Virus.Win32.Expiro_0be7eeb47d

by malwarelabrobot on March 17th, 2016 in Malware Descriptions.

Win32.Expiro.Gen.4 (B) (Emsisoft), Trojan.Win32.Delphi.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR, VirusExpiro.YR (Lavasoft MAS)
Behaviour: Trojan, Virus, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 0be7eeb47de40c88679b248a3ccd8d08
SHA1: 2395c3660033e795a12a9e64cdaf815fefaff583
SHA256: 4f813887dde903eac31040343c616d6db6eace6bb5ec8eb9c3276c04f1282ffa
SSDeep: 6144:eiTjnA0IQhaFCpcw1DjCMBVVGqiQh 48nI/nbGgu7CvAUZ:eqs0/hR1DjCMFGlK 4J/b/iUZ
Size: 364544 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-10-24 17:51:06
Analyzed on: WindowsXP SP3 32-bit


Summary:

Virus. A program that recursively replicates a possibly evolved copy of itself.

Payload

No specific payload has been found.

Process activity

The Virus creates the following process(es):

TASKKILL.exe:212
TASKKILL.exe:772
TASKKILL.exe:1524
TASKKILL.exe:320
TASKKILL.exe:2020
TASKKILL.exe:172
TASKKILL.exe:2012
verclsid.exe:1176
verclsid.exe:484
verclsid.exe:1056
verclsid.exe:1600
verclsid.exe:1604
verclsid.exe:320
verclsid.exe:916
impulse_setupfull.exe:1796
mscorsvw.exe:252
mscorsvw.exe:1028
%original file name%.exe:2040
cidaemon.exe:1988

The Virus injects its code into the following process(es):

cisvc.exe:1500
GameStopApp_setup.exe:1108

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process cisvc.exe:1500 makes changes in the file system.
The Virus creates and/or writes to the following file(s):

%System%\wbem\jbfdpfdn.tmp (1647 bytes)
%System%\CatRoot2 (96 bytes)
C:\System Volume Information\catalog.wci\00000002.ps2 (3515 bytes)
%WinDir%\SoftwareDistribution (4 bytes)
C:\System Volume Information\catalog.wci\00000002.ps1 (1001 bytes)
%WinDir%\pchealth\helpctr\System\images (4 bytes)
C:\System Volume Information\catalog.wci\00010008.ci (1202 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5 (4 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2 (4 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee (4 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.001 (240 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.000 (43440 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.002 (240 bytes)
%WinDir%\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 (4 bytes)
%WinDir%\pchealth\helpctr\System\panels (4 bytes)
C:\System Volume Information\catalog.wci\INDEX.002 (68 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (7433 bytes)
C:\System Volume Information\catalog.wci\INDEX.000 (12480 bytes)
C:\System Volume Information\catalog.wci\INDEX.001 (68 bytes)
C:\System Volume Information\catalog.wci\00010001.dir (16 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\plug_ins3d (4 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af (4 bytes)
%System%\dmadmin.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\dreamcatch.xml (144 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\app.dat (3200 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (2364 bytes)
%Documents and Settings%\Default User (540 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9 (4 bytes)
%WinDir%\pchealth\helpctr\System (4 bytes)
C:\$Directory (5824 bytes)
%System%\aadbnpka.tmp (315 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Total Commander (4 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.000 (19200 bytes)
%WinDir%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 (4 bytes)
%Documents and Settings%\%current user%\My Documents (4 bytes)
%System%\config (120 bytes)
%System%\scardsvr.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC (4 bytes)
%WinDir%\Prefetch (1056 bytes)
%Documents and Settings%\All Users\Application Data (4 bytes)
%System%\tlntsvr.exe (1425 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bethesda.xml (601 bytes)
%System%\CatRoot (4 bytes)
C:\System Volume Information\catalog.wci\00010004.dir (16 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (8446 bytes)
%WinDir%\assembly\GAC_32 (4 bytes)
%Documents and Settings%\Default User\Start Menu\Programs\Accessories\Accessibility (4 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.0 (4 bytes)
%System%\msiexec.exe (1425 bytes)
%System% (31924 bytes)
%System%\config\systemprofile\Application Data\Microsoft (4 bytes)
%Program Files%\Adobe\Reader 9.0\Resource\Font (4 bytes)
%System%\bephgpio.tmp (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1 (53 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30 (4 bytes)
%WinDir%\Installer\$PatchCache$\Managed (4 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.res (14405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624 (24 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs (96 bytes)
%Program Files%\Common Files\Microsoft Shared\OFFICE14 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp (8 bytes)
%Program Files%\WIRESHARK (212 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\WPF (4 bytes)
%WinDir%\assembly\GAC_MSIL (36 bytes)
%WinDir%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 (4 bytes)
%System%\ups.exe (1281 bytes)
%Documents and Settings%\NetworkService\Local Settings (4 bytes)
%WinDir%\SoftwareDistribution\Download (45 bytes)
%System%\oobe\html (4 bytes)
%System%\sessmgr.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\blitzgames.xml (36 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109 (4 bytes)
C:\$ConvertToNonresident (4593 bytes)
%WinDir%\ime (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973 (12 bytes)
%WinDir%\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation (8 bytes)
%Documents and Settings%\%current user%\Cookies (192 bytes)
C:\ (8 bytes)
%Documents and Settings%\%current user%\Favorites (4 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50 (4 bytes)
%System%\bfdleoan.tmp (317 bytes)
C:\System Volume Information\catalog.wci\CiST0000.000 (54960 bytes)
C:\System Volume Information\catalog.wci\CiST0000.001 (18500 bytes)
C:\System Volume Information\catalog.wci\CiST0000.002 (18500 bytes)
C:\System Volume Information\catalog.wci\CiP10000.000 (7440 bytes)
C:\System Volume Information\catalog.wci\CiP10000.001 (20 bytes)
C:\System Volume Information\catalog.wci\CiP10000.002 (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\atari.xml (601 bytes)
C:\System Volume Information\catalog.wci\00010004.ci (2850 bytes)
%WinDir%\Microsoft.NET\assembly\GAC_32 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.exe (14770 bytes)
%Program Files%\WinPcap\kfmalkjc.tmp (327 bytes)
%WinDir%\Temp\Perflib_Perfdata_668.dat (4 bytes)
%System%\dllhost.exe (1281 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation (4 bytes)
%Documents and Settings%\LocalService (8 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b (4 bytes)
%System%\config\AppEvent.Evt (824 bytes)
%WinDir%\WinSxS (116 bytes)
%System%\fgdaahll.tmp (1811 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas# (4 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US (4 bytes)
%WinDir% (2632 bytes)
%WinDir%\pchealth\helpctr\OfflineCache (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users (4 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d (4 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e (4 bytes)
C:\System Volume Information\catalog.wci\00010009.dir (16 bytes)
C:\PROGRAM FILES (16 bytes)
%Documents and Settings%\Default User\Templates (4 bytes)
C:\System Volume Information\catalog.wci\0001000C.ci (2562 bytes)
%WinDir%\Help\Tours\WindowsMediaPlayer\Img (4 bytes)
C:\System Volume Information\catalog.wci\00010003.ci (2850 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32 (28 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9 (4 bytes)
C:\System Volume Information\catalog.wci\CiVP0000.000 (240 bytes)
C:\System Volume Information\catalog.wci\00010001.ci (118 bytes)
%Documents and Settings%\Default User\Local Settings (4 bytes)
%WinDir%\$hf_mig$ (8 bytes)
%System%\spool\XPSEP\amd64 (4 bytes)
%System%\lbflmcjf.tmp (245 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles (4 bytes)
%System%\wbem\Repository\FS (12 bytes)
%WinDir%\ime\imjp8_1 (4 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074 (4 bytes)
%Program Files%\Adobe\Reader 9.0\Resource (4 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\SystemCache\6.0 (8 bytes)
%System%\hnaacngl.tmp (1663 bytes)
%Documents and Settings%\LocalService\Application Data\Microsoft (4 bytes)
%WinDir%\Help\Tours\WindowsMediaPlayer (4 bytes)
%Documents and Settings%\NetworkService (8 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c (4 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80 (4 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f (4 bytes)
%WinDir%\Web\Wallpaper (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft (4 bytes)
%Program Files%\Microsoft Office\Office14 (4 bytes)
%System%\config\SysEvent.Evt (320 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501 (4 bytes)
%WinDir%\Temp (8 bytes)
%WinDir%\Installer (8 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\PresentationFramewo# (4 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59 (4 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdp.xml (20 bytes)
%Documents and Settings%\All Users (8 bytes)
C:\System Volume Information\catalog.wci\00010007.dir (16 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a (4 bytes)
C:\System Volume Information\catalog.wci\CiP20000.002 (24 bytes)
C:\System Volume Information\catalog.wci\CiP20000.001 (20 bytes)
C:\System Volume Information\catalog.wci\CiP20000.000 (6720 bytes)
%System%\wbem\Repository\FS\OBJECTS.DATA (11634 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba (4 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9 (4 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8 (4 bytes)
%WinDir%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd (4 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9 (4 bytes)
%System%\vssvc.exe (3361 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594 (4 bytes)
%Documents and Settings%\Default User\Start Menu\Programs\Accessories (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\auran.xml (53 bytes)
%WinDir%\ime\imkr6_1 (4 bytes)
C:\System Volume Information\catalog.wci\propstor.bk2 (172088 bytes)
C:\System Volume Information\catalog.wci\propstor.bk1 (23840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\corel.xml (28 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729 (4 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers (4 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501 (4 bytes)
%Documents and Settings%\All Users\Documents\My Music (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\alawar.xml (8 bytes)
%Program Files%\Windows NT (4 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d (4 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment (4 bytes)
%WinDir%\Web (8 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f (4 bytes)
C:\System Volume Information\catalog.wci\0001000A.dir (16 bytes)
%System%\wbem\Logs\wbemcore.log (1056 bytes)
C:\totalcmd (4 bytes)
%System%\cheknboh.tmp (245 bytes)
%Program Files%\Common Files\System (4 bytes)
%System%\wbem\Repository\FS\MAPPING1.MAP (12 bytes)
C:\System Volume Information\catalog.wci\0001000A.ci (4642 bytes)
%WinDir%\Temp\vmware-SYSTEM\00000e7e (4 bytes)
%Program Files%\Windows Media Player (4 bytes)
C:\System Volume Information\catalog.wci\00010009.ci (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll (2256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\1c.xml (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (4 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df (4 bytes)
%WinDir%\AppPatch (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\ibippeaf.tmp (6427 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\CONFIG (4 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c (4 bytes)
C:\System Volume Information\catalog.wci\00010002.ci (4642 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (384 bytes)
%System%\fammdcpl.tmp (1610 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles (8 bytes)
%WinDir%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313 (4 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0 (4 bytes)
%WinDir%\msagent (4 bytes)
%WinDir%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ekfpdphh.tmp (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\activision.xml (1425 bytes)
%System%\wbem (1352 bytes)
C:\System Volume Information\catalog.wci\00010007.ci (93 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944 (4 bytes)
C:\System Volume Information\catalog.wci\0001000B.ci (14690 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs (4 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda (4 bytes)
%Program Files%\Adobe\Reader 9.0\Reader (96 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E (8 bytes)
%Program Files%\Movie Maker\Shared (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\apogee.xml (16 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32\PresentationFramewo# (4 bytes)
C:\System Volume Information\catalog.wci (212 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft (4 bytes)
%System%\mui (4 bytes)
%System%\locator.exe (1425 bytes)
%WinDir%\REGISTRATION (8 bytes)
%System%\spool\XPSEP\i386 (4 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdv.xml (8 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client (8 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (8 bytes)
%System%\wbem\Logs\wbemess.log (768 bytes)
%Program Files%\Movie Maker (4 bytes)
%System%\smlogsvc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
%System%\wbem\Repository\FS\INDEX.BTR (13297 bytes)
%System%\netdde.exe (4210 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ngen_service.log (8 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32\System.DirectorySer# (4 bytes)
%System%\msdtc.exe (1281 bytes)
%WinDir%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 (4 bytes)
%Documents and Settings%\%current user%\Local Settings (12 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.000 (18240 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.001 (92 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.002 (92 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.002 (124 bytes)
%WinDir%\Microsoft.NET\assembly\GAC_MSIL (28 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.000 (7200 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.001 (124 bytes)
C:\System Volume Information\catalog.wci\00010003.dir (16 bytes)
%Program Files%\WinPcap\rpcapd.exe (1425 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig (4 bytes)
C:\System Volume Information\catalog.wci\00010005.ci (4642 bytes)
%System%\config\systemprofile\Start Menu\Programs\Accessories (4 bytes)
C:\System Volume Information\catalog.wci\00010002.dir (16 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 (4 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32 (28 bytes)
C:\System Volume Information\catalog.wci\00010006.dir (16 bytes)
%WinDir%\Temp\Perflib_Perfdata_264.dat (100 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da (4 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be (4 bytes)
%System%\nabngjke.tmp (274 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75 (4 bytes)
C:\System Volume Information\catalog.wci\00010005.dir (116 bytes)
%System%\imapi.exe (2105 bytes)
%WinDir%\pchealth\helpctr\Config (4 bytes)
%Documents and Settings%\%current user%\Application Data\Adobe\Acrobat\9.0 (4 bytes)
%WinDir%\Microsoft.NET\Framework (192 bytes)
C:\System Volume Information\catalog.wci\cicat.hsh (12 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace (4 bytes)
%Documents and Settings%\%current user%\Templates (4 bytes)
%Documents and Settings%\All Users\Documents (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\System.ServiceModel# (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\akella.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\2kg.xml (2105 bytes)
%System%\drivers (32 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727 (2712 bytes)
%Documents and Settings%\%current user% (20 bytes)
%Program Files%\Common Files\Microsoft Shared\DW (4 bytes)
%System%\ahqghffi.tmp (312 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975 (4 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6 (4 bytes)
C:\System Volume Information (8 bytes)
%System%\fanhjeei.tmp (1747 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\System.DirectorySer# (4 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\clearcrown.xml (8 bytes)
%WinDir%\Help (248 bytes)
%WinDir%\security (4 bytes)
%System%\wbem\wmiapsrv.exe (2105 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426 (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo (4 bytes)
%System%\config\systemprofile (4 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.001 (9032 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\avg.xml (12 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.002 (8592 bytes)
%WinDir%\WinSxS\Manifests (28 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6 (4 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260 (4 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0 (4 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154 (4 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data (8 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft (4 bytes)
%WinDir%\Web\printers (8 bytes)
C:\DOCUMENTS AND SETTINGS (8 bytes)
C:\System Volume Information\catalog.wci\0001000C.dir (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GameStopApp_setupfull[1].exe (33428 bytes)
%System%\config\systemprofile\Local Settings (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security (4 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e (4 bytes)
%WinDir%\repair (4 bytes)
%System%\lnmjjbbk.tmp (1633 bytes)
%Program Files%\Internet Explorer (4 bytes)
C:\System Volume Information\catalog.wci\cicat.fid (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\icon_update.ico (4 bytes)
C:\System Volume Information\catalog.wci\00010006.ci (97 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5 (4 bytes)
%WinDir%\Prefetch\VERCLSID.EXE-3667BD89.pf (40 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.5 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5 (12 bytes)
%Documents and Settings%\LocalService\Local Settings (4 bytes)
%WinDir%\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac (4 bytes)
%Program Files%\COMMON FILES (8 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\cache\6.0 (8 bytes)
%Program Files%\Common Files\Microsoft Shared (4 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Playlists (4 bytes)
%Documents and Settings%\Default User\Start Menu\Programs (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard (4 bytes)
%System%\aaiaqplm.tmp (1615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E (16 bytes)
%Documents and Settings%\NetworkService\Application Data\Microsoft (4 bytes)
%WinDir%\MICROSOFT.NET (8 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5 (4 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\plug_ins (4 bytes)
%System%\oobe\html\mouse (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\amd.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\capcom.xml (673 bytes)
%System%\config\systemprofile\Start Menu\Programs (4 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6 (4 bytes)
%Documents and Settings%\Default User\SendTo (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bohemia.xml (45 bytes)
%Documents and Settings%\Default User\Application Data\Microsoft (4 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2 (4 bytes)
C:\System Volume Information\catalog.wci\CiSL0001.000 (9600 bytes)
C:\System Volume Information\catalog.wci\00010008.dir (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cinemaware.xml (601 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a (4 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf (4 bytes)
%WinDir%\assembly (4 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.001 (144 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.000 (7680 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.002 (144 bytes)
C:\System Volume Information\catalog.wci\0001000B.dir (116 bytes)
%System%\iajpffjm.tmp (1672 bytes)
%System%\mnmsrvc.exe (1425 bytes)

The Virus deletes the following file(s):

%System%\nabngjke.tmp (0 bytes)
%System%\wbem\jbfdpfdn.tmp (0 bytes)
%System%\lnmjjbbk.tmp (0 bytes)
%System%\bfdleoan.tmp (0 bytes)
%System%\lbflmcjf.tmp (0 bytes)
%System%\fgdaahll.tmp (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.002 (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.000 (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.001 (0 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\ibippeaf.tmp (0 bytes)
%System%\fammdcpl.tmp (0 bytes)
C:\System Volume Information\catalog.wci\00000001.ps1 (0 bytes)
C:\System Volume Information\catalog.wci\00000001.ps2 (0 bytes)
%System%\hnaacngl.tmp (0 bytes)
%System%\bephgpio.tmp (0 bytes)
%System%\fanhjeei.tmp (0 bytes)
%System%\iajpffjm.tmp (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.002 (0 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ekfpdphh.tmp (0 bytes)
%Program Files%\WinPcap\kfmalkjc.tmp (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.001 (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.000 (0 bytes)
%System%\aadbnpka.tmp (0 bytes)
%System%\aaiaqplm.tmp (0 bytes)
%System%\cheknboh.tmp (0 bytes)
%System%\ahqghffi.tmp (0 bytes)

The process GameStopApp_setup.exe:1108 makes changes in the file system.
The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Slovenian (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_finish.dfm (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.dfm.miaf (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Catalan (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Hebrew (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_welcome.dfm (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Dutch (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Latvian (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Polish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\maintenance.dfm (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Thai (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Korean (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\welcome.dfm (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Catalan (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Japanese (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Czech (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Swedish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Portugese (Portugal) (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\finish.dfm (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registration.dfm.miaf (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Arabic (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\destination.dfm (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_reboot.dfm (877 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\progressprereq.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\progress.dfm.miaf (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Portugese (Portugal) (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Lithuanian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Chinese (PRC) (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Russian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_download.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Romanian (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Basque (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Map (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Greek (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Thai (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registration.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Latvian (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_install.dfm.miaf (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_schedule.dfm.miaf (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Italian (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Croatian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_download.dfm.miaf (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Polish (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Turkish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registrationwithserial.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Vietnamese (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Spanish (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\GameStopApp_setup.msi (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\finish.dfm.miaf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Slovak (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.dfm (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Portugese (Brazil) (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_finish.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Arabic (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Danish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\mMSIExec.dll (1723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\progress.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\startmenu.dfm.miaf (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\license.rtf (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Chinese (Taiwan) (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Finnish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Hebrew (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Hungarian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Original (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Hungarian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_install.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\Impulse®.mtx (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Russian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Portugese (Brazil) (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Swedish (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\prereq.dfm (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_install.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Spanish (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Estonian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Chinese (Taiwan) (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\licensecheck.dfm (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\prereq.dfm.miaf (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Norwegian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_account.dfm.miaf (872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\licensecheck.dfm.miaf (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Chinese (PRC) (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registrationwithserial.dfm.miaf (722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Estonian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia.tmp (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\setuptype.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Danish (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_reboot.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\gray.avi (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.French (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_download.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\icon.ico (995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_install.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Original (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\wizard.dfm (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Slovak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Basque (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Map (754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Slovenian (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Korean (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_account.dfm (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Finnish (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Croatian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.German (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Lithuanian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.French (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_download.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_schedule.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Turkish (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.rtf (951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Greek (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.English (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Vietnamese (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.German (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Dutch (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Romanian (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\startinstallation.dfm (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\mEXEFunc.dll (1869 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Norwegian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.English (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lang.loc (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Czech (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\startmenu.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Japanese (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_welcome.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Italian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\componentstree.dfm (32 bytes)

The Virus deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\mia.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lang.loc (0 bytes)

The process impulse_setupfull.exe:1796 makes changes in the file system.
The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\zallag.xml (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fi.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.dll (6518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7z.dll (12291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\thq.xml (4453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GameStopNow.exe (29134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libGLESv2.dll (9760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\imp_top.png (709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.Shell.dll (9896 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\auran.xml (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VistaBridgeLibrary.dll (1880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pt-PT.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\shadow1.png (280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\WBOCXLib.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\corel.xml (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dcompiler_43.dll (30393 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avcodec-53.dll (17263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ta.pak (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cyan.xml (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\stratfirst.xml (1598 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cypron.xml (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\focushome.xml (1521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\warner.xml (1637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\kn.pak (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\vi.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GSLogo.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sw.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libcef.dll (307427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\alawar.xml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\trion.xml (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\en-GB.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\snowball.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows_down.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\trisynergy.xml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ro.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\popcap.xml (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\microids.xml (1530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\merscom.xml (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\atari.xml (1878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe (2467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ignition.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\CleanGSA.exe.config (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.exe.config (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ca.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\UninstHelper.exe (693 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.InstallManager.dll (2248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\akella.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\2kg.xml (3710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\paradox.xml (14726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avformat-53.dll (2092 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\es.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wargaming.xml (1722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\freestuff.xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\uk.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\indies.xml (28249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\zh-CN.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\IptNetApi.dll (1312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\am.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\eidos.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\zh-TW.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\nb.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wastelands.xml (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\d3p.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ru.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\muzzylane.xml (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\GameStopApp.exe (15102 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\networks.xml (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\mia.lib (7403 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sl.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ar.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\myoffice.xml (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\dreamcatch.xml (2565 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ImpulseSelfRefresh.exe.config (355 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\eula.txt (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sega.xml (5371 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll (6741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\8AE63621\Sd.Irc.resources.dll (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\amd.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe.config (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\1c.xml (4112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\light.xml (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sap.xml (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\frame.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\es-419.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zxr.dll (1638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fil.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pt-BR.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\en-US.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hi.pak (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\isv.xml (946 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ea.xml (6319 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2_down.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\tiltedm.xml (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\about.png (598 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.UI.dll (1915 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.res (47301 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\gamehouse.xml (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mIDEFunc.dll\mEXEFunc.dll (2549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\te.pak (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\avg.xml (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.exe (45735 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\CleanGSA.exe (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\drengin.xml (3226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.dll (5843 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\el.pak (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\activision.xml (3364 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\bg.pak (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\n3vgames.xml (1036 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\id.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\threedonkeys.xml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\siber.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\TestResult.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fa.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\lv.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.IWshRuntimeLibrary.dll (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\lt.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sv.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\da.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\mumbojumbo.xml (2670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\timegate.xml (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\squarenix.xml (4290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Central.Archive.dll (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avutil-51.dll (2359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\meridian4.xml (5122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_main.ini (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_images.ini (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pl.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bethesda.xml (1834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Stardock.Central.Security.dll (38 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.exe (51798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\mr.pak (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_logic.ini (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSAMini.exe (2216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_up.png (836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\it.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\apogee.xml (1995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sr.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hr.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\imp_bottom.png (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\interplay.xml (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\icon_update.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.msi (3597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\AxInterop.ShockwaveFlashObjects.dll (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\servers.xml (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sk.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\digironin.xml (488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_over.png (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ICSharpCode.SharpZipLib.dll (1259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dx9_43.dll (30010 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\app.dat (14077 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\he.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.dll (1241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\et.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdv.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator.dll (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\tdesk.xml (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\SDSecurity.dll (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libEGL.dll (2284 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cinemaware.xml (1572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.ShockwaveFlashObjects.dll (1241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Agent.dll (51224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wc.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zip_license.txt (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sdsfresp.txt (950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.dll (1144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\positech.xml (1434 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Packager.exe (2145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.XmlSerializers.dll (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\playrix.xml (1499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Console.dll (15706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\kalypso.xml (4543 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\MyColors.xml (12701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\hothead.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fr.pak (804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Newtonsoft.Json.dll (7274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Irc.dll (3642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\readme.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\setup.bmp (1045 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\shadow2.png (297 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\viva.xml (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ncsoft.xml (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\icudt.dll (150569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_down.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VDialog.dll (2566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\tr.pak (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\oddworld.xml (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ml.pak (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_down.png (820 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\bn.pak (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\chrome.pak (19944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\nival.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator64.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ja.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\StardockCentralDSkin.dll (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bohemia.xml (795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Uninstall.dll (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\th.pak (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\rlx.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdp.xml (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sds.xml (2091 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\gsoft.xml (1906 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\prima.xml (5105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7za.exe (6356 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\nl.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\impulse.xml (1137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\epic.xml (1320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.XmlSerializers.dll (4201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\odnt.xml (2747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\enl.xml (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\futurem.xml (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Web.dll (3362 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\topware.xml (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_up.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\clearcrown.xml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ko.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.XmlSerializers.dll (4372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\de.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows_over.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\iceberg.xml (817 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_over.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\namco.xml (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\blitzgames.xml (174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\MyDock.Util.dll (1340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Activate.exe (5537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\cs.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Zip.dll (2668 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2_over.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\capcom.xml (2111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hu.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\railsimulator.xml (1891 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\gu.pak (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\iolo.xml (8 bytes)

The Virus deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp (0 bytes)

The process mscorsvw.exe:252 makes changes in the file system.
The Virus creates and/or writes to the following file(s):

%WinDir%\Microsoft.NET\Framework\v2.0.50727\ngen_service.log (2124 bytes)

The process %original file name%.exe:2040 makes changes in the file system.
The Virus creates and/or writes to the following file(s):

%WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GameStopApp_setupfull[1].exe (338127 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (2105 bytes)
%System%\clipsrv.exe (1425 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (1425 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ojflpekc.tmp (300 bytes)
%System%\gadqjokm.tmp (272 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\hpckhakn.tmp (1646 bytes)
%System%\obgogopn.tmp (246 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ionpofea.tmp (264 bytes)
%System%\cisvc.exe (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini\impulse_setupfull.exe (145703 bytes)

The Virus deletes the following file(s):

%WinDir%\Microsoft.NET\Framework\v4.0.30319\hpckhakn.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GameStopApp_setupfull[1].exe (0 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ojflpekc.tmp (0 bytes)
%System%\gadqjokm.tmp (0 bytes)
%System%\obgogopn.tmp (0 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ionpofea.tmp (0 bytes)

Registry activity

The process TASKKILL.exe:212 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 8A D8 14 7F EF 2C 8D D0 83 9A 7C E1 66 0C A5"

The process TASKKILL.exe:772 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 74 A0 99 48 C0 91 F3 EB 36 DE 6C 7D DB 43 EF"

The process TASKKILL.exe:1524 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 56 B7 83 CD E0 21 6E F2 7D 8B 55 86 2C BA 57"

The process TASKKILL.exe:320 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 F7 9B 7E 4E 17 94 C5 AC E5 63 F2 B9 D6 DF A5"

The process TASKKILL.exe:2020 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A A1 6C 04 C4 AD 14 6D D7 D2 CF 6A C1 EA F0 B1"

The process TASKKILL.exe:172 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 F8 94 A6 E7 94 28 A7 A9 6C F2 88 FA 3D D4 6A"

The process TASKKILL.exe:2012 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA E9 0A 19 8C F3 4B 97 43 CE 7C D9 4F 92 93 F7"

The process verclsid.exe:1176 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 14 4E 0A D8 66 1F BF C7 69 4C 6D EA 82 D2 99"

The process verclsid.exe:484 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 04 4F 7F EC DB 94 E4 FC FB 6C 9A 69 20 52 62"

The process verclsid.exe:1056 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 78 EF 9B C2 30 88 2A F8 8A BC 7C 0C D8 1C 85"

The process verclsid.exe:1600 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 D9 6C 86 32 A0 A6 74 5A CF B8 20 7B C3 94 0E"

The process verclsid.exe:1604 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 DA 76 1D 10 F6 23 8E 07 E0 9C 69 AE EC 73 83"

The process verclsid.exe:320 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 7B 23 4F F8 8F 25 AB F4 8C 0F C5 F1 DB A8 68"

The process verclsid.exe:916 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 0D 47 3B C0 30 58 33 B6 FA 04 C9 FF 14 2C 10"

The process cisvc.exe:1500 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKCR\EngUSWrdBrk.EngUSWrdBrk]
"(Default)" = "EngUSWrdBrk Class"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"(Default)" = "%System%\query.dll"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%System%\config\systemprofile\Local Settings\Application Data"

[HKCR\MSIDXS]
"(Default)" = "Microsoft OLE DB Provider for Indexing Service"

[HKCR\IXSSO.Query\CurVer]
"(Default)" = "IXSSO.Query.3"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\ProgID]
"(Default)" = "EngUKWrdBrk.EngUKWrdBrk.1"

[HKCR\IXSSO.Util.2\CLSID]
"(Default)" = "{0C16C27E-A6E7-11D0-BFC3-0020F8008024}"

[HKCR\CLSID\{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
"(Default)" = "MSIDXS"

[HKCR\CLSID\{c1243ca0-bf96-11cd-b579-08002b30bfeb}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{98de59a0-d175-11cd-a7bd-00006b827d94}]
"(Default)" = "Microsoft Office Persistent Handler"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\ProgID]
"(Default)" = "ItlItlWrdBrk.ItlItlWrdBrk.1"

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}]
"(Default)" = "Microsoft Index Server Administration Object"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\VersionIndependentProgID]
"(Default)" = "FrnFrnWrdBrk.FrnFrnWrdBrk"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
"(Default)" = "Microsoft.ISScopeAdm"

[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\.htw\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\.css\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{AA205A4D-681F-11D0-A243-08002B36FCA4}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{9478f640-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{6d36ce10-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "Italian_Italian Stemmer"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Neutral]
"WBreakerClass" = "{369647e0-17b0-11ce-9950-00aa004bbb1f}"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\VersionIndependentProgID]
"(Default)" = "EngUSWrdBrk.EngUSWrdBrk"

[HKCR\CLSID\{01c6b350-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{00020811-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{860d28d0-8bf4-11ce-be59-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_US]
"StemmerClass" = "{eeed4c20-7f1b-11ce-be57-00aa0051fe20}"

[HKCR\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors]
"(Default)" = "Extended Error Service"

[HKCR\.stm\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\IXSSO.Query.2]
"(Default)" = "Indexing Service Query SSO V2."

[HKCR\CLSID\{5645C8C0-E277-11CF-8FDA-00AA00A14F93}]
"(Default)" = "NNTP filter"

[HKCR\CLSID\{5645C8C0-E277-11CF-8FDA-00AA00A14F93}\PersistentHandler]
"(Default)" = "{5645C8C1-E277-11CF-8FDA-00AA00A14F93}"

[HKCR\.xlc\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}]
"(Default)" = "Indexing Service Utility SSO V2."

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"(Default)" = "%System%\ciodm.dll"

[HKLM\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableSmartScreen" = "0"

[HKCR\ItlItlWrdBrk.ItlItlWrdBrk.1]
"(Default)" = "ItlItlWrdBrk Class"

[HKCR\MSIDXS ErrorLookup\Clsid]
"(Default)" = "{F9AE8981-7E52-11d0-8964-00C04FD611D7}"

[HKCR\CLSID\{C04EFA90-E221-11D2-985E-00C04F575153}\InProcServer32]
"(Default)" = "%System%\query.dll"

[HKCR\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{510a4910-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "German_German Stemmer"

[HKCR\CLSID\{95ad72f0-44ce-11d0-ae29-00aa004b9986}]
"(Default)" = "Indexing Service Snapin"

[HKCR\IXSSO.Query.3]
"(Default)" = "Indexing Service Query SSO V3."

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
"(Default)" = "Microsoft.ISAdm.1"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}]
"(Default)" = "FrnFrnWrdBrk Class"

[HKCR\IXSSO.Util]
"(Default)" = "Indexing Service Utility SSO V2."

[HKCR\MSIDXS\Clsid]
"(Default)" = "{F9AE8980-7E52-11d0-8964-00C04FD611D7}"

[HKCR\CLSID\{6d36ce10-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"(Default)" = "%System%\ciodm.dll"

[HKCR\CLSID\{00020C01-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}]
"(Default)" = "Plain Text persistent handler"

[HKCR\CLSID\{b0516ff0-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "Spanish_Modern Stemmer"

[HKCR\Microsoft Internet News Message\CLSID]
"(Default)" = "{5645C8C0-E277-11CF-8FDA-00AA00A14F93}"

[HKCR\CLSID\{e0ca5340-4534-11cf-b952-00aa0051fe20}\InprocServer32]
"(Default)" = "nlhtml.dll"

[HKCR\IXSSO.Query\CLSID]
"(Default)" = "{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}\InProcServer32]
"(Default)" = "%System%\ixsso.dll"

[HKCR\Interface\{F4EB8260-8DDA-11D1-B3AA-00A0C9063796}]
"(Default)" = "IFilterStatus"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\ProgID]
"(Default)" = "EngUSWrdBrk.EngUSWrdBrk.1"

[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}]
"(Default)" = "Indexing Service Query SSO V3."

[HKCR\CLSID\{f07f3920-7b8c-11cf-9be8-00aa004b9986}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\.odc\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\German_German]
"StemmerClass" = "{510a4910-7f1c-11ce-be57-00aa0051fe20}"

[HKCR\CLSID\{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{66b37110-8bf2-11ce-be59-00aa0051fe20}]
"(Default)" = "Dutch_Dutch Word Breaker"

[HKCR\CLSID\{eeed4c20-7f1b-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{EA7BAE71-FB3B-11CD-A903-00AA00510EA3}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}]
"(Default)" = "Italian_Italian Word Breaker"

[HKCR\IXSSO.Query.2\CLSID]
"(Default)" = "{A4463024-2B6F-11D0-BFBC-0020F8008024}"

[HKCR\CLSID\{f07f3920-7b8c-11cf-9be8-00aa004b9986}\InprocServer32]
"(Default)" = "OffFilt.dll"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\CLSID\{5645C8C4-E277-11CF-8FDA-00AA00A14F93}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{5645C8C2-E277-11CF-8FDA-00AA00A14F93}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\French_French]
"StemmerClass" = "{2a6eb050-7f1c-11ce-be57-00aa0051fe20}"

[HKCR\.htm\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}]
"(Default)" = "Null filter"

[HKCR\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\Microsoft.ISScopeAdm]
"(Default)" = "Microsoft Index Server Scope Administration Object"

[HKCR\.pot\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{c1243ca0-bf96-11cd-b579-08002b30bfeb}]
"(Default)" = "Plain Text filter"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\German_German]
"WBreakerClass" = "{9b08e210-e51b-11cd-bc7f-00aa003db18e}"

[HKCR\CLSID\{AA205A4D-681F-11D0-A243-08002B36FCA4}\InprocServer32]
"ThreadingModel" = "Both"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Swedish_Default]
"Locale" = "1053"

[HKCR\CLSID\{5645C8C3-E277-11CF-8FDA-00AA00A14F93}\PersistentHandler]
"(Default)" = "{5645C8C4-E277-11CF-8FDA-00AA00A14F93}"

[HKCR\CLSID\{369647e0-17b0-11ce-9950-00aa004bbb1f}]
"(Default)" = "Neutral Word Breaker"

[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}\ProgID]
"(Default)" = "IXSSO.Query.2"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\ProgID]
"(Default)" = "SpnMdrWrdBrk.SpnMdrWrdBrk.1"

[HKCR\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{00020810-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\French_French]
"WBreakerClass" = "{59e09848-8099-101b-8df3-00000b65c3b5}"

[HKCR\EngUKWrdBrk.EngUKWrdBrk.1]
"(Default)" = "EngUKWrdBrk Class"

[HKCR\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{2a6eb050-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "French_French Stemmer"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
"(Default)" = "MSIDXS Error Lookup"

[HKCR\CLSID\{C04EFA90-E221-11D2-985E-00C04F575153}]
"(Default)" = "PSFactoryBuffer"

[HKCR\CLSID\{59e09848-8099-101b-8df3-00000b65c3b5}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Spanish_Modern]
"WBreakerClass" = "{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}"

[HKCR\Microsoft.ISCatAdm.1]
"(Default)" = "Microsoft Index Server Catalog Administration Object"

[HKCR\Microsoft Internet Mail Message]
"(Default)" = "Internet E-Mail Message"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
"(Default)" = "MSIDXS ErrorLookup"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}]
"(Default)" = "MSIDXS"

[HKCR\CLSID\{1E9685E6-DB6D-11d0-BB63-00C04FC2F410}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{95ad72f0-44ce-11d0-ae29-00aa004b9986}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{9478f640-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "Swedish_Default Stemmer"

[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk.1\CLSID]
"(Default)" = "{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Italian_Italian]
"StemmerClass" = "{6d36ce10-7f1c-11ce-be57-00aa0051fe20}"

[HKCR\ItlItlWrdBrk.ItlItlWrdBrk]
"(Default)" = "ItlItlWrdBrk Class"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Italian_Italian]
"Locale" = "1040"

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Microsoft.ISCatAdm\CurVer]
"(Default)" = "Microsoft.ISCatAdm.1"

[HKCR\IXSSO.Query]
"(Default)" = "Indexing Service Query SSO V3."

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\InprocServer32]
"(Default)" = "%System%\query.dll"

[HKCR\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32]
"(Default)" = "%System%\mimefilt.dll"

[HKCR\CLSID\{e0ca5340-4534-11cf-b952-00aa0051fe20}]
"(Default)" = "HTML filter"

[HKCR\.htx\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_UK]
"StemmerClass" = "{d99f7670-7f1a-11ce-be57-00aa0051fe20}"

[HKLM\System\CurrentControlSet\Control\Server Applications]
"{95AD72F0-44CE-11D0-AE29-00AA004B9986}" = "Indexing Service"

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\VersionIndependentProgID]
"(Default)" = "ISSimpleCommandCreator"

[HKCR\CLSID\{510a4910-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk.1\CLSID]
"(Default)" = "{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}"

[HKCR\CLSID\{b0516ff0-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{9b08e210-e51b-11cd-bc7f-00aa003db18e}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
"(Default)" = "MSIDXSErrorLookup"

[HKCR\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{c1243ca0-bf96-11cd-b579-08002b30bfeb}"

[HKCR\EngUKWrdBrk.EngUKWrdBrk.1\CLSID]
"(Default)" = "{363F1015-FD5F-4ba8-AC58-29634F378A42}"

[HKCR\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk.1]
"(Default)" = "SpnMdrWrdBrk Class"

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"About" = "{95ad72f0-44ce-11d0-ae29-00aa004b9986}"

[HKCR\CLSID\{95ad72f0-44ce-11d0-ae29-00aa004b9986}\InprocServer32]
"(Default)" = "CIAdmin.dll"

[HKCR\EngUSWrdBrk.EngUSWrdBrk.1]
"(Default)" = "EngUSWrdBrk Class"

[HKCR\.asp\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{6d36ce10-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\ProgID]
"(Default)" = "ISSimpleCommandCreator.1"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}]
"(Default)" = "ItlItlWrdBrk Class"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D 7A 0B 54 B9 C2 34 48 02 59 1C BC 34 4C F8 EE"

[HKCR\Microsoft.ISAdm.1]
"(Default)" = "Microsoft Index Server Administration Object"

[HKCR\CLSID\{b0516ff0-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Italian_Italian]
"WBreakerClass" = "{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}"

[HKCR\CLSID\{9478f640-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"Version" = "1.0"

[HKCR\CLSID\{2a6eb050-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk\CurVer]
"(Default)" = "SpnMdrWrdBrk.SpnMdrWrdBrk.1"

[HKCR\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
"(Default)" = "Content Index ISearch Creator Object"

[HKCR\.eml]
"(Default)" = "Microsoft Internet Mail Message"

[HKCR\.ascx\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\Interface\{F4EB8260-8DDA-11D1-B3AA-00A0C9063796}\ProxyStubClsid32]
"(Default)" = "{C04EFA90-E221-11D2-985E-00C04F575153}"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\VersionIndependentProgID]
"(Default)" = "ItlItlWrdBrk.ItlItlWrdBrk"

[HKCR\CLSID\{00022603-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{01c6b350-12c7-11ce-bd31-00aa004bbb1f}]
"(Default)" = "Swedish_Default Word Breaker"

[HKCR\CLSID\{2A488070-6FD9-11D0-A808-00A0C906241A}]
"(Default)" = "File System Client DocStore Locator Object"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{00022602-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

[HKCR\.aspx\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{d99f7670-7f1a-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ProgID]
"(Default)" = "MSIDXS.1"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Swedish_Default]
"StemmerClass" = "{9478f640-7f1c-11ce-be57-00aa0051fe20}"

[HKCR\CLSID\{59e09848-8099-101b-8df3-00000b65c3b5}]
"(Default)" = "French_French Word Breaker"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}]
"(Default)" = "SpnMdrWrdBrk Class"

[HKCR\Microsoft.ISAdm.1\CLSID]
"(Default)" = "{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\Microsoft.ISScopeAdm\CurVer]
"(Default)" = "Microsoft.ISScopeAdm.1"

[HKCR\CLSID\{9b08e210-e51b-11cd-bc7f-00aa003db18e}]
"(Default)" = "German_German Word Breaker"

[HKCR\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\EngUSWrdBrk.EngUSWrdBrk.1\CLSID]
"(Default)" = "{80A3E9B0-A246-11D3-BB8C-0090272FA362}"

[HKCR\.html\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk]
"(Default)" = "SpnMdrWrdBrk Class"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{5645C8C3-E277-11CF-8FDA-00AA00A14F93}]
"(Default)" = "NNTP filter"

[HKCR\CLSID\{EA7BAE70-FB3B-11CD-A903-00AA00510EA3}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\.nws]
"(Default)" = "Microsoft Internet News Message"

[HKCR\Microsoft.ISScopeAdm.1\CLSID]
"(Default)" = "{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\.xls\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\ItlItlWrdBrk.ItlItlWrdBrk.1\CLSID]
"(Default)" = "{91870674-DE84-4313-B07D-A387415BB4F5}"

[HKCR\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}]
"(Default)" = "Null persistent handler"

[HKCR\CLSID\{860d28d0-8bf4-11ce-be59-00aa0051fe20}]
"(Default)" = "Dutch_Dutch Stemmer"

[HKCR\EngUSWrdBrk.EngUSWrdBrk\CurVer]
"(Default)" = "EngUSWrdBrk.EngUSWrdBrk.1"

[HKCR\.hta\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
"(Default)" = "Microsoft.ISScopeAdm.1"

[HKCR\CLSID\{e0ca5340-4534-11cf-b952-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Microsoft.ISCatAdm.1\CLSID]
"(Default)" = "{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\.doc\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\IXSSO.Util\CLSID]
"(Default)" = "{0C16C27E-A6E7-11D0-BFC3-0020F8008024}"

[HKCR\CLSID\{66b37110-8bf2-11ce-be59-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk.1]
"(Default)" = "FrnFrnWrdBrk Class"

[HKCR\Microsoft.ISScopeAdm\CLSID]
"(Default)" = "{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\CLSID\{d99f7670-7f1a-11ce-be57-00aa0051fe20}]
"(Default)" = "English_UK Stemmer"

[HKCR\Microsoft.ISAdm\CLSID]
"(Default)" = "{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\CLSID\{AA205A4D-681F-11D0-A243-08002B36FCA4}]
"(Default)" = "File System Client Filter Object"

[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}\ProgID]
"(Default)" = "IXSSO.Util"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\CLSID\{C04EFA90-E221-11D2-985E-00C04F575153}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\IXSSO.Util.2]
"(Default)" = "Indexing Service Utility SSO V2."

[HKCR\Microsoft.ISScopeAdm.1]
"(Default)" = "Microsoft Index Server Scope Administration Object"

[HKCR\.hhc\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"(Default)" = "%System%\ciodm.dll"

[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}\InProcServer32]
"(Default)" = "%System%\ixsso.dll"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Spanish_Modern]
"Locale" = "3082"

[HKCR\.xlt\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\VersionIndependentProgID]
"(Default)" = "EngUKWrdBrk.EngUKWrdBrk"

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"Provider" = "Microsoft Corporation"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
"(Default)" = "Microsoft.ISCatAdm"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_US]
"Locale" = "1033"

[HKCR\CLSID\{eeed4c20-7f1b-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{F4EB8260-8DDA-11D1-B3AA-00A0C9063796}\NumMethods]
"(Default)" = "7"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Dutch_Dutch]
"WBreakerClass" = "{66b37110-8bf2-11ce-be59-00aa0051fe20}"

[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}\InProcServer32]
"(Default)" = "%System%\ixsso.dll"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}]
"(Default)" = "EngUKWrdBrk Class"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Neutral]
"Locale" = "0"

[HKCR\CLSID\{5645C8C1-E277-11CF-8FDA-00AA00A14F93}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{5645C8C2-E277-11CF-8FDA-00AA00A14F93}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\German_German]
"Locale" = "1031"

[HKCR\CLSID\{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}]
"(Default)" = "Spanish_Modern Word Breaker"

[HKCR\EngUKWrdBrk.EngUKWrdBrk]
"(Default)" = "EngUKWrdBrk Class"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\VersionIndependentProgID]
"(Default)" = "SpnMdrWrdBrk.SpnMdrWrdBrk"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\ProgID]
"(Default)" = "FrnFrnWrdBrk.FrnFrnWrdBrk.1"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}]
"(Default)" = "EngUSWrdBrk Class"

[HKCR\CLSID\{01c6b350-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\EngUKWrdBrk.EngUKWrdBrk\CurVer]
"(Default)" = "EngUKWrdBrk.EngUKWrdBrk.1"

[HKCR\Microsoft.ISCatAdm]
"(Default)" = "Microsoft Index Server Catalog Administration Object"

[HKCR\CLSID\{2a6eb050-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk\CurVer]
"(Default)" = "FrnFrnWrdBrk.FrnFrnWrdBrk.1"

[HKCR\CLSID\{98de59a0-d175-11cd-a7bd-00006b827d94}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{f07f3920-7b8c-11cf-9be8-00aa004b9986}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Dutch_Dutch]
"StemmerClass" = "{860d28d0-8bf4-11ce-be59-00aa0051fe20}"

[HKCR\.xlb\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{eec97550-47a9-11cf-b952-00aa0051fe20}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{e0ca5340-4534-11cf-b952-00aa0051fe20}"

[HKCR\.htt\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{00020900-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}]
"(Default)" = "Microsoft Index Server Scope Administration Object"

[HKCR\.dot\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
"(Default)" = "Microsoft.ISAdm"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
"(Default)" = "Microsoft.ISCatAdm.1"

[HKCR\CLSID\{59e09848-8099-101b-8df3-00000b65c3b5}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{00020820-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HideSCAHealth" = "1"

[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}\ProgID]
"(Default)" = "IXSSO.Query"

[HKCR\CLSID\{2A488070-6FD9-11D0-A808-00A0C906241A}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}]
"(Default)" = "Microsoft Index Server Catalog Administration Object"

[HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{476e6449-aaff-11d0-b944-00c04fd8d5b0}\Dynamic Extensions]
"{95AD72F0-44CE-11D0-AE29-00AA004B9986}" = "Indexing Service Snapin"

[HKCR\CLSID\{369647e0-17b0-11ce-9950-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}]
"(Default)" = "IndexServer Simple Command Creator"

[HKCR\IXSSO.Util\CurVer]
"(Default)" = "IXSSO.Util.2"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Dutch_Dutch]
"Locale" = "1043"

[HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{476e6449-aaff-11d0-b944-00c04fd8d5b0}\Extensions\NameSpace]
"{95AD72F0-44CE-11D0-AE29-00AA004B9986}" = "Indexing Service Snapin"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\.pps\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\MSIDXS ErrorLookup]
"(Default)" = "Microsoft OLE DB Error Lookup for Indexing Service"

[HKCR\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}\InProcServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\CLSID\{eeed4c20-7f1b-11ce-be57-00aa0051fe20}]
"(Default)" = "English_US Stemmer"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"(Default)" = "%System%\query.dll"

[HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{5401E3E9-F5F6-11D1-B4F7-00C04FC2DB8D}]
"(Default)" = "Indexing Service Root Subtree"

[HKCR\CLSID\{f07f3920-7b8c-11cf-9be8-00aa004b9986}]
"(Default)" = "Microsoft Office Filter"

[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk]
"(Default)" = "FrnFrnWrdBrk Class"

[HKCR\CLSID\{00020821-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}]
"(Default)" = "Content Index Null Stemmer"

[HKCR\CLSID\{369647e0-17b0-11ce-9950-00aa004bbb1f}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{1E9685E6-DB6D-11d0-BB63-00C04FC2F410}]
"(Default)" = "Content Index Framework Control Object"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\OLE DB Provider]
"(Default)" = "Microsoft OLE DB Provider for Indexing Service"

[HKCR\CLSID\{2A488070-6FD9-11D0-A808-00A0C906241A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{9b08e210-e51b-11cd-bc7f-00aa003db18e}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{66b37110-8bf2-11ce-be59-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\.ppt\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\ProgID]
"(Default)" = "MSIDXSErrorLookup.1"

[HKCR\ItlItlWrdBrk.ItlItlWrdBrk\CurVer]
"(Default)" = "ItlItlWrdBrk.ItlItlWrdBrk.1"

[HKCR\Microsoft Internet Mail Message\CLSID]
"(Default)" = "{5645C8C3-E277-11CF-8FDA-00AA00A14F93}"

[HKCR\CLSID\{48123bc4-99d9-11d1-a6b3-00c04fd91555}\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}]
"(Default)" = "Indexing Service Query SSO V2."

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"NameString" = "Indexing Service"

[HKCR\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{c3278e90-bea7-11cd-b579-08002b30bfeb}"

[HKCR\IXSSO.Query.3\CLSID]
"(Default)" = "{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}"

[HKCR\CLSID\{c1243ca0-bf96-11cd-b579-08002b30bfeb}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{00020906-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\Microsoft.ISCatAdm\CLSID]
"(Default)" = "{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_UK]
"Locale" = "2057"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\French_French]
"Locale" = "1036"

[HKCR\CLSID\{1E9685E6-DB6D-11d0-BB63-00C04FC2F410}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{eec97550-47a9-11cf-b952-00aa0051fe20}]
"(Default)" = "HTML File persistent handler"

[HKCR\.xsl\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{d99f7670-7f1a-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{510a4910-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\CLSID\{860d28d0-8bf4-11ce-be59-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"NodeType" = "{5401E3E9-F5F6-11D1-B4F7-00C04FC2DB8D}"

[HKCR\Microsoft.ISAdm]
"(Default)" = "Microsoft Index Server Administration Object"

[HKCR\Microsoft Internet News Message]
"(Default)" = "Internet News Message"

[HKCR\.xml\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Spanish_Modern]
"StemmerClass" = "{b0516ff0-7f1c-11ce-be57-00aa0051fe20}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Swedish_Default]
"WBreakerClass" = "{01c6b350-12c7-11ce-bd31-00aa004bbb1f}"

[HKCR\Microsoft.ISAdm\CurVer]
"(Default)" = "Microsoft.ISAdm.1"

The Virus deletes the following registry key(s):

[HKCR\MSIDXS ErrorLookup\Clsid]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}]
[HKCR\MSIDXS\Clsid]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\InprocServer32]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\Programmable]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\ProgID]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\InprocServer32]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\InprocServer32]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\VersionIndependentProgID]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\ProgID]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\Programmable]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\VersionIndependentProgID]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\ProgID]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ProgID]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\ProgID]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\VersionIndependentProgID]
[HKCR\MSIDXS ErrorLookup]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\InprocServer32]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\InprocServer32]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\InprocServer32]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\ProgID]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\ProgID]
[HKCR\MSIDXS]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\Programmable]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\OLE DB Provider]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\ProgID]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}]

The process GameStopApp_setup.exe:1108 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D DE DE 42 DE 5B F5 46 AD AC 76 36 12 AD 0C 2D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process impulse_setupfull.exe:1796 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE 27 69 65 60 34 90 63 B9 C0 78 5A 1E 48 84 96"

The process mscorsvw.exe:252 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 1A E7 5E 76 E7 4D C8 02 26 8D D4 F8 B4 63 CF"

The process mscorsvw.exe:1028 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B BA AC A4 DB D2 5A 29 0E 23 CA B2 A4 6F 23 07"

The process %original file name%.exe:2040 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini]
"impulse_setupfull.exe" = "GameStop App Installation"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 DC F6 88 D8 8F 21 41 A3 2E B5 3A 46 72 99 84"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Virus modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Virus deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process cidaemon.exe:1988 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 3F 1E EE DC 93 4C 0A 1E AF 24 6C 26 97 C1 20"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 84 DA 07 00 B8 04 87 BD C4 7F D1 01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{E4B29F9D-D390-480B-92FD-7DDB47101D71} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 7C 6C 9C 7C FA 2C C9 BB C4 7F D1 01"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 00 00 00 00 D6 5C BC BC C4 7F D1 01"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{87D62D94-71B3-4B9A-9489-5FE6850DC73E} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 84 DA 07 00 2A 74 18 BE C4 7F D1 01"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = ""

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} {000214E6-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 1A 00 00 00 CC FD C7 BF C4 7F D1 01"
"{EB9B1153-3B57-4E68-959A-A3266BC3D7FE} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 84 DA 07 00 D2 1B 3D BD C4 7F D1 01"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{40C3D757-D6E4-4B49-BB41-0E5BBEA28817} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 84 DA 07 00 F4 92 2B D6 C4 7F D1 01"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = ""

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

Dropped PE files

MD5 File path
77de68f034484e61f4f6d913554ba3b3 c:\Documents and Settings\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini\impulse_setupfull.exe
c5bde5ff01ef56c6aca6f0c79d296725 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\GameStopApp_setup.exe
5d398f812374a24ef259009183f3483f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\8AE63621\Sd.Irc.resources.dll
38273c298d7a28599eac1bd9a7508cf2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\GameStopApp.exe
7f0b17f849115b114a7d836d47371ab1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe
3664723abe0bdd9724d4654b16a111ed c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avcodec-53.dll
9ec97ea26031a637a6f28ab56b30aac6 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avformat-53.dll
dd2cb4abe6cccd73db2263d43ddd06e1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avutil-51.dll
1c9b45e87528b8bb8cfa884ea0099a85 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dcompiler_43.dll
86e39e9161c3d930d93822f1563c280d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dx9_43.dll
cc1c3b5ca2ce560e5b670a081f3ae8a4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\icudt.dll
9e31e75a285b3b2956f9dc87efe12e4f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libEGL.dll
d70d9040c6ca1c724400b06049ce8e5a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libGLESv2.dll
b68950fb2a55411541642b6a64f80fdc c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libcef.dll
8b22c9cd4802fca684071e3da1004a23 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7z.dll
0d2026d664080015ba75c01f12a0f06e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7za.exe
27f6cdd54a8edeaf830fdb4924bba13b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zxr.dll
05d7ce1c1f6839cced7d53fbe9396585 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Activate.exe
dcc119aa708e9e8512f0df101e8cd2d2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\AxInterop.ShockwaveFlashObjects.dll
a19328a06056daf144b6a6a02aa8dc71 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\CleanGSA.exe
720d951f7a36057d01acefbf1df59541 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Console.dll
94ef6d946c6777da0934915ac4cdbb45 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator.dll
17404fcf28ab8b8a606ccba225954fcb c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator64.dll
bee85ceb7262982a6605a5a6deb2a4e9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSAMini.exe
72059b04ecca8abf66571923879c3ed8 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.XmlSerializers.dll
32aceed1b3698612882b765a9db083f4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.exe
e587d98467d6b5c7d9f3a39e0e00c708 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Agent.dll
4ab62e4be1bd271b9ace5b21b8e99fed c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Packager.exe
1c4c62873134dfc86933b5fe1488f90a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ICSharpCode.SharpZipLib.dll
a2b6801fb4ec42cc2bfef8eea64ae299 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.IWshRuntimeLibrary.dll
66e97fe6697d84154f36e02e25e3f9ac c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.ShockwaveFlashObjects.dll
2f15e02c52427786c673634408cefbad c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\IptNetApi.dll
4581247ee225699689100b8a7f783723 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.Shell.dll
c09634bc2d09335de617e84a7ecf3a94 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.dll
b54ac07202d39eb8a75d7b8a57c34586 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\MyDock.Util.dll
f7bf79b78a0978a506cff19e941abdee c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Newtonsoft.Json.dll
0034a3772c10d014f0a72da03d786308 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Central.Archive.dll
517ac8c8e47bc529b2314c3a108d8a2e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.XmlSerializers.dll
9feedb4565806181b91ff0bb0c20b14e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.dll
a46b09178373de8089c6dc978b5abc13 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.InstallManager.dll
eca2ea7ec70f691aad9dbdd044f3515f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Irc.dll
26dde793d4d367def4b3409e64180533 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.UI.dll
8de22f1581a231abbf6b652eb76ce750 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Uninstall.dll
189b1f6a3c529ae3f4b7aa074ed34207 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Web.dll
1c37720205f3ac613b84acb78a28436e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Zip.dll
ee9d62c12f234fd6a8996531bc42771e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.dll
1f9284b70de38274b37a7b678bd4b9de c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Stardock.Central.Security.dll
78a95b8c96b05e739d62948753b9b0a1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\StardockCentralDSkin.dll
c03f4af266223f05bc6b5f58da44bfc0 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\UninstHelper.exe
29faf430686c6090741329da214b4496 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VDialog.dll
538ef5cec9678cd6bd89ae3baa6b97d2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VistaBridgeLibrary.dll
d56347b8f0833fc61956d667fa73f99a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\WBOCXLib.dll
a7c17cc811434daeb1ca3588efd925bb c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.XmlSerializers.dll
43e38d11332eba947494d46572c18475 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.dll
2f22bd66d96bd5cc37deafaa73863335 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GameStopNow.exe
28609e5d9096235a9eb2cc62fc50d3ca c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\SDSecurity.dll
933594d11c91b901309f0be7e738ef83 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
28fb5267e7ec6b0787481501bb3e70b9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll
9cf2edaa3a834ea2724b6d4275091493 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\mia.lib

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: GameStop Corporation
Product Name: GameStop App
Product Version: 1, 1, 0, 1
Legal Copyright: Copyright (C) 2008-2012 GameStop Corporation
Legal Trademarks:
Original Filename: GSAMini.exe
Internal Name: EmergencyCord
File Version: 1, 1, 0, 1
File Description: GameStop App updater
Comments: Downloads and launches the GameStop App and checks for important updates
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 27052 27136 4.52366 0fc291b165420842e2acbf5f4fbc2deb
.rdata 32768 19542 19968 3.12719 73d7e609f68a9993d71265f5d0b0243c
.data 53248 7876 3072 1.85774 93c785b83290790fd9af87461853c325
.rsrc 61440 67456 67584 4.10629 66c8c351844df80e17b2e2205149c6c2
.reloc 131072 409600 245760 5.45136 b14a08849ad676fad510159d845935dd

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://www.impulsedriven.com/downloads/gamestopapp/pc/full 72.52.14.125
hxxp://vip1.g5.cachefly.net/impulse/873/GameStopApp_setupfull.exe
hxxp://dl.gamestop.com/impulse/873/GameStopApp_setupfull.exe 205.234.175.175


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
SURICATA STREAM SHUTDOWN RST invalid ack

Traffic

GET /impulse/873/GameStopApp_setupfull.exe HTTP/1.1
User-Agent: GSAMini/1.0
Connection: Keep-Alive
Host: dl.gamestop.com


HTTP/1.1 200 OK
Date: Wed, 16 Mar 2016 20:47:03 GMT
Content-Type: application/octet-stream
Content-Length: 19489472
Connection: keep-alive
X-CFHash: "77de68f034484e61f4f6d913554ba3b3"
Last-Modified: Thu, 24 Apr 2014 10:49:24 GMT
X-CF3: M
CF4Age: 0
CF4ttl: 31536000.000
X-CF2: H
Accept-Ranges: bytes
Server: CFS 0213
X-CF1: 15062:fD.fra2:cf:cacheA.fra2-v:M
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......F...........
........................I.............................................
..<...........................Rich............................PE..L
....G.I.....................0......p*............@....................
......P......F.).....................................$........p.......
........J).............................................h...@..........
.....L............................text............................... 
..`.rdata...P.......R..................@[email protected].................
[email protected]......................@..@.................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................V........D$..t.V.b...Y.
.^....0....A..U... ..z..VW..v....r..t..;.r. .A..;J.r.h..A..E.P.E......
.c...E..8_^]....HxS.t$.....t$.3..1_..[...V...N.;H.t.2.^.W3...v. ....:.
u.G@;.r..._^[email protected]...~..I ...;.u..
Y.;.t.G...;.|...._^[.....SV.q.W3...~..I ......;.u..Y.;.t.G...;.|...._^
[.....SV.q0W3...~..I4...;.u..Y.;.t.G...;.|...._^[[email protected]$..I..
A.u.Q.....Y3.....L$..I..A.u.j.Q.....3.....D$.......D$..t..t$......Y.D$
[email protected]$..I..A.u.j.Q.....3.....D$.......D$.
<<< skipped >>>


GET /downloads/gamestopapp/pc/full HTTP/1.1
User-Agent: GSAMini/1.0
Host: VVV.impulsedriven.com
Connection: Keep-Alive


HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: hXXp://dl.gamestop.com/impulse/873/GameStopApp_setupfull.exe
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 16 Mar 2016 20:47:02 GMT
Content-Length: 183
Set-Cookie: akamai-cookie=550769836.20480.0000; path=/
<head><title>Document Moved</title></head>.<
;body><h1>Object Moved</h1>This document may be found &
lt;a HREF="hXXp://dl.gamestop.com/impulse/873/GameStopApp_setupfull.ex
e">here</a></body>HTTP/1.1 302 Redirect..Content-Type: 
text/html; charset=UTF-8..Location: hXXp://dl.gamestop.com/impulse/873
/GameStopApp_setupfull.exe..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Wed, 16 Mar 2016 20:47:02 GMT..Content-Length: 183..Set-
Cookie: akamai-cookie=550769836.20480.0000; path=/..<head><ti
tle>Document Moved</title></head>.<body><h1>
;Object Moved</h1>This document may be found <a HREF="hXXp://
dl.gamestop.com/impulse/873/GameStopApp_setupfull.exe">here</a&g
t;</body>..

The Virus connects to the servers at the folowing location(s):

cisvc.exe_1500:

.text
`.data
.rsrc
query.dll
msvcrt.dll
ADVAPI32.dll
KERNEL32.dll
cisvc.pdb
.data
.idata
.reloc
.edata
%c*01
4lUlVAQKjX.tZ
vH%UxdO_dY->Z={05w{*QAK[LPA>db
i0pw>PnhFEo\6%X2slc^_"$
aE8N~fWenT%d
G6fqi`w.rT
SxdOiHT?8t/76OB{?cMaWt\m'.eo:Hh@
%Wq%D
&\x.KMN[
CRTDLL.DLL
4H4F4P4c4i4
kkqvx_.dll
.rdata
@.data
.pdata
@.idata
}]Dj\h}G1\=%.pua@r
NGmFa}@(F.yu`sb
{fTwZE{D%f]!
udPr
kkqvx_64.dll
K.$%D,3
sfc.dll
crtdll.dll
Software\Policies\Microsoft\Windows\System
%s%s\
1%u.%u.%u
\*.dat
22EnumDesktopWindows
Ouser32.dll
F%s-%s-%s-%s
c25RegEnumKeyExA
02RegCreateKeyExA
00RegOpenKeyExA
26RegSetKeySecurity
04RegCloseKey
Dadvapi32.dll
shell32.dll
09WinExec
48CreatePipe
47PeekNamedPipe
*%X%X
#oleaut32.dll
sfc_os.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
%s_37
ole32.dll
2consent.exe
Rrsvp.exe
orundll32.exe
chrome.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SetupWeb_
_sfx.exe
|MSASCui.exe|msseces.exe|mseinstall.exe|Tcpview.exe|cav_installer.exe|cfw_installer.exe|cispremium_installer.exe|PandaCloudAntivirus.exe|60Second.exe|Antivirus_Free_Edition.exe|OnlineArmorSetup.exe|McAfeeSetup.exe|Vba32.NT.T.exe|Vba32.P.exe|Vba32.S.exe|Vba32.Vista.exe|Vba32.W.exe|Vba32Check.exe|Vba32RCSInstallTuner.exe|avgmfapx.exe|avg_remover_expiro.exe|
\\?\UN
5.1.2600.5512 (xpsp.080413-0852)
cisvc.exe
Windows
Operating System
5.1.2600.5512
.?;#18?7-

cisvc.exe_1500_rwx_01001000_00001000:

cisvc.pdb
query.dll
msvcrt.dll
ADVAPI32.dll
KERNEL32.dll
\\?\UN

cisvc.exe_1500_rwx_01003000_0003B000:

.text
.data
.idata
.reloc
.edata
%c*01
4lUlVAQKjX.tZ
vH%UxdO_dY->Z={05w{*QAK[LPA>db
i0pw>PnhFEo\6%X2slc^_"$
aE8N~fWenT%d
G6fqi`w.rT
SxdOiHT?8t/76OB{?cMaWt\m'.eo:Hh@
%Wq%D
&\x.KMN[
KERNEL32.dll
CRTDLL.DLL
4H4F4P4c4i4
kkqvx_.dll
.rdata
@.data
.pdata
@.idata
}]Dj\h}G1\=%.pua@r
NGmFa}@(F.yu`sb
{fTwZE{D%f]!
udPr
kkqvx_64.dll
5.1.2600.5512 (xpsp.080413-0852)
cisvc.exe
Windows
Operating System
5.1.2600.5512
.?;#18?7-

cisvc.exe_1500_rwx_0103F000_00027000:

K.$%D,3
sfc.dll
crtdll.dll
%c*01
Software\Policies\Microsoft\Windows\System
%s%s\
1%u.%u.%u
\*.dat
22EnumDesktopWindows
Ouser32.dll
F%s-%s-%s-%s
c25RegEnumKeyExA
02RegCreateKeyExA
00RegOpenKeyExA
26RegSetKeySecurity
04RegCloseKey
Dadvapi32.dll
shell32.dll
09WinExec
48CreatePipe
47PeekNamedPipe
*%X%X
#oleaut32.dll
sfc_os.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
%s_37
ole32.dll
2consent.exe
Rrsvp.exe
orundll32.exe
chrome.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SetupWeb_
_sfx.exe
|MSASCui.exe|msseces.exe|mseinstall.exe|Tcpview.exe|cav_installer.exe|cfw_installer.exe|cispremium_installer.exe|PandaCloudAntivirus.exe|60Second.exe|Antivirus_Free_Edition.exe|OnlineArmorSetup.exe|McAfeeSetup.exe|Vba32.NT.T.exe|Vba32.P.exe|Vba32.S.exe|Vba32.Vista.exe|Vba32.W.exe|Vba32Check.exe|Vba32RCSInstallTuner.exe|avgmfapx.exe|avg_remover_expiro.exe|

impulse_setupfull.exe_1796:

.text
`.rdata
@.data
.rsrc
mscoree.dll
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
kernel32.dll
GetProcessWindowStation
user32.dll
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
COMCTL32.dll
GetWindowsDirectoryA
KERNEL32.dll
USER32.dll
RegCreateKeyExA
RegCloseKey
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
GetCPInfo
%Documents and Settings%\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini\impulse_setupfull.exe
&$$$&&&''
!!####$$$$%%%%
!$$$$%%#
$367999::976541
',0011/ ($
#&*,.... )&
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
version="1.0.0.0"
name="CompanyName.ProductName.YourApplication"
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
Setup.exe
This installation is password protected. Please &enter the password to start setup:
heslem, kontrolu hesla a zkuste again.Internal chybu (nezn
ske du har det forkerte password. Hvis du har downloaded denne fil, venligst download en frisk kopi. Hvis filen er password beskyttet, kontroller dit password og pr
digt, oder Sie haben das falsche Passwort eingegeben. Wenn Sie diese Datei heruntergeladen haben, laden Sie bitte eine neue Kopie herunter. Wenn die Datei durch ein Kennwort gesch
fen Sie Ihr Passwort und versuchen Sie es erneut.
Cannot start setup - the setup file may be corrupt, or you may have the wrong password. If you downloaded this file, please download a fresh copy. If the file is password protected, check your password and try again.
Impossible de lancer l'installation - il est possible que le fichier d'installation soit corrompu, ou vous utilisez le mauvais mot de passe. Veuillez t
par un mot de passe, verifiez votre mot de passe et reessayez.
Impossibile avviare il setup - il file di setup potrebbe essere corrotto, o hai inserito una password sbagliata. Se hai scaricato questo file, per favore scaricalo di nuovo. Se il file
protetto da password, controlla la password e riprova.
InstallAware Wizard.Onmogelijk tijdelijke bestanden te verwijderen
Kan setup niet starten - het setup-bestand mogelijk beschadigd of u hebt het verkeerde wachtwoord ingevoerd. Als u dit bestand gedownload heeft, downloadt u een nieuw exemplaar. Als het bestand is beveiligd met een wachtwoord, controleer uw wachtwoord en probeer het opnieuw.
re skadet, eller du kan ha feil passord. Hvis du lastet ned denne filen, vennligst laste ned en ny kopi. Hvis filen er passordbeskyttet, sjekk passordet og pr
Nemoguce je kreirati podatak%Unutarnja gre
Setup-ek - ez du hasi ahal fitxategia edo berori mindua egon ahal da pasahitz ez zuzen bat sartu du.Fitxategi hau deskargatu badu, mesedez descargue-a kopia berri bat. Fitxategia pasahitzagatik babestua egon edin, haren pasahitza egiazta dezan eta berriro saia bedi.
ter a palavra-passe errada. Se transferiu este ficheiro, efectue a transferencia de uma nova c
pia. Se o ficheiro for protegido por uma palavra-passe, verifique a sua palavra-passe e tente novamente.
n puede estar corrupto, o puede que usted tenga el password incorrecto. Si usted ha descargado este archivo, por favor descargue una nueva copia. Si el archivo est
protegido por password, checkee su password e int
e chcete operaci zru
Ukendt Fejl.Kan ikke loade konfigurations informationerne
Konfiguration mislykkedesQDenne installation er password beskyttet. &Angiv venligst password for at starte:
&Annuller@Kan ikke oprette midlertidig mappe for udpakning af installation
Konfiguration fehlgeschlagengDiese Installation ist durch ein Passwort gesch
Unknown ErrorÊnnot load configuration information
Configuration failedMThis installation is password protected. Please &enter the password to begin:
e par un mot de passe. Veuillez ins
rer le mot de passe pour commencer:
Az irat nem a pontos arhiv.Nem lehets
protetta da password. Per favore &inserisci la password per iniziare:
un archivio corretto.Impossibile creare la cartella di destinazione
Konfigurering mislyktesQDenne installasjonen er passordbeskyttet. Vennligst angi passordet for
da#Tem certeza de que deseja cancelar?
rii.Nu s-a putut deschide fluxul de date compactat#Nu a putut fi g
'Directorul rezultat nu a putut fi creat%Sunte
Neznana napaka.Konfiguracijskih informacij ni mogo
jams izveidot izvadmapi.Vai j
KonfigurazioarenEpaitzaYInstalazio hau pasahitzagatik babestua egon zaitez.Mesedez, pasahitza sar dadin &hasteko:
protegida por uma palavra-passe. Por favor&introduza a palavra passe para come
da de dados"Tem a certeza que deseja cancelar?
protegida por password. Por favor &ingrese el password para comenzar:
opera
uInstallAware Bertaratua paketearen instalazioaren neurriduna egiaztatzen ari da.Honek memento bat behar izan ahal du.
This installation was built with InstallAware: hXXp://VVV.installaware.com

GameStopApp_setup.exe_1108:

.text
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
comctl32.dll
TaskDialogIndirect
shell32.dll
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
%s[%d]
%s_%d
.Owner
shfolder.dll
wininit.ini
Uh!%C
USER32.DLL
EInvalidGraphicOperation
%s%.8x
%s%s (*.%s)|*.%2:s
%s*.%s
%s (%s)|%1:s|%s
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
uxtheme.dll
DWMAPI.DLL
PasswordCharP
OnKeyDown
OnKeyPress
OnKeyUp
ssHorizontal
OnKeyUpx
windows
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
Proportional
OnExecute RE
{43826d1e-e718-42ee-bc55-a1e261c37bfe}
%s%s%s%s%s%s%s%s%s%s
AutoHotkeysh
AutoHotkeys
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
imm32.dll
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreviewH>F
WindowState
tagMSG
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.Top
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
User32.dll
MAPI32.DLL
msShiftSelect
ArrowKeys
vsReport
RICHED32.DLL
%s.%.8X:%.8X
TComboBoxExEnumerator
ole32.dll
RunTimeExecute
Downloading Web Media:
Unable to download installation data from the web
Extracting Web Media:
Unable to extract installation data downloaded from the web
Please locate your original setup sources to continue operation
Original setup sources required to complete operation, sources not found
Beginning synchronous operation
Finishing synchronous operation
A previously executed setup still has pending operations on the system. Please restart your computer before attempting to install this product.
Downloading of installation data from the web has failed. Would you like to try again?
Proxy &Port:
Extraction of installation data downloaded from the web has failed. What would you like to do?
Proxy Pass&word:
Downloading of installation data from the web has failed. Please make sure you are connected to the Internet.
PORTUGESE (BRAZIL)
PORTUGESE (PORTUGAL)
Portugese (Brazil)
Portugese (Portugal)
%s, ClassID: %s
%s, ProgID: "%s"
mstask.exe
olepro32.dll
Shell32.dll
KeyPreviewd
IcsNtlmMsgs (c) 2004-2005 F. Piette V1.00
TNTLM_Msg2_Info
TIcsURL (c) 1997-2005 F. Piette V1.0
http:
wsoTcpNoDelay
Port
LocalPort
PeerPort
SocksPort
SocksPassword8
wsock32.dll
Unable to load wsock32.dll Error #
%s: WSAStartup error #%d
ws2_32.dll
Unable to load ws2_32.dll Error #
0.0.0.0
Cannot change Port if not closed
Cannot change LocalPort if not closed
255.255.255.255
WSocketResolveHost: Cannot convert host address '%s', Error #%d
WSocketResolvePort: Invalid Port.
WSocketResolvePort: Invalid Proto.
WSocketResolvePort: Cannot convert port '%s', Error #%d
WSocketResolveProto: Cannot convert protocol '%s', Error #%d
GetPeerPort
%s: can't start DNS lookup, error #%d
winsock.bind failed, error #%d
winsock.getsockname failed, error #%d
Connect: No Port Specified
Connect (Invalid operation in OnChangeState)
setsockopt(IPPROTO_TCP, TCP_NODELAY)
listen: port not assigned
Winsock.GetHostName failed
Operation would block
Operation now in progress
Operation already in progress
Socket operation on non-socket
Protocol not supported
Socket type not supported
Operation not supported on socket
Protocol family not supported
Address family not supported by protocol family
WinSock DLL cannot support this application
Can't change socks port if not closed
Listening is not supported thru socks server
tcp is the only protocol supported thru socks server
0.0.0.1
command not supported
address type not supported
THttpCli (c) 1997-2005 F. Piette V1.88
EHttpException
THttpRequest
httpABORT
httpGET
httpPOST
httpPUT
httpHEAD
httpCLOSE
HttpProt
THttpRequestDone
THttpCliOption
httpoNoBasicAuth
httpoNoNTLMAuth
THttpCliOptions
THttpCli
THttpClit
HttpProt:
ProxyPort
Password
ProxyPassword
%2.2d %s %4.4d %2.2d:%2.2d:%2.2d
application/x-www-form-urlencoded
Mozilla/4.0 (compatible; ICS)
https
HTTP/
HTTP/1.0
HTTP/1.1
hXXp://
hXXps://
HTTP component
HTTP component has nothing to post or put
document.htm
Insupported HTTP version
EWebBrokerExceptionU
%s: %s
%s:%s
dsBeginsyncoperation
dsEndsyncoperation
dsFilterreportmimetype
Begin sync operation
End sync operation
Filter report mime type
TUrlCallBack
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
urlmon.dll
URLDownloadToFileA
URLDownloadToCacheFileA
wininet.dll
Httpd
HttpDocData
TmiaWebForm
umiaWebForm
pmLockKeyboard
KeySelect
KeyMove
%d x %d
%d, %d
t.hXZN
advapi32.dll
OnActionExecute
1.1.3
Invalid ZStream operation!
Portable Network Graphics format handler error%s%s
Unknown Graphics Operation Code
Invalid Interlace Pass
TGif: %s
htPrintMonochromeBlack
OnKeyPressx
.HTML
.JPEG
password
HttpEq
TUrlTarget
3333333
msi.dll
MsiViewExecute
flash.ocx
*flash*.ocx
myflash.ocx
shlwapi.dll
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
shell32.dll.mui
Shell.Application
netapi32.dll
ptstoDefaultKeyHandling
ptsloDefaultKeyHandling
OnKeyUpP
TPTShellControlDefKeyRec
Software\Microsoft\Windows\CurrentVersion\Explorer
TIndexEnableEvent
%d line
Bitmaps (*.bmp)|*.bmp
Icon files (*.ico)|*.ico
%d - %s
OnGetEditorClassh
tsShadow
TRzRegKey
hkeyClassesRoot
hkeyCurrentUser
hkeyLocalMachine
hkeyUsers
hkeyPerformanceData
hkeyCurrentConfig
hkeyDynData
TRzRegAccessKey
keyQueryValue
keySetValue
keyCreateSubKey
keyEnumerateSubKeys
keyNotify
keyCreateLink
keyRead
keyWrite
keyExecute
keyAllAccess
RegKey
\Software\Microsoft\Windows\CurrentVersion
ENotSupportedException
TStringHashTable.TPair
TStringHashTable.TPairEnumerator
SOFTWARE\Microsoft\Windows\CurrentVersion
RegDeleteKeyExA
Windows NT
winver.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SOFTWARE\Microsoft\.NETFramework
SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
v4.0.30319
SOFTWARE\Microsoft\.NETFramework\Policy\v2.0
v2.0.50727
SOFTWARE\Microsoft\.NETFramework\Policy\v1.1
v1.1.4322
Fusion.dll
{2ec93463-b0c3-45e1-8364-327e96aea856}
odbccp32.dll
SQLConfigDataSource
IIsWebService
IIsWebServer
HEnableWebServiceExtension
*.exe
IIsWebVirtualDir
ContentIndexed
AccessExecute
Uh.IX
;!199{199
;0!8&2{199
Windows 95
Windows 95 OSR-2
Windows 98
Windows 98 SE
Windows ME
Windows 9x New
Windows NT 3
Windows NT 4
Windows 2000
Windows XP
Windows 2003
Windows Vista
Windows 2008
Windows 7
Windows 2008 R2
Windows NT New
TMsgHandlers
svrApi.dll
svrapi.dll
Software\Microsoft\Windows\CurrentVersion\Network\LanMan\
OLEAUT32.DLL
Invalid executable
SOFTWARE\MimarSinan\InstallAware\Ident.Cache\
.native.elements.log
.native.data.log
.native.weight.log
.native.bitness.log
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
regsvr32.exe
SOFTWARE\ODBC\ODBCINST.INI\
SOFTWARE\ODBC\ODBCINST.INI\ODBC Drivers
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
mscriptexecU
instance.dat
*.dat
SUPPORTDIR
mgac.exe
.config
mgacy.exe
gacutlrc.dll
COPYWEBLOCK
CMDLINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
translations.Map
translations.Original
shared.translations.
Weblock Abort
mMSIExec.dll
Web Media Block
Microsoft.NET\Framework\v4.0.30319\ngen.exe
Microsoft.NET\Framework\v2.0.50727\ngen.exe
Microsoft.NET\Framework\v1.1.4322\ngen.exe
Run .NET Installer Class
Microsoft.NET\Framework\v4.0.30319\installutil.exe
Microsoft.NET\Framework\v2.0.50727\installutil.exe
Microsoft.NET\Framework\v1.1.4322\installutil.exe
Microsoft.NET\Framework\v4.0.30319\regasm.exe
PublicKeyToken=
Microsoft.NET\Framework\v2.0.50727\regasm.exe
Microsoft.NET\Framework\v1.1.4322\regasm.exe
mia.lib
setup.bmp
URLUpdateInfo
Microsoft.NET\Framework\
\aspnet_regiis.exe
NO$KEY
shdocvw.dll
Microsoft.NET\Framework\v1.1.4322\gacutil.exe
Reboot and Login
<CachedSupportDir>
</CachedSupportDir>
ahadmin_wrapper.dll
\ddeexec
\ddeexec\application
\ddeexec\topic
readme.txt
license.txt
readme.rtf
license.rtf
index.htm
movie.swf
.miaf
MaskEdit1KeyUp
TreeView1KeyUp
user32.dll
Built with InstallAware - hXXp://VVV.installaware.com/
hXXp://VVV.installaware.com/
HTTP:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
Windows Installer
%DoNotInstallComponentorSubComponents1x
offline\*.*
mergemod\*.*
Shlwapi.dll
PathIsURLA
PathIsURLW
SHDeleteEmptyKeyA
UrlGetPartA
UrlGetPartW
UrlGetLocationA
UrlGetLocationW
UrlCanonicalizeA
Portable Network Graphics
fileexclude.txt
pagefile.sys
hiberfil.sys
regexclude.txt
roots.txt
MsiRestartManagerSessionKey
ARPURLINFOABOUT
ARPURLUPDATEINFO
PIDKEY
WINDOWSFOLDER
WINDOWSVOLUME
MSINTSUITEWEBSERVER
MSINETASSEMBLYSUPPORT
MSIWIN32ASSEMBLYSUPPORT
OLEADVTSUPPORT
REDIRECTEDDLLSUPORT
SHAREDWINDOWS
SHELLADVTSUPPORT
TTCSUPPORT
WINDOWSBUILD
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
lang.loc
mia.tmp
<SupportDir>
</SupportDir>
This installation was created with InstallAware for Windows Installer.
Would you like to visit the InstallAware website shown below for more information?
hXXp://VVV.InstallAware.com/
<4,$?7/'
(3-!0,1'8"5.*2$
?456789:;<=
!"#$%&'()* ,-./0123
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
HTTP-EQUIV
burlywood
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\lang.loc
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\mia.tmp
e_logic.ini
OFFLINE\1001D268\AF6861CC\impulse_main.ini
RegOpenKeyExA
RegCloseKey
GetKeyboardType
UnhookWindowsHookEx
SetWindowsHookExA
SetKeyboardState
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
gdi32.dll
SetViewportOrgEx
GetViewportOrgEx
GetViewportExtEx
version.dll
mpr.dll
WinExec
GetWindowsDirectoryA
GetCPInfo
RegQueryInfoKeyA
RegOpenKeyA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
ShellExecuteExA
ShellExecuteA
winspool.drv
comdlg32.dll
winmm.dll
avi10C.tmp.avi Video #1
&'!'-!!!'8.!
! '-' ??'8.
!&..'?!!-
-. ?.XsP
'''? - !'
33 33###
avi10A.tmp.avi Video #1
avi108.tmp.avi Video #1
avi1F.tmp.avi Video #1
I.RvFFb
d.IIaa
^I.Iaa
11.Iaa
11.Iax
aI..Ia
.Rtx.5ii
I.IIaa
11.Ia
avi103.tmp.avi Video #1
[9$9$9$9$9$
avi10E.tmp.avi Video #1
avi105.tmp.avi Video #1
avi21.tmp.avi Video #1
.qa)z:)
dj.jj
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
333333330
33333333333333333333
33333333330
3333333030
33333330
333333333
33333339
33330333330
3333033333
33330333303
333303333
0333337
3333333333
33333333333333333
333333333333333330
3333330
3333338
3333333333033338
3333333330
3333333333330
3030330
030333003
0030330
333333333333330
3333333333333
333333303
0333333
3333303
033333333
03333333333
&$$$&&&''
!!####$$$$%%%%
!$$$$%%#
$367999::976541
',0011/ ($
#&*,.... )&
`.rdata
@.data
.rsrc
xSSSh
FTPjKS
FtPj;S
C.PjRV
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
IDispatch error #%d
Stdout pipe creation failed
Cannot call AppCmd
F:\latest (manually copied the dll to the other folder too)\ahadmin_wrapper\src\ReleaseDLL\ahadmin_wrapper.pdb
CreatePipe
GetWindowsDirectoryW
KERNEL32.dll
OLEAUT32.dll
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
9*:0:4:8:<:
1$121?1^1
=$=,=4=<=
0 0$0(0,0004080<0@0
2 2$2(2,202
mscoree.dll
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
KERNEL32.DLL
gacutil.pdb
u.WVh
u.VSh
YYu.PS
u.VWh
GetConsoleOutputCP
GetProcessHeap
USER32.dll
SHLWAPI.dll
Thawte Certification1
hXXp://ocsp.verisign.com0
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
"hXXp://crl.verisign.com/tss-ca.crl0
9hXXp://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl0
hXXp://microsoft.com0
<requiredRuntime safemode="true" imageVersion="v2.0.50727" version="v2.0.50727"/>
<requiredRuntime safemode="true" imageVersion="v4.0.30319" version="v4.0.30319"/>
@.rsrc
GACUTLRC.DLL
gacutlrc.pdb
<ms_asmv3:requestedExecutionLevel
3hXXp://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
,hXXp://VVV.microsoft.com/pki/certs/CSPCA.crt0
3hXXp://crl.microsoft.com/pki/crl/products/tspca.crl0H
,hXXp://VVV.microsoft.com/pki/certs/tspca.crt0
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="gacutil" type="win32"></assemblyIdentity><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
8*9094989<9
KWindows
UrlMon
6mscriptexec
?HTTPApp
>WebConst
uWindows7Taskbar
]mscriptexecthread
OURLSubs
.HTMLGif2
1uMIAWeb
JumiaWebForm
IcsUrl
IcsNtlmMsgs
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Items.Strings
Glyph.Data
333333033
3333333333333333330
33333333033
33333333333333330
033333333333333
3333330033
33333333333333
30333333333333333333
333333338
333330000
333333038
33333333333330
3333333333333333
Icon.Data
Tabs.Strings
All (*.bmp;*.ico;*.emf;*.wmf,*.jpg)|*.bmp;*.ico;*.emf;*.wmf;*.jpg;*.jpeg|Bitmaps (*.bmp)|*.bmp|Icons (*.ico)|*.ico|Enhanced Metafiles (*.emf)|*.emf|Metafiles (*.wmf)|*.wmf|JPEG Images (*.jpg)|*.jpg;*.jpeg
All (*.bmp;*.ico;*.emf;*.wmf;*.jpg)|*.bmp;*.ico;*.emf;*.wmf;*.jpg|Bitmaps (*.bmp)|*.bmp|Icons (*.ico)|*.ico|Enhanced Metafiles (*.emf)|*.emf|Metafiles (*.wmf)|*.wmf|JPEG Images (*.jpg)|*.jpg
edtKeyPress
3333333333333333333
3333334
Picture.Data
TMenuItem%DoNotInstallComponentorSubComponents1
^Extraction of installation data downloaded from the web has failed. What would you like to do?
VDownloading of installation data from the web has failed. Would you like to try again?
mDownloading of installation data from the web has failed. Please make sure you are connected to the Internet.
miaWebForm
Mozilla/3.0 (compatible)
!application/x-www-form-urlencoded
8a.Mz@`
@QkEYrG_wIb|>Yt)Ca
.Pm&H`
&)K*1z-4}.6| 4w(1t)5w.:|5@
"#I $w!%x $u
*>
(3I&1G"*A&-F
:<v24S#%C#'@ 1D3:I7@J:CL,6=7AH>GQ:BO29H.4G/4I05J/6J,5I-3J 3J-2K*1J*.J&-H!%A!(C&*F#*C$*A!)@$ >
2((@54N:9S64Q/-K )G (H&#C&$B'%C*(E, E**B##:..6
:#$F#%D
%.!/9*?2';("5
-('7)…/@70=
%,% 217>/5<&),
%)&/3)26!*. & '-2,16( -
956C8;;255,/:36?:<C>@IHJTSUJNOGKLKPQQYYPXXAKK2?=/@<?TLO`\UfbQ_]<JH7B@DOMS\YR\VQXQKSIJPENUFY^OaiR^iC\g?grRmu^ei]ega]^ZEFB^`Zhi_TVJKK==;01/Ú9<61C=8i_XRB5_I7cG/rT7
$(!',#).(.2),.
')'03%.1
osZ2bO*\I(cR1dQ.iV1fT hV-jZ0fZ6
) !-/*36,58.7:*.0
[kX%sd6~pF
gl]%fX'l_1
&))14-13
apr=OP5FIMabk}~evsaoi\g]HRB5;(5:Ï-edHywY`^@SR6HG II SQ3
YZ@`_CKJ.LK/?>"BA%LJ,ywU
EF,:;!KJ.QO1WU3ljBhc6nh3
wuu9453-.:45;67734?=>DFFCGGCJJAII;BC9?@CGIPSUOSRMSQOTSAHG4:;BJJOWXBJKNUVKRQGMKAGB;?959147/68/./'77/01)35,:;2AA7;;/BA3VTDCA.RO7
 114214114111
 2111141141141.
(4114141141141411
&41141114114.(11214
4114141414114%.1411
(411411411,414. 61221
211414111
"41111.1.
.="A421
1411412
4122141
222.42114122
61211421212121
A14114141214
611142114141
41114141412
612114114
14142142
 004204004000
 2000040040030-
(4004040030040400
&40030003004-(00204
4003040404003$-0300
(400400400,403- 60220
200404000
!40000-0-
-<!$40320
0400402
4022040
222-42004022
60200320202020
$4004004040204
600032003040
40004040402
602003004
04032042
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
version="1.0.0.0"
name="CompanyName.ProductName.YourApplication"
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
HKEY_
THOTKEY
TMIAWEBFORM
*** MSI Directory ***GThe archive cannot be opened: unsupported archive or incorrect password
Add a readme.V.txt or readme.txt file to your project as a support file/creative to display it here.
Add a license.W.txt or license.txt file to your project as a support file/creative to display it here.
.rtf or readme.rtf, or readme. .rtf or license.rtf, or license.oAdd an index.htm file to your project to display it here, along with any other additional support/linked files.8Add a movie.swf file to your project to display it here.
LABEL re-defined: .Web Media Block name must be a legal file name3Web Media Block must have at least one download URL
NUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Brown2The chunk class index especified is out of range.1Can't read the PNG image, it has corrupted data. \This PNG image is invalid, the IHDR chunk is either not present or it isn't the first chunk.CThe current image being loaded has no data and could not be loaded.6The current image being loaded has an invalid palette!>Could not read the image because it has an unknown color type.MThe image could not be loaded because it uses an unknown set of filter types.*The image has an unknown interlace method.\The currently being loaded image contains critical(s) chunk(s) not reconized by the decoder.>The current image requeries a palette but it is not avaliable.^Can not get transparency information because the current image color type is not RGB (value 3)wThe especified chunk is not inside the chunk list containing the method being used. The funcion could not be completed.
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design mode1Invalid URL encoded character (%s) at position %d
The archive file was not found*Illegal path used in a wildcard expressionGThe archive cannot be opened: unsupported archive or incorrect password
JPEG error #%d
JPEG Image Fileúiled to allocate memory for GIF DIB Failed to create DIB from Bitmap
Scan line index out of rangeGInvalid Portable Graphics Network image, it has an invalid file header./The chunk index especified is out of the range.
Failed to Save Stream %s is already associated with %sE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Could not activate "%s" task.
Task "%s" is not activated.'Task with the name "%s" already exists. Trigger index out of bounds (%d)&Task Scheduler service is not running.=Error decoding URL style (%%XX) encoded string at position %d
UTF-7"PageControl must first be assigned"%s requires Windows Vista or later
Failed to clear tab control Failed to delete tab at index %d"Failed to retrieve tab at index %d Failed to get object at index %d"Failed to set tab "%s" at index %d Failed to set object at index %d<MultiLine must be True when TabPosition is tpLeft or tpRight
(%dx%d)
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.,Multiselect mode must be on for this feature
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned
Value must be between %d and %d
All files (*.*)|*.*
Invalid clipboard format Clipboard does not support Icons
Text exceeds memo capacity.There is no default printer currently selected/Menu '%s' is already being used by another form
Invalid input value7Invalid input value. Use escape key to abandon changes
!Control '%s' has no parent window$Parent given is not a parent of '%s'
%s property out of range
%s on %s@GroupIndex cannot be less than a previous menu item's GroupIndex
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
Unsupported clipboard format
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
%s on line %d
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list
%s expected$%s not in a class registration group
Cannot create file "%s". %s
Cannot open file "%s". %s
Unable to write to %s
Invalid file name - %s
Invalid stream format$''%s'' is not a valid component name
Invalid property element: %s
Invalid data type for '%s'
Line too long List capacity out of bounds (%d)
Ancestor for '%s' not found
Cannot assign a %s to a %s
''%s'' expectedECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid GUID value
I/O error %d
nKERNEL32.DLL
- floating point support not loaded
WUSER32.DLL
MACHINE/WEBROOT/APPHOST
system.applicationHost/sites
%systemdrive%\inetpub\wwwroot\
MACHINE/WEBROOT/APPHOST/
system.webServer/httpProtocol
system.webServer/httpLogging
system.applicationHost/applicationPools
system.webServer/handlers
system.webServer/directoryBrowse
system.webServer/defaultDocument
system.webServer/staticContent
system.webServer/security/authentication/anonymousAuthentication
system.webServer/security/authentication/windowsAuthentication
system.webServer/security/authentication/basicAuthentication
appcmd.exe
\system32\inetsrv\appcmd.exe
efusion.dll
Microsoft (R) .NET Global Assembly Cache Utility. Version 2.0.50727.42
UNINSTALL_KEY
WINDOWS_INSTALLER
Microsoft (R) .NET Framework Global Assembly Cache Utility
2.0.50727.42 (RTM.050727-4200)
gacutil.exe
.NET Framework
2.0.50727.42
kInvalid file or assembly name. The name of the file must be the name of the assembly plus .dll or .exe .
PAssembly cannot be uninstalled because it is required by the operating system.
Unknown Error hr=0X%x
UNINSTALL_KEY <registry key> <data>
OAssembly could not be uninstalled because it is required by Windows Installer
Error HRESULT=0x%0x
Number of items = %d
8/ungen is obsolete. Please use ngen.exe /delete instead.
RAssembly could not be uninstalled because it is required by the operating system
Failure enumerating assemblies: .Invalid assembly display name in input file.
/Error deleting contents of the download cache: %Download cache deleted successfully
Failed to process assembly %ws.HAssembly %ws already exists in cache. Use /f option to force overwrite
.Assembly %ws successfully added to the cache
Number of assemblies processed = %d
%Number of assemblies installed = %d
(Number of assemblies uninstalled = %d
Number of failures = %d
Example: /i myDll.dll/ /r FILEPATH c:\projects\myapp.exe "My App"
# Example: /il MyAssemblyList.txt- /r FILEPATH c:\projects\myapp.exe "My App"
# myAssemblyList.txt content:
myAsm1.dll
myAsm2.dll
K /u myDll,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
2 /r FILEPATH c:\projects\myapp.exe "My App"
F Assembly will be removed unless referenced by Windows Installer.
U Example: /uf myDll,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
# Example: /ul myAssemblyList.txt
,/r FILEPATH c:\projects\myapp.exe "My App"
H myDll,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
K myDll2,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
(UNINSTALL_KEY, FILEPATH or OPAQUE).
; Example: /r FILEPATH c:\projects\myapp.exe "My App"
gacutil.ex
4.0.30319.1 (RTMRel.030319-0100)
4.0.30319.1
8/ungen is obsolete. Please use ngen.exe /delete instead.%Unsupported target runtime version.
gacutlrc.dl
Microsoft (R) .NET Global Assembly Cache Utility. Version 4.0.30319.1
yKERNEL32.DLL
This installation was built with InstallAware: hXXp://VVV.installaware.com

cidaemon.exe_1988:

.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
query.dll
ntdll.dll
ole32.dll
cidaemon.pdb
\\?\UN
5.1.2600.0 (xpclient.010817-1148)
cidaemon.exe
Windows
Operating System
5.1.2600.0


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    TASKKILL.exe:212
    TASKKILL.exe:772
    TASKKILL.exe:1524
    TASKKILL.exe:320
    TASKKILL.exe:2020
    TASKKILL.exe:172
    TASKKILL.exe:2012
    verclsid.exe:1176
    verclsid.exe:484
    verclsid.exe:1056
    verclsid.exe:1600
    verclsid.exe:1604
    verclsid.exe:320
    verclsid.exe:916
    impulse_setupfull.exe:1796
    mscorsvw.exe:252
    mscorsvw.exe:1028
    %original file name%.exe:2040
    cidaemon.exe:1988

  2. Delete the original Virus file.
  3. Delete or disinfect the following files created/modified by the Virus:

    %System%\wbem\jbfdpfdn.tmp (1647 bytes)
    %System%\CatRoot2 (96 bytes)
    C:\System Volume Information\catalog.wci\00000002.ps2 (3515 bytes)
    %WinDir%\SoftwareDistribution (4 bytes)
    C:\System Volume Information\catalog.wci\00000002.ps1 (1001 bytes)
    %WinDir%\pchealth\helpctr\System\images (4 bytes)
    C:\System Volume Information\catalog.wci\00010008.ci (1202 bytes)
    %WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2 (4 bytes)
    %WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
    %WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
    %WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee (4 bytes)
    C:\System Volume Information\catalog.wci\CiPT0000.001 (240 bytes)
    C:\System Volume Information\catalog.wci\CiPT0000.000 (43440 bytes)
    C:\System Volume Information\catalog.wci\CiPT0000.002 (240 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 (4 bytes)
    %WinDir%\pchealth\helpctr\System\panels (4 bytes)
    C:\System Volume Information\catalog.wci\INDEX.002 (68 bytes)
    %WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (7433 bytes)
    C:\System Volume Information\catalog.wci\INDEX.000 (12480 bytes)
    C:\System Volume Information\catalog.wci\INDEX.001 (68 bytes)
    C:\System Volume Information\catalog.wci\00010001.dir (16 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\plug_ins3d (4 bytes)
    %WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af (4 bytes)
    %System%\dmadmin.exe (3073 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\dreamcatch.xml (144 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\app.dat (3200 bytes)
    %WinDir%\Microsoft.NET\Framework\v4.0.30319 (2364 bytes)
    %Documents and Settings%\Default User (540 bytes)
    %WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9 (4 bytes)
    C:\$Directory (5824 bytes)
    %System%\aadbnpka.tmp (315 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Total Commander (4 bytes)
    C:\System Volume Information\catalog.wci\CiCL0001.000 (19200 bytes)
    %WinDir%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 (4 bytes)
    %Documents and Settings%\%current user%\My Documents (4 bytes)
    %System%\config (120 bytes)
    %System%\scardsvr.exe (2105 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC (4 bytes)
    %WinDir%\Prefetch (1056 bytes)
    %Documents and Settings%\All Users\Application Data (4 bytes)
    %System%\tlntsvr.exe (1425 bytes)
    %WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bethesda.xml (601 bytes)
    C:\System Volume Information\catalog.wci\00010004.dir (16 bytes)
    %WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59 (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (8446 bytes)
    %WinDir%\assembly\GAC_32 (4 bytes)
    %Documents and Settings%\Default User\Start Menu\Programs\Accessories\Accessibility (4 bytes)
    %Program Files%\Reference Assemblies\Microsoft\Framework\v3.0 (4 bytes)
    %System%\msiexec.exe (1425 bytes)
    %System%\config\systemprofile\Application Data\Microsoft (4 bytes)
    %Program Files%\Adobe\Reader 9.0\Resource\Font (4 bytes)
    %System%\bephgpio.tmp (259 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30 (4 bytes)
    %WinDir%\Installer\$PatchCache$\Managed (4 bytes)
    %WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.res (14405 bytes)
    %WinDir%\SoftwareDistribution\DataStore\Logs (96 bytes)
    %Program Files%\Common Files\Microsoft Shared\OFFICE14 (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF (4 bytes)
    %Program Files%\WIRESHARK (212 bytes)
    %WinDir%\Microsoft.NET\Framework\v3.0\WPF (4 bytes)
    %WinDir%\assembly\GAC_MSIL (36 bytes)
    %WinDir%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 (4 bytes)
    %System%\ups.exe (1281 bytes)
    %Documents and Settings%\NetworkService\Local Settings (4 bytes)
    %System%\oobe\html (4 bytes)
    %System%\sessmgr.exe (2105 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\blitzgames.xml (36 bytes)
    %WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109 (4 bytes)
    C:\$ConvertToNonresident (4593 bytes)
    %WinDir%\ime (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973 (12 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 (4 bytes)
    %Documents and Settings%\%current user%\Cookies (192 bytes)
    %Documents and Settings%\%current user%\Favorites (4 bytes)
    %WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50 (4 bytes)
    %System%\bfdleoan.tmp (317 bytes)
    C:\System Volume Information\catalog.wci\CiST0000.000 (54960 bytes)
    C:\System Volume Information\catalog.wci\CiST0000.001 (18500 bytes)
    C:\System Volume Information\catalog.wci\CiST0000.002 (18500 bytes)
    C:\System Volume Information\catalog.wci\CiP10000.000 (7440 bytes)
    C:\System Volume Information\catalog.wci\CiP10000.001 (20 bytes)
    C:\System Volume Information\catalog.wci\CiP10000.002 (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\atari.xml (601 bytes)
    C:\System Volume Information\catalog.wci\00010004.ci (2850 bytes)
    %WinDir%\Microsoft.NET\assembly\GAC_32 (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.exe (14770 bytes)
    %Program Files%\WinPcap\kfmalkjc.tmp (327 bytes)
    %WinDir%\Temp\Perflib_Perfdata_668.dat (4 bytes)
    %System%\dllhost.exe (1281 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation (4 bytes)
    %Documents and Settings%\LocalService (8 bytes)
    %WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b (4 bytes)
    %System%\config\AppEvent.Evt (824 bytes)
    %System%\fgdaahll.tmp (1811 bytes)
    %WinDir%\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas# (4 bytes)
    %WinDir%\pchealth\helpctr\OfflineCache (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users (4 bytes)
    %WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d (4 bytes)
    %WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e (4 bytes)
    C:\System Volume Information\catalog.wci\00010009.dir (16 bytes)
    C:\PROGRAM FILES (16 bytes)
    %Documents and Settings%\Default User\Templates (4 bytes)
    C:\System Volume Information\catalog.wci\0001000C.ci (2562 bytes)
    %WinDir%\Help\Tours\WindowsMediaPlayer\Img (4 bytes)
    C:\System Volume Information\catalog.wci\00010003.ci (2850 bytes)
    %WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d (4 bytes)
    %WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9 (4 bytes)
    C:\System Volume Information\catalog.wci\CiVP0000.000 (240 bytes)
    C:\System Volume Information\catalog.wci\00010001.ci (118 bytes)
    %Documents and Settings%\Default User\Local Settings (4 bytes)
    %WinDir%\$hf_mig$ (8 bytes)
    %System%\spool\XPSEP\amd64 (4 bytes)
    %System%\lbflmcjf.tmp (245 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles (4 bytes)
    %System%\wbem\Repository\FS (12 bytes)
    %WinDir%\ime\imjp8_1 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074 (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\SystemCache\6.0 (8 bytes)
    %System%\hnaacngl.tmp (1663 bytes)
    %Documents and Settings%\LocalService\Application Data\Microsoft (4 bytes)
    %WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c (4 bytes)
    %WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f (4 bytes)
    %WinDir%\Web\Wallpaper (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft (4 bytes)
    %Program Files%\Microsoft Office\Office14 (4 bytes)
    %System%\config\SysEvent.Evt (320 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501 (4 bytes)
    %WinDir%\assembly\NativeImages_v4.0.30319_32\PresentationFramewo# (4 bytes)
    %WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdp.xml (20 bytes)
    C:\System Volume Information\catalog.wci\00010007.dir (16 bytes)
    %WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a (4 bytes)
    C:\System Volume Information\catalog.wci\CiP20000.002 (24 bytes)
    C:\System Volume Information\catalog.wci\CiP20000.001 (20 bytes)
    C:\System Volume Information\catalog.wci\CiP20000.000 (6720 bytes)
    %System%\wbem\Repository\FS\OBJECTS.DATA (11634 bytes)
    %WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba (4 bytes)
    %WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8 (4 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd (4 bytes)
    %WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9 (4 bytes)
    %System%\vssvc.exe (3361 bytes)
    %WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\auran.xml (53 bytes)
    %WinDir%\ime\imkr6_1 (4 bytes)
    C:\System Volume Information\catalog.wci\propstor.bk2 (172088 bytes)
    C:\System Volume Information\catalog.wci\propstor.bk1 (23840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\corel.xml (28 bytes)
    %WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504 (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers (4 bytes)
    %WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501 (4 bytes)
    %Documents and Settings%\All Users\Documents\My Music (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\alawar.xml (8 bytes)
    %Program Files%\Windows NT (4 bytes)
    %WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d (4 bytes)
    %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f (4 bytes)
    C:\System Volume Information\catalog.wci\0001000A.dir (16 bytes)
    %System%\wbem\Logs\wbemcore.log (1056 bytes)
    C:\totalcmd (4 bytes)
    %System%\cheknboh.tmp (245 bytes)
    %Program Files%\Common Files\System (4 bytes)
    %System%\wbem\Repository\FS\MAPPING1.MAP (12 bytes)
    C:\System Volume Information\catalog.wci\0001000A.ci (4642 bytes)
    %WinDir%\Temp\vmware-SYSTEM\00000e7e (4 bytes)
    %Program Files%\Windows Media Player (4 bytes)
    C:\System Volume Information\catalog.wci\00010009.ci (118 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll (2256 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\1c.xml (1281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (4 bytes)
    %WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df (4 bytes)
    %WinDir%\AppPatch (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\ibippeaf.tmp (6427 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\CONFIG (4 bytes)
    %WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c (4 bytes)
    C:\System Volume Information\catalog.wci\00010002.ci (4642 bytes)
    %WinDir%\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (384 bytes)
    %System%\fammdcpl.tmp (1610 bytes)
    %WinDir%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0 (4 bytes)
    %WinDir%\msagent (4 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ekfpdphh.tmp (5442 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\activision.xml (1425 bytes)
    C:\System Volume Information\catalog.wci\00010007.ci (93 bytes)
    %WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944 (4 bytes)
    C:\System Volume Information\catalog.wci\0001000B.ci (14690 bytes)
    %WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f (4 bytes)
    %WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda (4 bytes)
    %WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E (8 bytes)
    %Program Files%\Movie Maker\Shared (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\apogee.xml (16 bytes)
    %WinDir%\assembly\NativeImages_v2.0.50727_32\PresentationFramewo# (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft (4 bytes)
    %System%\mui (4 bytes)
    %System%\locator.exe (1425 bytes)
    %WinDir%\REGISTRATION (8 bytes)
    %System%\spool\XPSEP\i386 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdv.xml (8 bytes)
    %WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4 (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client (8 bytes)
    %Documents and Settings%\%current user%\APPLICATION DATA (8 bytes)
    %System%\wbem\Logs\wbemess.log (768 bytes)
    %System%\smlogsvc.exe (2105 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
    %System%\wbem\Repository\FS\INDEX.BTR (13297 bytes)
    %System%\netdde.exe (4210 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ngen_service.log (8 bytes)
    %WinDir%\assembly\NativeImages_v2.0.50727_32\System.DirectorySer# (4 bytes)
    %System%\msdtc.exe (1281 bytes)
    %WinDir%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 (4 bytes)
    C:\System Volume Information\catalog.wci\CiSP0000.000 (18240 bytes)
    C:\System Volume Information\catalog.wci\CiSP0000.001 (92 bytes)
    C:\System Volume Information\catalog.wci\CiSP0000.002 (92 bytes)
    C:\System Volume Information\catalog.wci\CiFLfffc.002 (124 bytes)
    %WinDir%\Microsoft.NET\assembly\GAC_MSIL (28 bytes)
    C:\System Volume Information\catalog.wci\CiFLfffc.000 (7200 bytes)
    C:\System Volume Information\catalog.wci\CiFLfffc.001 (124 bytes)
    C:\System Volume Information\catalog.wci\00010003.dir (16 bytes)
    %Program Files%\WinPcap\rpcapd.exe (1425 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig (4 bytes)
    C:\System Volume Information\catalog.wci\00010005.ci (4642 bytes)
    %System%\config\systemprofile\Start Menu\Programs\Accessories (4 bytes)
    C:\System Volume Information\catalog.wci\00010002.dir (16 bytes)
    %WinDir%\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 (4 bytes)
    C:\System Volume Information\catalog.wci\00010006.dir (16 bytes)
    %WinDir%\Temp\Perflib_Perfdata_264.dat (100 bytes)
    %WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da (4 bytes)
    %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be (4 bytes)
    %System%\nabngjke.tmp (274 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75 (4 bytes)
    C:\System Volume Information\catalog.wci\00010005.dir (116 bytes)
    %System%\imapi.exe (2105 bytes)
    %WinDir%\pchealth\helpctr\Config (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Adobe\Acrobat\9.0 (4 bytes)
    C:\System Volume Information\catalog.wci\cicat.hsh (12 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace (4 bytes)
    %Documents and Settings%\%current user%\Templates (4 bytes)
    %WinDir%\assembly\NativeImages_v4.0.30319_32\System.ServiceModel# (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\akella.xml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\2kg.xml (2105 bytes)
    %System%\drivers (32 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW (4 bytes)
    %System%\ahqghffi.tmp (312 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6 (4 bytes)
    %System%\fanhjeei.tmp (1747 bytes)
    %WinDir%\assembly\NativeImages_v4.0.30319_32\System.DirectorySer# (4 bytes)
    %WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\clearcrown.xml (8 bytes)
    %WinDir%\security (4 bytes)
    %System%\wbem\wmiapsrv.exe (2105 bytes)
    %WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426 (4 bytes)
    C:\System Volume Information\catalog.wci\CiCL0001.001 (9032 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\avg.xml (12 bytes)
    C:\System Volume Information\catalog.wci\CiCL0001.002 (8592 bytes)
    %WinDir%\WinSxS\Manifests (28 bytes)
    %WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154 (4 bytes)
    %WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374 (4 bytes)
    %Documents and Settings%\All Users\Application Data\Microsoft (4 bytes)
    %WinDir%\Web\printers (8 bytes)
    C:\DOCUMENTS AND SETTINGS (8 bytes)
    C:\System Volume Information\catalog.wci\0001000C.dir (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GameStopApp_setupfull[1].exe (33428 bytes)
    %System%\config\systemprofile\Local Settings (4 bytes)
    %WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e (4 bytes)
    %WinDir%\repair (4 bytes)
    %System%\lnmjjbbk.tmp (1633 bytes)
    %Program Files%\Internet Explorer (4 bytes)
    C:\System Volume Information\catalog.wci\cicat.fid (336 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\icon_update.ico (4 bytes)
    C:\System Volume Information\catalog.wci\00010006.ci (97 bytes)
    %WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5 (4 bytes)
    %WinDir%\Prefetch\VERCLSID.EXE-3667BD89.pf (40 bytes)
    %Program Files%\Reference Assemblies\Microsoft\Framework\v3.5 (4 bytes)
    %Documents and Settings%\LocalService\Local Settings (4 bytes)
    %WinDir%\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac (4 bytes)
    %Program Files%\COMMON FILES (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\cache\6.0 (8 bytes)
    %Documents and Settings%\All Users\Documents\My Music\Sample Playlists (4 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard (4 bytes)
    %System%\aaiaqplm.tmp (1615 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E (16 bytes)
    %Documents and Settings%\NetworkService\Application Data\Microsoft (4 bytes)
    %WinDir%\MICROSOFT.NET (8 bytes)
    %Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5 (4 bytes)
    %System%\oobe\html\mouse (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\amd.xml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\capcom.xml (673 bytes)
    %WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6 (4 bytes)
    %Documents and Settings%\Default User\SendTo (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bohemia.xml (45 bytes)
    %Documents and Settings%\Default User\Application Data\Microsoft (4 bytes)
    %WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2 (4 bytes)
    C:\System Volume Information\catalog.wci\CiSL0001.000 (9600 bytes)
    C:\System Volume Information\catalog.wci\00010008.dir (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cinemaware.xml (601 bytes)
    %WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a (4 bytes)
    %WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf (4 bytes)
    C:\System Volume Information\catalog.wci\CiFLfffd.001 (144 bytes)
    C:\System Volume Information\catalog.wci\CiFLfffd.000 (7680 bytes)
    C:\System Volume Information\catalog.wci\CiFLfffd.002 (144 bytes)
    C:\System Volume Information\catalog.wci\0001000B.dir (116 bytes)
    %System%\iajpffjm.tmp (1672 bytes)
    %System%\mnmsrvc.exe (1425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Slovenian (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_finish.dfm (275 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.dfm.miaf (128 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Catalan (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Hebrew (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_welcome.dfm (275 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Dutch (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Latvian (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Polish (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\maintenance.dfm (104 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Thai (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Korean (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\welcome.dfm (104 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Catalan (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Japanese (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Czech (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Swedish (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Portugese (Portugal) (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\finish.dfm (105 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\registration.dfm.miaf (202 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Arabic (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\destination.dfm (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_reboot.dfm (877 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\progressprereq.dfm (32 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\progress.dfm.miaf (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Portugese (Portugal) (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Lithuanian (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Chinese (PRC) (13 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Russian (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_download.dfm.miaf (372 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Romanian (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Basque (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Map (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Greek (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Thai (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Latvian (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_install.dfm.miaf (516 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_schedule.dfm.miaf (974 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Italian (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Croatian (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_download.dfm.miaf (516 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Polish (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Turkish (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\registrationwithserial.dfm (32 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Vietnamese (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Spanish (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\GameStopApp_setup.msi (1425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\finish.dfm.miaf (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Slovak (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Portugese (Brazil) (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_finish.dfm.miaf (372 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Arabic (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Danish (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\mMSIExec.dll (1723 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\startmenu.dfm.miaf (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\license.rtf (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Chinese (Taiwan) (13 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Finnish (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Hebrew (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Hungarian (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Original (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Hungarian (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_install.dfm (32 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\Impulse®.mtx (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Russian (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Portugese (Brazil) (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Swedish (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\prereq.dfm (118 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Spanish (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Estonian (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Chinese (Taiwan) (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\licensecheck.dfm (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\prereq.dfm.miaf (370 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Norwegian (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_account.dfm.miaf (872 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\licensecheck.dfm.miaf (128 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Chinese (PRC) (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\registrationwithserial.dfm.miaf (722 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Estonian (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia.tmp (203 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\setuptype.dfm (33 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Danish (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_reboot.dfm.miaf (372 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\gray.avi (103 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.French (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\icon.ico (995 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_install.dfm.miaf (372 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Original (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\wizard.dfm (31 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Slovak (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Basque (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Map (754 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Slovenian (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Korean (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Finnish (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Croatian (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.German (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Lithuanian (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.French (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Turkish (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.rtf (951 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Greek (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.English (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Vietnamese (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.German (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Dutch (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Romanian (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\startinstallation.dfm (104 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\mEXEFunc.dll (1869 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Norwegian (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.English (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\lang.loc (168 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Czech (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Japanese (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_welcome.dfm.miaf (372 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Italian (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1\componentstree.dfm (32 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\zallag.xml (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fi.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.dll (6518 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7z.dll (12291 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\thq.xml (4453 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GameStopNow.exe (29134 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libGLESv2.dll (9760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\imp_top.png (709 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.Shell.dll (9896 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VistaBridgeLibrary.dll (1880 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pt-PT.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\shadow1.png (280 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\WBOCXLib.dll (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dcompiler_43.dll (30393 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avcodec-53.dll (17263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ta.pak (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cyan.xml (206 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\stratfirst.xml (1598 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cypron.xml (23 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\focushome.xml (1521 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\warner.xml (1637 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\kn.pak (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\vi.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GSLogo.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sw.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libcef.dll (307427 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\trion.xml (43 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\en-GB.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\snowball.xml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows_down.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\trisynergy.xml (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ro.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\popcap.xml (1425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\microids.xml (1530 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\merscom.xml (295 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe (2467 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ignition.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\CleanGSA.exe.config (352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.exe.config (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ca.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\UninstHelper.exe (693 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.InstallManager.dll (2248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\paradox.xml (14726 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avformat-53.dll (2092 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\es.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wargaming.xml (1722 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\freestuff.xml (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\uk.pak (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\indies.xml (28249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\zh-CN.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\IptNetApi.dll (1312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\am.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\eidos.xml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\zh-TW.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\nb.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wastelands.xml (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\d3p.xml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ru.pak (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\muzzylane.xml (13 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\GameStopApp.exe (15102 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\networks.xml (42 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\mia.lib (7403 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sl.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ar.pak (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\myoffice.xml (44 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ImpulseSelfRefresh.exe.config (355 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\eula.txt (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sega.xml (5371 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\8AE63621\Sd.Irc.resources.dll (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe.config (352 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\light.xml (715 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sap.xml (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\frame.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\es-419.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zxr.dll (1638 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fil.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pt-BR.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\en-US.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hi.pak (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\isv.xml (946 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ea.xml (6319 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2_down.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\tiltedm.xml (21 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\about.png (598 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.UI.dll (1915 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\gamehouse.xml (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mIDEFunc.dll\mEXEFunc.dll (2549 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\te.pak (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\drengin.xml (3226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.dll (5843 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\el.pak (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\bg.pak (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\n3vgames.xml (1036 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\id.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\threedonkeys.xml (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\siber.xml (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\TestResult.xml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fa.pak (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\lv.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.IWshRuntimeLibrary.dll (639 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\lt.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sv.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\da.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\mumbojumbo.xml (2670 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\timegate.xml (13 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\squarenix.xml (4290 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Central.Archive.dll (681 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avutil-51.dll (2359 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\meridian4.xml (5122 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_main.ini (59 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_images.ini (61 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pl.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Stardock.Central.Security.dll (38 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.exe (51798 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\mr.pak (312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_logic.ini (61 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSAMini.exe (2216 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_up.png (836 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\it.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sr.pak (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hr.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\imp_bottom.png (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\interplay.xml (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.msi (3597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\AxInterop.ShockwaveFlashObjects.dll (33 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\servers.xml (202 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sk.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\digironin.xml (488 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_over.png (849 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ICSharpCode.SharpZipLib.dll (1259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dx9_43.dll (30010 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\he.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.dll (1241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\et.pak (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator.dll (32 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\tdesk.xml (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\SDSecurity.dll (549 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libEGL.dll (2284 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.ShockwaveFlashObjects.dll (1241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Agent.dll (51224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wc.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zip_license.txt (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sdsfresp.txt (950 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.dll (1144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\positech.xml (1434 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Packager.exe (2145 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.XmlSerializers.dll (51 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\playrix.xml (1499 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Console.dll (15706 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\kalypso.xml (4543 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\MyColors.xml (12701 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\hothead.xml (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fr.pak (804 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Newtonsoft.Json.dll (7274 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Irc.dll (3642 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\readme.txt (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\setup.bmp (1045 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\shadow2.png (297 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\viva.xml (366 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ncsoft.xml (471 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\icudt.dll (150569 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_down.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VDialog.dll (2566 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\tr.pak (201 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\oddworld.xml (1177 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ml.pak (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_down.png (820 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\bn.pak (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\chrome.pak (19944 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\nival.xml (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator64.dll (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ja.pak (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\StardockCentralDSkin.dll (577 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Uninstall.dll (36 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\th.pak (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\rlx.xml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sds.xml (2091 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\gsoft.xml (1906 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\prima.xml (5105 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7za.exe (6356 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\nl.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\impulse.xml (1137 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\epic.xml (1320 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.XmlSerializers.dll (4201 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\odnt.xml (2747 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\enl.xml (37 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\futurem.xml (44 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Web.dll (3362 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\topware.xml (2049 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_up.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ko.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.XmlSerializers.dll (4372 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\de.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows_over.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\iceberg.xml (817 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_over.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\namco.xml (111 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\MyDock.Util.dll (1340 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Activate.exe (5537 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\cs.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Zip.dll (2668 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2_over.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hu.pak (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\railsimulator.xml (1891 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\gu.pak (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\iolo.xml (8 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (1425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %WinDir%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (2105 bytes)
    %System%\clipsrv.exe (1425 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (1425 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ojflpekc.tmp (300 bytes)
    %System%\gadqjokm.tmp (272 bytes)
    %WinDir%\Microsoft.NET\Framework\v4.0.30319\hpckhakn.tmp (1646 bytes)
    %System%\obgogopn.tmp (246 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ionpofea.tmp (264 bytes)
    %System%\cisvc.exe (1281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini\impulse_setupfull.exe (145703 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now