Virus.Win32.Sality_7ab7ed20f6

by malwarelabrobot on March 2nd, 2016 in Malware Descriptions.

Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericInjector.YR, GenericAutorunWorm.YR, PUPAirInstaller.YR (Lavasoft MAS)
Behaviour: Worm, Virus, Installer, PUP, WormAutorun


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 7ab7ed20f6d3651c5f5ce8f7d5938a4a
SHA1: bf21a181d2bcc6f772740e6ee22e01733185ec79
SHA256: 494332998304d84cb432c53d458e977aaa781860b8a41f564fff26413cddbf69
SSDeep: 49152:wP5nCdVfNN5HWcpn514xEGbSmgzETVCXfzdLUo:ndVfNfxp5GEGbnYXFUo
Size: 2127480 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2010-10-20 00:03:30
Analyzed on: WindowsXP SP3 32-bit


Summary:

Virus. A program that recursively replicates a possibly evolved copy of itself.

Payload

Behaviour Description
WormAutorun A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.


Process activity

The Virus creates the following process(es):
No processes have been created.
The Virus injects its code into the following process(es):

%original file name%.exe:1724
%original file name%.exe:188
Explorer.EXE:932

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1724 makes changes in the file system.
The Virus creates and/or writes to the following file(s):

%WinDir%\system.ini (70 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\AdobeARM.exe (12 bytes)
C:\lggt.exe (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001109C1_Rar\%original file name%.exe (15116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\autorun.txt (214 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\stub.log (12918 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00110A0F_Rar\%original file name%.exe (15116 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\wrapper.xml (714 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\timings.txt (143 bytes)
C:\autorun.inf (285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\resource.0000.pkg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winilkp.exe (561 bytes)
C:\totalcmd\TOTALCMD.EXE (854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wintmnk.exe (561 bytes)

The Virus deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\001109C1_Rar\%original file name%.exe (0 bytes)
%WinDir%\110164 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00110A0F_Rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wintmnk.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winilkp.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001109C1_Rar (0 bytes)

The process %original file name%.exe:188 makes changes in the file system.
The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\7ab7ed20f6d3651c5f5ce8f7d5938a4a.log (83784 bytes)

Registry activity

The process %original file name%.exe:1724 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKCU\Software\Stvncyfrlda]
"m4_446" = "845553638"
"m1_267" = "28988833"
"m1_266" = "1349436505"
"m1_265" = "1144468655"
"m1_264" = "3021907670"
"m1_263" = "2713886687"
"m1_262" = "3462321716"
"m1_261" = "3507462123"
"m1_260" = "1794691072"
"m3_447" = "2564285818"
"m1_269" = "1652998396"
"m1_268" = "3788823510"
"m4_0" = "0"
"m4_1" = "1735290733"
"m4_2" = "3470581466"
"m4_3" = "910904903"
"m4_4" = "2646195636"
"m4_5" = "86519073"
"m4_6" = "1821809806"
"m4_7" = "3557100539"
"m4_8" = "997423976"
"m1_312" = "2948018088"
"m1_311" = "4206621034"
"m1_310" = "4140611140"
"m1_317" = "84492694"
"m1_316" = "3909756496"
"m1_315" = "561654945"
"m1_314" = "134235685"
"m2_426" = "499472022"
"m2_427" = "2234761666"
"m2_424" = "1323866609"
"m2_425" = "3059149943"
"m2_422" = "2148250614"
"m2_423" = "3883535001"
"m2_420" = "2972637732"
"m2_421" = "412951649"
"m3_442" = "2511276059"
"m2_428" = "3970062840"
"m2_429" = "1410375796"
"m4_445" = "3405230201"
"m4_442" = "2494325298"
"m3_261" = "1922363400"
"m3_260" = "220872861"
"m3_263" = "1131877074"
"m3_262" = "3657786279"
"m4_129" = "514205165"
"m4_128" = "3073881728"
"m3_267" = "3777846406"
"m3_266" = "2042408299"
"m4_125" = "2162976825"
"m4_124" = "427686092"
"m4_127" = "1338590995"
"m4_126" = "3898267558"
"m4_121" = "3811748485"
"m4_120" = "2076457752"
"m4_123" = "2987362655"
"m4_122" = "1252071922"
"m3_467" = "2943756798"
"m3_466" = "1174781507"
"m3_465" = "3734703828"
"m3_464" = "2032836537"
"m3_463" = "297331722"
"m3_462" = "2823715999"
"m3_461" = "1088277856"
"m3_460" = "3681770997"
"m4_443" = "4229616031"
"m3_469" = "2085701784"
"m3_468" = "350280045"
"m4_29" = "3078791001"
"m4_28" = "1343500268"
"m4_23" = "1256981195"
"m4_22" = "3816657758"
"m4_21" = "2081367025"
"m4_20" = "346076292"
"m4_27" = "3903176831"
"m4_26" = "2167886098"
"m4_25" = "432595365"
"m4_24" = "2992271928"
"m4_440" = "3318711128"
"m1_24" = "2510116743"
"m1_25" = "2947303903"
"m1_26" = "3681034081"
"m1_27" = "1868652814"
"m1_20" = "1741605823"
"m1_21" = "856709798"
"m1_22" = "3869289364"
"m1_23" = "3318055094"
"m1_28" = "3232780893"
"m1_29" = "472590314"
"m3_199" = "1742469010"
"m3_198" = "4268311655"
"m4_305" = "982696157"
"m4_304" = "3542372720"
"m4_307" = "158310327"
"m4_306" = "2717986890"
"m4_301" = "2631467817"
"m4_300" = "896177084"
"m4_303" = "1807081987"
"m4_302" = "71791254"
"m4_309" = "3628891793"
"m4_308" = "1893601060"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"

[HKCU\Software\Stvncyfrlda]
"m4_279" = "3109777355"
"m4_278" = "1374486622"
"m4_271" = "2112353379"
"m4_270" = "377062646"
"m4_273" = "1287967549"
"m4_272" = "3847644112"
"m4_275" = "463581719"
"m4_274" = "3023258282"
"m4_277" = "3934163185"
"m4_276" = "2198872452"
"m3_3" = "927474798"
"m3_2" = "3487544563"
"m3_1" = "1718420804"
"m3_0" = "17001001"
"m3_7" = "3573965266"
"m3_6" = "1838544551"
"m3_5" = "69945096"
"m3_4" = "2629490589"
"m2_314" = "3715415288"
"m2_315" = "1155730583"
"m3_9" = "2749530364"
"m3_8" = "980422977"
"m2_310" = "1069217306"
"m2_311" = "2804498997"
"m2_312" = "244832386"
"m2_313" = "1980113029"

[HKCU\Software\Stvncyfrlda\168128873]
"1735290733" = "96"

[HKCU\Software\Stvncyfrlda]
"m1_461" = "2080482642"
"m1_460" = "376032455"
"m1_463" = "2337185438"
"m1_462" = "2915356380"
"m1_465" = "863770311"
"m1_464" = "3027807267"
"m1_467" = "1503794278"
"m1_466" = "418711459"
"m1_469" = "3050089984"
"m1_468" = "2943275338"
"m1_5" = "3995270811"
"m1_4" = "635246030"
"m1_7" = "2827602110"
"m1_6" = "3199906099"
"m1_1" = "209801296"
"m1_0" = "318153590"
"m3_68" = "2018964189"
"m3_69" = "3787940424"
"m3_66" = "2877018163"
"m3_67" = "283394990"
"m3_64" = "3667439977"
"m3_65" = "1107894404"
"m3_62" = "230528591"
"m3_63" = "1965949434"
"m3_60" = "1021409189"
"m3_61" = "2756962000"
"m2_220" = "3806844884"
"m2_221" = "1247160776"
"m2_222" = "2982458594"
"m2_223" = "422780227"
"m2_224" = "2158060900"
"m2_225" = "3893359853"
"m2_226" = "1333677773"
"m2_227" = "3068975044"
"m2_228" = "509289767"
"m2_229" = "2244588265"
"m2_29" = "3078783889"
"m2_28" = "1343500428"
"m2_25" = "432601937"
"m2_24" = "2992270466"
"m2_27" = "3903181680"
"m2_26" = "2167883983"
"m2_21" = "2081370114"
"m2_20" = "346037172"
"m2_23" = "1257019210"
"m2_22" = "3816653214"
"m2_169" = "1206361157"
"m2_168" = "3766027335"
"m2_163" = "3679512522"
"m2_162" = "1944230695"
"m2_161" = "208941967"
"m2_160" = "2768602233"
"m2_167" = "2030741258"
"m2_166" = "295457642"
"m2_165" = "2855125430"
"m2_164" = "1119844258"
"m3_438" = "4159819351"
"m3_439" = "1600289218"
"m3_436" = "689352589"
"m3_437" = "2391236408"
"m1_258" = "1694513301"
"m1_259" = "1106940469"
"m1_252" = "3781983545"
"m1_253" = "4012560903"
"m1_250" = "1639549385"
"m1_251" = "839096938"
"m1_256" = "1540240751"
"m1_257" = "491524062"
"m1_254" = "1214162041"
"m1_255" = "1679534519"
"m1_328" = "1399635668"
"m1_329" = "2705577292"
"m1_326" = "2985573603"
"m1_327" = "3589599372"
"m1_324" = "62890696"
"m1_325" = "1253279758"
"m1_322" = "4290791188"
"m1_323" = "4106582360"
"m1_320" = "71676986"
"m1_321" = "3774652182"
"m2_439" = "1583418447"
"m2_438" = "4143103517"
"m2_431" = "585990819"
"m2_430" = "3145678484"
"m2_433" = "4056572745"
"m2_432" = "2321289972"
"m2_435" = "3232188270"
"m2_434" = "1496906265"
"m2_437" = "2407793888"
"m2_436" = "672519538"
"m1_319" = "918409170"
"m3_214" = "2001882935"
"m3_215" = "3703373474"
"m3_216" = "1143826897"
"m3_217" = "2912885068"
"m3_210" = "3650358595"
"m3_211" = "1090960638"
"m3_212" = "2792828013"
"m3_213" = "266461080"
"m3_218" = "352946427"
"m3_219" = "2054830102"
"m3_328" = "2222827905"
"m3_329" = "3991820604"
"m3_458" = "177222443"
"m3_459" = "1912775238"
"m3_320" = "1258824297"
"m3_321" = "2960842116"
"m3_322" = "434851123"
"m3_323" = "2169896110"
"m3_324" = "3871764445"
"m3_325" = "1311776584"
"m3_326" = "3080883943"
"m3_327" = "521354770"
"m4_38" = "1516538414"
"m4_39" = "3251829147"
"m4_9" = "2732714709"
"m4_30" = "519114438"
"m4_31" = "2254405171"
"m4_32" = "3989695904"
"m4_33" = "1430019341"
"m4_34" = "3165310074"
"m4_35" = "605633511"
"m4_36" = "2340924244"
"m4_37" = "4076214977"
"m1_11" = "1111015572"
"m1_10" = "3172546070"
"m1_13" = "380509139"
"m1_12" = "3809439906"
"m1_15" = "1786754331"
"m1_14" = "994947992"
"m1_17" = "877126902"
"m1_16" = "828487843"
"m1_19" = "3824408650"
"m1_18" = "493538257"
"m4_468" = "367244100"
"m4_469" = "2102534833"
"m4_460" = "3664787420"
"m4_461" = "1105110857"
"m4_462" = "2840401590"
"m4_463" = "280725027"
"m4_464" = "2016015760"
"m4_465" = "3751306493"
"m4_466" = "1191629930"
"m4_467" = "2926920663"
"m3_140" = "2439480757"
"m3_141" = "4140840224"
"m3_142" = "1581425759"
"m3_143" = "3350419402"
"m4_208" = "163219600"
"m4_209" = "1898510333"
"m3_146" = "4260947459"
"m3_147" = "1701482942"
"m4_204" = "1811991260"
"m4_205" = "3547281993"
"m4_206" = "987605430"
"m4_207" = "2722896163"
"m4_200" = "3460762920"
"m4_201" = "901086357"
"m4_202" = "2636377090"
"m4_203" = "76700527"
"m3_155" = "2665356502"
"m2_309" = "3628887933"
"m2_308" = "1893605331"
"m2_307" = "158304835"
"m2_306" = "2717983797"
"m2_305" = "982701176"
"m2_304" = "3542369608"
"m2_303" = "1807088419"
"m2_302" = "71787752"
"m2_301" = "2631471309"
"m2_300" = "896172678"
"m3_159" = "1016356506"
"m1_414" = "3867178513"
"m1_415" = "1521324046"
"m1_416" = "3473896936"
"m3_158" = "3609964399"
"m1_410" = "1793599713"
"m1_411" = "345737296"
"m1_412" = "3984083707"
"m1_413" = "2639859330"
"m1_418" = "3210163671"
"m1_419" = "3418999113"
"m3_19" = "2888904510"
"m3_18" = "1153482627"
"m3_13" = "1100530336"
"m3_12" = "3626914613"
"m3_11" = "1891476358"
"m3_10" = "190001259"
"m3_17" = "3746958356"
"m3_16" = "2011536633"
"m3_15" = "243002698"
"m3_14" = "2835971551"
"m2_233" = "595820383"
"m2_232" = "3155488312"
"m2_231" = "1420203770"
"m2_230" = "3979871950"
"m2_237" = "3242013533"
"m2_236" = "1506714547"
"m2_235" = "4066398429"
"m2_234" = "2331101731"
"m2_239" = "2417632009"
"m2_238" = "682328906"
"m2_38" = "1516542712"
"m2_39" = "3251823955"
"m2_32" = "3989697306"
"m2_33" = "1430027535"
"m2_30" = "519115979"
"m2_31" = "2254399147"
"m2_36" = "2340928965"
"m2_37" = "4076211651"
"m2_34" = "3165318440"
"m2_35" = "605625317"
"m2_158" = "3593002318"
"m2_159" = "1033315818"
"m2_156" = "122417636"
"m2_157" = "1857703715"
"m2_154" = "946806013"
"m2_155" = "2682087187"
"m2_152" = "1771192199"
"m2_153" = "3506471083"
"m2_150" = "2595575652"
"m2_151" = "35890027"
"m3_445" = "3421821520"
"m3_349" = "9342384"
"m1_249" = "1599319995"
"m1_248" = "858524573"
"m1_245" = "1618921486"
"m1_244" = "3759493773"
"m1_247" = "3026483038"
"m1_246" = "1615344896"
"m1_241" = "1693109188"
"m1_240" = "1863185909"
"m1_243" = "1188269395"
"m1_242" = "973304500"
"m3_269" = "2919792544"
"m2_448" = "21159622"
"m2_449" = "1756462776"
"m3_268" = "1184877621"
"m2_444" = "1669945671"
"m2_445" = "3405228640"
"m2_446" = "845546800"
"m2_447" = "2580848219"
"m2_440" = "3318716598"
"m2_441" = "759033349"
"m2_442" = "2494329822"
"m2_443" = "4229614320"
"m1_331" = "4111174892"
"m1_330" = "766040013"
"m1_333" = "668180090"
"m1_332" = "3409578542"
"m1_335" = "779675857"
"m1_334" = "3926491677"
"m1_337" = "1085255014"
"m1_336" = "1558251317"
"m1_339" = "1915300972"
"m1_338" = "193904799"
"m3_207" = "2739893002"
"m3_206" = "1004454815"
"m3_205" = "3530313824"
"m3_204" = "1828954357"
"m3_203" = "93401414"
"m3_202" = "2619377195"
"m3_201" = "884348604"
"m3_200" = "3477366529"
"m3_209" = "1881906644"
"m3_208" = "146399929"
"m3_339" = "4131317630"
"m3_338" = "2395764675"
"m3_449" = "1773274116"
"m3_448" = "4297961"
"m3_333" = "2342886112"
"m3_332" = "574352245"
"m3_331" = "3133766598"
"m3_330" = "1431881899"
"m3_337" = "694404180"
"m3_336" = "3253818681"
"m3_335" = "1484825994"
"m3_334" = "4078307871"
"m4_402" = "1802172714"
"m4_403" = "3537463447"
"m4_400" = "2626558544"
"m4_401" = "66881981"
"m4_406" = "153401054"
"m4_407" = "1888691787"
"m4_404" = "977786884"
"m4_405" = "2713077617"
"m4_479" = "2275572979"
"m4_478" = "540282246"
"m4_473" = "453763173"
"m4_472" = "3013439736"
"m4_471" = "1278149003"
"m4_470" = "3837825566"
"m4_477" = "3099958809"
"m4_476" = "1364668076"
"m4_475" = "3924344639"
"m4_474" = "2189053906"
"m3_407" = "1905282146"
"m3_291" = "2475410126"
"m3_153" = "3489919500"
"m3_152" = "1754350225"
"m3_151" = "52482914"
"m3_150" = "2612405239"
"m3_157" = "1874411504"
"m3_156" = "105417797"
"m4_219" = "2071548479"
"m3_154" = "963407291"
"m4_217" = "2895934309"
"m4_216" = "1160643576"
"m4_215" = "3720320139"
"m4_214" = "1985029406"
"m4_213" = "249738673"
"m4_212" = "2809415236"
"m4_211" = "1074124503"
"m4_210" = "3633801066"
"m3_409" = "1047752460"
"m1_407" = "3013966392"
"m1_406" = "2651443440"
"m1_405" = "1296342364"
"m1_404" = "1210043169"
"m1_403" = "409061804"
"m1_402" = "1377604452"
"m1_401" = "3226814518"
"m1_400" = "691175136"
"m1_409" = "740735052"
"m1_408" = "3345105357"
"m2_332" = "590912319"
"m2_333" = "2326193979"
"m2_330" = "1415296971"
"m2_331" = "3150577847"
"m2_336" = "3237093802"
"m2_337" = "677425202"
"m2_334" = "4061492034"
"m2_335" = "1501817449"
"m2_338" = "2412709085"
"m2_339" = "4148008491"
"m2_206" = "987608021"
"m2_207" = "2722893327"
"m2_204" = "1811995478"
"m2_205" = "3547278789"
"m2_202" = "2636380863"
"m2_203" = "76697286"
"m2_200" = "3460763997"
"m2_201" = "901083118"
"m2_208" = "163224068"
"m2_209" = "1898504602"
"m3_197" = "2532889800"
"m3_196" = "831399261"
"m3_195" = "3357379118"

"m3_194" = "1622350515"
"m3_193" = "4215368452"
"m3_192" = "2479946729"
"m2_475" = "3924337778"
"m3_191" = "711346298"
"m2_474" = "2189055590"
"m3_190" = "3270891727"
"m2_141" = "4157820601"
"m2_140" = "2422537908"
"m2_143" = "3333433117"
"m2_142" = "1598148812"
"m2_145" = "2509047136"
"m2_144" = "773765596"
"m2_147" = "1684663984"
"m2_146" = "4244346260"
"m2_149" = "860275915"
"m2_148" = "3419961201"
"m2_479" = "2275569170"
"m2_478" = "540284444"
"m1_182" = "2872137970"
"m1_183" = "3276147946"
"m1_180" = "4201168257"
"m1_181" = "161384367"
"m1_186" = "1798037293"
"m1_187" = "3060376047"
"m1_184" = "72248899"
"m1_185" = "3424666491"
"m1_188" = "667747781"
"m1_189" = "3925149230"
"m2_459" = "1929498671"
"m2_458" = "194202661"
"m2_457" = "2753887430"
"m2_456" = "1018588943"
"m2_455" = "3578269778"
"m2_454" = "1842972922"
"m2_453" = "107689536"
"m2_452" = "2667358090"
"m2_451" = "932075364"
"m2_450" = "3491743658"
"m1_344" = "1577310466"
"m1_345" = "1765083065"
"m1_346" = "1289546615"
"m1_347" = "4135634298"
"m1_340" = "653453183"
"m1_341" = "1910220357"
"m1_342" = "3702917099"
"m1_343" = "2932452820"
"m1_348" = "2886226037"
"m1_349" = "1086821098"
"m1_296" = "831556277"
"m1_297" = "2701354764"
"m1_294" = "327020435"
"m1_295" = "885888232"
"m1_292" = "1182374219"
"m1_293" = "1463894399"
"m1_290" = "1137072136"
"m1_291" = "3563637225"
"m3_232" = "3172438241"
"m3_233" = "578813980"
"m3_230" = "3963318727"
"m3_231" = "1436934514"
"m3_236" = "1489883733"
"m3_237" = "3225308608"
"m1_298" = "3823303772"
"m1_299" = "1817348430"
"m3_308" = "1910334733"
"m3_309" = "3645838520"
"m3_306" = "2734840419"
"m3_307" = "141358494"
"m3_304" = "3525786457"
"m3_305" = "999402228"
"m3_302" = "88348863"
"m3_303" = "1790347306"
"m3_300" = "879360405"
"m3_301" = "2648336640"
"m4_12" = "3643619612"
"m4_13" = "1083943049"
"m4_10" = "173038146"
"m4_11" = "1908328879"
"m4_16" = "1994847952"
"m4_17" = "3730138685"
"m4_14" = "2819233782"
"m4_15" = "259557219"
"m4_18" = "1170462122"
"m4_19" = "2905752855"
"m4_447" = "2580844371"
"m4_198" = "4285148750"
"m4_199" = "1725472187"
"m4_448" = "21167808"
"m4_449" = "1756458541"
"m4_194" = "1638953114"
"m4_195" = "3374243847"
"m4_196" = "814567284"
"m4_197" = "2549858017"
"m4_190" = "3287724774"
"m4_191" = "728048211"
"m4_192" = "2463338944"
"m4_193" = "4198629677"
"m4_222" = "2982453382"
"m4_223" = "422776819"
"m1_79" = "2825770524"
"m1_78" = "1131008024"
"m4_226" = "1333681722"
"m4_227" = "3068972455"
"m4_224" = "2158067552"
"m4_225" = "3893358285"
"m1_73" = "1504570315"
"m1_72" = "3673621488"
"m1_71" = "2516183372"
"m1_70" = "202989951"
"m1_77" = "2794168955"
"m1_76" = "1663200748"
"m1_75" = "134104728"
"m1_74" = "1731513585"
"m3_166" = "278866567"
"m3_167" = "2013911602"
"m3_164" = "1136397309"
"m3_165" = "2871966568"
"m3_162" = "1927407827"
"m3_163" = "3662911566"
"m3_160" = "2751909385"
"m3_161" = "225933732"
"m3_168" = "3782899105"
"m3_169" = "1189405916"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\Stvncyfrlda]
"m4_444" = "1669939468"
"m1_438" = "2118343185"
"m1_439" = "4181381432"
"m1_432" = "2039446667"
"m1_433" = "2955351850"
"m1_430" = "2617100965"
"m1_431" = "3549585759"
"m1_436" = "1317046810"
"m1_437" = "104679978"
"m1_434" = "1189930401"
"m1_435" = "2650042761"
"m3_35" = "622481870"
"m3_34" = "3182011987"
"m3_37" = "4092948712"
"m3_36" = "2323956093"
"m3_31" = "2270958618"
"m3_30" = "535979247"
"m3_33" = "1413429028"
"m3_32" = "3972958089"
"m3_39" = "3234960306"
"m3_38" = "1533534215"
"m2_219" = "2071546655"
"m2_218" = "336262190"
"m2_211" = "1074119481"
"m2_210" = "3633803776"
"m2_213" = "249737170"
"m2_212" = "2809418685"
"m2_215" = "3720318610"
"m2_214" = "1985020116"
"m2_217" = "2895929720"
"m2_216" = "1160650418"
"m2_134" = "600719970"
"m2_135" = "2336018511"
"m2_136" = "4071301312"
"m2_137" = "1511633100"
"m2_130" = "2249493269"
"m2_131" = "3984791730"
"m2_132" = "1425106840"
"m2_133" = "3160404073"
"m2_138" = "3246919631"
"m2_139" = "687251093"
"m2_318" = "2066644434"
"m2_319" = "3801925025"
"m2_316" = "2891028625"
"m2_317" = "331342023"
"m1_195" = "2892407865"
"m1_194" = "3587604819"
"m1_197" = "3358255657"
"m1_196" = "3957011746"
"m1_191" = "3412620559"
"m1_190" = "461406040"
"m1_193" = "2942490513"
"m1_192" = "685738930"
"m2_468" = "367241096"
"m2_469" = "2102540056"
"m1_199" = "706788041"
"m1_198" = "2468504560"
"m1_357" = "575662771"
"m1_356" = "2976326372"
"m1_355" = "1272164181"
"m1_354" = "873516695"
"m1_353" = "3617906459"
"m1_352" = "2823379913"
"m1_351" = "659569191"
"m1_350" = "2370938229"
"m1_359" = "2377975980"
"m1_358" = "340764931"
"m1_289" = "1042331714"
"m1_288" = "698329299"
"m3_229" = "2227881640"
"m3_228" = "525883197"
"m1_281" = "2285442506"
"m1_280" = "596655644"
"m3_227" = "3085936526"
"m3_226" = "1316828179"
"m1_285" = "517035041"
"m1_284" = "681754266"
"m3_223" = "405824986"
"m3_222" = "2965883567"
"m1_380" = "25022157"
"m1_381" = "1216009870"
"m1_382" = "692021759"
"m1_383" = "3933872250"
"m1_384" = "3223442162"
"m1_385" = "2598502237"
"m1_386" = "2394841940"
"m1_387" = "1220267182"
"m3_311" = "2787784514"
"m3_310" = "1052346327"
"m3_313" = "1996838508"
"m3_312" = "261400305"
"m3_315" = "1172336950"
"m3_314" = "3698835867"
"m3_317" = "314348496"
"m3_316" = "2907889829"
"m3_319" = "3818894074"
"m3_318" = "2049770319"
"m4_451" = "932072711"
"m2_255" = "117499757"
"m4_453" = "107686881"
"m4_452" = "2667363444"
"m4_455" = "3578268347"
"m4_454" = "1842977614"
"m4_457" = "2753882517"
"m2_254" = "2677189612"
"m4_459" = "1929496687"
"m4_458" = "194205954"
"m4_189" = "1552434041"
"m4_188" = "4112110604"
"m4_187" = "2376819871"
"m4_186" = "641529138"
"m4_185" = "3201205701"
"m4_184" = "1465914968"
"m4_183" = "4025591531"
"m4_182" = "2290300798"
"m4_181" = "555010065"
"m4_180" = "3114686628"
"m3_401" = "50324372"
"m1_3" = "150090782"
"m3_400" = "2643292281"
"m3_481" = "1467757028"
"m3_480" = "3994256969"
"m1_2" = "1635502089"
"m3_403" = "3554280126"
"m3_402" = "1785303811"
"m3_405" = "2696228184"
"m3_404" = "994357805"
"m1_68" = "1276081555"
"m1_69" = "2960951799"
"m4_237" = "3242010601"
"m4_236" = "1506719868"
"m4_231" = "1420200795"
"m4_230" = "3979877358"
"m4_233" = "595814965"
"m4_232" = "3155491528"
"m1_60" = "127986992"
"m2_259" = "2763696291"
"m1_62" = "1149802953"
"m1_63" = "948839869"
"m1_64" = "738285980"
"m1_65" = "1331622085"
"m1_66" = "1836325739"
"m1_67" = "1306093300"
"m3_179" = "1395950366"
"m3_178" = "3955889123"
"m3_408" = "3640852369"
"m3_171" = "398919654"
"m3_170" = "2924909643"
"m3_173" = "3835831936"
"m3_172" = "2133964565"
"m3_175" = "3044884906"
"m3_174" = "1275909695"
"m3_177" = "2186829940"
"m3_176" = "451932377"
"m1_429" = "2645975648"
"m1_428" = "2472152821"
"m1_425" = "3535481148"
"m1_424" = "2370753074"
"m1_427" = "326701425"
"m1_426" = "1326565852"
"m1_421" = "2066429828"
"m1_420" = "487202589"
"m1_423" = "368168402"
"m1_422" = "631914143"
"m3_22" = "3799972215"
"m3_23" = "1273981154"
"m3_20" = "363060909"
"m3_21" = "2097957336"
"m3_26" = "2150906683"
"m3_27" = "3920013910"
"m3_24" = "3008960529"
"m3_25" = "415992716"
"m3_28" = "1360479685"
"m3_29" = "3061970288"
"m2_268" = "1201451139"
"m2_269" = "2936736958"
"m2_264" = "2850225349"
"m2_265" = "290539103"
"m2_266" = "2025838861"
"m2_267" = "3761122228"
"m2_260" = "204026472"
"m2_261" = "1939311633"
"m2_262" = "3674608621"
"m2_263" = "1114928687"
"m2_127" = "1338597259"
"m2_126" = "3898263794"
"m2_125" = "2162982272"
"m2_124" = "427683506"
"m2_123" = "2987367654"
"m2_122" = "1252065729"
"m2_121" = "3811751377"
"m2_120" = "2076451868"
"m2_129" = "514208650"
"m2_128" = "3073879860"

[HKCU\Software\Stvncyfrlda\168128873]
"-824385830" = "0"

[HKCU\Software\Stvncyfrlda]
"m4_441" = "759034565"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"

[HKCU\Software\Stvncyfrlda]
"m1_168" = "1373978176"
"m1_169" = "2549924683"
"m2_477" = "3099954993"
"m2_476" = "1364670363"
"m2_471" = "1278154186"
"m2_470" = "3837823441"
"m2_473" = "453768055"
"m2_472" = "3013437619"
"m1_160" = "788982352"
"m1_161" = "3880314463"
"m1_162" = "2040808516"
"m1_163" = "625683118"
"m1_164" = "2340027679"
"m1_165" = "3878944536"
"m1_166" = "1244964563"
"m1_167" = "1375036370"
"m1_368" = "1765259393"
"m1_369" = "1453012508"
"m1_362" = "612546171"
"m1_363" = "1653103353"
"m1_360" = "3949511943"
"m1_361" = "3311324878"
"m1_366" = "3534562944"
"m1_367" = "3830404564"
"m1_364" = "2331281368"
"m1_365" = "1725798361"
"m3_364" = "268764373"
"m3_365" = "2037888064"
"m3_366" = "3739232255"
"m3_367" = "1179834218"
"m3_360" = "1917836129"
"m3_361" = "3686288028"
"m3_362" = "1126889995"
"m3_363" = "2828309926"
"m1_388" = "2104074884"
"m1_389" = "779851128"
"m3_368" = "2948810393"
"m3_369" = "388888116"
"m4_424" = "1323863176"
"m4_425" = "3059153909"
"m4_426" = "499477346"
"m4_427" = "2234768079"
"m4_420" = "2972634836"
"m4_421" = "412958273"
"m4_422" = "2148249006"
"m4_423" = "3883539739"
"m4_323" = "2153158279"
"m4_428" = "3970058812"
"m4_429" = "1410382249"
"m1_55" = "1918908881"
"m1_54" = "3829414615"
"m1_57" = "3465491550"
"m1_56" = "849170971"
"m1_51" = "1327817739"
"m1_50" = "828991547"
"m1_53" = "1260463328"
"m1_52" = "359192914"
"m1_59" = "1676034472"
"m1_58" = "2094636995"
"m3_108" = "2744413141"
"m3_109" = "184949568"
"m3_104" = "98446945"
"m3_105" = "1833490844"
"m3_106" = "3535358219"
"m3_107" = "975960230"
"m3_100" = "1713433789"
"m3_101" = "3482491944"
"m3_102" = "922947399"
"m3_103" = "2624438002"
"m2_279" = "3109780979"
"m2_278" = "1374493245"
"m2_277" = "3934161001"
"m2_276" = "2198877637"
"m2_275" = "463580061"
"m2_274" = "3023263756"
"m2_273" = "1287965408"
"m2_272" = "3847649866"
"m2_271" = "2112351540"
"m2_270" = "377068913"
"m3_421" = "429806696"
"m3_238" = "698940799"
"m2_118" = "2900851768"
"m3_239" = "2434362602"
"m2_112" = "1079028932"
"m2_113" = "2814324969"
"m2_110" = "1903425012"
"m2_111" = "3638707268"
"m2_116" = "3725223216"
"m2_117" = "1165554283"
"m2_114" = "254656058"
"m2_115" = "1989940567"
"m3_234" = "2347938699"
"m3_235" = "4083360550"
"m1_179" = "3838060642"
"m1_178" = "1837247746"
"m1_173" = "631060742"
"m1_172" = "161265636"
"m1_171" = "4175982548"
"m1_170" = "2888153909"
"m1_177" = "1064592642"
"m1_176" = "4240061221"
"m1_175" = "26100181"
"m1_174" = "2938168748"
"m1_9" = "1455992078"
"m4_218" = "336257746"
"m1_379" = "1499089964"
"m1_378" = "2754006406"
"m1_375" = "3651155989"
"m1_8" = "2481331486"
"m1_377" = "993773388"
"m1_376" = "3692021413"
"m1_371" = "716060485"
"m1_370" = "3587930309"
"m1_373" = "3238857338"
"m1_372" = "2949854025"
"m3_377" = "1352760748"
"m3_376" = "3945841201"
"m3_375" = "2210812546"
"m3_374" = "441819927"
"m3_373" = "3001758712"
"m3_372" = "1299873869"
"m3_371" = "3825733854"
"m3_370" = "2090754467"
"m1_399" = "314308786"
"m1_398" = "2708359334"
"m3_379" = "561880182"
"m3_378" = "3088313563"
"m4_437" = "2407806225"
"m4_436" = "672515492"
"m4_435" = "3232192055"
"m4_434" = "1496901322"
"m4_433" = "4056577885"
"m4_432" = "2321287152"
"m4_431" = "585996419"
"m4_430" = "3145672982"
"m4_439" = "1583420395"
"m4_438" = "4143096958"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C 26 A6 A5 1F 1D C0 4B 83 BB 8B 55 0D 7B 66 FF"

[HKCU\Software\Stvncyfrlda]
"m1_43" = "2110670835"
"m1_40" = "710427505"
"m1_41" = "3087830825"
"m1_46" = "3445479049"
"m1_47" = "1465537322"
"m1_44" = "517358314"
"m1_45" = "2234394594"
"m1_48" = "1638661899"
"m1_49" = "730654867"
"m3_119" = "357998978"
"m3_118" = "2917414423"
"m3_117" = "1148946168"
"m3_116" = "3741914957"
"m3_115" = "2006935518"
"m3_114" = "237958307"
"m3_113" = "2797356340"
"m3_112" = "1096013209"
"m3_111" = "3655416426"
"m3_110" = "1886423807"
"m2_95" = "1643859723"

"m2_242" = "3328525395"
"m2_243" = "768857123"
"m2_89" = "4117013087"
"m2_241" = "1593243731"
"m2_246" = "1679755610"
"m2_247" = "3415054331"
"m2_244" = "2504139328"
"m2_245" = "4239438093"
"m2_83" = "2295216759"
"m2_82" = "559916163"
"m2_248" = "855368843"
"m2_249" = "2590667377"
"m2_87" = "646431427"
"m2_86" = "3206112861"
"m2_85" = "1470818821"
"m2_84" = "4030501644"
"m2_109" = "168125425"
"m2_108" = "2727811373"
"m2_105" = "1816896288"
"m2_104" = "81615164"
"m2_107" = "992511556"
"m2_106" = "3552197846"
"m2_101" = "3465667496"
"m2_100" = "1730384681"
"m2_103" = "2641282359"
"m2_102" = "906001722"
"m3_423" = "3866720050"
"m3_422" = "2164836231"
"m3_393" = "3381290108"
"m3_420" = "2955781373"
"m3_427" = "2217783526"
"m3_426" = "482738507"
"m3_425" = "3075838428"
"m3_424" = "1340860065"
"m2_8" = "997417376"
"m2_9" = "2732716161"
"m2_2" = "3470575718"
"m2_3" = "910906817"
"m2_0" = "5620"
"m2_1" = "1735292633"
"m2_6" = "1821805324"
"m2_7" = "3557109296"
"m2_4" = "2646190463"
"m2_5" = "86520037"
"m1_148" = "2503657845"
"m1_149" = "2759293451"
"m1_146" = "3522281876"
"m1_147" = "1134371107"
"m1_144" = "2620240683"
"m1_145" = "3948795139"
"m1_142" = "1854335945"
"m1_143" = "9650579"
"m1_140" = "1981269957"
"m1_141" = "969309111"
"m1_158" = "3752510922"
"m2_119" = "341168228"
"m4_220" = "3806839212"
"m3_348" = "2602308101"
"m4_221" = "1247162649"

[HKCU\Software\Stvncyfrlda\168128873]
"910904903" = "0"

[HKCU\Software\Stvncyfrlda]
"m3_342" = "747352503"
"m3_343" = "2515804450"
"m3_340" = "1604884205"
"m3_341" = "3340305944"
"m3_346" = "3393319803"
"m3_347" = "867328662"
"m3_344" = "4251373649"
"m3_345" = "1658274764"
"m4_158" = "3592996166"
"m4_159" = "1033319603"
"m4_408" = "3623982520"
"m4_409" = "1064305957"
"m4_150" = "2595572190"
"m4_151" = "35895627"
"m4_152" = "1771186360"
"m4_153" = "3506477093"
"m4_154" = "946800530"
"m4_155" = "2682091263"
"m4_156" = "122414700"
"m4_157" = "1857705433"
"m3_298" = "1737416395"
"m3_299" = "3439283814"
"m3_294" = "3385892103"
"m3_295" = "826346674"
"m3_296" = "2528361505"
"m3_297" = "4263259996"
"m3_290" = "706302803"
"m4_228" = "509295892"
"m3_292" = "4176769661"
"m3_293" = "1617358312"
"m4_229" = "2244586625"
"m4_398" = "3450944374"
"m4_399" = "891267811"
"m4_392" = "1629134568"
"m4_393" = "3364425301"
"m4_390" = "2453520398"
"m4_391" = "4188811131"
"m4_396" = "4275330204"
"m4_397" = "1715653641"
"m4_394" = "804748738"
"m4_395" = "2540039471"
"m3_122" = "1268937691"
"m3_123" = "3003966326"
"m3_120" = "2059882801"
"m3_121" = "3794911404"
"m3_126" = "3914972559"
"m3_127" = "1321872698"
"m3_124" = "410948325"
"m3_125" = "2179924496"
"m3_128" = "3056917673"
"m3_129" = "530927556"
"m1_99" = "4162208933"
"m1_98" = "918545768"
"m1_91" = "3616528353"
"m1_90" = "4173088808"
"m1_93" = "3506603559"
"m1_92" = "2532717655"
"m1_95" = "2080487168"
"m1_94" = "1104321619"
"m1_97" = "2030256160"
"m1_96" = "26225187"
"m4_370" = "2107444106"
"m4_371" = "3842734839"
"m4_372" = "1283058276"
"m4_373" = "3018349009"
"m4_374" = "458672446"
"m4_375" = "2193963179"
"m4_376" = "3929253912"
"m4_377" = "1369577349"
"m4_378" = "3104868082"
"m4_379" = "545191519"
"m3_93" = "2451378352"
"m3_92" = "716398853"
"m3_91" = "3309498774"
"m3_90" = "1573930619"
"m3_97" = "836457060"
"m3_96" = "3362431689"
"m3_95" = "1626878810"
"m3_94" = "4220485679"
"m3_99" = "4273372430"
"m3_98" = "2571488659"
"m2_98" = "2554772953"
"m2_99" = "4290067001"
"m2_257" = "3588082388"
"m2_256" = "1852800153"
"m2_251" = "1766270466"
"m2_250" = "30984190"
"m2_253" = "941884280"
"m2_252" = "3501568909"
"m2_90" = "1557346677"
"m2_91" = "3292634750"
"m2_92" = "732962564"
"m2_93" = "2468241658"
"m2_94" = "4203542782"
"m2_258" = "1028414882"
"m2_96" = "3379155322"
"m2_97" = "819474376"
"m3_265" = "273825276"
"m3_264" = "2833351233"

[HKCU\Software\Stvncyfrlda\168128873]
"-1648771660" = "30"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Stvncyfrlda]
"m2_325" = "1328770123"
"m2_324" = "3888451744"
"m4_416" = "326439200"
"m2_327" = "504394803"
"m1_151" = "451279354"
"m1_150" = "2159587913"
"m1_153" = "1072113302"
"m1_152" = "157665477"
"m1_155" = "1194272334"
"m1_154" = "3521156943"
"m1_157" = "2504956263"
"m1_156" = "3129185700"
"m1_159" = "1709839117"
"m2_321" = "2977540375"
"m2_320" = "1242257688"
"m2_326" = "3064054020"
"m2_323" = "2153155117"
"m2_322" = "417870930"
"m2_329" = "3974966529"
"m2_328" = "2239682191"
"m4_415" = "2886115763"
"m4_414" = "1150825030"
"m4_417" = "2061729933"
"m4_413" = "3710501593"
"m4_411" = "239920127"
"m4_410" = "2799596690"
"m3_359" = "182266866"
"m3_358" = "2775365703"
"m3_355" = "1864887822"
"m3_354" = "129334931"
"m3_357" = "1006766376"
"m3_356" = "3566311869"
"m3_351" = "3513363546"
"m3_350" = "1778335023"
"m3_353" = "2655309668"
"m3_352" = "920281033"
"m4_412" = "1975210860"
"m4_149" = "860281457"
"m4_148" = "3419958020"
"m4_419" = "1237344103"
"m4_418" = "3797020666"
"m4_143" = "3333438947"
"m4_142" = "1598148214"
"m4_141" = "4157824777"
"m4_140" = "2422534044"
"m4_147" = "1684667287"
"m4_146" = "4244343850"
"m4_145" = "2509053117"
"m4_144" = "773762384"
"m3_289" = "3265830948"
"m3_288" = "1564356745"
"m3_287" = "4123885850"
"m3_286" = "2355302895"
"m3_285" = "619800176"
"m3_284" = "3212900037"
"m3_283" = "1444300630"
"m3_282" = "4003845179"
"m3_281" = "2302354572"
"m3_280" = "566932753"
"m4_389" = "718229665"
"m4_388" = "3277906228"
"m4_385" = "2367001325"
"m4_384" = "631710592"
"m4_387" = "1542615495"
"m4_386" = "4102292058"
"m4_381" = "4015772985"
"m4_380" = "2280482252"
"m4_383" = "3191387155"
"m4_382" = "1456096422"
"m3_135" = "2319427666"
"m3_134" = "583874855"
"m3_137" = "1528482684"
"m3_136" = "4087897025"
"m4_89" = "4117019877"
"m3_130" = "2266496883"
"m3_133" = "3176958344"
"m3_132" = "1441930781"
"m4_85" = "1470824241"
"m4_84" = "4030500804"
"m4_87" = "646438411"
"m4_86" = "3206114974"
"m4_81" = "3119595901"
"m4_80" = "1384305168"
"m4_83" = "2295210071"
"m4_82" = "559919338"
"m3_406" = "136830199"
"m1_86" = "2004136391"
"m1_87" = "2110980898"
"m1_84" = "2248767334"
"m1_85" = "923502186"
"m1_82" = "1290127556"
"m1_83" = "208425965"
"m1_80" = "1870774701"
"m1_81" = "2901045028"
"m1_88" = "2177565902"
"m1_89" = "2309200218"
"m2_394" = "804742389"
"m2_395" = "2540044281"
"m2_396" = "4275324474"
"m2_397" = "1715657317"
"m2_390" = "2453525922"
"m2_391" = "4188812568"
"m2_392" = "1629129330"
"m2_393" = "3364426076"
"m2_398" = "3450938259"
"m2_399" = "891272041"
"m4_363" = "2845310863"
"m4_362" = "1110020130"
"m4_361" = "3669696693"
"m4_360" = "1934405960"
"m4_367" = "1196539203"
"m4_366" = "3756215766"
"m4_365" = "2020925033"
"m4_364" = "285634300"
"m4_369" = "372153373"
"m4_368" = "2931829936"
"m3_80" = "1401010233"
"m3_81" = "3102878548"
"m3_82" = "542956227"
"m3_83" = "2311932542"
"m3_84" = "4047496685"
"m3_85" = "1453954328"
"m3_86" = "3189376183"
"m3_87" = "663008290"
"m3_88" = "2364876625"
"m3_89" = "4100445900"
"m1_481" = "3687835852"
"m1_480" = "2016414788"
"m2_49" = "3424865639"
"m2_48" = "1689583551"
"m2_47" = "4249250745"
"m2_46" = "2513967022"
"m2_45" = "778667001"
"m2_44" = "3338351748"
"m2_43" = "1603052027"
"m2_42" = "4162739975"
"m2_41" = "2427437590"
"m2_40" = "692142086"
"m2_480" = "4010854826"
"m2_481" = "1451182514"
"m3_131" = "3967839982"
"m4_88" = "2381729144"
"m3_446" = "862287311"
"m3_139" = "703982086"
"m3_138" = "3230366443"
"m1_124" = "3945503869"
"m1_125" = "3579111855"
"m1_126" = "4124637282"
"m1_127" = "923566691"
"m1_120" = "1510204880"
"m1_121" = "2265011698"
"m1_122" = "1959019322"
"m1_123" = "1035405513"
"m1_128" = "1534052566"
"m1_129" = "1909642646"
"m1_238" = "1638277083"
"m1_239" = "3029642178"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKCU\Software\Stvncyfrlda]
"m1_230" = "2976801720"
"m1_231" = "2257067312"
"m1_232" = "170666753"
"m1_233" = "1517492346"
"m1_234" = "1621246441"
"m1_235" = "741023156"
"m1_236" = "2535698612"
"m1_237" = "3776148056"
"m1_374" = "1372242821"
"m4_178" = "3939072458"
"m4_179" = "1379395895"
"m4_176" = "468490992"
"m4_177" = "2203781725"
"m4_174" = "1292876822"
"m4_175" = "3028167555"
"m4_172" = "2117262652"
"m4_173" = "3852553385"
"m4_170" = "2941648482"
"m4_171" = "381971919"
"m1_309" = "1706241568"
"m4_98" = "2554767290"
"m4_99" = "4290058023"
"m3_440" = "3301763441"
"m4_92" = "732957484"
"m4_93" = "2468248217"
"m4_90" = "1557343314"
"m4_91" = "3292634047"
"m4_96" = "3379153120"
"m4_97" = "819476557"
"m4_94" = "4203538950"
"m4_95" = "1643862387"
"m3_386" = "4119292019"
"m3_387" = "1525750766"
"m3_384" = "614746537"
"m3_385" = "2350315716"
"m3_382" = "1472802447"
"m3_383" = "3208371770"
"m3_380" = "2263748581"
"m3_381" = "3998793488"
"m3_430" = "3128705855"
"m3_431" = "602862250"
"m3_432" = "2338287065"
"m3_433" = "4039712116"
"m3_434" = "1480297699"
"m3_435" = "3248765982"
"m3_388" = "3261303581"
"m3_389" = "734804616"
"m4_284" = "3196296428"
"m4_285" = "636619865"
"m4_286" = "2371910598"
"m4_287" = "4107201331"
"m4_280" = "550100792"
"m4_281" = "2285391525"
"m4_282" = "4020682258"
"m4_283" = "1461005695"
"m4_288" = "1547524768"
"m4_289" = "3282815501"
"m2_387" = "1542612907"
"m2_386" = "4102297125"
"m2_385" = "2366996601"
"m2_384" = "631715460"
"m2_383" = "3191385651"
"m2_382" = "1456102716"
"m2_381" = "4015768706"
"m2_380" = "2280488248"
"m2_389" = "718226613"
"m2_388" = "3277910232"
"m4_356" = "3583177620"
"m4_357" = "1023501057"
"m4_354" = "112596154"
"m4_355" = "1847886887"
"m4_352" = "936981984"
"m4_353" = "2672272717"
"m4_350" = "1761367814"
"m4_351" = "3496658547"
"m4_358" = "2758791790"
"m4_359" = "199115227"
"m3_144" = "790480761"
"m3_145" = "2492364436"
"m3_148" = "3403350317"
"m2_58" = "1862608018"
"m2_59" = "3597897401"
"m3_149" = "843427928"
"m2_54" = "3511390315"
"m2_55" = "951709393"
"m2_56" = "2686995045"
"m2_57" = "127327396"
"m2_50" = "865196736"
"m2_51" = "2600479704"
"m2_52" = "40810714"
"m2_53" = "1776094961"

"m1_137" = "1944292108"
"m1_136" = "162536784"
"m1_135" = "166366505"
"m1_134" = "1239216767"
"m1_133" = "1803468393"
"m1_132" = "2356381064"
"m1_131" = "3088219388"
"m1_130" = "4017288736"
"m1_139" = "979871892"
"m1_138" = "4083921930"
"m1_229" = "2596658239"
"m1_228" = "2749939874"
"m1_223" = "1348618061"
"m1_222" = "1129546551"
"m1_221" = "631640680"
"m1_220" = "648983267"
"m1_227" = "3980697913"
"m1_226" = "3654848499"
"m1_225" = "3822497404"
"m1_224" = "2586841417"
"m1_417" = "3836577608"
"m1_393" = "2376430817"
"m1_318" = "3221437655"
"m1_392" = "3365498708"
"m1_391" = "3070510053"
"m1_390" = "847161191"
"m1_397" = "30336278"
"m1_396" = "296000743"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"

[HKCU\Software\Stvncyfrlda]
"m1_395" = "3563076243"
"m1_394" = "134566811"
"m4_161" = "208933773"
"m4_160" = "2768610336"
"m4_163" = "3679515239"
"m4_162" = "1944224506"
"m4_165" = "2855129409"
"m4_164" = "1119838676"
"m4_167" = "2030743579"
"m4_166" = "295452846"
"m4_169" = "1206357749"
"m4_168" = "3766034312"
"m4_67" = "300362119"
"m4_66" = "2860038682"
"m4_65" = "1124747949"
"m4_64" = "3684424512"
"m4_63" = "1949133779"
"m4_62" = "213843046"
"m4_61" = "2773519609"
"m4_60" = "1038228876"
"m4_69" = "3770943585"
"m4_68" = "2035652852"
"m3_399" = "874299594"
"m3_398" = "3434238303"
"m3_429" = "1427362688"
"m3_428" = "3986759701"
"m3_391" = "4172236114"
"m3_390" = "2470357543"
"m1_313" = "2722136640"
"m3_392" = "1612313793"
"m3_395" = "2523301638"
"m3_394" = "787748843"
"m3_397" = "1732355616"
"m3_396" = "4292294325"
"m4_297" = "4280239477"
"m4_296" = "2544948744"
"m4_295" = "809658011"
"m4_294" = "3369334574"
"m4_293" = "1634043841"
"m4_292" = "4193720404"
"m4_291" = "2458429671"
"m4_290" = "723138938"
"m4_299" = "3455853647"
"m4_298" = "1720562914"
"m4_349" = "26077081"
"m4_348" = "2585753644"
"m4_341" = "3323620401"
"m4_340" = "1588329668"
"m4_343" = "2499234571"
"m4_342" = "763943838"
"m4_345" = "1674848741"
"m4_344" = "4234525304"
"m4_347" = "850462911"
"m4_346" = "3410139474"

[HKCU\Software\Stvncyfrlda\168128873]
"-737866757" = "4B278A835FE92988F90F7C3CA41943E954C2A3E5F485BE927C19BB1BE3A4606DACD30115F9A5DFCC9A54A9CBC970B3F5552946D7DCA330D47DB444FE33A74E4F3934F853C78E0DC6D9EEE227165CFE1E5F4DF951B4E949E9FD58BC2F492F3A5FE47491DA52289271F36B555070B2FE3D61BD99AA79CD32B302250EFC3B19E5BA5983117001ACB3CC3315F4E8A6E14E431831F637A045E8B2E9D85E4FE4BB17441E184C36D2CE87AFD142CC126B0B44025A35802EFB7597B96B29F209B5C200ABEF3AD8D9E89ED2BD716737EA3531C319A48A0859A5D987B1F40AD720852CD4BAEEFF0335C753F5B39E9B397C689313439635D8144E674989A2B7C1E13F1E2F2E"

[HKCU\Software\Stvncyfrlda]
"m2_288" = "1547520306"
"m2_289" = "3282819937"
"m2_286" = "2371904162"
"m2_287" = "4107205271"
"m2_284" = "3196292408"
"m2_285" = "636624227"
"m2_282" = "4020676906"
"m2_283" = "1461008527"
"m2_280" = "550094134"
"m2_281" = "2285395538"
"m2_350" = "1761365609"
"m2_351" = "3496665006"
"m2_352" = "936980452"
"m2_353" = "2672278617"
"m2_354" = "112591766"
"m2_355" = "1847889989"
"m2_356" = "3583173475"
"m2_357" = "1023507428"
"m2_358" = "2758788575"
"m2_359" = "199122216"
"m2_69" = "3770949080"
"m2_68" = "2035650081"
"m2_61" = "2773521549"
"m2_60" = "1038224665"
"m2_63" = "1949135221"
"m2_62" = "213838515"
"m2_65" = "1124752167"
"m2_64" = "3684418590"
"m2_67" = "300365629"
"m2_66" = "2860033184"
"m1_37" = "2967772668"
"m1_36" = "2844642811"
"m1_35" = "2039227804"
"m1_34" = "3311961287"
"m1_33" = "2032667068"
"m1_32" = "2951039338"
"m2_462" = "2840398364"
"m1_31" = "458956781"
"m2_463" = "280730688"
"m1_30" = "1355467710"
"m2_460" = "3664784702"
"m2_461" = "1105115645"
"m2_466" = "1191628244"
"m2_467" = "2926927213"
"m2_464" = "2016013006"
"m2_465" = "3751313065"
"m1_42" = "3260926407"

[HKCU\Software\Stvncyfrlda\168128873]
"1821809806" = "0200687474703A2F2F736C776F6366642F736F62616B61312E67696600687474703A2F2F34362E3130352E3130332E3231392F736F62616B61766F6C6F732E676966"

[HKCU\Software\Stvncyfrlda]
"m1_108" = "727617010"
"m1_109" = "1066544605"
"m1_102" = "3920375843"
"m1_103" = "410092650"
"m1_100" = "3208541277"
"m1_101" = "1607878267"
"m1_106" = "3073264814"
"m1_107" = "1909421502"
"m1_104" = "2998361971"
"m1_105" = "2131831694"
"m1_218" = "3701638754"
"m1_219" = "3472356993"
"m1_216" = "3159936643"
"m1_217" = "268379579"
"m1_214" = "2455382948"
"m1_215" = "454701008"
"m1_212" = "569358104"
"m1_213" = "4263108364"
"m1_210" = "1596137806"
"m1_211" = "832770983"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"

[HKCU\Software\Stvncyfrlda]
"m3_258" = "1011818995"
"m3_259" = "2780418414"
"m3_250" = "14400091"
"m3_251" = "1749308918"
"m3_252" = "3518416229"
"m3_253" = "958887056"
"m3_254" = "2660361231"
"m3_255" = "100898746"
"m3_256" = "1869350697"
"m3_257" = "3571365444"
"m4_114" = "254647946"
"m4_115" = "1989938679"
"m4_116" = "3725229412"
"m4_117" = "1165552849"
"m4_110" = "1903419606"
"m4_111" = "3638710339"
"m4_112" = "1079033776"
"m4_113" = "2814324509"
"m4_118" = "2900843582"
"m4_119" = "341167019"
"m4_74" = "3857462658"
"m4_75" = "1297786095"
"m4_76" = "3033076828"
"m4_77" = "473400265"
"m4_70" = "1211267022"
"m4_71" = "2946557755"
"m4_72" = "386881192"
"m4_73" = "2122171925"
"m4_78" = "2208690998"
"m4_79" = "3943981731"
"m3_418" = "3813836243"
"m3_419" = "1220752718"
"m3_416" = "309754633"
"m3_417" = "2078337700"
"m3_414" = "1167808623"
"m3_415" = "2902838170"
"m3_412" = "1958230341"
"m3_413" = "3693783280"
"m3_410" = "2816286395"
"m3_411" = "256870870"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Stvncyfrlda]
"m4_338" = "2412715498"
"m4_339" = "4148006231"
"m4_334" = "4061487158"
"m4_335" = "1501810595"
"m4_336" = "3237101328"
"m4_337" = "677424765"
"m4_330" = "1415291522"
"m4_331" = "3150582255"
"m4_332" = "590905692"
"m4_333" = "2326196425"
"m2_291" = "2458433983"
"m2_290" = "723133166"
"m2_293" = "1634046933"
"m2_292" = "4193714656"
"m2_295" = "809661568"
"m2_294" = "3369330712"
"m2_297" = "4280242209"
"m2_296" = "2544946755"
"m2_299" = "3455844741"
"m2_298" = "1720558021"
"m4_240" = "4152915504"
"m4_241" = "1593238941"
"m4_242" = "3328529674"
"m4_243" = "768853111"
"m4_244" = "2504143844"
"m4_245" = "4239434577"
"m4_246" = "1679758014"
"m4_247" = "3415048747"
"m4_248" = "855372184"
"m4_249" = "2590662917"
"m2_343" = "2499236200"
"m2_342" = "763940537"
"m2_341" = "3323621925"
"m2_340" = "1588323471"
"m2_347" = "850467099"
"m2_346" = "3410133450"
"m2_345" = "1674844013"
"m2_344" = "4234521262"
"m2_349" = "26081103"
"m2_348" = "2585749876"
"m2_76" = "3033073304"
"m2_77" = "473405787"
"m2_74" = "3857457317"
"m2_75" = "1297777897"
"m2_72" = "386889647"
"m2_73" = "2122172755"
"m2_70" = "1211263283"
"m2_71" = "2946563439"
"m2_78" = "2208690168"
"m2_79" = "3943987076"
"m3_57" = "110470508"
"m3_56" = "2703963633"
"m3_55" = "968530498"
"m3_54" = "3494439639"
"m3_53" = "1759411128"
"m3_52" = "57526285"
"m3_51" = "2583910558"
"m3_50" = "848472419"
"m3_59" = "3614491702"
"m3_58" = "1845908635"
"m1_458" = "1874272447"
"m1_459" = "735065856"
"m1_450" = "862681324"
"m1_451" = "2458897627"
"m1_452" = "1509431301"
"m1_453" = "533037536"
"m1_454" = "2493662196"
"m1_455" = "1514636237"
"m1_456" = "434576947"
"m1_457" = "4070025248"
"m3_225" = "3909911780"
"m3_224" = "2174883145"
"m1_283" = "142283586"
"m1_282" = "2733299320"
"m3_221" = "1263885104"
"m3_220" = "3823414149"
"m1_287" = "1901236033"
"m1_286" = "1831253598"
"m2_192" = "2463334916"
"m2_193" = "4198635305"
"m2_190" = "3287721870"
"m2_191" = "728052839"
"m2_196" = "814570067"
"m2_197" = "2549852515"
"m2_194" = "1638944110"
"m2_195" = "3374251631"
"m2_198" = "4285152105"
"m2_199" = "1725479025"
"m1_119" = "3133794915"
"m1_118" = "771600217"
"m1_115" = "3058170284"
"m1_114" = "1895578294"
"m1_117" = "3351131243"
"m1_116" = "3412897214"
"m1_111" = "938602802"
"m1_110" = "1280447263"
"m1_113" = "1756820833"
"m1_112" = "3932916067"
"m1_201" = "2634310702"
"m1_200" = "3840296460"
"m1_203" = "605094228"
"m1_202" = "521535412"
"m1_205" = "1271285535"
"m1_204" = "2504890765"
"m1_207" = "24093520"
"m1_206" = "1929685184"
"m1_209" = "272080838"
"m1_208" = "2941838624"
"m2_400" = "2626555052"
"m2_401" = "66885767"
"m2_402" = "1802168812"
"m2_403" = "3537465907"
"m2_404" = "977784769"
"m2_405" = "2713083217"
"m2_406" = "153396996"
"m2_407" = "1888684828"
"m2_408" = "3623980247"
"m2_409" = "1064310417"
"m3_249" = "2607352620"
"m3_248" = "871930801"
"m3_243" = "751873630"
"m3_242" = "3345366819"
"m3_241" = "1609928628"
"m3_240" = "4136311833"
"m3_247" = "3398363138"
"m3_246" = "1696364695"
"m3_245" = "4256418168"
"m3_244" = "2487310797"
"m4_107" = "992514703"
"m4_106" = "3552191266"
"m4_105" = "1816900533"
"m4_104" = "81609800"
"m4_103" = "2641286363"
"m4_102" = "905995630"
"m4_101" = "3465672193"
"m4_100" = "1730381460"
"m4_109" = "168128873"
"m4_108" = "2727805436"
"m4_41" = "2427443317"
"m4_40" = "692152584"
"m4_43" = "1603057487"
"m4_42" = "4162734050"
"m4_45" = "778671657"
"m4_44" = "3338348220"
"m4_47" = "4249253123"
"m4_46" = "2513962390"
"m4_49" = "3424867293"
"m4_48" = "1689576560"
"m3_444" = "1653222181"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\Stvncyfrlda]
"m2_240" = "4152913075"
"m2_88" = "2381732254"
"m4_329" = "3974968085"
"m4_328" = "2239677352"
"m4_327" = "504386619"
"m4_326" = "3064063182"
"m4_325" = "1328772449"
"m4_324" = "3888449012"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"

[HKCU\Software\Stvncyfrlda]
"m4_322" = "417867546"
"m4_321" = "2977544109"
"m4_320" = "1242253376"
"m4_450" = "3491749274"
"m1_476" = "451919122"
"m3_441" = "742299884"
"m2_81" = "3119602163"
"m2_80" = "1384301825"
"m4_456" = "1018591784"
"m4_253" = "941891257"
"m4_252" = "3501567820"
"m4_251" = "1766277087"
"m4_250" = "30986354"
"m4_257" = "3588086893"
"m4_256" = "1852796160"
"m4_255" = "117505427"
"m4_254" = "2677181990"
"m4_259" = "2763701063"
"m4_258" = "1028410330"
"m2_376" = "3929256322"
"m2_377" = "1369571335"
"m2_374" = "458677546"
"m2_375" = "2193957169"
"m2_372" = "1283063296"
"m2_373" = "3018342597"
"m2_370" = "2107448818"
"m2_371" = "3842730875"
"m2_378" = "3104876269"
"m2_379" = "545186163"
"m3_443" = "4246322102"
"m3_44" = "3354938517"
"m3_45" = "795540480"
"m3_46" = "2497408959"
"m3_47" = "4232388394"
"m3_40" = "675414817"
"m3_41" = "2444014172"
"m3_42" = "4179439051"
"m3_43" = "1586486630"
"m3_48" = "1706528345"
"m3_49" = "3441441268"
"m1_449" = "752781392"
"m1_448" = "479559281"
"m1_443" = "3583581416"
"m1_442" = "4250719373"
"m1_441" = "2625719488"
"m1_440" = "305914127"
"m1_447" = "2325502246"
"m1_446" = "1939934767"
"m1_445" = "2993329163"
"m1_444" = "154654525"
"m2_185" = "3201208546"
"m2_184" = "1465912379"
"m2_187" = "2376824663"
"m2_186" = "641525778"
"m2_181" = "555014343"
"m2_180" = "3114682928"
"m2_183" = "4025596746"
"m2_182" = "2290297290"
"m2_189" = "1552438281"
"m2_188" = "4112105845"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKCU\Software\Stvncyfrlda]
"m3_457" = "2770830268"
"m1_274" = "507603296"
"m1_275" = "803696481"
"m1_276" = "2126126817"
"m1_277" = "3271353044"
"m1_270" = "3279466371"
"m1_271" = "1417778969"
"m1_272" = "2307484257"
"m1_273" = "1472398920"
"m1_278" = "1561417600"
"m1_279" = "4023192773"
"m1_308" = "2397941911"
"m4_235" = "4066396431"
"m4_234" = "2331105698"
"m1_300" = "725097162"
"m1_301" = "3750832731"
"m1_302" = "2882185260"
"m1_303" = "4072920761"
"m1_304" = "258801409"
"m1_305" = "1620505188"
"m1_306" = "105891123"
"m1_307" = "1889460364"
"m2_413" = "3710504989"
"m2_412" = "1975207787"
"m2_411" = "239927019"
"m2_410" = "2799589378"
"m2_417" = "2061736462"
"m2_416" = "326436627"
"m2_415" = "2886122448"
"m2_414" = "1150823423"
"m2_419" = "1237338688"
"m2_418" = "3797022170"
"m3_278" = "1357802103"
"m3_279" = "3092776418"
"m3_276" = "2182302637"
"m3_277" = "3950901976"
"m3_274" = "3039832195"
"m3_275" = "446879806"
"m3_272" = "3830778361"
"m3_273" = "1304934676"
"m3_270" = "393932511"
"m3_271" = "2095357514"
"m1_61" = "928027010"
"m4_239" = "2417624771"
"m4_238" = "682334038"
"m4_138" = "3246919874"
"m4_139" = "687243311"
"m4_132" = "1425110068"
"m4_133" = "3160400801"
"m4_130" = "2249495898"
"m4_131" = "3984786631"
"m4_136" = "4071305704"
"m4_137" = "1511629141"
"m4_134" = "600724238"
"m4_135" = "2336014971"
"m3_474" = "2205754875"
"m3_475" = "3907769622"
"m3_476" = "1347699845"
"m3_477" = "3116823600"
"m3_470" = "3854825527"
"m3_471" = "1294756770"
"m3_472" = "2996706001"
"m3_473" = "436767308"
"m3_478" = "557279151"
"m3_479" = "2258704090"
"m4_58" = "1862614706"
"m4_59" = "3597905439"
"m4_56" = "2687000536"
"m4_57" = "127323973"
"m4_54" = "3511386366"
"m4_55" = "951709803"
"m4_52" = "40804900"
"m4_53" = "1776095633"
"m4_50" = "865190730"
"m4_51" = "2600481463"
"m3_452" = "2684343901"
"m3_184" = "1449360497"
"m3_185" = "3217944556"
"m3_186" = "658480923"
"m3_187" = "2359824054"
"m3_180" = "3097834125"
"m3_181" = "538419768"
"m3_182" = "2306891095"
"m3_183" = "4008889538"
"m3_188" = "4095393317"
"m3_189" = "1569401168"
"m1_39" = "3572627807"
"m1_38" = "3429144405"
"m4_312" = "244829400"
"m4_313" = "1980120133"
"m4_310" = "1069215230"
"m4_311" = "2804505963"
"m4_316" = "2891025036"
"m4_317" = "331348473"
"m4_314" = "3715410866"
"m4_315" = "1155734303"
"m4_318" = "2066639206"
"m4_319" = "3801929939"
"m3_453" = "124273096"
"m4_480" = "4010863712"
"m4_481" = "1451187149"
"m3_450" = "3508320179"
"m3_451" = "915220270"
"m4_266" = "2025834306"
"m4_267" = "3761125039"
"m4_264" = "2850220136"
"m4_265" = "290543573"
"m4_262" = "3674605966"
"m4_263" = "1114929403"
"m4_260" = "204024500"
"m4_261" = "1939315233"
"m4_268" = "1201448476"
"m4_269" = "2936739209"
"m2_369" = "372146620"
"m2_368" = "2931833018"
"m3_456" = "1035276289"
"m2_361" = "3669701249"
"m2_360" = "1934403268"
"m2_363" = "2845304255"
"m2_362" = "1110029800"
"m2_365" = "2020920717"
"m2_364" = "285630896"
"m2_367" = "1196533603"
"m2_366" = "3756218428"
"m2_10" = "173034088"
"m2_11" = "1908331234"
"m2_12" = "3643615848"
"m2_13" = "1083936066"
"m2_14" = "2819229261"
"m2_15" = "259562949"
"m2_16" = "1994845648"
"m2_17" = "3730145207"
"m2_18" = "1170459854"
"m2_19" = "2905756751"
"m3_71" = "2929954066"
"m3_70" = "1227955687"
"m3_73" = "2139008060"
"m3_72" = "369900673"
"m3_75" = "1280954054"
"m3_74" = "3840892843"
"m3_77" = "490007008"
"m3_76" = "3049946741"
"m3_79" = "3927378058"
"m3_78" = "2191956255"

"m1_478" = "4055631917"
"m1_479" = "852186950"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"

[HKCU\Software\Stvncyfrlda]
"m1_477" = "4258902689"
"m1_474" = "3789313717"
"m1_475" = "314339216"
"m1_472" = "3378702977"
"m1_473" = "3120245153"
"m1_470" = "1264366550"
"m1_471" = "3998982687"
"m3_454" = "1826287975"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Stvncyfrlda]
"m3_455" = "3561709714"
"m2_178" = "3939067760"
"m2_179" = "1379401343"
"m2_170" = "2941643342"
"m2_171" = "381974933"
"m2_172" = "2117256035"
"m2_173" = "3852555978"
"m2_174" = "1292871988"
"m2_175" = "3028172671"
"m2_176" = "468488151"
"m2_177" = "2203783851"

[HKCU\Software\Stvncyfrlda\168128873]
"86519073" = "67"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"

The process %original file name%.exe:188 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 16 3F E6 19 E3 90 F3 D5 0C 68 57 9F 43 AB 33"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Freeze.com\Installer]
"test" = "1"

The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Virus modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Virus deletes the following registry key(s):

[HKLM\SOFTWARE\Freeze.com\Installer]
[HKLM\SOFTWARE\Freeze.com]

The Virus deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"

[HKLM\SOFTWARE\Freeze.com\Installer]
"test"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

Dropped PE files

MD5 File path
8a33e2f7b2a3995dc5461cacc1b01710 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\001109C1_Rar\%original file name%.exe
8a33e2f7b2a3995dc5461cacc1b01710 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\00110A0F_Rar\%original file name%.exe
46bc4eaffdefd4387aa511fe5cedd385 c:\lggt.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.

VersionInfo

Company Name: W3i, LLC
Product Name: InstallIQ Installation Utility
Product Version: 1.85.0.0
Legal Copyright: Copyright (c)2010 W3i Holdings, LLC. All rights reserved.
Legal Trademarks:
Original Filename: InstallIQ.exe
Internal Name: InstallIQ.exe
File Version: 1.85.0.0
File Description: InstallIQ Installation Utility
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 1286116 1286144 4.59992 cc56cfe97adbd7bbef308f3b658c264b
.rdata 1290240 398520 398848 3.70308 a2d4a2fbe3abb9cdf613673805e4ac69
.data 1691648 47392 25600 2.4318 9d8d715492326e309a149c5775b3dacf
.rsrc 1740800 413696 412672 5.24576 64c3c9c5c3b5106966277ec6f8d991a0

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Virus connects to the servers at the folowing location(s):

%original file name%.exe_1724:

.text
.rdata
.data
.rsrc
SSSSSSSh
t%F;s
FtPh
PPPSSh
t?SSh
PSSh<MV
PSSh`MV
<9%u?
u%f;G
-./01234$5567
unSSh
u.SSh
u/SSh
SShyBK
SShZEK
)0)0))123
8.uF@
u$SShe
@ SSHPWj
vSSSh
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
CNotSupportedException
hhctrl.ocx
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
comctl32.dll
comdlg32.dll
Shell32.dll
res://%s/%s
res://%s/%d
mfcm90.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
ole32.dll
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
operator
GetProcessWindowStation
USER32.DLL
CDialogInitializing
CDialogInitializing::Show
DialogInitializing.cpp
ping.dat
autorun.txt
wrapper.xml
stub.log
noexe
timings.txt
Process exit code = %u (0xX)
stubinfo.ini
ProductFailUrl
FreezeWrapStub.cpp
Invalid CRT parameter
FreezeWrapWin.cpp
Offer was accepted but failed to install. Err=%d
%s ReturnCode=%d
%s-%d
hXXp://dl.devinstalliq.com/lm-dev/unittest/test.html
hXXp://dl.devinstalliq.com/lm-dev/unittest/InternetExplorerExtensions-BHO.pptx
hXXp://dl.devinstalliq.com/lm-dev/unittest/ycomp_setup_frz.2004.06.01.exe
hXXp://dl.devinstalliq.com/lm-dev/unittest/ycomp_setup_freeze_uber3.exe
hXXp://dl.devinstalliq.com/lm-dev/unittest/SpySweeperSNRSetup_EN.exe
d:\tfs.vs2010.win7\installer\main\installer.freezewrap.application\freezewrapwin\MainWnd.h
MainWnd.cpp
dialog.demo.xml
LoadLibrary failed in loading current exe:
CoreResource.cpp
CStringW.GetBuffer failed!
0xx
primarylang="Portuguese (pt)",sublang="Brazil (BR)"
primarylang="Portuguese (pt)",sublang="Portugal (PT)"
primarylang="Turkish (tr)",sublang="Turkey (TR)"
Unknown language ID : 0xx
%s. {%s} @ line %d in function <%s> in module %s.
HRESULT:0x%X
Win32Err:%d
HttpStatus:%d
Error:%d
wininet.dll
Unknown error: %d
IDispatch error #%d
HRESULT:0x%X
Win32Err:%d
@ line %d in function <%s>.
%s_%x%x%x%x%x
CoreFile.cpp
-- %s line %d --
L%d:d.d.d_d:d:d.d
[X]
%d,%d,%d,%d
hXXp://
hXXps://
PTF://
CommandLine.cpp
CoreProcess.cpp
kernel32.dll
ShellExecuteCommand:
CCoreProcess::ShellExecuteCommand
Failed to execute command:
CCoreProcess::ShellExecuteCommandAndWait
CCoreProcess::CloseProcessWindowsByModuleName
CloseProcessWindowsByModuleName failed!
ntdll.dll
CCoreProcess::GetProcessExe
GetProcessExe failed!
%Y-%m-%dT%H:%M:%S
_ftprintf_s failed writing header to
CoreXml.cpp
]/Key/text()
CCoreXml::ParseRequiredKeyValue
CCoreXml::ParseRequiredKeyInt
0.0.0.0
%u,%u,%u,%u
SOFTWARE\Microsoft\Windows NT\CurrentVersion
%windows%
%system%
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Þsktop%
Þsktopdir%
%userprofile%
CoreSystem.cpp
%s0x%.2x%.2x%.2x%.2x%.2x%.2x-
SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322
SOFTWARE\Microsoft\.NETFramework\policy\v1.0
3321-3705
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
shell32.dll
CoreVista.cpp
Advapi32.dll
Software\Microsoft\Windows\CurrentVersion\Policies\System
CoreRegistry.cpp
hkeyRoot is NULL!
subkey is empty!
RegCreateKeyEx failed!
HKEY_CURRENT_CONFIG
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
%s.%s
Failed to get IE version key!
%a, %d-%b-%Y %H:%M:%S GMT
wrote %d cookies
cookie.dat
Vista.NoResult
Vista.SavedLow
cookie.ini
Vista.SetCookie
cookieman.exe
-noframemerging "%s"
Unable to find iexplore.exe, using shell execute (with possible warnings)
iexplore.exe
ie.http\shell\open\command
CoreInternetExplorer.cpp
EnumKeys failed!
url is empty!
Replacing existing provider url:
Error setting provider url!
DefaultSearchUrl
ieframe.dll
msgText is required!
msgTitle is required!
CoreDownloader.cpp
download_benchmarks.csv
Url,MinBlockSize,MaxThreads,FileSize,Accelerated,Normal,Percent
,0,0,0,0,0,0%
%s,%u,%u,%u,%d.%d,%d.%d,%.01f
wininet: HTTPSendRequest success - file block #
CoreWininet.cpp
wininet: HTTPSendRequest failed - file block #
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
HTTPSendRequest:
CCoreWininet::HTTPSendRequest
wininet: HttpOpenRequest failed!
httpopenrequest
wininet: Request handle is NULL after HttpSendRequest!
httpreqerr
Content-Type: application/x-www-form-urlencoded
wininet: HttpAddRequestHeaders (post flag) failed!
httpaddheaders
Range: bytes=%u-
Range: bytes=%u-%u
wininet: HttpAddRequestHeaders (range specification) failed!
httpaddheader
wininet: HttpSendRequest failed! (verb=
httpsendreq
httptimeout
wininet: HttpSendRequest failed!
wininet: HttpQueryInfo failed!
httpqueryinfo
httpproxy
wininet: Server responded with error: %d, %s. %s %s
httpstatuserr
wininet: HttpSendRequest: status OK received
wininet: HttpQueryInfo for content range failed!
wininet: HttpQueryInfo for file size failed!
wininet: Operation cancelled by caller.
Software\Microsoft\Windows\CurrentVersion\Internet Settings
CoreDownloadThread.cpp
Ping.cpp
keyid
%s/*[%d]/text()
CIQUReporter::SendOffersToIQU
%programdata%\W3i\InstallIQUpdater\import
CIQUReporter::OutputXmlData
IQUReporter.cpp
freezewrap.xml
freezewrap%d.xml
Failed to save IQU data, too many import files in directory!
CoreXml.SaveFile failed!
hXXp://installer.freeze.com/testpost.asp
hXXp://dl.installiq.com/postback/V1/landing.aspx
Software\Freeze.com\Installer
Enabling retry dialog in web manager.
%s,%d,%d,%d
1.85.0.0
WrapperConfig.Initialize failed!
WrapperConfig.LoadWrapper failed!
WrapperConfig.LoadAutoRun failed!
WrapperConfig.LoadCommandLine failed!
Caught exception from hardware sniffer! rc=%d
%Y%m%d%H%M%S
Missing Detection URL
detecturlmissing
FreezeWrapEngine.cpp
Performing postback, returncode=%d, failed=%d, err=%d...
hXXps://installer.freeze.com/LogError.aspx
%s,%d,%d,%d,%d,%d,%d,%d,%d
icons
offers
%s,v=%s,id=%s,rc=%d,e=%d,v=%d,c=%d,a=%d,i=%d,%s,err=%d,cf=%d,acc=%d,%u,%u,%u,%u
%s,%s,%s
%s:%s
t=%s,c=%d
%s_%s.d.%s_%s_%s
VVV.yahoo.com
my.yahoo.com
.yahoo.com
search.yahoo.com
my.freeze.com
%s:v=%s,id=%s,rc=%d,f=%d,e=%d,i=%s,p=%s,pb=%s,ex=%s,tr=%s,px=%d
%s:v=%s,rc=%d,os=%s,%s,%s|ie=%s
%s,v=%s,id=%s,os=%d,rc=%d,v=%s,c=%s,l=0xx,spp=%s,epp=%s
INST_ie7searchurl
%s,%s,%s,rc=%s
%s,%s,rc=%s
%s,%s,rc=%s,%d
INST_webcam
%s,%s
%system%\msiexec.exe
,os=%d,msi=%d.%d
,os=%d,sp=%d
v=%s,s=%s,os=%d,langid=0xx,%s
%s|%s
%programfiles%\iTunes\iTunes.exe
%s,%u,%u,%u
mail.google.com/mail
google.com
%s,lts=%s,gmc=%u,pref=%u
installiq_java_test_1.tmp
v=%s,s=%s,tid=%s,rc=%s,jv=%s,jbv=%s,jf=%d
%s,v=%s,id=%s,rc=%d,%u,%u,%d,%u,%u,%d,acc=%d,%u,%u,%u
v=%s,id=%s,rc=%d,%u
%d,%d,%d,%d,%d,%d,%d
%s,%s,%s,%s,%s
%s,v=%s,id=%s,rc=%d,acc=%d,%u,%u,%u,%u,%u,%u
e=%s|os=%s|eq=%d|yd=%s|db=%s
|bw=%s|l=%s
%s|exe=%s|sim=%s
CPostback::PerformPostback called with NULL web manager!
Postback url is empty, skipping postback.
Opening Product Fail Url:
CPostback::AlternatePostback called with NULL web manager!
/url/text()
firefox
chrome
Postback.cpp
Firefox
Chrome
%s:%d
Diagnostics: running CookieManager.HandleCookies...
handling firefox cookies...
FF.GetCookiesError
FF.NoCookies
firefox: no cookies found
FF.SetCookieError
FF.SetCookies
firefox: set cookies
getting firefox cookies for
CCookieManager::GetFirefoxCookies
Error enumerating firefox cookies!
firefoxenum
IE.EnumCookieError
IE.FoundCookies
IE.NoCookies
Vista.CopiedLow
Vista.ExtractError
Vista.CreateLowError
handling chrome cookies
Chrome.GetCookiesError
Chrome.NoCookies
Chrome: no cookies found
Chrome.SetCookieError
Chrome.SetCookies
Chrome: set cookies succeeded
getting Chrome cookies for
CCookieManager::GetChromeCookies
Error enumerating chrome cookies!
chromeenum
Safari.GetCookiesError
Safari.NoCookies
Safari.SetCookieError
Safari.SetCookies
Simulation will fail and exit after %d seconds.
Download: simulate=%d, duration=%d, variance=%d, failrate=%d
Offer: simulate=%d, duration=%d, variance=%d, failrate=%d
Product: simulate=%d, duration=%d, variance=%d, failrate=%d
Dialog: simulate=%d, duration=%d, variance=%d, failrate=%d
00000000-0000-0000-0000-000000000000
hXXp://download.freeze.com/lm/
/postbackurl/text()
CWebManager::Ping
CWebManager::PingIEAuto
ieHost.CreateStandalone failed!
ieHost.Navigate failed!
CWebManager::PostbackIEAuto
iehost.CreateStandalone failed!
ShellExecuteEx:
CWebManager::PostbackShell
ShellExecuteEx failed!
postback_response.html
PackageManager.cpp
selftest.settings.
TestManager.cpp
SessionScraperThread.cpp
CoreIEHost.CreateExisting failed!
TestResults.Initialize called more than once!
d.d.d
d.d.d @ d:d:d
PASSED
Offer status passed:
Offer action passed:
Parents.Offers
PostBackURL
Postback URL in PingData does not match ping file!
/ping/%s/%s/text()
PackageZlib.cpp
Error: %d bytes of %d read from file %s.
unzOpenCurrentFilePassword failed!
Error: %d bytes of %d were written to file %s.
unzOpenCurrentFilePassword failed! err=
Package.cpp
&#xX;
</%s>
%s="%s"
%s='%s'
<!--%s-->
<![CDATA[%s]]>
version="%s"
encoding="%s"
standalone="%s"
SQLite format 3
CREATE TABLE sqlite_master(
sql text
CREATE TEMP TABLE sqlite_temp_master(
.NOPQRSTXY|}~
BEFOREIGNOREGEXPLAINSTEADDESCAPEACHECKEYCONSTRAINTERSECTABLEFTHENDATABASELECTRANSACTIONATURALTERAISELSEXCEPTRIGGEREFERENCESUNIQUERYATTACHAVINGROUPDATEMPORARYBEGINNEREINDEXCLUSIVEXISTSBETWEENOTNULLIKECASCADEFERRABLECASECOLLATECREATECURRENT_DATEDELETEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFINTOFFSETISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
3.5.9
inflate 1.2.3 Copyright 1995-2005 Mark Adler
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
1.2.3
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
CoreTiming.cpp
CoreElmah.cpp
Url is null!
%s, %s, l=0xx
[0x%X]
d:%s
IQDownloader.cpp
AddDownload failed! url=
d:\tfs.vs2010.win7\installer\main\installer.common\installer.common.comm\IQCommThread.h
iehost.Navigate failed!
IE open url:
CIQComm::IEOpenUrl
openurlieexcept
openurlie
Shell open url:
CIQComm::ShellOpenUrl
openurlshell
productfailurl
detectionurl
pingurl
postbackurl
logfileurl
producturl
urlmon
CIQWrapperConfig::PromptForPingUrl
IQWrapperConfig.cpp
PromptForPingUrl called in production mode!!
disclosure.*.*
product.*.*
Ping File (ping.*.dat; ping.*.xml)|ping.*.dat; ping.*.xml|Text Files (*.txt)|*.txt|All Files (*.*)|*.*||
Template File (*.xsl;*.zip)|*.xsl;*.zip|All Files (*.*)|*.*||
%programfiles%\Free Offers from Freeze.com\control.txt
rule.LoadXml failed! type=
Detection rule: "%s" type="%s" id="%s" added
Number of parsed rules is not equal to rule count, parsed=%d, count=%d
IQXmlDetection.cpp
regkey
firefoxprefs
chromeprefs
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
http\shell\open\command
browser.startup.homepage
%s,%d
ie.http
D:\tfs.vs2010.win7\Installer\MAIN\Installer.Common\Installer.Common.Util\IQDaemonProcess.h
ydetect-browser.exe
IQYDetect.cpp
CIQYDetect::RunYDetectExe
YDetect from exe, value=
%d,%d,%d,%s,%s
%d,x,x,%s,xx
Error opening yahoo detection registry key
Failed to initialize pipe from installer!
cmd.runfile.ydetect.xml
*runfile.ydetect*
Command result "runfile.ydetect" recieved, but not recognized as command
Command result "runfile.ydetect" recieved, but name did not match
YDetect results received, executeSucceeded=%d, exitcode=%d
firefox.exe,firefox.url,firefoxportableurl,firefoxurl,firefox
iexplore,ie.http
%firefoxprofiles%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.js
%firefoxprofiles%
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
%s[%d]
passed
CIQXmlRequirements::RunExecute
Running Requirement check exe in InstallIQProcess (elevated)
CIQXmlRequirements::RunExecuteUsingDaemon
cmd.runfile.requirement.
Timout for Requirement passed; result may not be reliable
result.runfile.requirement.*
CIQXmlRequirements::ParseExecuteResult
Invalid flag in ExecuteResult:
Running requirement.OnInstall:
Running requirement.OnCancel:
requirement.OnCancel is empty, skipping.
Running requirement.OnExit:
requirement.OnExit is empty, skipping.
Software\Microsoft\Windows\CurrentVersion\RunOnce
ydetect.Initialize failed!
detectionrules.dat
due to no webcam installed
IQDetectionRegistry.cpp
//RegKeyFlag
KeyExists
SourceKey
hkey_current_user
hkey_local_machine
hkey_classes_root
hkey_current_config
1.1.0.6
//flag[%d]/text()
yahoo.com
live.com
msn.com
ask.com
aol.com
IQDetectionYahoo.cpp
11.0.0.0
: .Net version is insufficient
12.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSS
extract and run succeeded, isdetected=%d, pStatus=%d
SYMCCHECKER.ZIP
SYMCCHECKER.DLL
Success, offer can be made. ptStatus=%d
Success, but offer should not be shown. ptStatus=%d
Info.plist
/execute/text()
/executeresult/text()
Missing ExecuteResult in requirement config!
ydetect.ytb
IQRules.cpp
ydetect.yas
ydetect.yhp
SymCCIS.dll
webcamrequired
Detection rule, row=%d, column=%d
NULL dialog passed to AddDialog!
explorer.exe
%programfiles%\Core Services\IETester\IETester.exe
IQDialogMain.cpp
IQXmlDialogDownload.cpp
|%s,%s
IQXmlInstallItem.cpp
betamsg
d:\tfs.vs2010.win7\installer\main\installer.common\installer.common.offers\IQOffer.h
postinstallexecute
firefoxpref
firefoxinstalltype
naffkeywordurl
CIQOfferEXE::OnInstall
Firefox preferences set=
CIQOfferEXE::RunOfferInstaller
rundll32.exe "%s" %s
msiexec.exe /i "%s" /qn ALLUSERS=2 REBOOT=ReallySuppress
msiexec.exe /i "%s" %s
Could not find firefox exe to install
User canceled during Firefox shutdown!
"%s" -install-global-extension "%s"
"%s" "%s"
"%s" %s
CIQOfferEXE::RunOfferInstallerAsDesktopUser
badprocesshandle
CIQOfferEXE::WaitForOfferInstaller
IQOfferEXE.cpp
process exit code: %d
freeze.ini
prdrc.ini
#NAFFKEYWORDURL#
CIQOfferEXE::WaitForProcessStarted
CIQOfferEXE::WaitForRegistryValue
Looking for Key:
Registry key found.
CIQOfferEXE::StartAppRegistryValue
CIQOfferEXE::PostInstallExecute
PostInstallExecute command failed!
http:
CIQOfferEXE::HandleFirefoxOptions
HandleFirefoxOptions called with incorrect preferences set in config!
HandleFirefoxOptions called with no preferences set in config!
Diagnostics: running upromise.com cookie handling...
upromise.com,tsInstallContext=w3i|#PRODUCTID#|,now 7,/,no
upromise.com cookie test for IE failed!
upromise.com
Firefox shutdown rejected!
upromise.com cookie test for Firefox failed!
CIQOfferEXE::InsertCookie
Setting cookies in low-integrity context (windows vista)
Invalid offer type=%s found in ping for %s.
Unknown offer type=%d in AddOffer. ConfigId=%s, OfferId=%s.
IQOfferManager.cpp
WaitForAllOffers: timed out waiting for %d offers after %d seconds.
Restarting Firefox...
Restarting Chrome...
Setting Offer option to %d
templateurl
disclosureurl
previewurl
regkeyadd
ieregkey
images/disclosure/imageurl
IQOffer.cpp
%s (err=%d, info=%s)
CIQOffer::StopFirefox
Stop Firefox message not set!
CIQOfferFirefox
CIQOffer::StopChrome
Stop Chrome message not set!
CIQOfferChrome
unable to set regkey from following RegKeyAdd:
RegKeyAdd:
unrecognized values in RegKeyAdd:
unable to set regkey from following IERegKey:
IERegKeyAdd:
unrecognized values in IERegKey:
downloadurl
googlechrome
User canceled during Chrome shutdown!
chromecancel
Setting Firefox StartPage:
Setting Chrome Startpage:
CIQOfferStartPage::SetFirefoxStartPage
Failed to write Firefox pref!
CIQOfferStartPage::SetChromeStartPage
Unable to set chrome startpage
failchromestartpage
Successfully set chrome startpage
startpageurl
oldstartpageurl
chromesearchprovider
Missing url!
ie7nourl
ie6scnourl
firefox.defaultenginename
firefox.selectedengine
IQOfferIESearch.cpp
IQU for Chrome Default Search not yet implemented
CIQOfferIESearch::SetFirefoxSearchEngine
hXXp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
Simulation mode, setting Firefox default search engine:
Failed to write Yahoo xml for Firefox!
CIQOfferIESearch::SetChromeSearchEngine
hXXp://search.yahoo.com/favicon.ico
Failed to set default search from chrome
chromefail
\apps.ini
control.txt
%programfiles%\Free Offers from Freeze.com
%windows%\Desktop
\/:*?")<>|
IQOfferDesktopIcon.cpp
toolbarregkey
toolbarurl
Missing data for firefox toolbar install! Name:
.guid
Failed to write Firefox pref (GUID)!
.Var1
Software\%s\Toolbar
heartbeat_url
products/adobeair/AdobeAIRInstaller.exe
%programfiles%\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
AdobeAirInstaller.exe
"%s" %s "%s"
lib\settings.db
insert into Application (ProductSessionId, ApplicationTypeId, ApplicationId) VALUES ('%s',%s,'%s')
sqliteopenfail
sqlitedbnull
sqlite3_exec failed, returned error:
sqliteexecfail
IQEngine.cpp
D:\tfs.vs2010.win7\Installer\MAIN\Core.CppLib\Core.CppLib.Base\CoreRefCount.h
InstallIQProcess.exe
InstallIQProcess.zip
CIQDaemonProcess::InitPipes
IQDaemonProcess.cpp
Failed to initialize pipe to installer!
ShellExecuteCommand failed!
UniqueId.cpp
hkey is NULL!
subKey is NULL!
CoreThread.cpp
Encryption key not initialized!
Microsoft Windows Seven
Windows Server 2008 R2
Microsoft Windows Vista
Windows Server 2008
Microsoft Windows Server 2003 "R2"
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows NT
Web Edition
%d.%d
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Service Pack 6a (Build %d)
%s (Build %d)
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
user32.dll
HardwareInformation.AdapterString
HardwareInformation.BiosString
HardwareInformation.ChipType
HardwareInformation.DacType
HardwareInformation.MemorySize
%I64u%s
Alpha %d
PPC 6d
Shell.CreateInstance failed!
ShellWindows.Item failed!
CoreSettings.cpp
outlook.exe
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
*.pst
*.ost
%programfiles%\Mozilla Firefox
MozillaUIWindowClass
Software\Mozilla\Mozilla Firefox
CCoreFirefox::GetVersion
Failed to get Firefox version key!
firefoxver
Profile%d
Mozilla\Firefox
Mozilla\Firefox\profiles.ini
Firefox versions prior to 3 are not supported by LoadProfileCookies!
Loading Firefox3 cookies for url:[
cookies.sqlite
sqlite3_get_table returned error:
Enumerating Firefox3 cookies for
cookies.txt
Enumerating Firefox cookies for
Found partial cookie in Firefox profile:
Firefox version is not sufficient for setting cookies!! Must be 3.x or higher
Setting Firefox3 cookie for
insert into moz_cookies (name, value, host, path, expiry) VALUES ('%s','%s','%s','%s','%d')
-requestPending -osint -new-window "%s"
firefox.exe
PathToExe
prefs.js
CCoreFirefox::GetPrefString
CoreFirefox.cpp
CCoreFirefox::SetPrefString
CCoreFirefox::SetDefaultSearchEngine
searchUrl is empty!
suggestionUrl is empty!
Can't set search engine while Firefox is running!
Setting Firefox default search engine:
SearchUrl=
SuggestionUrl=
Failed to write Yahoo search prefs for Firefox!
hXXp://VVV.mozilla.org/2006/browser/search/
browser.search.defaultenginename
browser.search.selectedEngine
browser.search.order.1
browser.search.order.2
CCoreChrome::SetCookie
d:\tfs.vs2010.win7\installer\main\core.cpplib\core.cpplib.browser\CoreChrome.h
Chrome_WindowImpl_0
Chrome_WidgetWin_0
%local_appdata%\Google\Chrome\User Data\Default\Cookies
CCoreChrome; Cookie file does not exist
Loading Google Chrome cookies for url:[
cookies.dat
CCoreChrome; unable to copy cookie file
select name, value, host_key, path, expires_utc from cookies where
host_key like '%
Enumerating Google Chrome cookies for
select host_key, name, value, path, expires_utc from cookies where host_key like '%
chrome.dll
chrome.exe
ChromeHTML\shell\open\command
%local_appdata%\Google\Chrome\Application
%programfiles%\Google\Chrome\Application
CCoreChrome::GetStartpage
CCoreChrome::SetStartpage
%local_appdata%\Google\Chrome\User Data\Default\Web Data
webdata.dat
CCoreChrome; unable to copy web data file
SELECT value FROM meta WHERE key='Default Search Provider ID'
CCoreChrome::GetDefaultSearchUrl
CCoreChrome::SetDefaultSearchUrl
CCoreChrome: Name param cannot be blank
CCoreChrome: keyword param cannot be blank
CCoreChrome: url param cannot be blank
sql string is empty
CCoreChrome::GetPreference
%local_appdata%\Google\Chrome\User Data\Default\Preferences
CCoreChrome::LoadChromePreferences
CoreChrome.cpp
CCoreChrome::OpenDatabase
CCoreChrome: database file does not exist
CCoreChrome::GenerateDefaultSearchSQL
sqlite database is null
keyword like '%
url like '%
UPDATE keywords set short_name='%s', keyword='%s', url='%s'
, suggest_url='%s'
, favicon_url='%s'
WHERE id=%s
INSERT INTO keywords (short_name, keyword, url, show_in_default_list, safe_for_autoreplace, input_encodings
) VALUES ('%s', '%s', '%s', 1, 1, 'UTF-8'
, suggest_url
, '%s'
, favicon_url
CCoreChrome::FindInDatabase
SELECT id, short_name, url, suggest_url FROM keywords WHERE %s
CCoreChrome::InsertDataIntoDatabase
CCoreChrome::SetDefaultSearchPreferences
url='
UPDATE meta SET value='%s' WHERE key='Default Search Provider ID'
d:\tfs.vs2010.win7\installer\main\core.cpplib\core.cpplib.browser\CoreSafari.h
%appdata%\Apple Computer\Safari\Cookies\Cookies.plist
Failed to get Safari version key!
-url "%s"
safari.exe
CoreIEHost.cpp
m_WebBrowserEvents failed
IWebBrowser2 failed
CoreDHtmlDialog.cpp
CCoreDHtmlDialog::GetOptionKeyPath
getoptkey
Win32 exception in GetOptionKeyPath!
sqlite_version
sqlite_rename_trigger
sqlite_rename_table
RowKey
d-d-d d:d:d
d:d:d
d-d-d
922337203685477580
%s\etilqs_
invalid page number %d
2nd reference to page %d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
failed to get page %d
freelist leaf count too big on page %d
Page %d:
unable to get the page. error code=%d
sqlite3BtreeInitPage() returns error code %d
On tree page %d cell %d:
On page %d at right child:
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Fragmented space is %d byte reported as %d on page %d
Unable to malloc %d bytes
Page %d is never used
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
keyinfo(%d
%s(%d)
%s-mjX
unable to use function %s in the requested context
transaction - SQL statements in progress
sqlite_temp_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s
cannot open virtual table: %s
cannot open view: %s
no such column: "%s"
cannot open indexed column for writing
cannot open value of type %s
variable number must be between ?1 and ?%d
too many SQL variables
too many columns in %s
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s
%s: %s
not authorized to use function: %s
Expression tree is too large (maximum depth %d)
%.*s"%w"%s
%s OR name=%Q
there is already another table or index with this name: %s
sqlite_
table %s may not be altered
view %s may not be altered
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_stat1
CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
SELECT idx, stat FROM %Q.sqlite_stat1
too many attached databases - max %d
database %s is already in use
unable to open database: %s
no such database: %s
cannot detach database %s
database %s is locked
sqlite_detach
sqlite_attach
%s %T cannot reference objects in database %s
illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
there is already an index named %s
too many columns on %s
duplicate column name: %s
default value of column [%s] is not constant
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
DELETE FROM %s.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
indexed columns are not unique
table %s may not be indexed
views may not be indexed
virtual tables may not be indexed
there is already a table named %s
index %s already exists
sqlite_autoindex_
table %s has no column named %s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q
DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q
unable to identify the object to be reindexed
no such collation sequence: %s
table %s may not be modified
cannot modify %s because it is a view
table %S has %d columns but %d values were supplied
%d values for %d columns
table %S has no column named %s
PRIMARY KEY must be unique
sqlite3_extension_init
unable to open shared library [%s]
no entry point [%s] in shared library [%s]
error during initialization: %s
automatic extension loading failed: %s
foreign_key_list
*** in database %s ***
unsupported encoding: %s
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s
database schema is locked: %s
unknown or unsupported join type: %T%s%T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
column%d
%z:%d
sqlite_subquery_%p_
no such table: %s
too many terms in %s BY clause
%r %s BY term out of range - should be between 1 and %d
%r ORDER BY term out of range - should be between 1 and %d
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
-- TRIGGER %s
no such column: %s
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor did not declare schema: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
at most %d tables in a join
TABLE %s
%z AS %s
%z WITH INDEX %s
%z USING PRIMARY KEY
%z VIRTUAL TABLE INDEX %d:%s
SQL logic error or missing database
large file support is disabled
no such vfs: %s
/uninstallkeys/key
%s/uninstallkeys/key[%d]/attribute::type
%s/uninstallkeys/key[%d]/text()
Unknown uninstall key type encountered, skipping lookup
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
CoreJSON.cpp
D:\tfs.vs2010.win7\Installer\MAIN\Installer.FreezeWrap.Application\Release\FreezeWrapWin.pdb
PSAPI.DLL
VERSION.dll
USERENV.dll
InternetCrackUrlA
InternetCombineUrlA
DeleteUrlCacheEntry
WININET.dll
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
GetProcessHeap
GetWindowsDirectoryA
GetCPInfo
GetConsoleOutputCP
KERNEL32.dll
EnumWindows
EnumChildWindows
CreateDialogIndirectParamA
GetKeyState
UnhookWindowsHookEx
SetWindowsHookExA
USER32.dll
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GDI32.dll
COMDLG32.dll
WINSPOOL.DRV
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
ADVAPI32.dll
ShellExecuteExA
SHELL32.dll
COMCTL32.dll
UrlEscapeA
SHDeleteEmptyKeyA
SHLWAPI.dll
oledlg.dll
OLEAUT32.dll
IsValidURL
urlmon.dll
OLEACC.dll
GetKeyboardState
.PAVCOleException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.PAVCUserException@@
.PAVCArchiveException@@
.PAVCResourceException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCFileException@@
.PAVCOleDispatchException@@
zcÁ
.PAVCException@@
.?AVexecution_error@TinyXPath@@
.?AV?$CFlags@W4WebArgFlag@@@@
.?AVCCmdTarget@@
.?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.?AVCIQDetectionFirefoxPrefs@@
.?AVCIQDetectionChromePrefs@@
.?AVCIQOfferEXE@@
.?AV?$CArray@UUninstallKey@@U1@@@
c:\%original file name%.exe
`.rdata
@.data
@.reloc
Vista.BadArgs
Vista.BadArgs2
\cookie.dat
\cookie.ini
Vista.NoAppLow
Vista.WideFail
Vista.NoCookies
Vista.GetCookieFail
Vista.AllocFail
Vista.CreateFileError
Vista.WriteFileError
SetCookie%d
Vista.SetCookieError
Error: %d. %s
D:\tfs.vs2010.win7\Installer\MAIN\Installer.FreezeWrap.Application\Release\Installer.CookieMan.pdb
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
014181<1
I.YvC/
FrN)v.cg
Z[h/R%c
.JLDM
y.qy2#
Q_sQl[
I.NiG~
m%ULv
@9.yMg
.fki9
.dY0r
.mBS(
.vcgp\
PM6.hi
.eDdr<
SYMCCHECKER.DLLPK
SymCCIS.dllPK
.ndata
RegDeleteKeyExW
Kernel32.DLL
%s=%s
GetWindowsDirectoryW
ExitWindowsEx
SHFileOperationW
ShellExecuteW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v05-Sep-2007.cvs-unicode</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo></assembly>
z@cmd*
hXXp://ocsp.verisign.com0
"hXXp://crl.verisign.com/tss-ca.crl0
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
.Class 3 Public Primary Certification Authority0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,
hXXps://VVV.verisign.com/rpa01
hXXp://crl.verisign.com/pca3.crl0
.Class 3 Public Primary Certification Authority
/hXXp://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0?
3hXXp://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
hXXp://toolbar.yahoo.com0
resource.0000.pkgu
r'!.xD
autorun.txt]
resource.0000.pkgPK
wrapper.xmlPK
autorun.txtPK
timer = window.setTimeout("OnTimer("   0   ")",elapse);
var progress = document.getElementById("progress").innerHTML;
document.getElementById("progressbar").style.width = progress   "%";
timer = window.setTimeout("OnTimer("   i   ")",elapse);
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
xV.kz
SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\00110A0F_Rar\%original file name%.exe
%original file name%.exe
hXXp://slwocfd/sobaka1.gif
hXXp://46.105.103.219/sobakavolos.gif
hXXp://89.11
.info/home.gifIh
bW.text
JKERNEL32.dll
%x.exe
h.rdla&
mH.MN8
T4.At%
S.twa
.klkjw:9fqwiBumW
.sysa
Zc.pBTa
~%s:*:yd:
.!.VF*
.d&?%x=
GUrlA'
"\'Web%w}
HTTP)s'PS
2GUARDCMD
o.ENHCDM
wWEBWUPD
MM.PF
%xn'[
>>?456789:;
!"#$%&'()* ,-./4
qn%CXf
UP*dB.PPd@.
%FoAN-x
ÄEW
%F" *" a
MSVCRT.dll
WS2_32.dll
SHFileOperationA
accKeyboardShortcut
mscoree.dll
ekernel32.dll
nContent-Type: application/x-www-form-urlencoded
... %d%%
verifying installer: %d%%
~nsu.tmp
%u.%u%s%s
.DEFAULT\Control Panel\International
*?|<>/":
2009.02.09.01
Send Error Report
Send Error Report?
s de [email protected].
Debe cerrar Firefox para poder continuar. Presione OK (Aceptar) para cerrarlo ahora. Es probable que deba cerrarlo manualmente. Presione Cancel (Cancelar) para omitir esta oferta.
Please email Customer Support at [email protected] if you need further assistance.
Firefox must be closed before continuing. Press OK to close Firefox now. You may need to close Firefox manually. Press Cancel to skip this offer.
We have created an error report that you can send to help improve #ProductName#. The report contains no Personally Identifiable Information (PII) and will only be used by us.
Would you like to submit this report?
Debe cerrar Chrome para poder continuar. Presione OK (Aceptar) para cerrarlo ahora. Es probable que deba cerrarlo manualmente. Presione Cancel (Cancelar) para omitir esta oferta.
Chrome must be closed before continuing. Press OK to close Chrome now. You may need to close Chrome manually. Press Cancel to skip this offer.
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
InstallIQ.exe

%original file name%.exe_1724_rwx_005FD000_00010000:

xV.kz
SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\00110A0F_Rar\%original file name%.exe
%original file name%.exe
.rsrc
.text
c:\%original file name%.exe
hXXp://slwocfd/sobaka1.gif
hXXp://46.105.103.219/sobakavolos.gif
hXXp://89.11
.info/home.gifIh
bW.text
JKERNEL32.dll
%x.exe
h.rdla&
mH.MN8
T4.At%
S.twa
.klkjw:9fqwiBumW
.sysa
Zc.pBTa
~%s:*:yd:
.!.VF*
.d&?%x=
GUrlA'
"\'Web%w}
HTTP)s'PS
2GUARDCMD
o.ENHCDM
wWEBWUPD
MM.PF
%xn'[
>>?456789:;
!"#$%&'()* ,-./4
qn%CXf
UP*dB.PPd@.
%FoAN-x
ÄEW
%F" *" a
ADVAPI32.dll
MSVCRT.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
SHFileOperationA

Explorer.EXE_932_rwx_00FF0000_00002000:

SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
.rsrc
.text

%original file name%.exe_1724_rwx_00B70000_00002000:

SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
.rsrc
.text

%original file name%.exe_1724_rwx_00B80000_00001000:

|%original file name%.exeM_1724_

%original file name%.exe_1724_rwx_00CA0000_010BA000:

hXXp://89.11
.info/home.gifIh
bW.text
JKERNEL32.dll
%x.exe
hXXp://89.119.67.154/testo5/
hXXp://kukutrustnet777.info/home.gif
hXXp://kukutrustnet888.info/home.gif
hXXp://kukutrustnet987.info/home.gif
.text
KERNEL32.dll
.reloc
USER32.dll
h.rdata
H.data
ntoskrnl.exe
Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion
hXXp://VVV.klkjwre9fqwieluoi.info/
hXXp://kukutrustnet777888.info/
Software\Microsoft\Windows\CurrentVersion\policies\system
Software\Microsoft\Windows\ShellNoRoam\MUICache
%s:*:Enabled:ipsec
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
GdiPlus.dll
hXXp://
ipfltdrv.sys
VVV.microsoft.com
?%x=%d
&%x=%d
SYSTEM.INI
USER32.DLL
.%c%s
\\.\amsint32
NTDLL.DLL
autorun.inf
ADVAPI32.DLL
win%s.exe
%s.exe
WININET.DLL
InternetOpenUrlA
avast! Web Scanner
Avira AntiVir Premium WebGuard
cmdGuard
cmdAgent
Eset HTTP Server
ProtoPort Firewall service
SpIDer FS Monitor for Windows NT
Symantec Password Validation
WebrootDesktopFirewallDataService
WebrootFirewall
%d%d.tmp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
%s\%s
%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
Software\Microsoft\Windows\CurrentVersion\Ext\Stats
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
KERNEL32.DLL
Explorer.exe
A2CMD.
ASHWEBSV.
AVGCC.AVGCHSVX.
DRWEB
DWEBLLIO
DWEBIO
FSGUIEXE.
MCVSSHLD.
NPFMSG.
SYMSPORT.
WEBSCANX.
%c%d_%d
purity_control_%x
.adata
M_%d_
?456789:;<=
!"#$%&'()* ,-./0123
mong%WinDir%\
%WinDir%\hywjfubtsnl.log
hXXp://slwocfd/sobaka1.gif
hXXp://46.105.103.219/sobakavolos.gif
%System%\drivers\floml.sys
1117656335
SHELL32.DLL
ShellExecuteA
.rsrc
GetProcessHeap
GetWindowsDirectoryA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
SHFileOperationA
&3&3&3&389
%F" *" a
ADVAPI32.dll
MSVCRT.dll
SHELL32.dll
WS2_32.dll

%original file name%.exe_188:

.text
.rdata
.data
.rsrc
SSSSSSSh
t%F;s
FtPh
PPPSSh
t?SSh
PSSh<MV
PSSh`MV
<9%u?
u%f;G
-./01234$5567
unSSh
u.SSh
u/SSh
SShyBK
SShZEK
)0)0))123
8.uF@
u$SShe
@ SSHPWj
vSSSh
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
CNotSupportedException
hhctrl.ocx
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
comctl32.dll
comdlg32.dll
Shell32.dll
res://%s/%s
res://%s/%d
mfcm90.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
ole32.dll
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
operator
GetProcessWindowStation
USER32.DLL
CDialogInitializing
CDialogInitializing::Show
DialogInitializing.cpp
ping.dat
autorun.txt
wrapper.xml
stub.log
noexe
timings.txt
Process exit code = %u (0xX)
stubinfo.ini
ProductFailUrl
FreezeWrapStub.cpp
Invalid CRT parameter
FreezeWrapWin.cpp
Offer was accepted but failed to install. Err=%d
%s ReturnCode=%d
%s-%d
hXXp://dl.devinstalliq.com/lm-dev/unittest/test.html
hXXp://dl.devinstalliq.com/lm-dev/unittest/InternetExplorerExtensions-BHO.pptx
hXXp://dl.devinstalliq.com/lm-dev/unittest/ycomp_setup_frz.2004.06.01.exe
hXXp://dl.devinstalliq.com/lm-dev/unittest/ycomp_setup_freeze_uber3.exe
hXXp://dl.devinstalliq.com/lm-dev/unittest/SpySweeperSNRSetup_EN.exe
d:\tfs.vs2010.win7\installer\main\installer.freezewrap.application\freezewrapwin\MainWnd.h
MainWnd.cpp
dialog.demo.xml
LoadLibrary failed in loading current exe:
CoreResource.cpp
CStringW.GetBuffer failed!
0xx
primarylang="Portuguese (pt)",sublang="Brazil (BR)"
primarylang="Portuguese (pt)",sublang="Portugal (PT)"
primarylang="Turkish (tr)",sublang="Turkey (TR)"
Unknown language ID : 0xx
%s. {%s} @ line %d in function <%s> in module %s.
HRESULT:0x%X
Win32Err:%d
HttpStatus:%d
Error:%d
wininet.dll
Unknown error: %d
IDispatch error #%d
HRESULT:0x%X
Win32Err:%d
@ line %d in function <%s>.
%s_%x%x%x%x%x
CoreFile.cpp
-- %s line %d --
L%d:d.d.d_d:d:d.d
[X]
%d,%d,%d,%d
hXXp://
hXXps://
PTF://
CommandLine.cpp
CoreProcess.cpp
kernel32.dll
ShellExecuteCommand:
CCoreProcess::ShellExecuteCommand
Failed to execute command:
CCoreProcess::ShellExecuteCommandAndWait
CCoreProcess::CloseProcessWindowsByModuleName
CloseProcessWindowsByModuleName failed!
ntdll.dll
CCoreProcess::GetProcessExe
GetProcessExe failed!
%Y-%m-%dT%H:%M:%S
_ftprintf_s failed writing header to
CoreXml.cpp
]/Key/text()
CCoreXml::ParseRequiredKeyValue
CCoreXml::ParseRequiredKeyInt
0.0.0.0
%u,%u,%u,%u
SOFTWARE\Microsoft\Windows NT\CurrentVersion
%windows%
%system%
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Þsktop%
Þsktopdir%
%userprofile%
CoreSystem.cpp
%s0x%.2x%.2x%.2x%.2x%.2x%.2x-
SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322
SOFTWARE\Microsoft\.NETFramework\policy\v1.0
3321-3705
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
shell32.dll
CoreVista.cpp
Advapi32.dll
Software\Microsoft\Windows\CurrentVersion\Policies\System
CoreRegistry.cpp
hkeyRoot is NULL!
subkey is empty!
RegCreateKeyEx failed!
HKEY_CURRENT_CONFIG
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
%s.%s
Failed to get IE version key!
%a, %d-%b-%Y %H:%M:%S GMT
wrote %d cookies
cookie.dat
Vista.NoResult
Vista.SavedLow
cookie.ini
Vista.SetCookie
cookieman.exe
-noframemerging "%s"
Unable to find iexplore.exe, using shell execute (with possible warnings)
iexplore.exe
ie.http\shell\open\command
CoreInternetExplorer.cpp
EnumKeys failed!
url is empty!
Replacing existing provider url:
Error setting provider url!
DefaultSearchUrl
ieframe.dll
msgText is required!
msgTitle is required!
CoreDownloader.cpp
download_benchmarks.csv
Url,MinBlockSize,MaxThreads,FileSize,Accelerated,Normal,Percent
,0,0,0,0,0,0%
%s,%u,%u,%u,%d.%d,%d.%d,%.01f
wininet: HTTPSendRequest success - file block #
CoreWininet.cpp
wininet: HTTPSendRequest failed - file block #
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
HTTPSendRequest:
CCoreWininet::HTTPSendRequest
wininet: HttpOpenRequest failed!
httpopenrequest
wininet: Request handle is NULL after HttpSendRequest!
httpreqerr
Content-Type: application/x-www-form-urlencoded
wininet: HttpAddRequestHeaders (post flag) failed!
httpaddheaders
Range: bytes=%u-
Range: bytes=%u-%u
wininet: HttpAddRequestHeaders (range specification) failed!
httpaddheader
wininet: HttpSendRequest failed! (verb=
httpsendreq
httptimeout
wininet: HttpSendRequest failed!
wininet: HttpQueryInfo failed!
httpqueryinfo
httpproxy
wininet: Server responded with error: %d, %s. %s %s
httpstatuserr
wininet: HttpSendRequest: status OK received
wininet: HttpQueryInfo for content range failed!
wininet: HttpQueryInfo for file size failed!
wininet: Operation cancelled by caller.
Software\Microsoft\Windows\CurrentVersion\Internet Settings
CoreDownloadThread.cpp
Ping.cpp
keyid
%s/*[%d]/text()
CIQUReporter::SendOffersToIQU
%programdata%\W3i\InstallIQUpdater\import
CIQUReporter::OutputXmlData
IQUReporter.cpp
freezewrap.xml
freezewrap%d.xml
Failed to save IQU data, too many import files in directory!
CoreXml.SaveFile failed!
hXXp://installer.freeze.com/testpost.asp
hXXp://dl.installiq.com/postback/V1/landing.aspx
Software\Freeze.com\Installer
Enabling retry dialog in web manager.
%s,%d,%d,%d
1.85.0.0
WrapperConfig.Initialize failed!
WrapperConfig.LoadWrapper failed!
WrapperConfig.LoadAutoRun failed!
WrapperConfig.LoadCommandLine failed!
Caught exception from hardware sniffer! rc=%d
%Y%m%d%H%M%S
Missing Detection URL
detecturlmissing
FreezeWrapEngine.cpp
Performing postback, returncode=%d, failed=%d, err=%d...
hXXps://installer.freeze.com/LogError.aspx
%s,%d,%d,%d,%d,%d,%d,%d,%d
icons
offers
%s,v=%s,id=%s,rc=%d,e=%d,v=%d,c=%d,a=%d,i=%d,%s,err=%d,cf=%d,acc=%d,%u,%u,%u,%u
%s,%s,%s
%s:%s
t=%s,c=%d
%s_%s.d.%s_%s_%s
VVV.yahoo.com
my.yahoo.com
.yahoo.com
search.yahoo.com
my.freeze.com
%s:v=%s,id=%s,rc=%d,f=%d,e=%d,i=%s,p=%s,pb=%s,ex=%s,tr=%s,px=%d
%s:v=%s,rc=%d,os=%s,%s,%s|ie=%s
%s,v=%s,id=%s,os=%d,rc=%d,v=%s,c=%s,l=0xx,spp=%s,epp=%s
INST_ie7searchurl
%s,%s,%s,rc=%s
%s,%s,rc=%s
%s,%s,rc=%s,%d
INST_webcam
%s,%s
%system%\msiexec.exe
,os=%d,msi=%d.%d
,os=%d,sp=%d
v=%s,s=%s,os=%d,langid=0xx,%s
%s|%s
%programfiles%\iTunes\iTunes.exe
%s,%u,%u,%u
mail.google.com/mail
google.com
%s,lts=%s,gmc=%u,pref=%u
installiq_java_test_1.tmp
v=%s,s=%s,tid=%s,rc=%s,jv=%s,jbv=%s,jf=%d
%s,v=%s,id=%s,rc=%d,%u,%u,%d,%u,%u,%d,acc=%d,%u,%u,%u
v=%s,id=%s,rc=%d,%u
%d,%d,%d,%d,%d,%d,%d
%s,%s,%s,%s,%s
%s,v=%s,id=%s,rc=%d,acc=%d,%u,%u,%u,%u,%u,%u
e=%s|os=%s|eq=%d|yd=%s|db=%s
|bw=%s|l=%s
%s|exe=%s|sim=%s
CPostback::PerformPostback called with NULL web manager!
Postback url is empty, skipping postback.
Opening Product Fail Url:
CPostback::AlternatePostback called with NULL web manager!
/url/text()
firefox
chrome
Postback.cpp
Firefox
Chrome
%s:%d
Diagnostics: running CookieManager.HandleCookies...
handling firefox cookies...
FF.GetCookiesError
FF.NoCookies
firefox: no cookies found
FF.SetCookieError
FF.SetCookies
firefox: set cookies
getting firefox cookies for
CCookieManager::GetFirefoxCookies
Error enumerating firefox cookies!
firefoxenum
IE.EnumCookieError
IE.FoundCookies
IE.NoCookies
Vista.CopiedLow
Vista.ExtractError
Vista.CreateLowError
handling chrome cookies
Chrome.GetCookiesError
Chrome.NoCookies
Chrome: no cookies found
Chrome.SetCookieError
Chrome.SetCookies
Chrome: set cookies succeeded
getting Chrome cookies for
CCookieManager::GetChromeCookies
Error enumerating chrome cookies!
chromeenum
Safari.GetCookiesError
Safari.NoCookies
Safari.SetCookieError
Safari.SetCookies
Simulation will fail and exit after %d seconds.
Download: simulate=%d, duration=%d, variance=%d, failrate=%d
Offer: simulate=%d, duration=%d, variance=%d, failrate=%d
Product: simulate=%d, duration=%d, variance=%d, failrate=%d
Dialog: simulate=%d, duration=%d, variance=%d, failrate=%d
00000000-0000-0000-0000-000000000000
hXXp://download.freeze.com/lm/
/postbackurl/text()
CWebManager::Ping
CWebManager::PingIEAuto
ieHost.CreateStandalone failed!
ieHost.Navigate failed!
CWebManager::PostbackIEAuto
iehost.CreateStandalone failed!
ShellExecuteEx:
CWebManager::PostbackShell
ShellExecuteEx failed!
postback_response.html
PackageManager.cpp
selftest.settings.
TestManager.cpp
SessionScraperThread.cpp
CoreIEHost.CreateExisting failed!
TestResults.Initialize called more than once!
d.d.d
d.d.d @ d:d:d
PASSED
Offer status passed:
Offer action passed:
Parents.Offers
PostBackURL
Postback URL in PingData does not match ping file!
/ping/%s/%s/text()
PackageZlib.cpp
Error: %d bytes of %d read from file %s.
unzOpenCurrentFilePassword failed!
Error: %d bytes of %d were written to file %s.
unzOpenCurrentFilePassword failed! err=
Package.cpp
&#xX;
</%s>
%s="%s"
%s='%s'
<!--%s-->
<![CDATA[%s]]>
version="%s"
encoding="%s"
standalone="%s"
SQLite format 3
CREATE TABLE sqlite_master(
sql text
CREATE TEMP TABLE sqlite_temp_master(
.NOPQRSTXY|}~
BEFOREIGNOREGEXPLAINSTEADDESCAPEACHECKEYCONSTRAINTERSECTABLEFTHENDATABASELECTRANSACTIONATURALTERAISELSEXCEPTRIGGEREFERENCESUNIQUERYATTACHAVINGROUPDATEMPORARYBEGINNEREINDEXCLUSIVEXISTSBETWEENOTNULLIKECASCADEFERRABLECASECOLLATECREATECURRENT_DATEDELETEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFINTOFFSETISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
3.5.9
inflate 1.2.3 Copyright 1995-2005 Mark Adler
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
1.2.3
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
CoreTiming.cpp
CoreElmah.cpp
Url is null!
%s, %s, l=0xx
[0x%X]
d:%s
IQDownloader.cpp
AddDownload failed! url=
d:\tfs.vs2010.win7\installer\main\installer.common\installer.common.comm\IQCommThread.h
iehost.Navigate failed!
IE open url:
CIQComm::IEOpenUrl
openurlieexcept
openurlie
Shell open url:
CIQComm::ShellOpenUrl
openurlshell
productfailurl
detectionurl
pingurl
postbackurl
logfileurl
producturl
urlmon
CIQWrapperConfig::PromptForPingUrl
IQWrapperConfig.cpp
PromptForPingUrl called in production mode!!
disclosure.*.*
product.*.*
Ping File (ping.*.dat; ping.*.xml)|ping.*.dat; ping.*.xml|Text Files (*.txt)|*.txt|All Files (*.*)|*.*||
Template File (*.xsl;*.zip)|*.xsl;*.zip|All Files (*.*)|*.*||
%programfiles%\Free Offers from Freeze.com\control.txt
rule.LoadXml failed! type=
Detection rule: "%s" type="%s" id="%s" added
Number of parsed rules is not equal to rule count, parsed=%d, count=%d
IQXmlDetection.cpp
regkey
firefoxprefs
chromeprefs
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
http\shell\open\command
browser.startup.homepage
%s,%d
ie.http
D:\tfs.vs2010.win7\Installer\MAIN\Installer.Common\Installer.Common.Util\IQDaemonProcess.h
ydetect-browser.exe
IQYDetect.cpp
CIQYDetect::RunYDetectExe
YDetect from exe, value=
%d,%d,%d,%s,%s
%d,x,x,%s,xx
Error opening yahoo detection registry key
Failed to initialize pipe from installer!
cmd.runfile.ydetect.xml
*runfile.ydetect*
Command result "runfile.ydetect" recieved, but not recognized as command
Command result "runfile.ydetect" recieved, but name did not match
YDetect results received, executeSucceeded=%d, exitcode=%d
firefox.exe,firefox.url,firefoxportableurl,firefoxurl,firefox
iexplore,ie.http
%firefoxprofiles%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.js
%firefoxprofiles%
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
%s[%d]
passed
CIQXmlRequirements::RunExecute
Running Requirement check exe in InstallIQProcess (elevated)
CIQXmlRequirements::RunExecuteUsingDaemon
cmd.runfile.requirement.
Timout for Requirement passed; result may not be reliable
result.runfile.requirement.*
CIQXmlRequirements::ParseExecuteResult
Invalid flag in ExecuteResult:
Running requirement.OnInstall:
Running requirement.OnCancel:
requirement.OnCancel is empty, skipping.
Running requirement.OnExit:
requirement.OnExit is empty, skipping.
Software\Microsoft\Windows\CurrentVersion\RunOnce
ydetect.Initialize failed!
detectionrules.dat
due to no webcam installed
IQDetectionRegistry.cpp
//RegKeyFlag
KeyExists
SourceKey
hkey_current_user
hkey_local_machine
hkey_classes_root
hkey_current_config
1.1.0.6
//flag[%d]/text()
yahoo.com
live.com
msn.com
ask.com
aol.com
IQDetectionYahoo.cpp
11.0.0.0
: .Net version is insufficient
12.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSS
extract and run succeeded, isdetected=%d, pStatus=%d
SYMCCHECKER.ZIP
SYMCCHECKER.DLL
Success, offer can be made. ptStatus=%d
Success, but offer should not be shown. ptStatus=%d
Info.plist
/execute/text()
/executeresult/text()
Missing ExecuteResult in requirement config!
ydetect.ytb
IQRules.cpp
ydetect.yas
ydetect.yhp
SymCCIS.dll
webcamrequired
Detection rule, row=%d, column=%d
NULL dialog passed to AddDialog!
explorer.exe
%programfiles%\Core Services\IETester\IETester.exe
IQDialogMain.cpp
IQXmlDialogDownload.cpp
|%s,%s
IQXmlInstallItem.cpp
betamsg
d:\tfs.vs2010.win7\installer\main\installer.common\installer.common.offers\IQOffer.h
postinstallexecute
firefoxpref
firefoxinstalltype
naffkeywordurl
CIQOfferEXE::OnInstall
Firefox preferences set=
CIQOfferEXE::RunOfferInstaller
rundll32.exe "%s" %s
msiexec.exe /i "%s" /qn ALLUSERS=2 REBOOT=ReallySuppress
msiexec.exe /i "%s" %s
Could not find firefox exe to install
User canceled during Firefox shutdown!
"%s" -install-global-extension "%s"
"%s" "%s"
"%s" %s
CIQOfferEXE::RunOfferInstallerAsDesktopUser
badprocesshandle
CIQOfferEXE::WaitForOfferInstaller
IQOfferEXE.cpp
process exit code: %d
freeze.ini
prdrc.ini
#NAFFKEYWORDURL#
CIQOfferEXE::WaitForProcessStarted
CIQOfferEXE::WaitForRegistryValue
Looking for Key:
Registry key found.
CIQOfferEXE::StartAppRegistryValue
CIQOfferEXE::PostInstallExecute
PostInstallExecute command failed!
http:
CIQOfferEXE::HandleFirefoxOptions
HandleFirefoxOptions called with incorrect preferences set in config!
HandleFirefoxOptions called with no preferences set in config!
Diagnostics: running upromise.com cookie handling...
upromise.com,tsInstallContext=w3i|#PRODUCTID#|,now 7,/,no
upromise.com cookie test for IE failed!
upromise.com
Firefox shutdown rejected!
upromise.com cookie test for Firefox failed!
CIQOfferEXE::InsertCookie
Setting cookies in low-integrity context (windows vista)
Invalid offer type=%s found in ping for %s.
Unknown offer type=%d in AddOffer. ConfigId=%s, OfferId=%s.
IQOfferManager.cpp
WaitForAllOffers: timed out waiting for %d offers after %d seconds.
Restarting Firefox...
Restarting Chrome...
Setting Offer option to %d
templateurl
disclosureurl
previewurl
regkeyadd
ieregkey
images/disclosure/imageurl
IQOffer.cpp
%s (err=%d, info=%s)
CIQOffer::StopFirefox
Stop Firefox message not set!
CIQOfferFirefox
CIQOffer::StopChrome
Stop Chrome message not set!
CIQOfferChrome
unable to set regkey from following RegKeyAdd:
RegKeyAdd:
unrecognized values in RegKeyAdd:
unable to set regkey from following IERegKey:
IERegKeyAdd:
unrecognized values in IERegKey:
downloadurl
googlechrome
User canceled during Chrome shutdown!
chromecancel
Setting Firefox StartPage:
Setting Chrome Startpage:
CIQOfferStartPage::SetFirefoxStartPage
Failed to write Firefox pref!
CIQOfferStartPage::SetChromeStartPage
Unable to set chrome startpage
failchromestartpage
Successfully set chrome startpage
startpageurl
oldstartpageurl
chromesearchprovider
Missing url!
ie7nourl
ie6scnourl
firefox.defaultenginename
firefox.selectedengine
IQOfferIESearch.cpp
IQU for Chrome Default Search not yet implemented
CIQOfferIESearch::SetFirefoxSearchEngine
hXXp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
Simulation mode, setting Firefox default search engine:
Failed to write Yahoo xml for Firefox!
CIQOfferIESearch::SetChromeSearchEngine
hXXp://search.yahoo.com/favicon.ico
Failed to set default search from chrome
chromefail
\apps.ini
control.txt
%programfiles%\Free Offers from Freeze.com
%windows%\Desktop
\/:*?")<>|
IQOfferDesktopIcon.cpp
toolbarregkey
toolbarurl
Missing data for firefox toolbar install! Name:
.guid
Failed to write Firefox pref (GUID)!
.Var1
Software\%s\Toolbar
heartbeat_url
products/adobeair/AdobeAIRInstaller.exe
%programfiles%\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
AdobeAirInstaller.exe
"%s" %s "%s"
lib\settings.db
insert into Application (ProductSessionId, ApplicationTypeId, ApplicationId) VALUES ('%s',%s,'%s')
sqliteopenfail
sqlitedbnull
sqlite3_exec failed, returned error:
sqliteexecfail
IQEngine.cpp
D:\tfs.vs2010.win7\Installer\MAIN\Core.CppLib\Core.CppLib.Base\CoreRefCount.h
InstallIQProcess.exe
InstallIQProcess.zip
CIQDaemonProcess::InitPipes
IQDaemonProcess.cpp
Failed to initialize pipe to installer!
ShellExecuteCommand failed!
UniqueId.cpp
hkey is NULL!
subKey is NULL!
CoreThread.cpp
Encryption key not initialized!
Microsoft Windows Seven
Windows Server 2008 R2
Microsoft Windows Vista
Windows Server 2008
Microsoft Windows Server 2003 "R2"
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows NT
Web Edition
%d.%d
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Service Pack 6a (Build %d)
%s (Build %d)
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
user32.dll
HardwareInformation.AdapterString
HardwareInformation.BiosString
HardwareInformation.ChipType
HardwareInformation.DacType
HardwareInformation.MemorySize
%I64u%s
Alpha %d
PPC 6d
Shell.CreateInstance failed!
ShellWindows.Item failed!
CoreSettings.cpp
outlook.exe
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
*.pst
*.ost
%programfiles%\Mozilla Firefox
MozillaUIWindowClass
Software\Mozilla\Mozilla Firefox
CCoreFirefox::GetVersion
Failed to get Firefox version key!
firefoxver
Profile%d
Mozilla\Firefox
Mozilla\Firefox\profiles.ini
Firefox versions prior to 3 are not supported by LoadProfileCookies!
Loading Firefox3 cookies for url:[
cookies.sqlite
sqlite3_get_table returned error:
Enumerating Firefox3 cookies for
cookies.txt
Enumerating Firefox cookies for
Found partial cookie in Firefox profile:
Firefox version is not sufficient for setting cookies!! Must be 3.x or higher
Setting Firefox3 cookie for
insert into moz_cookies (name, value, host, path, expiry) VALUES ('%s','%s','%s','%s','%d')
-requestPending -osint -new-window "%s"
firefox.exe
PathToExe
prefs.js
CCoreFirefox::GetPrefString
CoreFirefox.cpp
CCoreFirefox::SetPrefString
CCoreFirefox::SetDefaultSearchEngine
searchUrl is empty!
suggestionUrl is empty!
Can't set search engine while Firefox is running!
Setting Firefox default search engine:
SearchUrl=
SuggestionUrl=
Failed to write Yahoo search prefs for Firefox!
hXXp://VVV.mozilla.org/2006/browser/search/
browser.search.defaultenginename
browser.search.selectedEngine
browser.search.order.1
browser.search.order.2
CCoreChrome::SetCookie
d:\tfs.vs2010.win7\installer\main\core.cpplib\core.cpplib.browser\CoreChrome.h
Chrome_WindowImpl_0
Chrome_WidgetWin_0
%local_appdata%\Google\Chrome\User Data\Default\Cookies
CCoreChrome; Cookie file does not exist
Loading Google Chrome cookies for url:[
cookies.dat
CCoreChrome; unable to copy cookie file
select name, value, host_key, path, expires_utc from cookies where
host_key like '%
Enumerating Google Chrome cookies for
select host_key, name, value, path, expires_utc from cookies where host_key like '%
chrome.dll
chrome.exe
ChromeHTML\shell\open\command
%local_appdata%\Google\Chrome\Application
%programfiles%\Google\Chrome\Application
CCoreChrome::GetStartpage
CCoreChrome::SetStartpage
%local_appdata%\Google\Chrome\User Data\Default\Web Data
webdata.dat
CCoreChrome; unable to copy web data file
SELECT value FROM meta WHERE key='Default Search Provider ID'
CCoreChrome::GetDefaultSearchUrl
CCoreChrome::SetDefaultSearchUrl
CCoreChrome: Name param cannot be blank
CCoreChrome: keyword param cannot be blank
CCoreChrome: url param cannot be blank
sql string is empty
CCoreChrome::GetPreference
%local_appdata%\Google\Chrome\User Data\Default\Preferences
CCoreChrome::LoadChromePreferences
CoreChrome.cpp
CCoreChrome::OpenDatabase
CCoreChrome: database file does not exist
CCoreChrome::GenerateDefaultSearchSQL
sqlite database is null
keyword like '%
url like '%
UPDATE keywords set short_name='%s', keyword='%s', url='%s'
, suggest_url='%s'
, favicon_url='%s'
WHERE id=%s
INSERT INTO keywords (short_name, keyword, url, show_in_default_list, safe_for_autoreplace, input_encodings
) VALUES ('%s', '%s', '%s', 1, 1, 'UTF-8'
, suggest_url
, '%s'
, favicon_url
CCoreChrome::FindInDatabase
SELECT id, short_name, url, suggest_url FROM keywords WHERE %s
CCoreChrome::InsertDataIntoDatabase
CCoreChrome::SetDefaultSearchPreferences
url='
UPDATE meta SET value='%s' WHERE key='Default Search Provider ID'
d:\tfs.vs2010.win7\installer\main\core.cpplib\core.cpplib.browser\CoreSafari.h
%appdata%\Apple Computer\Safari\Cookies\Cookies.plist
Failed to get Safari version key!
-url "%s"
safari.exe
CoreIEHost.cpp
m_WebBrowserEvents failed
IWebBrowser2 failed
CoreDHtmlDialog.cpp
CCoreDHtmlDialog::GetOptionKeyPath
getoptkey
Win32 exception in GetOptionKeyPath!
sqlite_version
sqlite_rename_trigger
sqlite_rename_table
RowKey
d-d-d d:d:d
d:d:d
d-d-d
922337203685477580
%s\etilqs_
invalid page number %d
2nd reference to page %d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
failed to get page %d
freelist leaf count too big on page %d
Page %d:
unable to get the page. error code=%d
sqlite3BtreeInitPage() returns error code %d
On tree page %d cell %d:
On page %d at right child:
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Fragmented space is %d byte reported as %d on page %d
Unable to malloc %d bytes
Page %d is never used
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
keyinfo(%d
%s(%d)
%s-mjX
unable to use function %s in the requested context
transaction - SQL statements in progress
sqlite_temp_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s
cannot open virtual table: %s
cannot open view: %s
no such column: "%s"
cannot open indexed column for writing
cannot open value of type %s
variable number must be between ?1 and ?%d
too many SQL variables
too many columns in %s
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s
%s: %s
not authorized to use function: %s
Expression tree is too large (maximum depth %d)
%.*s"%w"%s
%s OR name=%Q
there is already another table or index with this name: %s
sqlite_
table %s may not be altered
view %s may not be altered
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_stat1
CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
SELECT idx, stat FROM %Q.sqlite_stat1
too many attached databases - max %d
database %s is already in use
unable to open database: %s
no such database: %s
cannot detach database %s
database %s is locked
sqlite_detach
sqlite_attach
%s %T cannot reference objects in database %s
illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
there is already an index named %s
too many columns on %s
duplicate column name: %s
default value of column [%s] is not constant
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
DELETE FROM %s.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
indexed columns are not unique
table %s may not be indexed
views may not be indexed
virtual tables may not be indexed
there is already a table named %s
index %s already exists
sqlite_autoindex_
table %s has no column named %s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q
DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q
unable to identify the object to be reindexed
no such collation sequence: %s
table %s may not be modified
cannot modify %s because it is a view
table %S has %d columns but %d values were supplied
%d values for %d columns
table %S has no column named %s
PRIMARY KEY must be unique
sqlite3_extension_init
unable to open shared library [%s]
no entry point [%s] in shared library [%s]
error during initialization: %s
automatic extension loading failed: %s
foreign_key_list
*** in database %s ***
unsupported encoding: %s
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s
database schema is locked: %s
unknown or unsupported join type: %T%s%T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
column%d
%z:%d
sqlite_subquery_%p_
no such table: %s
too many terms in %s BY clause
%r %s BY term out of range - should be between 1 and %d
%r ORDER BY term out of range - should be between 1 and %d
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
-- TRIGGER %s
no such column: %s
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor did not declare schema: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
at most %d tables in a join
TABLE %s
%z AS %s
%z WITH INDEX %s
%z USING PRIMARY KEY
%z VIRTUAL TABLE INDEX %d:%s
SQL logic error or missing database
large file support is disabled
no such vfs: %s
/uninstallkeys/key
%s/uninstallkeys/key[%d]/attribute::type
%s/uninstallkeys/key[%d]/text()
Unknown uninstall key type encountered, skipping lookup
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
CoreJSON.cpp
D:\tfs.vs2010.win7\Installer\MAIN\Installer.FreezeWrap.Application\Release\FreezeWrapWin.pdb
PSAPI.DLL
VERSION.dll
USERENV.dll
InternetCrackUrlA
InternetCombineUrlA
DeleteUrlCacheEntry
WININET.dll
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
GetProcessHeap
GetWindowsDirectoryA
GetCPInfo
GetConsoleOutputCP
KERNEL32.dll
EnumWindows
EnumChildWindows
CreateDialogIndirectParamA
GetKeyState
UnhookWindowsHookEx
SetWindowsHookExA
USER32.dll
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GDI32.dll
COMDLG32.dll
WINSPOOL.DRV
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
ADVAPI32.dll
ShellExecuteExA
SHELL32.dll
COMCTL32.dll
UrlEscapeA
SHDeleteEmptyKeyA
SHLWAPI.dll
oledlg.dll
OLEAUT32.dll
IsValidURL
urlmon.dll
OLEACC.dll
GetKeyboardState
.PAVCOleException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.PAVCUserException@@
.PAVCArchiveException@@
.PAVCResourceException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCFileException@@
.PAVCOleDispatchException@@
zcÁ
.PAVCException@@
.?AVexecution_error@TinyXPath@@
.?AV?$CFlags@W4WebArgFlag@@@@
.?AVCCmdTarget@@
.?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@
.?AV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV12@@@
.?AVCIQDetectionFirefoxPrefs@@
.?AVCIQDetectionChromePrefs@@
.?AVCIQOfferEXE@@
.?AV?$CArray@UUninstallKey@@U1@@@
c:\%original file name%.exe
`.rdata
@.data
@.reloc
Vista.BadArgs
Vista.BadArgs2
\cookie.dat
\cookie.ini
Vista.NoAppLow
Vista.WideFail
Vista.NoCookies
Vista.GetCookieFail
Vista.AllocFail
Vista.CreateFileError
Vista.WriteFileError
SetCookie%d
Vista.SetCookieError
Error: %d. %s
D:\tfs.vs2010.win7\Installer\MAIN\Installer.FreezeWrap.Application\Release\Installer.CookieMan.pdb
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
014181<1
I.YvC/
FrN)v.cg
Z[h/R%c
.JLDM
y.qy2#
Q_sQl[
I.NiG~
m%ULv
@9.yMg
.fki9
.dY0r
.mBS(
.vcgp\
PM6.hi
.eDdr<
SYMCCHECKER.DLLPK
SymCCIS.dllPK
.ndata
RegDeleteKeyExW
Kernel32.DLL
%s=%s
GetWindowsDirectoryW
ExitWindowsEx
SHFileOperationW
ShellExecuteW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v05-Sep-2007.cvs-unicode</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo></assembly>
z@cmd*
hXXp://ocsp.verisign.com0
"hXXp://crl.verisign.com/tss-ca.crl0
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
.Class 3 Public Primary Certification Authority0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,
hXXps://VVV.verisign.com/rpa01
hXXp://crl.verisign.com/pca3.crl0
.Class 3 Public Primary Certification Authority
/hXXp://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0?
3hXXp://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
hXXp://toolbar.yahoo.com0
resource.0000.pkgu
r'!.xD
autorun.txt]
resource.0000.pkgPK
wrapper.xmlPK
autorun.txtPK
timer = window.setTimeout("OnTimer("   0   ")",elapse);
var progress = document.getElementById("progress").innerHTML;
document.getElementById("progressbar").style.width = progress   "%";
timer = window.setTimeout("OnTimer("   i   ")",elapse);
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
xV.kz
SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
%original file name%.exe
hXXp://slwocfd/sobaka1.gif
hXXp://46.105.103.219/sobakavolos.gif
hXXp://89.11
.info/home.gifIh
bW.text
JKERNEL32.dll
%x.exe
h.rdla&
mH.MN8
T4.At%
S.twa
.klkjw:9fqwiBumW
.sysa
Zc.pBTa
~%s:*:yd:
.!.VF*
.d&?%x=
GUrlA'
"\'Web%w}
HTTP)s'PS
2GUARDCMD
o.ENHCDM
wWEBWUPD
MM.PF
%xn'[
>>?456789:;
!"#$%&'()* ,-./4
qn%CXf
UP*dB.PPd@.
%FoAN-x
ÄEW
%F" *" a
MSVCRT.dll
WS2_32.dll
SHFileOperationA
accKeyboardShortcut
mscoree.dll
ekernel32.dll
nContent-Type: application/x-www-form-urlencoded
... %d%%
verifying installer: %d%%
~nsu.tmp
%u.%u%s%s
.DEFAULT\Control Panel\International
*?|<>/":
2009.02.09.01
Send Error Report
Send Error Report?
s de [email protected].
Debe cerrar Firefox para poder continuar. Presione OK (Aceptar) para cerrarlo ahora. Es probable que deba cerrarlo manualmente. Presione Cancel (Cancelar) para omitir esta oferta.
Please email Customer Support at [email protected] if you need further assistance.
Firefox must be closed before continuing. Press OK to close Firefox now. You may need to close Firefox manually. Press Cancel to skip this offer.
We have created an error report that you can send to help improve #ProductName#. The report contains no Personally Identifiable Information (PII) and will only be used by us.
Would you like to submit this report?
Debe cerrar Chrome para poder continuar. Presione OK (Aceptar) para cerrarlo ahora. Es probable que deba cerrarlo manualmente. Presione Cancel (Cancelar) para omitir esta oferta.
Chrome must be closed before continuing. Press OK to close Chrome now. You may need to close Chrome manually. Press Cancel to skip this offer.
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
InstallIQ.exe

%original file name%.exe_188_rwx_003A0000_00002000:

SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
.rsrc
.text

%original file name%.exe_188_rwx_003B0000_00001000:

|%original file name%.exeM_188_

%original file name%.exe_188_rwx_005FD000_00010000:

xV.kz
SHELL32.DLL
ShellExecuteA
KERNEL32.DLL
%original file name%.exe
.rsrc
.text
c:\%original file name%.exe
hXXp://slwocfd/sobaka1.gif
hXXp://46.105.103.219/sobakavolos.gif
hXXp://89.11
.info/home.gifIh
bW.text
JKERNEL32.dll
%x.exe
h.rdla&
mH.MN8
T4.At%
S.twa
.klkjw:9fqwiBumW
.sysa
Zc.pBTa
~%s:*:yd:
.!.VF*
.d&?%x=
GUrlA'
"\'Web%w}
HTTP)s'PS
2GUARDCMD
o.ENHCDM
wWEBWUPD
MM.PF
%xn'[
>>?456789:;
!"#$%&'()* ,-./4
qn%CXf
UP*dB.PPd@.
%FoAN-x
ÄEW
%F" *" a
ADVAPI32.dll
MSVCRT.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
SHFileOperationA

Explorer.EXE_932_rwx_01DE0000_00001000:

|explorer.exeM_932_


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original Virus file.
  3. Delete or disinfect the following files created/modified by the Virus:

    %WinDir%\system.ini (70 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\AdobeARM.exe (12 bytes)
    C:\lggt.exe (99 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\001109C1_Rar\%original file name%.exe (15116 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\autorun.txt (214 bytes)
    %Program Files%\Common Files\Java\Java Update\jusched.exe (856 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\stub.log (12918 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\00110A0F_Rar\%original file name%.exe (15116 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (432 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\wrapper.xml (714 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\timings.txt (143 bytes)
    C:\autorun.inf (285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\resource.0000.pkg (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\winilkp.exe (561 bytes)
    C:\totalcmd\TOTALCMD.EXE (854 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\wintmnk.exe (561 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pkg_c30143750\7ab7ed20f6d3651c5f5ce8f7d5938a4a.log (83784 bytes)

  4. Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now