protected]/j....a.....W.J./<...v..7....:;....MA........n.....p....@
..y7.dT..ts..R..8.....B.L;lA.F<m1U.ZN[.l;-.............W%..;:y.
<<< skipped >>>






The Trojan connects to the servers at the folowing location(s):







%original file name%.exe_340:




`.rsrc
J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI
j.hTwV
j.hHzV
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug
FJN[[[[[_mx$.6>ACINSU]etuv",,:EP_cjs{|*./;DLV_gjy{ -3>>DP^kp FDKWany
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h
EQW]]]]]ett{'*02?CCRTam||%-9::HQT]alq"(-1??JSU^ekyy"#$$.=JYgkpt|}#')1=KZ[]]^ksy')6?AGN]`nox'.05=AP^fq{}--68ETW]cqv|}$,79GP]lov'(--;EMVYaly#&'4@FGS\eooq *-03AJQ\]]hllz'
GHIIIIIIKSbqvw(.46BCHPTUXYfr{LKOQ]huw|
BQS`````ln|&-7;DMO[ddrtv'5CGGLTWfu!#' 3<<KZbo{{FRWYamx&2?M\ffoz$(6CGP
IT[_____gvCN]ffqv%,7@LNSW]an|*AMSVXbp{!#034<ACLVXdkr .1=@OT`cky')),
GMQ\\\\\defghno{(-6CRaeix}"&-;EMT`ky|'-1
LX^hhhhhmuxz"$/>HJQVV[\dqx#' 8GHQ]ju%% 9:>?KNVeop| '(39>@ITcpx$%*67CGGUW
N\cmmmmmp{{} 0?CDGMXaht (.<=?ILWZiwyz$/49;DHKMSWdsy(56DGS`mv!LR^eghkxy
NX]fffffjkxzCJXamny|".3:GUbkm| -59ESW
CHKQQQQQVao|#-;IT]iip|)0=DQTZbiiov}ICF
GHIIIIIIKW`oxx %89COO^eenop{$*08FLOPUa
()$^.* ?[]|\-{},:=!
GMQ\\\\\]ijkqqu!)-448AAFHUWZant}.69GMU_fnnwz',,6>?NRajy!/4:FOOT]^apvy"&0
invalid _N_type: %d
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale
CHKQQQQQ[dps##%'*./25@JSYekrz>BNZblr! 3?HKZ]hp|)4BPTcrt '5;JJY[iijjx)19FUaoo|*.28;;COXgv%,.<AMOXcdivv
AIP[[[[[^hmns "" 0=>LZiqt!07BGQ[gt"$' 57BEFLXfn|-<DMY`hnv *1;GQYer#;FRY[chlnr{}#.:=FJY]lx)*3AEHW]lt#.<FLRT[_fqt"1>LY^aijw"LKT\^divz'58DLYYY\\_nvz&,9GOPYhkx)15@FST__nu$019>KXguz!#'0456:FS`cr{)888FKR[_mu %,:;JNSVaahhvw!,4>>AAIP\`cklquz!% 2ALST\cqx{ 5BFISSZemox')7<DIOSV^cipv}"08>BKX^_n{#&17?@KKKUdmmq}.7@EOTVZgjv|,6@BJPW\_bir".044<IQ_`hv&47<DNVckq|*038EFQ\
NSTTTTTT_ghhs$1@KN[^dr{)-:IU\kuuw%,49ADGHS_ahqwx$.69FKN]bkz| 1;DEQT\jx$%-1=BGLWcp|-9EIX\ktz"#-8?IP\`bfjmmt (/:EQ]dkns})2>FO^eglqz|"(4:FTU[inpy|#014?@MZhrs"(2:DMZgghpz}&/48=CCOXbo (-02:>HWeq{*-<FKUU[cqx"&'28<EKR_cko{$$:;;?KTcpty"*37;;=DEIT`blw{#0>BFKQZ[hrwx| 0;E
IsWindowsServer
CHKQQQQQZcgmmmmt!),2=FMOZfq}#()3>>>HINXgmw %*7CMZ`kw CELPYcosy),1=HJX`hu&2@@MY]agjjr )8GT[]kp| )45:GG
GHIIIIIIJMX__loruz{&,01@CRT[cpyy!,;;DOP]cmmx'''0>BJXgv%(23@NQW[[`hox'.22
LX^hhhhhou'FGQQYcfhs#&19<BFJVakq %,2@G
GetExternal.cpp
AIP[[[[[abgqrs#(.9GNV[^ggjltx%'456<>CKVWX^hot#)39CFFRTcp $,:GIMNRU]iruuy
GHIIIIIIMVXgu%2<>EFIUdpy)5@JMSS[ioo|$2>K
GHIIIIIIWdlty678CNY\``ehu$3:EM[^ls|%/7:IR`nvv'(,9;DQVelw?EEQSVboy'-2:@OSX]er!#08DPTWakv|(07:HQSVcr
AIP[[[[[abbly"0:GVZ]diw'69GLYZ\dm|'/<=ADP]ggjryz#,9:AIX]_hq (*6?BBGPU_jmn}& 4=DSS\crt!",,,377;DEJKWbiw{"
DSSbbbbbm{!.066;JXbcrt%4:IKNWao{$3?L[[^_
helpJavaScript.cpp
BQS`````cr!(-68GRVWetux ,-9>BCCRT^dmw&5CCMNVajx'5<@EFTZ[fo|,,27<?HST`efqv!(-19EIJV`mxx%&(/3;AEO]fs|(7<BP
GHIIIIIIX_`mmtw! --8BCKUVVep}'6;>GLNT^`dfhtv$ ./49ENYdeory555:IWfss %,
NetBase.cpp
GMQ\\\\\ems#179=?IWbijt} .:APPRTWWes .9FQWeho}$6DO]gkuwz!>BIUYfu#&118AHT\krrz{* .4<DNZ`krx}!!&09DLZ
ERV]]]]]bffo{'./23BLOP[ao{{*66@DMNZeft(DFT__ilxx"),06ABCMZ`cgsz|'/0=HS[emp!!"#$(,59;DJMYdejn{(-4ALUdpzz|$'*9<BDHUciily).7:GQZacfhptw!&./;HWfly)/0<GGS[dhnwx'1?MN[`ffsy
NX]fffffkww".5>MXanooqx!'/8@NP_kx))7?DRacqy!!/0>BESW\^djmx!%*6@KTbbqz$28AFLPSXcrt4=LMVX]hu{,5@BHQ\dls
PictureEx.cpp
c:\logFile.txt
Error opening key.
Key not found.
CheckRegistryKeyExistance
SetStringKey
"exeId":"
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.1.3
CWebBrowser2
mb_00000000-0000-0000-0807-060504030201
mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A
mb_01010101-0101-0101-0101-010101010101
mb_58585858-5858-5858-5858-585858585858
mb_4c4c4544-0000-2010-8020-80c04f202020
mb_11111111-2222-3333-4444-555555555555
mb_11111111-1111-1111-1111-111111111111
mb_00020003-0004-0005-0006-000700080009
mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F
mb_8E275844-178F-44A8-ACEB-A7D7E5178C63
mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F
mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_07090201-0103-0301-0807-060504030201
mb_03000200-0400-0500-0006-000700080009
mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE
mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_00000000-0000-0000-0000-000000000000
0.0.0.0
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp
CNotSupportedException
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
m_msgCur = {
m_pszExeName =
m_nCmdShow =
m_lpCmdLine =
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Warning: no message line prompt for ID 0xX.
Warning: OnUpdateKeyIndicator - unknown indicator 0xX.
Warning: scroll bars in frame windows may cause unusual behaviour.
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp
SENDING control notification %d from control id 0xX to %hs window.
SENDING command id 0xX to %hs target.
No handler for command ID 0xX, disabling it.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp
m_nMsgLast =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp
Error: failed to load message box prompt string 0xx.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp
Warning: unknown WM_MEASUREITEM for menu item 0xX.
hhctrl.ocx
Implementation Warning: control notification = $%X.
Warning: not executing disabled command %d
hWnd = $X (nIDC=$X) is not a %hs.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp
IOleInPlaceObject not supported on OLE control (dialog ID %d).
Persistence not supported on OLE control %ls.
%d. Column ordinal %d: Binding as native data type
%d. Column ordinal %d: Binding a COM object
%d. Column ordinal %d: Binding as an IStream object
%d. Column ordinal %d: Binding as an ISequentialStream object
neither ISequentialStream nor IStream are supported!
IStream is supported
FISequentialStream is supported
Testing streams support...
%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory
%d. Column ordinal %d: Binding length and status ONLY
Number of columns: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h
Unsupported DBTYPE (%d) in column %d
$@Column %d not bound
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp
IGNORING command id 0xX sent to %hs dialog.
Routing command id 0xX to app.
Routing command id 0xX to owner window.
Warning: Creating dialog from within a COleControlModule application is not a supported scenario.
Warning: ExecuteDlgInit failed during dialog init.
ERROR: Dialog with IDD 0xX must have the child style.
ERROR: Dialog with IDD 0xX must be invisible.
ERROR: Cannot find dialog template with IDD 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp
Error: no data exchange control with ID 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp
m_ps.rcPaint =
m_ps.fErase =
m_ps.hdc =
lgpn.lopnColor =
lgpn.lopnWidth.x (width) =
lgpn.lopnStyle =
lb.lbColor =
lb.lbHatch =
lb.lbStyle =
lf.lfFaceName =
lf.lfPitchAndFamily =
lf.lfQuality =
lf.lfClipPrecision =
lf.lfOutPrecision =
lf.lfCharSet =
lf.lfStrikeOut =
lf.lfUnderline =
lf.lfItalic =
lf.lfWeight =
lf.lfOrientation =
lf.lfEscapement =
lf.lfWidth =
lf.lfHeight =
bm.bmBitsPixel =
bm.bmPlanes =
bm.bmWidthBytes =
bm.bmWidth =
bm.bmHeight =
bm.bmType =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp
CHttpConnection
CHttpFile
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp
Unknown status: %d
Internet ctxt=%d:
Warning: throwing CInternetException for error %d
Warning: Extended error reported with no response info
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp
Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp
WM_HOTKEY
WM_SETHOTKEY
WM_IDLEUPDATECMDUI
WM_DDE_EXECUTE
WM_KEYLAST
WM_SYSKEYUP
WM_SYSKEYDOWN
WM_KEYUP
WM_KEYDOWN
WM_VKEYTOITEM
WM_CTLCOLORMSGBOX
WM_USER 0xX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp
Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.
Warning: failed to reclaim %d bytes for memory safety pool.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp
Error: failed to load AfxFormatString string 0xx.
Error: illegal string index requested %d.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp
a %hs object at $%p, %u bytes long
an invalid object at $%p, %u bytes long
faulted while dumping object at $%p, %u bytes long
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp
m_bz.hTask =
m_bz.hResource =
m_bz.lpszTemplate =
m_bz.hInstance =
m_bz.lCustData =
m_bz.lpszCaption =
m_bz.hWndOwner =
m_bz.dwFlags =
m_bz.cbStruct =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c
f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf
f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale
f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c
%s_%0x
%s(%d) :
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c
Client hook allocation failure at file %hs line %d.
Memory allocated at %hs(%d).
Client hook re-allocation failure at file %hs line %d.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
CRT detected that the application wrote to a heap buffer that was freed.
crt block at 0x%p, subtype %x, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
%hs(%d) :
#File Error#(%d) :
Data: <%s> %s
f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c
_CrtDbgReport: String too long or IO Error
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c
This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.
- Attempt to initialize the CRT more than once.
- CRT not initialized
Please contact the application's support team for more information.
- floating point support not loaded
f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c
GetProcessWindowStation
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c
ADVAPI32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\read.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
USER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c
portuguese-brazilian
f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c
operator
Run-Time Check Failure #%d - %s
%s%s%s%s
%s%s%p%s%ld%s%d%s
user32.dll
f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c
MSPDB80.DLL
RegCloseKey
RegOpenKeyExA
f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp
MaxCore.cpp
.?AVCCmdTarget@@
MaxCoreDlg.cpp
.?AVCWebBrowser2@@
.?AVExecuteBase@@
.?AVExecuteFacade@@
Idispimp.cpp
.PAVCInternetException@@
.PAVCFileException@@
Text.cpp
.PAVCOleException@@
.PAVCException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCResourceException@@
.PAVCArchiveException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
zcÁ
R<u.pr
kC-O}
z%CMH
]%uce
o?.DCtO
Ñj\
[.NQ#
NpB0%xm
zcMD
GetCPInfo
GetConsoleOutputCP
GetProcessHeap
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ShellExecuteW
ShellExecuteExW
UrlUnescapeW
URLDownloadToFileW
GetKeyState
CreateDialogIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetCrackUrlW
(.fFb#
1')3-=#3=') '#
hs.SS
<5"95"95"90
;$.:'.:$&:)
(08(03`-035(F*(.RK-
1>" (0:1
(($40 ,( 0 ,4$,0 0 ,
.text
`.rdata
@.data
.rsrc
@.reloc
M\.EW
ghgH%u3
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PAD
KERNEL32.DLL
ADVAPI32.dll
COMDLG32.dll
dbghelp.dll
GDI32.dll
IPHLPAPI.DLL
ole32.dll
OLEACC.dll
OLEAUT32.dll
oledlg.dll
RPCRT4.dll
SHELL32.dll
SHLWAPI.dll
urlmon.dll
USER32.dll
WININET.dll
WINSPOOL.DRV
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h
AtlThrow: hr = 0x%x
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xstring
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =
Id: = index: = score: ] %c
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory
Total list score: d
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =
std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   
hWarning: implicit LoadString(%u) failed
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *
invalid operator<
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec
ExtractIcon.cpp
std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   
std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []
std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =
_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h
std::vector<wchar_t,class std::allocator<wchar_t> >::operator []
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   
std::vector<class argument,class std::allocator<class argument> >::operator []
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   
start.gif
std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
Gstd::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *
%s%s%s
HX
_hd_%S
0mb_%S
SELECT * FROM Win32_OperatingSystem
CACHE_S_FORMATETC_NOTSUPPORTED
CO_E_SERVER_EXEC_FAILURE
MK_E_INTERMEDIATEINTERFACENOTSUPPORTED
OLE_E_ADVISENOTSUPPORTED
REGDB_E_KEYMISSING
UCACHE_E_FIRST...CACHE_E_LAST
CACHE_S_FIRST...CACHE_S_LAST
CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST
CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST
CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST
CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST
CLIPBRD_E_FIRST...CLIPBRD_E_LAST
CLIPBRD_S_FIRST...CLIPBRD_S_LAST
CONVERT10_E_FIRST...CONVERT10_E_LAST
CONVERT10_S_FIRST...CONVERT10_S_LAST
CO_E_FIRST...CO_E_LAST
CO_S_FIRST...CO_S_LAST
DATA_E_FIRST...DATA_E_LAST
DATA_S_FIRST...DATA_S_LAST
DRAGDROP_E_FIRST...DRAGDROP_E_LAST
DRAGDROP_S_FIRST...DRAGDROP_S_LAST
ENUM_E_FIRST...ENUM_E_LAST
ENUM_S_FIRST...ENUM_S_LAST
INPLACE_E_FIRST...INPLACE_E_LAST
INPLACE_S_FIRST...INPLACE_S_LAST
MARSHAL_E_FIRST...MARSHAL_E_LAST
MARSHAL_S_FIRST...MARSHAL_S_LAST
MK_E_FIRST...MK_E_LAST
MK_S_FIRST...MK_S_LAST
OLEOBJ_E_FIRST...OLEOBJ_E_LAST
OLEOBJ_S_FIRST...OLEOBJ_S_LAST
OLE_E_FIRST...OLE_E_LAST
OLE_S_FIRST...OLE_S_LAST
REGDB_E_FIRST...REGDB_E_LAST
REGDB_S_FIRST...REGDB_S_LAST
VIEW_E_FIRST...VIEW_E_LAST
VIEW_S_FIRST...VIEW_S_LAST
FACILITY_WINDOWS
severity: %s, facility: %s ($lX)
range: %s ($lX)
%s ($lX)
Warning: constructing COleException, scode = %s.
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h
ntdll.dll
kernel32.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
%s (%s:%d)
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Error: failed to execute DDE command '%s'.
Warning: DDE command '%s' ignored because window is disabled.
pMRU: open file (%d) '%s'.
Can't register window class named %s
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h
commctrl_DragListMsg
Kf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Binding entry %d failed. Status: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h
GetData failed - HRESULT = 0x%X
m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)
ERROR: Dialog named '%s' must have the child style.
ERROR: Dialog named '%s' must be invisible.
ERROR: Cannot find dialog template named '%s'.
CLSID\%s
Interface\%s
mfcm90ud.dll
QueryInterface(%s) failed
QueryInterface(%s) succeeded
Kcomctl32.dll
Kcomdlg32.dll
Kshell32.dll
Kf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
hXXp://
connecting to socket address '%s'
resolved name for %s!
resolving name for %s
Warning: destroying an open %s with handle %8.8X
Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.
LHTTP/1.0
WININET.DLL
Warning: could not get volume information '%s'.
Warning: could not parse the path '%s'. Path is too long.
Warning: could not parse the path '%s'.
CFile exception: %hs, File %s, OS error information = %ld.
AppMsg
WinMsg
CmdRouting
0xx
%s: hwnd=0xX, msg = 0xX (0xX, 0xX)
%s: hwnd=0xX, msg = %hs (0xX, 0xX)
%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d
%s: Execute '%s'.
Warning: OleInitialize returned scode = %s.
mscoree.dll
nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring
Nf:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp
%S(%d) :
ppCategory && pfnCrtDbgReport
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h
mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)
wcscpy_s(szExeName, 260, L"<program name unknown>")
__crtMessageWindowW
f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
_CrtCheckMemory()
_CrtIsValidHeapPointer(pUserData)
_CrtSetDbgFlag
(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)
_CrtMemCheckpoint
f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c
f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c
nf:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c
("Invalid MBCS character sequence passed to strftime",0)
("Invalid MBCS character sequence passed into strftime",0)
f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h
("Corrupted pointer passed to _freea", 0)
f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c
f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c
W_CrtSetReportHook2
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szExeName, 260, "<program name unknown>")
__crtMessageWindowA
f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c
f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c
fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0
_CrtSetReportMode
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c
nRptType >= 0 && nRptType < _CRT_ERRCNT
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportA
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportW
((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))
f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")
strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")
_NMSG_WRITE
f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c
f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c
WUSER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c
f:\dd\vctools\crt_bld\self_x86\crt\src\close.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c
f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\write.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c
strcpy_s(resultstr, resultsize, autofos.man)
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c
_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2
f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\open.c
0 && "Only UTF-16 little endian & UTF-8 is supported for reads"
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c
("CRT Logic error during setenv",0)
__crtsetenv
c:\%original file name%.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.

%original file name%.exe_340_rwx_00401000_001E2000:




J!"#$J%J&'()*J ,JJJJJJJJ-J.JJ/0J1JJJJJJJJJJJJJJJJJJ23JJ4567JJ8JJJJJ9:;JJJJJ<=JJJJJJJJJJJ>?JJJJJJJJ@JJJJJJAJJJJJBJJCJJJJJJJJJJJDEJJJJJJJFJGJJJJJJJJJJJJHJI
j.hTwV
j.hHzV
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlexcept.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug
FJN[[[[[_mx$.6>ACINSU]etuv",,:EP_cjs{|*./;DLV_gjy{ -3>>DP^kp FDKWany
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocnum
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xlocale
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xiosbase
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\cstringt.h
EQW]]]]]ett{'*02?CCRTam||%-9::HQT]alq"(-1??JSU^ekyy"#$$.=JYgkpt|}#')1=KZ[]]^ksy')6?AGN]`nox'.05=AP^fq{}--68ETW]cqv|}$,79GP]lov'(--;EMVYaly#&'4@FGS\eooq *-03AJQ\]]hllz'
GHIIIIIIKSbqvw(.46BCHPTUXYfr{LKOQ]huw|
BQS`````ln|&-7;DMO[ddrtv'5CGGLTWfu!#' 3<<KZbo{{FRWYamx&2?M\ffoz$(6CGP
IT[_____gvCN]ffqv%,7@LNSW]an|*AMSVXbp{!#034<ACLVXdkr .1=@OT`cky')),
GMQ\\\\\defghno{(-6CRaeix}"&-;EMT`ky|'-1
LX^hhhhhmuxz"$/>HJQVV[\dqx#' 8GHQ]ju%% 9:>?KNVeop| '(39>@ITcpx$%*67CGGUW
N\cmmmmmp{{} 0?CDGMXaht (.<=?ILWZiwyz$/49;DHKMSWdsy(56DGS`mv!LR^eghkxy
NX]fffffjkxzCJXamny|".3:GUbkm| -59ESW
CHKQQQQQVao|#-;IT]iip|)0=DQTZbiiov}ICF
GHIIIIIIKW`oxx %89COO^eenop{$*08FLOPUa
()$^.* ?[]|\-{},:=!
GMQ\\\\\]ijkqqu!)-448AAFHUWZant}.69GMU_fnnwz',,6>?NRajy!/4:FOOT]^apvy"&0
invalid _N_type: %d
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\locale
CHKQQQQQ[dps##%'*./25@JSYekrz>BNZblr! 3?HKZ]hp|)4BPTcrt '5;JJY[iijjx)19FUaoo|*.28;;COXgv%,.<AMOXcdivv
AIP[[[[[^hmns "" 0=>LZiqt!07BGQ[gt"$' 57BEFLXfn|-<DMY`hnv *1;GQYer#;FRY[chlnr{}#.:=FJY]lx)*3AEHW]lt#.<FLRT[_fqt"1>LY^aijw"LKT\^divz'58DLYYY\\_nvz&,9GOPYhkx)15@FST__nu$019>KXguz!#'0456:FS`cr{)888FKR[_mu %,:;JNSVaahhvw!,4>>AAIP\`cklquz!% 2ALST\cqx{ 5BFISSZemox')7<DIOSV^cipv}"08>BKX^_n{#&17?@KKKUdmmq}.7@EOTVZgjv|,6@BJPW\_bir".044<IQ_`hv&47<DNVckq|*038EFQ\
NSTTTTTT_ghhs$1@KN[^dr{)-:IU\kuuw%,49ADGHS_ahqwx$.69FKN]bkz| 1;DEQT\jx$%-1=BGLWcp|-9EIX\ktz"#-8?IP\`bfjmmt (/:EQ]dkns})2>FO^eglqz|"(4:FTU[inpy|#014?@MZhrs"(2:DMZgghpz}&/48=CCOXbo (-02:>HWeq{*-<FKUU[cqx"&'28<EKR_cko{$$:;;?KTcpty"*37;;=DEIT`blw{#0>BFKQZ[hrwx| 0;E
IsWindowsServer
CHKQQQQQZcgmmmmt!),2=FMOZfq}#()3>>>HINXgmw %*7CMZ`kw CELPYcosy),1=HJX`hu&2@@MY]agjjr )8GT[]kp| )45:GG
GHIIIIIIJMX__loruz{&,01@CRT[cpyy!,;;DOP]cmmx'''0>BJXgv%(23@NQW[[`hox'.22
LX^hhhhhou'FGQQYcfhs#&19<BFJVakq %,2@G
GetExternal.cpp
AIP[[[[[abgqrs#(.9GNV[^ggjltx%'456<>CKVWX^hot#)39CFFRTcp $,:GIMNRU]iruuy
GHIIIIIIMVXgu%2<>EFIUdpy)5@JMSS[ioo|$2>K
GHIIIIIIWdlty678CNY\``ehu$3:EM[^ls|%/7:IR`nvv'(,9;DQVelw?EEQSVboy'-2:@OSX]er!#08DPTWakv|(07:HQSVcr
AIP[[[[[abbly"0:GVZ]diw'69GLYZ\dm|'/<=ADP]ggjryz#,9:AIX]_hq (*6?BBGPU_jmn}& 4=DSS\crt!",,,377;DEJKWbiw{"
DSSbbbbbm{!.066;JXbcrt%4:IKNWao{$3?L[[^_
helpJavaScript.cpp
BQS`````cr!(-68GRVWetux ,-9>BCCRT^dmw&5CCMNVajx'5<@EFTZ[fo|,,27<?HST`efqv!(-19EIJV`mxx%&(/3;AEO]fs|(7<BP
GHIIIIIIX_`mmtw! --8BCKUVVep}'6;>GLNT^`dfhtv$ ./49ENYdeory555:IWfss %,
NetBase.cpp
GMQ\\\\\ems#179=?IWbijt} .:APPRTWWes .9FQWeho}$6DO]gkuwz!>BIUYfu#&118AHT\krrz{* .4<DNZ`krx}!!&09DLZ
ERV]]]]]bffo{'./23BLOP[ao{{*66@DMNZeft(DFT__ilxx"),06ABCMZ`cgsz|'/0=HS[emp!!"#$(,59;DJMYdejn{(-4ALUdpzz|$'*9<BDHUciily).7:GQZacfhptw!&./;HWfly)/0<GGS[dhnwx'1?MN[`ffsy
NX]fffffkww".5>MXanooqx!'/8@NP_kx))7?DRacqy!!/0>BESW\^djmx!%*6@KTbbqz$28AFLPSXcrt4=LMVX]hu{,5@BHQ\dls
PictureEx.cpp
c:\logFile.txt
Error opening key.
Key not found.
CheckRegistryKeyExistance
SetStringKey
"exeId":"
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.1.3
CWebBrowser2
mb_00000000-0000-0000-0807-060504030201
mb_09F005AE-AC9D-4FC1-AB7A-24004F6C043A
mb_01010101-0101-0101-0101-010101010101
mb_58585858-5858-5858-5858-585858585858
mb_4c4c4544-0000-2010-8020-80c04f202020
mb_11111111-2222-3333-4444-555555555555
mb_11111111-1111-1111-1111-111111111111
mb_00020003-0004-0005-0006-000700080009
mb_890E2D14-CACD-45D1-AE66-BC80E8BFEB0F
mb_8E275844-178F-44A8-ACEB-A7D7E5178C63
mb_52309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_DC698397-FA54-4CF2-82C8-B1B5307A6A7F
mb_61F39712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_50FB9712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_93309712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_56F49712-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_07090201-0103-0301-0807-060504030201
mb_03000200-0400-0500-0006-000700080009
mb_FEFEFEFE-FEFE-FEFE-FEFE-FEFEFEFEFEFE
mb_FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
mb_00000000-0000-0000-0000-000000000000
0.0.0.0
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemisc.cpp
CNotSupportedException
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtls_.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\strcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxtempl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afx.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winstr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
m_msgCur = {
m_pszExeName =
m_nCmdShow =
m_lpCmdLine =
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxadv.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Warning: no message line prompt for ID 0xX.
Warning: OnUpdateKeyIndicator - unknown indicator 0xX.
Warning: scroll bars in frame windows may cause unusual behaviour.
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxpriv.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcoll.inl
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\cmdtarg.cpp
SENDING control notification %d from control id 0xX to %hs window.
SENDING command id 0xX to %hs target.
No handler for command ID 0xX, disabling it.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp
m_nMsgLast =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui1.cpp
Error: failed to load message box prompt string 0xx.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp
Warning: unknown WM_MEASUREITEM for menu item 0xX.
hhctrl.ocx
Implementation Warning: control notification = $%X.
Warning: not executing disabled command %d
hWnd = $X (nIDC=$X) is not a %hs.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afximpl.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winocc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtls.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occmgr.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occdlg.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occsite.cpp
IOleInPlaceObject not supported on OLE control (dialog ID %d).
Persistence not supported on OLE control %ls.
%d. Column ordinal %d: Binding as native data type
%d. Column ordinal %d: Binding a COM object
%d. Column ordinal %d: Binding as an IStream object
%d. Column ordinal %d: Binding as an ISequentialStream object
neither ISequentialStream nor IStream are supported!
IStream is supported
FISequentialStream is supported
Testing streams support...
%d. Column ordinal %d: Binding by reference in provider allocated, consumer owned memory
%d. Column ordinal %d: Binding length and status ONLY
Number of columns: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atldbcli.h
Unsupported DBTYPE (%d) in column %d
$@Column %d not bound
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp
IGNORING command id 0xX sent to %hs dialog.
Routing command id 0xX to app.
Routing command id 0xX to owner window.
Warning: Creating dialog from within a COleControlModule application is not a supported scenario.
Warning: ExecuteDlgInit failed during dialog init.
ERROR: Dialog with IDD 0xX must have the child style.
ERROR: Dialog with IDD 0xX must be invisible.
ERROR: Cannot find dialog template with IDD 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occcont.cpp
Error: no data exchange control with ID 0xX.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleunk.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxole.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdi.cpp
m_ps.rcPaint =
m_ps.fErase =
m_ps.hdc =
lgpn.lopnColor =
lgpn.lopnWidth.x (width) =
lgpn.lopnStyle =
lb.lbColor =
lb.lbHatch =
lb.lbStyle =
lf.lfFaceName =
lf.lfPitchAndFamily =
lf.lfQuality =
lf.lfClipPrecision =
lf.lfOutPrecision =
lf.lfCharSet =
lf.lfStrikeOut =
lf.lfUnderline =
lf.lfItalic =
lf.lfWeight =
lf.lfOrientation =
lf.lfEscapement =
lf.lfWidth =
lf.lfHeight =
bm.bmBitsPixel =
bm.bmPlanes =
bm.bmWidthBytes =
bm.bmWidth =
bm.bmHeight =
bm.bmType =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxstate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\elements.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcobj.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arccore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\objcore.cpp
CHttpConnection
CHttpFile
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\inet.cpp
Unknown status: %d
Internet ctxt=%d:
Warning: throwing CInternetException for error %d
Warning: Extended error reported with no response info
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olevar.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appui3.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olelock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winutil.cpp
Warning: Shrinking safety pool from %d to %d to satisfy request of %d bytes.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpcont.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmenu.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wingdix.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\bartool.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_o.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxcmn.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\plex.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_b.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_w.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_d.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_p.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_pp.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_wo.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_so.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\map_ss.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcomm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxcrit.cpp
WM_HOTKEY
WM_SETHOTKEY
WM_IDLEUPDATECMDUI
WM_DDE_EXECUTE
WM_KEYLAST
WM_SYSKEYUP
WM_SYSKEYDOWN
WM_KEYUP
WM_KEYDOWN
WM_VKEYTOITEM
WM_CTLCOLORMSGBOX
WM_USER 0xX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\afxtrace.cpp
Warning: Unable to unpack WM_DDE_EXECUTE lParam lX.
Warning: failed to reclaim %d bytes for memory safety pool.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winhand.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occevent.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filemem.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\arcstrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgtempl.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleenum.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\apphelp.cpp
Error: failed to load AfxFormatString string 0xx.
Error: illegal string index requested %d.
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxmt.inl
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filest.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpout.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\fixalloc.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledisp1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olecnvrt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olemsgf.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\occlock.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledobj2.cpp
a %hs object at $%p, %u bytes long
an invalid object at $%p, %u bytes long
faulted while dumping object at $%p, %u bytes long
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dumpinit.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledlgs2.cpp
m_bz.hTask =
m_bz.hResource =
m_bz.lpszTemplate =
m_bz.hInstance =
m_bz.lCustData =
m_bz.lpszCaption =
m_bz.hWndOwner =
m_bz.dwFlags =
m_bz.cbStruct =
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledoc1.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\list_o.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c
f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf
f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale
f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c
%s_%0x
%s(%d) :
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atlbase.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c
Client hook allocation failure at file %hs line %d.
Memory allocated at %hs(%d).
Client hook re-allocation failure at file %hs line %d.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
CRT detected that the application wrote to a heap buffer that was freed.
crt block at 0x%p, subtype %x, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
%hs(%d) :
#File Error#(%d) :
Data: <%s> %s
f:\dd\vctools\crt_bld\self_x86\crt\src\setvbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c
_CrtDbgReport: String too long or IO Error
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\w_env.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c
This is an unsupported way to load Visual C   DLLs. You need to modify your application to build with a manifest.
- Attempt to initialize the CRT more than once.
- CRT not initialized
Please contact the application's support team for more information.
- floating point support not loaded
f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c
GetProcessWindowStation
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c
ADVAPI32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\read.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
USER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c
portuguese-brazilian
f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c
operator
Run-Time Check Failure #%d - %s
%s%s%s%s
%s%s%p%s%ld%s%d%s
user32.dll
f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c
MSPDB80.DLL
RegCloseKey
RegOpenKeyExA
f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appmodul.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp
MaxCore.cpp
.?AVCCmdTarget@@
MaxCoreDlg.cpp
.?AVCWebBrowser2@@
.?AVExecuteBase@@
.?AVExecuteFacade@@
Idispimp.cpp
.PAVCInternetException@@
.PAVCFileException@@
Text.cpp
.PAVCOleException@@
.PAVCException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCResourceException@@
.PAVCArchiveException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
zcÁ
R<u.pr
kC-O}
z%CMH
]%uce
o?.DCtO
Ñj\
[.NQ#
NpB0%xm
zcMD
GetCPInfo
GetConsoleOutputCP
GetProcessHeap
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ShellExecuteW
ShellExecuteExW
UrlUnescapeW
URLDownloadToFileW
GetKeyState
CreateDialogIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetCrackUrlW
(.fFb#
1')3-=#3=') '#
hs.SS
<5"95"95"90
;$.:'.:$&:)
(08(03`-035(F*(.RK-
1>" (0:1
(($40 ,( 0 ,4$,0 0 ,
.text
`.rdata
@.data
.rsrc
@.reloc
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xutility
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlsimpstr.h
AtlThrow: hr = 0x%x
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\vector
std::_Vector_const_iterator<unsigned int,class std::allocator<unsigned int> >::operator  =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xstring
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator *
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator *
std::_Vector_const_iterator<struct offerStruct *,class std::allocator<struct offerStruct *> >::operator  =
std::_Vector_const_iterator<class std::vector<unsigned int,class std::allocator<unsigned int> > *,class std::allocator<class std::vector<unsigned int,class std::allocator<unsigned int> > *> >::operator  =
Id: = index: = score: ] %c
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\memory
Total list score: d
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator *
std::_Vector_const_iterator<unsigned char,class std::allocator<unsigned char> >::operator  =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\ostream
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator  =
std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >::operator []
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *
std::_Vector_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator   
hWarning: implicit LoadString(%u) failed
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlconv.h
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\xtree
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<int,wchar_t const *,struct std::less<int>,class std::allocator<struct std::pair<int const ,wchar_t const *> >,0> >::const_iterator::operator *
invalid operator<
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::operator *
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Dec
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,unsigned long,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,unsigned long> >,0> >::const_iterator::_Inc
std::_Tree<class std::_Tmap_traits<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > >,struct std::less<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > >,class std::allocator<struct std::pair<class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > const ,class ATL::CStringT<wchar_t,class StrTraitMFC<wchar_t,class ATL::ChTraitsCRT<wchar_t> > > > >,0> >::const_iterator::_Dec
ExtractIcon.cpp
std::vector<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator []
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\list
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator *
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator   
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\regex
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\include\algorithm
std::list<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Const_iterator<1>::operator --
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   
std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []
std::_Vector_const_iterator<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator  =
_std::_Vector_const_iterator<char,class std::allocator<char> >::operator *
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\atlcomcli.h
std::vector<wchar_t,class std::allocator<wchar_t> >::operator []
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator  =
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator *
std::_Vector_const_iterator<wchar_t,class std::allocator<wchar_t> >::operator   
std::vector<class argument,class std::allocator<class argument> >::operator []
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator  =
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator *
std::_Vector_const_iterator<class argument,class std::allocator<class argument> >::operator   
start.gif
std::vector<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator []
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator *
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator   
std::_Vector_const_iterator<struct CPictureEx::TFrame,class std::allocator<struct CPictureEx::TFrame> >::operator  =
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
Gstd::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator ==
std::_Tree<class std::_Tmap_traits<unsigned int,class CTrayIcon *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class CTrayIcon *> >,0> >::const_iterator::operator *
%s%s%s
HX
_hd_%S
0mb_%S
SELECT * FROM Win32_OperatingSystem
CACHE_S_FORMATETC_NOTSUPPORTED
CO_E_SERVER_EXEC_FAILURE
MK_E_INTERMEDIATEINTERFACENOTSUPPORTED
OLE_E_ADVISENOTSUPPORTED
REGDB_E_KEYMISSING
UCACHE_E_FIRST...CACHE_E_LAST
CACHE_S_FIRST...CACHE_S_LAST
CLASSFACTORY_E_FIRST...CLASSFACTORY_E_LAST
CLASSFACTORY_S_FIRST...CLASSFACTORY_S_LAST
CLIENTSITE_E_FIRST...CLIENTSITE_E_LAST
CLIENTSITE_S_FIRST...CLIENTSITE_S_LAST
CLIPBRD_E_FIRST...CLIPBRD_E_LAST
CLIPBRD_S_FIRST...CLIPBRD_S_LAST
CONVERT10_E_FIRST...CONVERT10_E_LAST
CONVERT10_S_FIRST...CONVERT10_S_LAST
CO_E_FIRST...CO_E_LAST
CO_S_FIRST...CO_S_LAST
DATA_E_FIRST...DATA_E_LAST
DATA_S_FIRST...DATA_S_LAST
DRAGDROP_E_FIRST...DRAGDROP_E_LAST
DRAGDROP_S_FIRST...DRAGDROP_S_LAST
ENUM_E_FIRST...ENUM_E_LAST
ENUM_S_FIRST...ENUM_S_LAST
INPLACE_E_FIRST...INPLACE_E_LAST
INPLACE_S_FIRST...INPLACE_S_LAST
MARSHAL_E_FIRST...MARSHAL_E_LAST
MARSHAL_S_FIRST...MARSHAL_S_LAST
MK_E_FIRST...MK_E_LAST
MK_S_FIRST...MK_S_LAST
OLEOBJ_E_FIRST...OLEOBJ_E_LAST
OLEOBJ_S_FIRST...OLEOBJ_S_LAST
OLE_E_FIRST...OLE_E_LAST
OLE_S_FIRST...OLE_S_LAST
REGDB_E_FIRST...REGDB_E_LAST
REGDB_S_FIRST...REGDB_S_LAST
VIEW_E_FIRST...VIEW_E_LAST
VIEW_S_FIRST...VIEW_S_LAST
FACILITY_WINDOWS
severity: %s, facility: %s ($lX)
range: %s ($lX)
%s ($lX)
Warning: constructing COleException, scode = %s.
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlalloc.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlsimpstr.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlconv.h
ntdll.dll
kernel32.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
%s (%s:%d)
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Error: failed to execute DDE command '%s'.
Warning: DDE command '%s' ignored because window is disabled.
pMRU: open file (%d) '%s'.
Can't register window class named %s
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
WinHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
HtmlHelp: pszHelpFile = '%s', dwData: $%lx, fuCommand: %d.
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h
commctrl_DragListMsg
Kf:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Binding entry %d failed. Status: %d
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.h
GetData failed - HRESULT = 0x%X
m_pColumnInfo[nColumn].ulColumnSize == sizeof(ctype)
ERROR: Dialog named '%s' must have the child style.
ERROR: Dialog named '%s' must be invisible.
ERROR: Cannot find dialog template named '%s'.
CLSID\%s
Interface\%s
mfcm90ud.dll
QueryInterface(%s) failed
QueryInterface(%s) succeeded
Kcomctl32.dll
Kcomdlg32.dll
Kshell32.dll
Kf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
hXXp://
connecting to socket address '%s'
resolved name for %s!
resolving name for %s
Warning: destroying an open %s with handle %8.8X
Warning: Disconnecting %s handle %8.8X in context %8.8X at destruction.
LHTTP/1.0
WININET.DLL
Warning: could not get volume information '%s'.
Warning: could not parse the path '%s'. Path is too long.
Warning: could not parse the path '%s'.
CFile exception: %hs, File %s, OS error information = %ld.
AppMsg
WinMsg
CmdRouting
0xx
%s: hwnd=0xX, msg = 0xX (0xX, 0xX)
%s: hwnd=0xX, msg = %hs (0xX, 0xX)
%s: Advise item='%s', Format='%s', Ack=%d, Defer Update= %d
%s: Execute '%s'.
Warning: OleInitialize returned scode = %s.
ole32.dll
mscoree.dll
nf:\dd\vctools\crt_bld\self_x86\crt\src\xstring
Nf:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atldebugapi.cpp
%S(%d) :
ppCategory && pfnCrtDbgReport
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlmem.h
f:\dd\vctools\vc7libs\ship\atlmfc\include\atltime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlbase.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomtime.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcore.h
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\allocate.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\atl\atls\atltracemodulemanager.h
mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)
wcscpy_s(szExeName, 260, L"<program name unknown>")
__crtMessageWindowW
f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tsplitpath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\tmakepath_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
_CrtCheckMemory()
_CrtIsValidHeapPointer(pUserData)
_CrtSetDbgFlag
(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)
_CrtMemCheckpoint
f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c
f:\dd\vctools\crt_bld\self_x86\crt\src\rewind.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wprintf.c
nf:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c
("Invalid MBCS character sequence passed to strftime",0)
("Invalid MBCS character sequence passed into strftime",0)
f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h
("Corrupted pointer passed to _freea", 0)
f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fsetpos.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\atof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wtof.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcslwr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsinc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsdup.c
f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c
W_CrtSetReportHook2
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szExeName, 260, "<program name unknown>")
__crtMessageWindowA
f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputws.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c
f:\dd\vctools\crt_bld\self_x86\crt\src\clearerr.c
fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0
_CrtSetReportMode
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c
nRptType >= 0 && nRptType < _CRT_ERRCNT
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportA
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportW
((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))
f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgetwc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c
KERNEL32.DLL
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), rterrs[tblindx].rterrtxt)
strcat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "\n\n")
strcpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), "Runtime Error!\n\nProgram: ")
_NMSG_WRITE
f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c
f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c
WUSER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c
f:\dd\vctools\crt_bld\self_x86\crt\src\close.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c
f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\write.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftelli64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c
strcpy_s(resultstr, resultsize, autofos.man)
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c
_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2
f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\open.c
0 && "Only UTF-16 little endian & UTF-8 is supported for reads"
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c
("CRT Logic error during setenv",0)
__crtsetenv
c:\%original file name%.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.

iexplore.exe_1160:




%?9-*09,*19}*09
.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
SHLWAPI.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
rsabase.dll
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
watson.microsoft.com
IEWatsonURL
%s -h %u
iedw.exe
Iexplore.XPExceptionFilter
jscript.DLL
mshtml.dll
mlang.dll
urlmon.dll
wininet.dll
shdocvw.DLL
browseui.DLL
comctl32.DLL
IEXPLORE.EXE
iexplore.pdb
ADVAPI32.dll
MsgWaitForMultipleObjects
IExplorer.EXE
IIIIIB(II<.Fg
7?_____ZZSSH%
)z.UUUUUUUU
,....Qym
````2```
{.QLQIIIKGKGKGKGKGKG
;33;33;0
8888880
8887080
browseui.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
Windows
Operating System
6.00.2900.5512

WPFFontCache_v0400.exe_4044:




.text
`.data
@.rsrc
@.reloc
t1Ht.Ht
Ht.Ht
8Y%u(
Ht.Ht$Ht
tGHt;Ht.Ht$Ht
!!"$%%&$%%&())*
%s %s line %d
SHELL32.dll
RPCRT4.dll
MSVCR100_CLR0400.dll
KERNEL32.dll
ADVAPI32.dll
RegNotifyChangeKeyValue
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
GetSystemWindowsDirectoryW
_crt_debugger_hook
_amsg_exit
wpffontcache_v0400.pdb
.?AVMalformedKeyException@@
.?AVNotSupportedException@@
6666666666666666
666666666666
6666666
8888888
!"#$%&'()* ,-./
0000000000000
#@$@$@$@$
@:@$@$@$@$@$@$@$@$@$@$
!"#$%&'()* ,-./0
%&'(gggg)* ,..........................................................................................MMMM..
4444444444444
#$%&'()* 
!!!!"#$%&'()* ,-./0123456789:;<=
KEYW
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="wpffontcache_v0400" type="win32"></assemblyIdentity><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
4 4}455<5
:":&:*:.:2:
0!0&0,03090?0
1 1$1(1,1014181
>0>8>`>~>
1$1@1\1|1
Software\Microsoft\Avalon.Graphics
kernel32.dll
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
MARLETT.TTF
E\\?\
\WPFFontCache_v0400-System.dat
{2da8dded-086f-4cb9-a77f-b974b9cb0186}
\\?\UNC\
{00000000-0000-0000-0000-000000000000}
\\?\Volume
yKERNEL32.DLL
KeySize
ElementMalformedKeyTask
CacheMissReportReceivedTask
wpffontcache_v0400.exe
4.0.30319.1 built by: RTMRel
.NET Framework
4.0.30319.1

MixVideoPlayer.exe_3900_rwx_03D10000_00010000:




PresentationFramework.classic
PresentationFramework.Aero

MixVideoPlayer.exe_3900_rwx_04F70000_00009000:




WindowsFormsIntegration






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    mixvideoplayersetup.exe:1680
    WPFFontCache_v0400.exe:4044
    DeleteTasks.exe:3136
    LTV2.exe:1128
    LTV2.exe:3376
    LTV2.exe:2132
    

    2. 

  2. Delete the original Trojan file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan:
    

    %Program Files%\MixVideoPlayer\Languages\ChineseT.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\Swedish.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\Danish.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\Hungarian.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\Estonian.ini (3 bytes)
    %Program Files%\MixVideoPlayer\dotNetFx40_Full_setup.exe (30344 bytes)
    %Program Files%\MixVideoPlayer\Languages\Slovak.ini (3 bytes)
    %Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.config (377 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\AccessControl.dll (15 bytes)
    %Program Files%\MixVideoPlayer\BrowserWeb.exe (2392 bytes)
    %Program Files%\MixVideoPlayer\references\libreria.png (244 bytes)
    %Program Files%\MixVideoPlayer\Languages\Norwegian.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\German.ini (3 bytes)
    %Program Files%\MixVideoPlayer\references\PhotoLoader.dll (784 bytes)
    %Program Files%\MixVideoPlayer\Languages\Slovenian.ini (3 bytes)
    %Program Files%\MixVideoPlayer\PhotoLoader.dll (784 bytes)
    %Program Files%\MixVideoPlayer\Languages\Czech.ini (3 bytes)
    %Program Files%\MixVideoPlayer\references\mixChecker.exe (27704 bytes)
    %Program Files%\MixVideoPlayer\Languages\Polish.ini (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\NSISdl.dll (15 bytes)
    %Program Files%\MixVideoPlayer\references\Interop.SHDocVw.dll (5064 bytes)
    %Program Files%\MixVideoPlayer\Languages\Catalan.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\ChineseS.ini (3 bytes)
    %Program Files%\MixVideoPlayer\mixvideoplayer.affcode (3 bytes)
    %Program Files%\MixVideoPlayer\uninstall.exe (3865 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\nsProcess.dll (4 bytes)
    %Program Files%\MixVideoPlayer\icon.ico (12536 bytes)
    %Program Files%\MixVideoPlayer\Languages\Thai.ini (5 bytes)
    %Program Files%\MixVideoPlayer\references\extvideo.png (146 bytes)
    %Program Files%\MixVideoPlayer\references\extaudio.png (310 bytes)
    %Program Files%\MixVideoPlayer\Languages\Russian.ini (5 bytes)
    %Program Files%\MixVideoPlayer\Languages\Bulgarian.ini (5 bytes)
    %Program Files%\MixVideoPlayer\Languages\Hindi.ini (6 bytes)
    %Program Files%\MixVideoPlayer\Languages\Latvian.ini (3 bytes)
    %Program Files%\MixVideoPlayer\NLog.dll (14184 bytes)
    %Program Files%\MixVideoPlayer\Languages\Italian.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\Korean.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\French.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\Romanian.ini (3 bytes)
    %Program Files%\MixVideoPlayer\icon-uninstall.ico (3616 bytes)
    %Program Files%\MixVideoPlayer\Languages\Vietnamese.ini (4 bytes)
    %Program Files%\MixVideoPlayer\Newtonsoft.Json.dll (16944 bytes)
    %Program Files%\MixVideoPlayer\references\taglib-sharp.dll (15536 bytes)
    %Program Files%\MixVideoPlayer\FrameworkControl.exe (12024 bytes)
    %Program Files%\MixVideoPlayer\references\Newtonsoft.Json.dll (15536 bytes)
    %Program Files%\MixVideoPlayer\Languages\Indonesian.ini (3 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\Uninstall MixVideoPlayer.lnk (1 bytes)
    %Program Files%\MixVideoPlayer\Languages\HaitianCreole.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Windows\Thumbs.db (1856 bytes)
    %Program Files%\MixVideoPlayer\Languages\Greek.ini (5 bytes)
    %Program Files%\MixVideoPlayer\Languages\Hebrew.ini (4 bytes)
    %Program Files%\MixVideoPlayer\Languages\Finnish.ini (3 bytes)
    %Program Files%\MixVideoPlayer\references\NDde.dll (3616 bytes)
    %Program Files%\MixVideoPlayer\taglib-sharp.dll (15536 bytes)
    %Program Files%\MixVideoPlayer\mixUpdater.exe (13368 bytes)
    %Program Files%\MixVideoPlayer\Snowplow.Tracker.dll (784 bytes)
    %Program Files%\MixVideoPlayer\MixVideoPlayer.exe (82435 bytes)
    %Program Files%\MixVideoPlayer\Languages\Japanese.ini (4 bytes)
    %Program Files%\MixVideoPlayer\Languages\Portuguese.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Sider.dll (5064 bytes)
    %Program Files%\MixVideoPlayer\Windows\logopeq-icon.ico (9608 bytes)
    %Program Files%\MixVideoPlayer\LTV2.exe (6 bytes)
    %Program Files%\MixVideoPlayer\Controls\ifishplayer-icon2.ico (12536 bytes)
    %Program Files%\MixVideoPlayer\Languages\Ukrainian.ini (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\SimpleSC.dll (1856 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\ZipDLL.dll (6360 bytes)
    %Program Files%\MixVideoPlayer\Microsoft.Win32.TaskScheduler.dll (8560 bytes)
    %Program Files%\MixVideoPlayer\mixvideoplayer.uidnum (23 bytes)
    %Program Files%\MixVideoPlayer\Languages\Arabic.ini (4 bytes)
    %Program Files%\MixVideoPlayer\Languages\Turkish.ini (3 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\MixVideoPlayer\MixVideoPlayer.lnk (1 bytes)
    %Program Files%\MixVideoPlayer\Languages\Dutch.ini (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp (183067 bytes)
    %Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.dll (3 bytes)
    %Program Files%\MixVideoPlayer\Languages\English.ini (3 bytes)
    %Program Files%\MixVideoPlayer\Controls\Thumbs.db (1552 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk (1 bytes)
    %Program Files%\MixVideoPlayer\Languages\Spanish.ini (3 bytes)
    %Documents and Settings%\%current user%\Desktop\MixVideoPlayer.lnk (1 bytes)
    %Program Files%\MixVideoPlayer\references\policy.2.0.taglib-sharp.config (377 bytes)
    %Program Files%\MixVideoPlayer\DeleteTasks.exe (10 bytes)
    %Program Files%\MixVideoPlayer\references\Thumbs.db (5 bytes)
    %Program Files%\MixVideoPlayer\Languages\Lithuanian.ini (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp\System.dll (11 bytes)
    %Program Files%\MixVideoPlayer\policy.2.0.taglib-sharp.dll (3 bytes)
    %Program Files%\MixVideoPlayer\LTVNetSdk.dll (14 bytes)
    %Program Files%\MixVideoPlayer\references\folder.png (472 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (511 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\400x400[1].jpg (392 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[2].txt (811 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\log.txt (134 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (326 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\arw[1].png (342 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\banner[1].htm (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\analytics[1].htm (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\24076105-12002703[1].gif (5 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@n149adserv[1].txt (635 bytes)
    %System%\d3d9caps.tmp (2648 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\show_ads[1].js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\jquery.min[2].js (3480 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\MainBanner[1].htm (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\jquery.min[1].js (3480 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\analytics[1].js (740 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\jquery.min[1].js (3155 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[2].txt (4447 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\ga[1].js (1435 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\arw[1].png (342 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\mixvideoplayer\config\config.ini (252 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (5820 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@mixvideoplayer[1].txt (3920 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1024 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\msjava[1].dll (465777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\d994d9b8-adc1-49f2-b1f8-68d491dfe8cd\mixvideoplayersetup.exe (1792168 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\progress-bar[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\i-download[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\style[1].css (114 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\style[1].css (5353 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\MixVideoPlayerSetup[1].exe (1792168 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\loading-install[1].gif (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\5XC8I6TV\bullet-short[1].gif (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5U34TQV\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1TN0QDR9\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHE78PYJ\loadingBar[1].gif (7812 bytes)
    %System%\wbem\Logs\wbemprox.log (675 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 

  5. Reboot the computer.
    6. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now