Win32.Expiro.Gen.4 (B) (Emsisoft), Trojan.Win32.Delphi.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR, VirusExpiro.YR (Lavasoft MAS)Behaviour: Trojan, Virus, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 0be7eeb47de40c88679b248a3ccd8d08
SHA1: 2395c3660033e795a12a9e64cdaf815fefaff583
SHA256: 4f813887dde903eac31040343c616d6db6eace6bb5ec8eb9c3276c04f1282ffa
SSDeep: 6144:eiTjnA0IQhaFCpcw1DjCMBVVGqiQh 48nI/nbGgu7CvAUZ:eqs0/hR1DjCMFGlK 4J/b/iUZ
Size: 364544 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-10-24 17:51:06
Analyzed on: WindowsXP SP3 32-bit
Summary: Virus. A program that recursively replicates a possibly evolved copy of itself.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Virus creates the following process(es):
TASKKILL.exe:212
TASKKILL.exe:772
TASKKILL.exe:1524
TASKKILL.exe:320
TASKKILL.exe:2020
TASKKILL.exe:172
TASKKILL.exe:2012
verclsid.exe:1176
verclsid.exe:484
verclsid.exe:1056
verclsid.exe:1600
verclsid.exe:1604
verclsid.exe:320
verclsid.exe:916
impulse_setupfull.exe:1796
mscorsvw.exe:252
mscorsvw.exe:1028
%original file name%.exe:2040
cidaemon.exe:1988
The Virus injects its code into the following process(es):
cisvc.exe:1500
GameStopApp_setup.exe:1108
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process cisvc.exe:1500 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%System%\wbem\jbfdpfdn.tmp (1647 bytes)
%System%\CatRoot2 (96 bytes)
C:\System Volume Information\catalog.wci\00000002.ps2 (3515 bytes)
%WinDir%\SoftwareDistribution (4 bytes)
C:\System Volume Information\catalog.wci\00000002.ps1 (1001 bytes)
%WinDir%\pchealth\helpctr\System\images (4 bytes)
C:\System Volume Information\catalog.wci\00010008.ci (1202 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5 (4 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2 (4 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee (4 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.001 (240 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.000 (43440 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.002 (240 bytes)
%WinDir%\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 (4 bytes)
%WinDir%\pchealth\helpctr\System\panels (4 bytes)
C:\System Volume Information\catalog.wci\INDEX.002 (68 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (7433 bytes)
C:\System Volume Information\catalog.wci\INDEX.000 (12480 bytes)
C:\System Volume Information\catalog.wci\INDEX.001 (68 bytes)
C:\System Volume Information\catalog.wci\00010001.dir (16 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\plug_ins3d (4 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af (4 bytes)
%System%\dmadmin.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\dreamcatch.xml (144 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\app.dat (3200 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (2364 bytes)
%Documents and Settings%\Default User (540 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9 (4 bytes)
%WinDir%\pchealth\helpctr\System (4 bytes)
C:\$Directory (5824 bytes)
%System%\aadbnpka.tmp (315 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Total Commander (4 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.000 (19200 bytes)
%WinDir%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 (4 bytes)
%Documents and Settings%\%current user%\My Documents (4 bytes)
%System%\config (120 bytes)
%System%\scardsvr.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC (4 bytes)
%WinDir%\Prefetch (1056 bytes)
%Documents and Settings%\All Users\Application Data (4 bytes)
%System%\tlntsvr.exe (1425 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bethesda.xml (601 bytes)
%System%\CatRoot (4 bytes)
C:\System Volume Information\catalog.wci\00010004.dir (16 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (8446 bytes)
%WinDir%\assembly\GAC_32 (4 bytes)
%Documents and Settings%\Default User\Start Menu\Programs\Accessories\Accessibility (4 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.0 (4 bytes)
%System%\msiexec.exe (1425 bytes)
%System% (31924 bytes)
%System%\config\systemprofile\Application Data\Microsoft (4 bytes)
%Program Files%\Adobe\Reader 9.0\Resource\Font (4 bytes)
%System%\bephgpio.tmp (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1 (53 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30 (4 bytes)
%WinDir%\Installer\$PatchCache$\Managed (4 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.res (14405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624 (24 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs (96 bytes)
%Program Files%\Common Files\Microsoft Shared\OFFICE14 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp (8 bytes)
%Program Files%\WIRESHARK (212 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\WPF (4 bytes)
%WinDir%\assembly\GAC_MSIL (36 bytes)
%WinDir%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 (4 bytes)
%System%\ups.exe (1281 bytes)
%Documents and Settings%\NetworkService\Local Settings (4 bytes)
%WinDir%\SoftwareDistribution\Download (45 bytes)
%System%\oobe\html (4 bytes)
%System%\sessmgr.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\blitzgames.xml (36 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109 (4 bytes)
C:\$ConvertToNonresident (4593 bytes)
%WinDir%\ime (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973 (12 bytes)
%WinDir%\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation (8 bytes)
%Documents and Settings%\%current user%\Cookies (192 bytes)
C:\ (8 bytes)
%Documents and Settings%\%current user%\Favorites (4 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50 (4 bytes)
%System%\bfdleoan.tmp (317 bytes)
C:\System Volume Information\catalog.wci\CiST0000.000 (54960 bytes)
C:\System Volume Information\catalog.wci\CiST0000.001 (18500 bytes)
C:\System Volume Information\catalog.wci\CiST0000.002 (18500 bytes)
C:\System Volume Information\catalog.wci\CiP10000.000 (7440 bytes)
C:\System Volume Information\catalog.wci\CiP10000.001 (20 bytes)
C:\System Volume Information\catalog.wci\CiP10000.002 (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\atari.xml (601 bytes)
C:\System Volume Information\catalog.wci\00010004.ci (2850 bytes)
%WinDir%\Microsoft.NET\assembly\GAC_32 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.exe (14770 bytes)
%Program Files%\WinPcap\kfmalkjc.tmp (327 bytes)
%WinDir%\Temp\Perflib_Perfdata_668.dat (4 bytes)
%System%\dllhost.exe (1281 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation (4 bytes)
%Documents and Settings%\LocalService (8 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b (4 bytes)
%System%\config\AppEvent.Evt (824 bytes)
%WinDir%\WinSxS (116 bytes)
%System%\fgdaahll.tmp (1811 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas# (4 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US (4 bytes)
%WinDir% (2632 bytes)
%WinDir%\pchealth\helpctr\OfflineCache (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users (4 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d (4 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e (4 bytes)
C:\System Volume Information\catalog.wci\00010009.dir (16 bytes)
C:\PROGRAM FILES (16 bytes)
%Documents and Settings%\Default User\Templates (4 bytes)
C:\System Volume Information\catalog.wci\0001000C.ci (2562 bytes)
%WinDir%\Help\Tours\WindowsMediaPlayer\Img (4 bytes)
C:\System Volume Information\catalog.wci\00010003.ci (2850 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32 (28 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9 (4 bytes)
C:\System Volume Information\catalog.wci\CiVP0000.000 (240 bytes)
C:\System Volume Information\catalog.wci\00010001.ci (118 bytes)
%Documents and Settings%\Default User\Local Settings (4 bytes)
%WinDir%\$hf_mig$ (8 bytes)
%System%\spool\XPSEP\amd64 (4 bytes)
%System%\lbflmcjf.tmp (245 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles (4 bytes)
%System%\wbem\Repository\FS (12 bytes)
%WinDir%\ime\imjp8_1 (4 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074 (4 bytes)
%Program Files%\Adobe\Reader 9.0\Resource (4 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\SystemCache\6.0 (8 bytes)
%System%\hnaacngl.tmp (1663 bytes)
%Documents and Settings%\LocalService\Application Data\Microsoft (4 bytes)
%WinDir%\Help\Tours\WindowsMediaPlayer (4 bytes)
%Documents and Settings%\NetworkService (8 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c (4 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80 (4 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f (4 bytes)
%WinDir%\Web\Wallpaper (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft (4 bytes)
%Program Files%\Microsoft Office\Office14 (4 bytes)
%System%\config\SysEvent.Evt (320 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501 (4 bytes)
%WinDir%\Temp (8 bytes)
%WinDir%\Installer (8 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\PresentationFramewo# (4 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59 (4 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdp.xml (20 bytes)
%Documents and Settings%\All Users (8 bytes)
C:\System Volume Information\catalog.wci\00010007.dir (16 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a (4 bytes)
C:\System Volume Information\catalog.wci\CiP20000.002 (24 bytes)
C:\System Volume Information\catalog.wci\CiP20000.001 (20 bytes)
C:\System Volume Information\catalog.wci\CiP20000.000 (6720 bytes)
%System%\wbem\Repository\FS\OBJECTS.DATA (11634 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba (4 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9 (4 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8 (4 bytes)
%WinDir%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd (4 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9 (4 bytes)
%System%\vssvc.exe (3361 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594 (4 bytes)
%Documents and Settings%\Default User\Start Menu\Programs\Accessories (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\auran.xml (53 bytes)
%WinDir%\ime\imkr6_1 (4 bytes)
C:\System Volume Information\catalog.wci\propstor.bk2 (172088 bytes)
C:\System Volume Information\catalog.wci\propstor.bk1 (23840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\corel.xml (28 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729 (4 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers (4 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501 (4 bytes)
%Documents and Settings%\All Users\Documents\My Music (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\alawar.xml (8 bytes)
%Program Files%\Windows NT (4 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d (4 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment (4 bytes)
%WinDir%\Web (8 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f (4 bytes)
C:\System Volume Information\catalog.wci\0001000A.dir (16 bytes)
%System%\wbem\Logs\wbemcore.log (1056 bytes)
C:\totalcmd (4 bytes)
%System%\cheknboh.tmp (245 bytes)
%Program Files%\Common Files\System (4 bytes)
%System%\wbem\Repository\FS\MAPPING1.MAP (12 bytes)
C:\System Volume Information\catalog.wci\0001000A.ci (4642 bytes)
%WinDir%\Temp\vmware-SYSTEM\00000e7e (4 bytes)
%Program Files%\Windows Media Player (4 bytes)
C:\System Volume Information\catalog.wci\00010009.ci (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll (2256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\1c.xml (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (4 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df (4 bytes)
%WinDir%\AppPatch (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\ibippeaf.tmp (6427 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\CONFIG (4 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c (4 bytes)
C:\System Volume Information\catalog.wci\00010002.ci (4642 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (384 bytes)
%System%\fammdcpl.tmp (1610 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles (8 bytes)
%WinDir%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313 (4 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0 (4 bytes)
%WinDir%\msagent (4 bytes)
%WinDir%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ekfpdphh.tmp (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\activision.xml (1425 bytes)
%System%\wbem (1352 bytes)
C:\System Volume Information\catalog.wci\00010007.ci (93 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944 (4 bytes)
C:\System Volume Information\catalog.wci\0001000B.ci (14690 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs (4 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda (4 bytes)
%Program Files%\Adobe\Reader 9.0\Reader (96 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E (8 bytes)
%Program Files%\Movie Maker\Shared (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\apogee.xml (16 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32\PresentationFramewo# (4 bytes)
C:\System Volume Information\catalog.wci (212 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft (4 bytes)
%System%\mui (4 bytes)
%System%\locator.exe (1425 bytes)
%WinDir%\REGISTRATION (8 bytes)
%System%\spool\XPSEP\i386 (4 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdv.xml (8 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client (8 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (8 bytes)
%System%\wbem\Logs\wbemess.log (768 bytes)
%Program Files%\Movie Maker (4 bytes)
%System%\smlogsvc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
%System%\wbem\Repository\FS\INDEX.BTR (13297 bytes)
%System%\netdde.exe (4210 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ngen_service.log (8 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32\System.DirectorySer# (4 bytes)
%System%\msdtc.exe (1281 bytes)
%WinDir%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 (4 bytes)
%Documents and Settings%\%current user%\Local Settings (12 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.000 (18240 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.001 (92 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.002 (92 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.002 (124 bytes)
%WinDir%\Microsoft.NET\assembly\GAC_MSIL (28 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.000 (7200 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.001 (124 bytes)
C:\System Volume Information\catalog.wci\00010003.dir (16 bytes)
%Program Files%\WinPcap\rpcapd.exe (1425 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig (4 bytes)
C:\System Volume Information\catalog.wci\00010005.ci (4642 bytes)
%System%\config\systemprofile\Start Menu\Programs\Accessories (4 bytes)
C:\System Volume Information\catalog.wci\00010002.dir (16 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 (4 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32 (28 bytes)
C:\System Volume Information\catalog.wci\00010006.dir (16 bytes)
%WinDir%\Temp\Perflib_Perfdata_264.dat (100 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da (4 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be (4 bytes)
%System%\nabngjke.tmp (274 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75 (4 bytes)
C:\System Volume Information\catalog.wci\00010005.dir (116 bytes)
%System%\imapi.exe (2105 bytes)
%WinDir%\pchealth\helpctr\Config (4 bytes)
%Documents and Settings%\%current user%\Application Data\Adobe\Acrobat\9.0 (4 bytes)
%WinDir%\Microsoft.NET\Framework (192 bytes)
C:\System Volume Information\catalog.wci\cicat.hsh (12 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace (4 bytes)
%Documents and Settings%\%current user%\Templates (4 bytes)
%Documents and Settings%\All Users\Documents (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\System.ServiceModel# (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\akella.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\2kg.xml (2105 bytes)
%System%\drivers (32 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727 (2712 bytes)
%Documents and Settings%\%current user% (20 bytes)
%Program Files%\Common Files\Microsoft Shared\DW (4 bytes)
%System%\ahqghffi.tmp (312 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975 (4 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6 (4 bytes)
C:\System Volume Information (8 bytes)
%System%\fanhjeei.tmp (1747 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\System.DirectorySer# (4 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\clearcrown.xml (8 bytes)
%WinDir%\Help (248 bytes)
%WinDir%\security (4 bytes)
%System%\wbem\wmiapsrv.exe (2105 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426 (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo (4 bytes)
%System%\config\systemprofile (4 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.001 (9032 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\avg.xml (12 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.002 (8592 bytes)
%WinDir%\WinSxS\Manifests (28 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6 (4 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260 (4 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0 (4 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154 (4 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data (8 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft (4 bytes)
%WinDir%\Web\printers (8 bytes)
C:\DOCUMENTS AND SETTINGS (8 bytes)
C:\System Volume Information\catalog.wci\0001000C.dir (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GameStopApp_setupfull[1].exe (33428 bytes)
%System%\config\systemprofile\Local Settings (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security (4 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e (4 bytes)
%WinDir%\repair (4 bytes)
%System%\lnmjjbbk.tmp (1633 bytes)
%Program Files%\Internet Explorer (4 bytes)
C:\System Volume Information\catalog.wci\cicat.fid (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\icon_update.ico (4 bytes)
C:\System Volume Information\catalog.wci\00010006.ci (97 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5 (4 bytes)
%WinDir%\Prefetch\VERCLSID.EXE-3667BD89.pf (40 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.5 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5 (12 bytes)
%Documents and Settings%\LocalService\Local Settings (4 bytes)
%WinDir%\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac (4 bytes)
%Program Files%\COMMON FILES (8 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\cache\6.0 (8 bytes)
%Program Files%\Common Files\Microsoft Shared (4 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Playlists (4 bytes)
%Documents and Settings%\Default User\Start Menu\Programs (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard (4 bytes)
%System%\aaiaqplm.tmp (1615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E (16 bytes)
%Documents and Settings%\NetworkService\Application Data\Microsoft (4 bytes)
%WinDir%\MICROSOFT.NET (8 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5 (4 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\plug_ins (4 bytes)
%System%\oobe\html\mouse (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\amd.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\capcom.xml (673 bytes)
%System%\config\systemprofile\Start Menu\Programs (4 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6 (4 bytes)
%Documents and Settings%\Default User\SendTo (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bohemia.xml (45 bytes)
%Documents and Settings%\Default User\Application Data\Microsoft (4 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2 (4 bytes)
C:\System Volume Information\catalog.wci\CiSL0001.000 (9600 bytes)
C:\System Volume Information\catalog.wci\00010008.dir (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cinemaware.xml (601 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a (4 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf (4 bytes)
%WinDir%\assembly (4 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.001 (144 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.000 (7680 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.002 (144 bytes)
C:\System Volume Information\catalog.wci\0001000B.dir (116 bytes)
%System%\iajpffjm.tmp (1672 bytes)
%System%\mnmsrvc.exe (1425 bytes)
The Virus deletes the following file(s):
%System%\nabngjke.tmp (0 bytes)
%System%\wbem\jbfdpfdn.tmp (0 bytes)
%System%\lnmjjbbk.tmp (0 bytes)
%System%\bfdleoan.tmp (0 bytes)
%System%\lbflmcjf.tmp (0 bytes)
%System%\fgdaahll.tmp (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.002 (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.000 (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.001 (0 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\ibippeaf.tmp (0 bytes)
%System%\fammdcpl.tmp (0 bytes)
C:\System Volume Information\catalog.wci\00000001.ps1 (0 bytes)
C:\System Volume Information\catalog.wci\00000001.ps2 (0 bytes)
%System%\hnaacngl.tmp (0 bytes)
%System%\bephgpio.tmp (0 bytes)
%System%\fanhjeei.tmp (0 bytes)
%System%\iajpffjm.tmp (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.002 (0 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ekfpdphh.tmp (0 bytes)
%Program Files%\WinPcap\kfmalkjc.tmp (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.001 (0 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.000 (0 bytes)
%System%\aadbnpka.tmp (0 bytes)
%System%\aaiaqplm.tmp (0 bytes)
%System%\cheknboh.tmp (0 bytes)
%System%\ahqghffi.tmp (0 bytes)
The process GameStopApp_setup.exe:1108 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Slovenian (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_finish.dfm (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.dfm.miaf (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Catalan (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Hebrew (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_welcome.dfm (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Dutch (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Latvian (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Polish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\maintenance.dfm (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Thai (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Korean (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\welcome.dfm (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Catalan (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Japanese (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Czech (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Swedish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Portugese (Portugal) (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\finish.dfm (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registration.dfm.miaf (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Arabic (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\destination.dfm (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_reboot.dfm (877 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\progressprereq.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\progress.dfm.miaf (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Portugese (Portugal) (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Lithuanian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Chinese (PRC) (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Russian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_download.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Romanian (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Basque (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Map (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Greek (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Thai (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registration.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Latvian (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_install.dfm.miaf (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_schedule.dfm.miaf (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Italian (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Croatian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_download.dfm.miaf (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Polish (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Turkish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registrationwithserial.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Vietnamese (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Spanish (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\GameStopApp_setup.msi (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\finish.dfm.miaf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Slovak (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.dfm (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Portugese (Brazil) (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_finish.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Arabic (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Danish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\mMSIExec.dll (1723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\progress.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\startmenu.dfm.miaf (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\license.rtf (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Chinese (Taiwan) (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Finnish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Hebrew (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Hungarian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Original (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Hungarian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_install.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\Impulse®.mtx (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Russian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Portugese (Brazil) (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Swedish (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\prereq.dfm (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_install.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Spanish (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Estonian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Chinese (Taiwan) (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\licensecheck.dfm (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\prereq.dfm.miaf (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Norwegian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_account.dfm.miaf (872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\licensecheck.dfm.miaf (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Chinese (PRC) (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registrationwithserial.dfm.miaf (722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Estonian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia.tmp (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\setuptype.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Danish (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_reboot.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\gray.avi (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.French (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_download.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\icon.ico (995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_install.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Original (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\wizard.dfm (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Slovak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Basque (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Map (754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Slovenian (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Korean (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_account.dfm (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Finnish (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Croatian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.German (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Lithuanian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.French (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_download.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_schedule.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Turkish (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.rtf (951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Greek (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.English (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Vietnamese (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.German (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Dutch (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Romanian (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\startinstallation.dfm (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\mEXEFunc.dll (1869 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Norwegian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.English (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lang.loc (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Czech (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\startmenu.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Japanese (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_welcome.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Italian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\componentstree.dfm (32 bytes)
The Virus deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mia.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lang.loc (0 bytes)
The process impulse_setupfull.exe:1796 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\zallag.xml (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fi.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.dll (6518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7z.dll (12291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\thq.xml (4453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GameStopNow.exe (29134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libGLESv2.dll (9760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\imp_top.png (709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.Shell.dll (9896 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\auran.xml (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VistaBridgeLibrary.dll (1880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pt-PT.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\shadow1.png (280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\WBOCXLib.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\corel.xml (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dcompiler_43.dll (30393 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avcodec-53.dll (17263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ta.pak (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cyan.xml (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\stratfirst.xml (1598 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cypron.xml (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\focushome.xml (1521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\warner.xml (1637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\kn.pak (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\vi.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GSLogo.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sw.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libcef.dll (307427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\alawar.xml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\trion.xml (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\en-GB.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\snowball.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows_down.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\trisynergy.xml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ro.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\popcap.xml (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\microids.xml (1530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\merscom.xml (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\atari.xml (1878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe (2467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ignition.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\CleanGSA.exe.config (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.exe.config (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ca.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\UninstHelper.exe (693 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.InstallManager.dll (2248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\akella.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\2kg.xml (3710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\paradox.xml (14726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avformat-53.dll (2092 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\es.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wargaming.xml (1722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\freestuff.xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\uk.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\indies.xml (28249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\zh-CN.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\IptNetApi.dll (1312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\am.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\eidos.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\zh-TW.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\nb.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wastelands.xml (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\d3p.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ru.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\muzzylane.xml (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\GameStopApp.exe (15102 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\networks.xml (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\mia.lib (7403 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sl.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ar.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\myoffice.xml (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\dreamcatch.xml (2565 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ImpulseSelfRefresh.exe.config (355 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\eula.txt (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sega.xml (5371 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll (6741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\8AE63621\Sd.Irc.resources.dll (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\amd.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe.config (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\1c.xml (4112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\light.xml (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sap.xml (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\frame.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\es-419.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zxr.dll (1638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fil.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pt-BR.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\en-US.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hi.pak (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\isv.xml (946 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ea.xml (6319 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2_down.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\tiltedm.xml (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\about.png (598 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.UI.dll (1915 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.res (47301 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\gamehouse.xml (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mIDEFunc.dll\mEXEFunc.dll (2549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\te.pak (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\avg.xml (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.exe (45735 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\CleanGSA.exe (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\drengin.xml (3226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.dll (5843 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\el.pak (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\activision.xml (3364 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\bg.pak (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\n3vgames.xml (1036 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\id.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\threedonkeys.xml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\siber.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\TestResult.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fa.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\lv.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.IWshRuntimeLibrary.dll (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\lt.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sv.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\da.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\mumbojumbo.xml (2670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\timegate.xml (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\squarenix.xml (4290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Central.Archive.dll (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avutil-51.dll (2359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\meridian4.xml (5122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_main.ini (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_images.ini (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pl.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bethesda.xml (1834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Stardock.Central.Security.dll (38 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.exe (51798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\mr.pak (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_logic.ini (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSAMini.exe (2216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_up.png (836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\it.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\apogee.xml (1995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sr.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hr.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\imp_bottom.png (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\interplay.xml (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\icon_update.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.msi (3597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\AxInterop.ShockwaveFlashObjects.dll (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\servers.xml (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sk.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\digironin.xml (488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_over.png (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ICSharpCode.SharpZipLib.dll (1259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dx9_43.dll (30010 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\app.dat (14077 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\he.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.dll (1241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\et.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdv.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator.dll (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\tdesk.xml (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\SDSecurity.dll (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libEGL.dll (2284 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cinemaware.xml (1572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.ShockwaveFlashObjects.dll (1241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Agent.dll (51224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wc.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zip_license.txt (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sdsfresp.txt (950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.dll (1144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\positech.xml (1434 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Packager.exe (2145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.XmlSerializers.dll (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\playrix.xml (1499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Console.dll (15706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\kalypso.xml (4543 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\MyColors.xml (12701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\hothead.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fr.pak (804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Newtonsoft.Json.dll (7274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Irc.dll (3642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\readme.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\setup.bmp (1045 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\shadow2.png (297 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\viva.xml (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ncsoft.xml (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\icudt.dll (150569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_down.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VDialog.dll (2566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\tr.pak (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\oddworld.xml (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ml.pak (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_down.png (820 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\bn.pak (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\chrome.pak (19944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\nival.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator64.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ja.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\StardockCentralDSkin.dll (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bohemia.xml (795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Uninstall.dll (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\th.pak (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\rlx.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdp.xml (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sds.xml (2091 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\gsoft.xml (1906 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\prima.xml (5105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7za.exe (6356 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\nl.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\impulse.xml (1137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\epic.xml (1320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.XmlSerializers.dll (4201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\odnt.xml (2747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\enl.xml (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\futurem.xml (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Web.dll (3362 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\topware.xml (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_up.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\clearcrown.xml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ko.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.XmlSerializers.dll (4372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\de.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows_over.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\iceberg.xml (817 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_over.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\namco.xml (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\blitzgames.xml (174 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\MyDock.Util.dll (1340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Activate.exe (5537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\cs.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Zip.dll (2668 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2_over.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\capcom.xml (2111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hu.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\railsimulator.xml (1891 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\gu.pak (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\iolo.xml (8 bytes)
The Virus deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp (0 bytes)
The process mscorsvw.exe:252 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ngen_service.log (2124 bytes)
The process %original file name%.exe:2040 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GameStopApp_setupfull[1].exe (338127 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (2105 bytes)
%System%\clipsrv.exe (1425 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (1425 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ojflpekc.tmp (300 bytes)
%System%\gadqjokm.tmp (272 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\hpckhakn.tmp (1646 bytes)
%System%\obgogopn.tmp (246 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ionpofea.tmp (264 bytes)
%System%\cisvc.exe (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini\impulse_setupfull.exe (145703 bytes)
The Virus deletes the following file(s):
%WinDir%\Microsoft.NET\Framework\v4.0.30319\hpckhakn.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GameStopApp_setupfull[1].exe (0 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ojflpekc.tmp (0 bytes)
%System%\gadqjokm.tmp (0 bytes)
%System%\obgogopn.tmp (0 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ionpofea.tmp (0 bytes)
Registry activity
The process TASKKILL.exe:212 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 8A D8 14 7F EF 2C 8D D0 83 9A 7C E1 66 0C A5"
The process TASKKILL.exe:772 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 74 A0 99 48 C0 91 F3 EB 36 DE 6C 7D DB 43 EF"
The process TASKKILL.exe:1524 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 56 B7 83 CD E0 21 6E F2 7D 8B 55 86 2C BA 57"
The process TASKKILL.exe:320 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 F7 9B 7E 4E 17 94 C5 AC E5 63 F2 B9 D6 DF A5"
The process TASKKILL.exe:2020 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A A1 6C 04 C4 AD 14 6D D7 D2 CF 6A C1 EA F0 B1"
The process TASKKILL.exe:172 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 F8 94 A6 E7 94 28 A7 A9 6C F2 88 FA 3D D4 6A"
The process TASKKILL.exe:2012 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA E9 0A 19 8C F3 4B 97 43 CE 7C D9 4F 92 93 F7"
The process verclsid.exe:1176 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 14 4E 0A D8 66 1F BF C7 69 4C 6D EA 82 D2 99"
The process verclsid.exe:484 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 04 4F 7F EC DB 94 E4 FC FB 6C 9A 69 20 52 62"
The process verclsid.exe:1056 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 78 EF 9B C2 30 88 2A F8 8A BC 7C 0C D8 1C 85"
The process verclsid.exe:1600 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 D9 6C 86 32 A0 A6 74 5A CF B8 20 7B C3 94 0E"
The process verclsid.exe:1604 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 DA 76 1D 10 F6 23 8E 07 E0 9C 69 AE EC 73 83"
The process verclsid.exe:320 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 7B 23 4F F8 8F 25 AB F4 8C 0F C5 F1 DB A8 68"
The process verclsid.exe:916 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 0D 47 3B C0 30 58 33 B6 FA 04 C9 FF 14 2C 10"
The process cisvc.exe:1500 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKCR\EngUSWrdBrk.EngUSWrdBrk]
"(Default)" = "EngUSWrdBrk Class"
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"(Default)" = "%System%\query.dll"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%System%\config\systemprofile\Local Settings\Application Data"
[HKCR\MSIDXS]
"(Default)" = "Microsoft OLE DB Provider for Indexing Service"
[HKCR\IXSSO.Query\CurVer]
"(Default)" = "IXSSO.Query.3"
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\ProgID]
"(Default)" = "EngUKWrdBrk.EngUKWrdBrk.1"
[HKCR\IXSSO.Util.2\CLSID]
"(Default)" = "{0C16C27E-A6E7-11D0-BFC3-0020F8008024}"
[HKCR\CLSID\{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
"(Default)" = "MSIDXS"
[HKCR\CLSID\{c1243ca0-bf96-11cd-b579-08002b30bfeb}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{98de59a0-d175-11cd-a7bd-00006b827d94}]
"(Default)" = "Microsoft Office Persistent Handler"
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\ProgID]
"(Default)" = "ItlItlWrdBrk.ItlItlWrdBrk.1"
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}]
"(Default)" = "Microsoft Index Server Administration Object"
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\VersionIndependentProgID]
"(Default)" = "FrnFrnWrdBrk.FrnFrnWrdBrk"
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
"(Default)" = "Microsoft.ISScopeAdm"
[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\.htw\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\.css\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\CLSID\{AA205A4D-681F-11D0-A243-08002B36FCA4}\InprocServer32]
"(Default)" = "query.dll"
[HKCR\CLSID\{9478f640-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{6d36ce10-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "Italian_Italian Stemmer"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Neutral]
"WBreakerClass" = "{369647e0-17b0-11ce-9950-00aa004bbb1f}"
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\VersionIndependentProgID]
"(Default)" = "EngUSWrdBrk.EngUSWrdBrk"
[HKCR\CLSID\{01c6b350-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\CLSID\{00020811-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{860d28d0-8bf4-11ce-be59-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_US]
"StemmerClass" = "{eeed4c20-7f1b-11ce-be57-00aa0051fe20}"
[HKCR\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}\InprocServer32]
"(Default)" = "query.dll"
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors]
"(Default)" = "Extended Error Service"
[HKCR\.stm\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\IXSSO.Query.2]
"(Default)" = "Indexing Service Query SSO V2."
[HKCR\CLSID\{5645C8C0-E277-11CF-8FDA-00AA00A14F93}]
"(Default)" = "NNTP filter"
[HKCR\CLSID\{5645C8C0-E277-11CF-8FDA-00AA00A14F93}\PersistentHandler]
"(Default)" = "{5645C8C1-E277-11CF-8FDA-00AA00A14F93}"
[HKCR\.xlc\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}]
"(Default)" = "Indexing Service Utility SSO V2."
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"(Default)" = "%System%\ciodm.dll"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableSmartScreen" = "0"
[HKCR\ItlItlWrdBrk.ItlItlWrdBrk.1]
"(Default)" = "ItlItlWrdBrk Class"
[HKCR\MSIDXS ErrorLookup\Clsid]
"(Default)" = "{F9AE8981-7E52-11d0-8964-00C04FD611D7}"
[HKCR\CLSID\{C04EFA90-E221-11D2-985E-00C04F575153}\InProcServer32]
"(Default)" = "%System%\query.dll"
[HKCR\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKCR\CLSID\{510a4910-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "German_German Stemmer"
[HKCR\CLSID\{95ad72f0-44ce-11d0-ae29-00aa004b9986}]
"(Default)" = "Indexing Service Snapin"
[HKCR\IXSSO.Query.3]
"(Default)" = "Indexing Service Query SSO V3."
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
"(Default)" = "Microsoft.ISAdm.1"
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}]
"(Default)" = "FrnFrnWrdBrk Class"
[HKCR\IXSSO.Util]
"(Default)" = "Indexing Service Utility SSO V2."
[HKCR\MSIDXS\Clsid]
"(Default)" = "{F9AE8980-7E52-11d0-8964-00C04FD611D7}"
[HKCR\CLSID\{6d36ce10-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"(Default)" = "%System%\ciodm.dll"
[HKCR\CLSID\{00020C01-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKCR\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}]
"(Default)" = "Plain Text persistent handler"
[HKCR\CLSID\{b0516ff0-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "Spanish_Modern Stemmer"
[HKCR\Microsoft Internet News Message\CLSID]
"(Default)" = "{5645C8C0-E277-11CF-8FDA-00AA00A14F93}"
[HKCR\CLSID\{e0ca5340-4534-11cf-b952-00aa0051fe20}\InprocServer32]
"(Default)" = "nlhtml.dll"
[HKCR\IXSSO.Query\CLSID]
"(Default)" = "{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}"
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"
[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}\InProcServer32]
"(Default)" = "%System%\ixsso.dll"
[HKCR\Interface\{F4EB8260-8DDA-11D1-B3AA-00A0C9063796}]
"(Default)" = "IFilterStatus"
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\ProgID]
"(Default)" = "EngUSWrdBrk.EngUSWrdBrk.1"
[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}]
"(Default)" = "Indexing Service Query SSO V3."
[HKCR\CLSID\{f07f3920-7b8c-11cf-9be8-00aa004b9986}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\.odc\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\German_German]
"StemmerClass" = "{510a4910-7f1c-11ce-be57-00aa0051fe20}"
[HKCR\CLSID\{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKCR\CLSID\{66b37110-8bf2-11ce-be59-00aa0051fe20}]
"(Default)" = "Dutch_Dutch Word Breaker"
[HKCR\CLSID\{eeed4c20-7f1b-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\CLSID\{EA7BAE71-FB3B-11CD-A903-00AA00510EA3}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}]
"(Default)" = "Italian_Italian Word Breaker"
[HKCR\IXSSO.Query.2\CLSID]
"(Default)" = "{A4463024-2B6F-11D0-BFBC-0020F8008024}"
[HKCR\CLSID\{f07f3920-7b8c-11cf-9be8-00aa004b9986}\InprocServer32]
"(Default)" = "OffFilt.dll"
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\InprocServer32]
"ThreadingModel" = "Free"
[HKCR\CLSID\{5645C8C4-E277-11CF-8FDA-00AA00A14F93}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{5645C8C2-E277-11CF-8FDA-00AA00A14F93}"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\French_French]
"StemmerClass" = "{2a6eb050-7f1c-11ce-be57-00aa0051fe20}"
[HKCR\.htm\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}]
"(Default)" = "Null filter"
[HKCR\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKCR\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\InprocServer32]
"ThreadingModel" = "Free"
[HKCR\Microsoft.ISScopeAdm]
"(Default)" = "Microsoft Index Server Scope Administration Object"
[HKCR\.pot\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{c1243ca0-bf96-11cd-b579-08002b30bfeb}]
"(Default)" = "Plain Text filter"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\German_German]
"WBreakerClass" = "{9b08e210-e51b-11cd-bc7f-00aa003db18e}"
[HKCR\CLSID\{AA205A4D-681F-11D0-A243-08002B36FCA4}\InprocServer32]
"ThreadingModel" = "Both"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Swedish_Default]
"Locale" = "1053"
[HKCR\CLSID\{5645C8C3-E277-11CF-8FDA-00AA00A14F93}\PersistentHandler]
"(Default)" = "{5645C8C4-E277-11CF-8FDA-00AA00A14F93}"
[HKCR\CLSID\{369647e0-17b0-11ce-9950-00aa004bbb1f}]
"(Default)" = "Neutral Word Breaker"
[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}\ProgID]
"(Default)" = "IXSSO.Query.2"
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\ProgID]
"(Default)" = "SpnMdrWrdBrk.SpnMdrWrdBrk.1"
[HKCR\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{00020810-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\French_French]
"WBreakerClass" = "{59e09848-8099-101b-8df3-00000b65c3b5}"
[HKCR\EngUKWrdBrk.EngUKWrdBrk.1]
"(Default)" = "EngUKWrdBrk Class"
[HKCR\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}\InprocServer32]
"(Default)" = "query.dll"
[HKCR\CLSID\{2a6eb050-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "French_French Stemmer"
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
"(Default)" = "MSIDXS Error Lookup"
[HKCR\CLSID\{C04EFA90-E221-11D2-985E-00C04F575153}]
"(Default)" = "PSFactoryBuffer"
[HKCR\CLSID\{59e09848-8099-101b-8df3-00000b65c3b5}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Spanish_Modern]
"WBreakerClass" = "{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}"
[HKCR\Microsoft.ISCatAdm.1]
"(Default)" = "Microsoft Index Server Catalog Administration Object"
[HKCR\Microsoft Internet Mail Message]
"(Default)" = "Internet E-Mail Message"
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
"(Default)" = "MSIDXS ErrorLookup"
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}]
"(Default)" = "MSIDXS"
[HKCR\CLSID\{1E9685E6-DB6D-11d0-BB63-00C04FC2F410}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{95ad72f0-44ce-11d0-ae29-00aa004b9986}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{9478f640-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "Swedish_Default Stemmer"
[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk.1\CLSID]
"(Default)" = "{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Italian_Italian]
"StemmerClass" = "{6d36ce10-7f1c-11ce-be57-00aa0051fe20}"
[HKCR\ItlItlWrdBrk.ItlItlWrdBrk]
"(Default)" = "ItlItlWrdBrk Class"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Italian_Italian]
"Locale" = "1040"
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Microsoft.ISCatAdm\CurVer]
"(Default)" = "Microsoft.ISCatAdm.1"
[HKCR\IXSSO.Query]
"(Default)" = "Indexing Service Query SSO V3."
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\InprocServer32]
"(Default)" = "%System%\query.dll"
[HKCR\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32]
"(Default)" = "%System%\mimefilt.dll"
[HKCR\CLSID\{e0ca5340-4534-11cf-b952-00aa0051fe20}]
"(Default)" = "HTML filter"
[HKCR\.htx\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\CLSID\{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_UK]
"StemmerClass" = "{d99f7670-7f1a-11ce-be57-00aa0051fe20}"
[HKLM\System\CurrentControlSet\Control\Server Applications]
"{95AD72F0-44CE-11D0-AE29-00AA004B9986}" = "Indexing Service"
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\VersionIndependentProgID]
"(Default)" = "ISSimpleCommandCreator"
[HKCR\CLSID\{510a4910-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk.1\CLSID]
"(Default)" = "{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}"
[HKCR\CLSID\{b0516ff0-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{9b08e210-e51b-11cd-bc7f-00aa003db18e}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
"(Default)" = "MSIDXSErrorLookup"
[HKCR\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{c1243ca0-bf96-11cd-b579-08002b30bfeb}"
[HKCR\EngUKWrdBrk.EngUKWrdBrk.1\CLSID]
"(Default)" = "{363F1015-FD5F-4ba8-AC58-29634F378A42}"
[HKCR\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk.1]
"(Default)" = "SpnMdrWrdBrk Class"
[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"About" = "{95ad72f0-44ce-11d0-ae29-00aa004b9986}"
[HKCR\CLSID\{95ad72f0-44ce-11d0-ae29-00aa004b9986}\InprocServer32]
"(Default)" = "CIAdmin.dll"
[HKCR\EngUSWrdBrk.EngUSWrdBrk.1]
"(Default)" = "EngUSWrdBrk Class"
[HKCR\.asp\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\CLSID\{6d36ce10-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\ProgID]
"(Default)" = "ISSimpleCommandCreator.1"
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}]
"(Default)" = "ItlItlWrdBrk Class"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D 7A 0B 54 B9 C2 34 48 02 59 1C BC 34 4C F8 EE"
[HKCR\Microsoft.ISAdm.1]
"(Default)" = "Microsoft Index Server Administration Object"
[HKCR\CLSID\{b0516ff0-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Italian_Italian]
"WBreakerClass" = "{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}"
[HKCR\CLSID\{9478f640-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"Version" = "1.0"
[HKCR\CLSID\{2a6eb050-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk\CurVer]
"(Default)" = "SpnMdrWrdBrk.SpnMdrWrdBrk.1"
[HKCR\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
"(Default)" = "Content Index ISearch Creator Object"
[HKCR\.eml]
"(Default)" = "Microsoft Internet Mail Message"
[HKCR\.ascx\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\Interface\{F4EB8260-8DDA-11D1-B3AA-00A0C9063796}\ProxyStubClsid32]
"(Default)" = "{C04EFA90-E221-11D2-985E-00C04F575153}"
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\VersionIndependentProgID]
"(Default)" = "ItlItlWrdBrk.ItlItlWrdBrk"
[HKCR\CLSID\{00022603-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKCR\CLSID\{01c6b350-12c7-11ce-bd31-00aa004bbb1f}]
"(Default)" = "Swedish_Default Word Breaker"
[HKCR\CLSID\{2A488070-6FD9-11D0-A808-00A0C906241A}]
"(Default)" = "File System Client DocStore Locator Object"
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{00022602-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"
[HKCR\.aspx\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\CLSID\{d99f7670-7f1a-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ProgID]
"(Default)" = "MSIDXS.1"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Swedish_Default]
"StemmerClass" = "{9478f640-7f1c-11ce-be57-00aa0051fe20}"
[HKCR\CLSID\{59e09848-8099-101b-8df3-00000b65c3b5}]
"(Default)" = "French_French Word Breaker"
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}]
"(Default)" = "SpnMdrWrdBrk Class"
[HKCR\Microsoft.ISAdm.1\CLSID]
"(Default)" = "{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}"
[HKCR\Microsoft.ISScopeAdm\CurVer]
"(Default)" = "Microsoft.ISScopeAdm.1"
[HKCR\CLSID\{9b08e210-e51b-11cd-bc7f-00aa003db18e}]
"(Default)" = "German_German Word Breaker"
[HKCR\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKCR\EngUSWrdBrk.EngUSWrdBrk.1\CLSID]
"(Default)" = "{80A3E9B0-A246-11D3-BB8C-0090272FA362}"
[HKCR\.html\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk]
"(Default)" = "SpnMdrWrdBrk Class"
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"
[HKCR\CLSID\{5645C8C3-E277-11CF-8FDA-00AA00A14F93}]
"(Default)" = "NNTP filter"
[HKCR\CLSID\{EA7BAE70-FB3B-11CD-A903-00AA00510EA3}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\.nws]
"(Default)" = "Microsoft Internet News Message"
[HKCR\Microsoft.ISScopeAdm.1\CLSID]
"(Default)" = "{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}"
[HKCR\.xls\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\ItlItlWrdBrk.ItlItlWrdBrk.1\CLSID]
"(Default)" = "{91870674-DE84-4313-B07D-A387415BB4F5}"
[HKCR\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}]
"(Default)" = "Null persistent handler"
[HKCR\CLSID\{860d28d0-8bf4-11ce-be59-00aa0051fe20}]
"(Default)" = "Dutch_Dutch Stemmer"
[HKCR\EngUSWrdBrk.EngUSWrdBrk\CurVer]
"(Default)" = "EngUSWrdBrk.EngUSWrdBrk.1"
[HKCR\.hta\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
"(Default)" = "Microsoft.ISScopeAdm.1"
[HKCR\CLSID\{e0ca5340-4534-11cf-b952-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Microsoft.ISCatAdm.1\CLSID]
"(Default)" = "{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}"
[HKCR\.doc\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\IXSSO.Util\CLSID]
"(Default)" = "{0C16C27E-A6E7-11D0-BFC3-0020F8008024}"
[HKCR\CLSID\{66b37110-8bf2-11ce-be59-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk.1]
"(Default)" = "FrnFrnWrdBrk Class"
[HKCR\Microsoft.ISScopeAdm\CLSID]
"(Default)" = "{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}"
[HKCR\CLSID\{d99f7670-7f1a-11ce-be57-00aa0051fe20}]
"(Default)" = "English_UK Stemmer"
[HKCR\Microsoft.ISAdm\CLSID]
"(Default)" = "{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}"
[HKCR\CLSID\{AA205A4D-681F-11D0-A243-08002B36FCA4}]
"(Default)" = "File System Client Filter Object"
[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}\ProgID]
"(Default)" = "IXSSO.Util"
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\InprocServer32]
"ThreadingModel" = "Free"
[HKCR\CLSID\{C04EFA90-E221-11D2-985E-00C04F575153}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\IXSSO.Util.2]
"(Default)" = "Indexing Service Utility SSO V2."
[HKCR\Microsoft.ISScopeAdm.1]
"(Default)" = "Microsoft Index Server Scope Administration Object"
[HKCR\.hhc\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"(Default)" = "%System%\ciodm.dll"
[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}\InProcServer32]
"(Default)" = "%System%\ixsso.dll"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Spanish_Modern]
"Locale" = "3082"
[HKCR\.xlt\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\VersionIndependentProgID]
"(Default)" = "EngUKWrdBrk.EngUKWrdBrk"
[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"Provider" = "Microsoft Corporation"
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
"(Default)" = "Microsoft.ISCatAdm"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_US]
"Locale" = "1033"
[HKCR\CLSID\{eeed4c20-7f1b-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{F4EB8260-8DDA-11D1-B3AA-00A0C9063796}\NumMethods]
"(Default)" = "7"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Dutch_Dutch]
"WBreakerClass" = "{66b37110-8bf2-11ce-be59-00aa0051fe20}"
[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}\InProcServer32]
"(Default)" = "%System%\ixsso.dll"
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}]
"(Default)" = "EngUKWrdBrk Class"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Neutral]
"Locale" = "0"
[HKCR\CLSID\{5645C8C1-E277-11CF-8FDA-00AA00A14F93}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{5645C8C2-E277-11CF-8FDA-00AA00A14F93}"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\German_German]
"Locale" = "1031"
[HKCR\CLSID\{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}]
"(Default)" = "Spanish_Modern Word Breaker"
[HKCR\EngUKWrdBrk.EngUKWrdBrk]
"(Default)" = "EngUKWrdBrk Class"
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\VersionIndependentProgID]
"(Default)" = "SpnMdrWrdBrk.SpnMdrWrdBrk"
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\ProgID]
"(Default)" = "FrnFrnWrdBrk.FrnFrnWrdBrk.1"
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}]
"(Default)" = "EngUSWrdBrk Class"
[HKCR\CLSID\{01c6b350-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\EngUKWrdBrk.EngUKWrdBrk\CurVer]
"(Default)" = "EngUKWrdBrk.EngUKWrdBrk.1"
[HKCR\Microsoft.ISCatAdm]
"(Default)" = "Microsoft Index Server Catalog Administration Object"
[HKCR\CLSID\{2a6eb050-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk\CurVer]
"(Default)" = "FrnFrnWrdBrk.FrnFrnWrdBrk.1"
[HKCR\CLSID\{98de59a0-d175-11cd-a7bd-00006b827d94}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{f07f3920-7b8c-11cf-9be8-00aa004b9986}"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Dutch_Dutch]
"StemmerClass" = "{860d28d0-8bf4-11ce-be59-00aa0051fe20}"
[HKCR\.xlb\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{eec97550-47a9-11cf-b952-00aa0051fe20}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{e0ca5340-4534-11cf-b952-00aa0051fe20}"
[HKCR\.htt\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKCR\CLSID\{00020900-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}\InprocServer32]
"(Default)" = "query.dll"
[HKCR\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}]
"(Default)" = "Microsoft Index Server Scope Administration Object"
[HKCR\.dot\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
"(Default)" = "Microsoft.ISAdm"
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
"(Default)" = "Microsoft.ISCatAdm.1"
[HKCR\CLSID\{59e09848-8099-101b-8df3-00000b65c3b5}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{00020820-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HideSCAHealth" = "1"
[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}\ProgID]
"(Default)" = "IXSSO.Query"
[HKCR\CLSID\{2A488070-6FD9-11D0-A808-00A0C906241A}\InprocServer32]
"(Default)" = "query.dll"
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}]
"(Default)" = "Microsoft Index Server Catalog Administration Object"
[HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{476e6449-aaff-11d0-b944-00c04fd8d5b0}\Dynamic Extensions]
"{95AD72F0-44CE-11D0-AE29-00AA004B9986}" = "Indexing Service Snapin"
[HKCR\CLSID\{369647e0-17b0-11ce-9950-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}\InprocServer32]
"(Default)" = "infosoft.dll"
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}]
"(Default)" = "IndexServer Simple Command Creator"
[HKCR\IXSSO.Util\CurVer]
"(Default)" = "IXSSO.Util.2"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Dutch_Dutch]
"Locale" = "1043"
[HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{476e6449-aaff-11d0-b944-00c04fd8d5b0}\Extensions\NameSpace]
"{95AD72F0-44CE-11D0-AE29-00AA004B9986}" = "Indexing Service Snapin"
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\InprocServer32]
"ThreadingModel" = "Free"
[HKCR\.pps\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\MSIDXS ErrorLookup]
"(Default)" = "Microsoft OLE DB Error Lookup for Indexing Service"
[HKCR\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}\InProcServer32]
"ThreadingModel" = "Both"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCR\CLSID\{eeed4c20-7f1b-11ce-be57-00aa0051fe20}]
"(Default)" = "English_US Stemmer"
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"(Default)" = "%System%\query.dll"
[HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{5401E3E9-F5F6-11D1-B4F7-00C04FC2DB8D}]
"(Default)" = "Indexing Service Root Subtree"
[HKCR\CLSID\{f07f3920-7b8c-11cf-9be8-00aa004b9986}]
"(Default)" = "Microsoft Office Filter"
[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk]
"(Default)" = "FrnFrnWrdBrk Class"
[HKCR\CLSID\{00020821-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}]
"(Default)" = "Content Index Null Stemmer"
[HKCR\CLSID\{369647e0-17b0-11ce-9950-00aa004bbb1f}\InprocServer32]
"(Default)" = "query.dll"
[HKCR\CLSID\{1E9685E6-DB6D-11d0-BB63-00C04FC2F410}]
"(Default)" = "Content Index Framework Control Object"
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\OLE DB Provider]
"(Default)" = "Microsoft OLE DB Provider for Indexing Service"
[HKCR\CLSID\{2A488070-6FD9-11D0-A808-00A0C906241A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{9b08e210-e51b-11cd-bc7f-00aa003db18e}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"
[HKCR\CLSID\{66b37110-8bf2-11ce-be59-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\.ppt\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\ProgID]
"(Default)" = "MSIDXSErrorLookup.1"
[HKCR\ItlItlWrdBrk.ItlItlWrdBrk\CurVer]
"(Default)" = "ItlItlWrdBrk.ItlItlWrdBrk.1"
[HKCR\Microsoft Internet Mail Message\CLSID]
"(Default)" = "{5645C8C3-E277-11CF-8FDA-00AA00A14F93}"
[HKCR\CLSID\{48123bc4-99d9-11d1-a6b3-00c04fd91555}\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}]
"(Default)" = "Indexing Service Query SSO V2."
[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"NameString" = "Indexing Service"
[HKCR\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{c3278e90-bea7-11cd-b579-08002b30bfeb}"
[HKCR\IXSSO.Query.3\CLSID]
"(Default)" = "{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}"
[HKCR\CLSID\{c1243ca0-bf96-11cd-b579-08002b30bfeb}\InprocServer32]
"(Default)" = "query.dll"
[HKCR\CLSID\{00020906-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKCR\Microsoft.ISCatAdm\CLSID]
"(Default)" = "{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_UK]
"Locale" = "2057"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\French_French]
"Locale" = "1036"
[HKCR\CLSID\{1E9685E6-DB6D-11d0-BB63-00C04FC2F410}\InprocServer32]
"(Default)" = "query.dll"
[HKCR\CLSID\{eec97550-47a9-11cf-b952-00aa0051fe20}]
"(Default)" = "HTML File persistent handler"
[HKCR\.xsl\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKCR\CLSID\{d99f7670-7f1a-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{510a4910-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\InprocServer32]
"ThreadingModel" = "Free"
[HKCR\CLSID\{860d28d0-8bf4-11ce-be59-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32]
"ThreadingModel" = "Both"
[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"NodeType" = "{5401E3E9-F5F6-11D1-B4F7-00C04FC2DB8D}"
[HKCR\Microsoft.ISAdm]
"(Default)" = "Microsoft Index Server Administration Object"
[HKCR\Microsoft Internet News Message]
"(Default)" = "Internet News Message"
[HKCR\.xml\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Spanish_Modern]
"StemmerClass" = "{b0516ff0-7f1c-11ce-be57-00aa0051fe20}"
[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Swedish_Default]
"WBreakerClass" = "{01c6b350-12c7-11ce-bd31-00aa004bbb1f}"
[HKCR\Microsoft.ISAdm\CurVer]
"(Default)" = "Microsoft.ISAdm.1"
The Virus deletes the following registry key(s):
[HKCR\MSIDXS ErrorLookup\Clsid]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}]
[HKCR\MSIDXS\Clsid]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\InprocServer32]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\Programmable]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\ProgID]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\InprocServer32]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\InprocServer32]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\VersionIndependentProgID]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\ProgID]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\Programmable]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\VersionIndependentProgID]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\ProgID]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ProgID]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\ProgID]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\VersionIndependentProgID]
[HKCR\MSIDXS ErrorLookup]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\InprocServer32]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\InprocServer32]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\InprocServer32]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\ProgID]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\ProgID]
[HKCR\MSIDXS]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\Programmable]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\OLE DB Provider]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\ProgID]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}]
The process GameStopApp_setup.exe:1108 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D DE DE 42 DE 5B F5 46 AD AC 76 36 12 AD 0C 2D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process impulse_setupfull.exe:1796 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE 27 69 65 60 34 90 63 B9 C0 78 5A 1E 48 84 96"
The process mscorsvw.exe:252 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 1A E7 5E 76 E7 4D C8 02 26 8D D4 F8 B4 63 CF"
The process mscorsvw.exe:1028 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B BA AC A4 DB D2 5A 29 0E 23 CA B2 A4 6F 23 07"
The process %original file name%.exe:2040 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini]
"impulse_setupfull.exe" = "GameStop App Installation"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 DC F6 88 D8 8F 21 41 A3 2E B5 3A 46 72 99 84"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Virus modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Virus deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process cidaemon.exe:1988 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 3F 1E EE DC 93 4C 0A 1E AF 24 6C 26 97 C1 20"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 84 DA 07 00 B8 04 87 BD C4 7F D1 01"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{E4B29F9D-D390-480B-92FD-7DDB47101D71} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 7C 6C 9C 7C FA 2C C9 BB C4 7F D1 01"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 00 00 00 00 D6 5C BC BC C4 7F D1 01"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{87D62D94-71B3-4B9A-9489-5FE6850DC73E} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 84 DA 07 00 2A 74 18 BE C4 7F D1 01"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} {000214E6-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 1A 00 00 00 CC FD C7 BF C4 7F D1 01"
"{EB9B1153-3B57-4E68-959A-A3266BC3D7FE} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 84 DA 07 00 D2 1B 3D BD C4 7F D1 01"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{40C3D757-D6E4-4B49-BB41-0E5BBEA28817} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 84 DA 07 00 F4 92 2B D6 C4 7F D1 01"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
Dropped PE files
| MD5 | File path |
|---|---|
| 77de68f034484e61f4f6d913554ba3b3 | c:\Documents and Settings\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini\impulse_setupfull.exe |
| c5bde5ff01ef56c6aca6f0c79d296725 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\GameStopApp_setup.exe |
| 5d398f812374a24ef259009183f3483f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\8AE63621\Sd.Irc.resources.dll |
| 38273c298d7a28599eac1bd9a7508cf2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\GameStopApp.exe |
| 7f0b17f849115b114a7d836d47371ab1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe |
| 3664723abe0bdd9724d4654b16a111ed | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avcodec-53.dll |
| 9ec97ea26031a637a6f28ab56b30aac6 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avformat-53.dll |
| dd2cb4abe6cccd73db2263d43ddd06e1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avutil-51.dll |
| 1c9b45e87528b8bb8cfa884ea0099a85 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dcompiler_43.dll |
| 86e39e9161c3d930d93822f1563c280d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dx9_43.dll |
| cc1c3b5ca2ce560e5b670a081f3ae8a4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\icudt.dll |
| 9e31e75a285b3b2956f9dc87efe12e4f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libEGL.dll |
| d70d9040c6ca1c724400b06049ce8e5a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libGLESv2.dll |
| b68950fb2a55411541642b6a64f80fdc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libcef.dll |
| 8b22c9cd4802fca684071e3da1004a23 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7z.dll |
| 0d2026d664080015ba75c01f12a0f06e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7za.exe |
| 27f6cdd54a8edeaf830fdb4924bba13b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zxr.dll |
| 05d7ce1c1f6839cced7d53fbe9396585 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Activate.exe |
| dcc119aa708e9e8512f0df101e8cd2d2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\AxInterop.ShockwaveFlashObjects.dll |
| a19328a06056daf144b6a6a02aa8dc71 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\CleanGSA.exe |
| 720d951f7a36057d01acefbf1df59541 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Console.dll |
| 94ef6d946c6777da0934915ac4cdbb45 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator.dll |
| 17404fcf28ab8b8a606ccba225954fcb | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator64.dll |
| bee85ceb7262982a6605a5a6deb2a4e9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSAMini.exe |
| 72059b04ecca8abf66571923879c3ed8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.XmlSerializers.dll |
| 32aceed1b3698612882b765a9db083f4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.exe |
| e587d98467d6b5c7d9f3a39e0e00c708 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Agent.dll |
| 4ab62e4be1bd271b9ace5b21b8e99fed | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Packager.exe |
| 1c4c62873134dfc86933b5fe1488f90a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ICSharpCode.SharpZipLib.dll |
| a2b6801fb4ec42cc2bfef8eea64ae299 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.IWshRuntimeLibrary.dll |
| 66e97fe6697d84154f36e02e25e3f9ac | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.ShockwaveFlashObjects.dll |
| 2f15e02c52427786c673634408cefbad | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\IptNetApi.dll |
| 4581247ee225699689100b8a7f783723 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.Shell.dll |
| c09634bc2d09335de617e84a7ecf3a94 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.dll |
| b54ac07202d39eb8a75d7b8a57c34586 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\MyDock.Util.dll |
| f7bf79b78a0978a506cff19e941abdee | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Newtonsoft.Json.dll |
| 0034a3772c10d014f0a72da03d786308 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Central.Archive.dll |
| 517ac8c8e47bc529b2314c3a108d8a2e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.XmlSerializers.dll |
| 9feedb4565806181b91ff0bb0c20b14e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.dll |
| a46b09178373de8089c6dc978b5abc13 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.InstallManager.dll |
| eca2ea7ec70f691aad9dbdd044f3515f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Irc.dll |
| 26dde793d4d367def4b3409e64180533 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.UI.dll |
| 8de22f1581a231abbf6b652eb76ce750 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Uninstall.dll |
| 189b1f6a3c529ae3f4b7aa074ed34207 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Web.dll |
| 1c37720205f3ac613b84acb78a28436e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Zip.dll |
| ee9d62c12f234fd6a8996531bc42771e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.dll |
| 1f9284b70de38274b37a7b678bd4b9de | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Stardock.Central.Security.dll |
| 78a95b8c96b05e739d62948753b9b0a1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\StardockCentralDSkin.dll |
| c03f4af266223f05bc6b5f58da44bfc0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\UninstHelper.exe |
| 29faf430686c6090741329da214b4496 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VDialog.dll |
| 538ef5cec9678cd6bd89ae3baa6b97d2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VistaBridgeLibrary.dll |
| d56347b8f0833fc61956d667fa73f99a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\WBOCXLib.dll |
| a7c17cc811434daeb1ca3588efd925bb | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.XmlSerializers.dll |
| 43e38d11332eba947494d46572c18475 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.dll |
| 2f22bd66d96bd5cc37deafaa73863335 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GameStopNow.exe |
| 28609e5d9096235a9eb2cc62fc50d3ca | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\SDSecurity.dll |
| 933594d11c91b901309f0be7e738ef83 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\mIDEFunc.dll\mEXEFunc.dll |
| 28fb5267e7ec6b0787481501bb3e70b9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll |
| 9cf2edaa3a834ea2724b6d4275091493 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\mia1.tmp\mia.lib |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
TASKKILL.exe:212
TASKKILL.exe:772
TASKKILL.exe:1524
TASKKILL.exe:320
TASKKILL.exe:2020
TASKKILL.exe:172
TASKKILL.exe:2012
verclsid.exe:1176
verclsid.exe:484
verclsid.exe:1056
verclsid.exe:1600
verclsid.exe:1604
verclsid.exe:320
verclsid.exe:916
impulse_setupfull.exe:1796
mscorsvw.exe:252
mscorsvw.exe:1028
%original file name%.exe:2040
cidaemon.exe:1988 - Delete the original Virus file.
- Delete or disinfect the following files created/modified by the Virus:
%System%\wbem\jbfdpfdn.tmp (1647 bytes)
%System%\CatRoot2 (96 bytes)
C:\System Volume Information\catalog.wci\00000002.ps2 (3515 bytes)
%WinDir%\SoftwareDistribution (4 bytes)
C:\System Volume Information\catalog.wci\00000002.ps1 (1001 bytes)
%WinDir%\pchealth\helpctr\System\images (4 bytes)
C:\System Volume Information\catalog.wci\00010008.ci (1202 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5 (4 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2 (4 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee (4 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.001 (240 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.000 (43440 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.002 (240 bytes)
%WinDir%\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 (4 bytes)
%WinDir%\pchealth\helpctr\System\panels (4 bytes)
C:\System Volume Information\catalog.wci\INDEX.002 (68 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (7433 bytes)
C:\System Volume Information\catalog.wci\INDEX.000 (12480 bytes)
C:\System Volume Information\catalog.wci\INDEX.001 (68 bytes)
C:\System Volume Information\catalog.wci\00010001.dir (16 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\plug_ins3d (4 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af (4 bytes)
%System%\dmadmin.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\dreamcatch.xml (144 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\app.dat (3200 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (2364 bytes)
%Documents and Settings%\Default User (540 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9 (4 bytes)
C:\$Directory (5824 bytes)
%System%\aadbnpka.tmp (315 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Total Commander (4 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.000 (19200 bytes)
%WinDir%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 (4 bytes)
%Documents and Settings%\%current user%\My Documents (4 bytes)
%System%\config (120 bytes)
%System%\scardsvr.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC (4 bytes)
%WinDir%\Prefetch (1056 bytes)
%Documents and Settings%\All Users\Application Data (4 bytes)
%System%\tlntsvr.exe (1425 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bethesda.xml (601 bytes)
C:\System Volume Information\catalog.wci\00010004.dir (16 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (8446 bytes)
%WinDir%\assembly\GAC_32 (4 bytes)
%Documents and Settings%\Default User\Start Menu\Programs\Accessories\Accessibility (4 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.0 (4 bytes)
%System%\msiexec.exe (1425 bytes)
%System%\config\systemprofile\Application Data\Microsoft (4 bytes)
%Program Files%\Adobe\Reader 9.0\Resource\Font (4 bytes)
%System%\bephgpio.tmp (259 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30 (4 bytes)
%WinDir%\Installer\$PatchCache$\Managed (4 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.res (14405 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs (96 bytes)
%Program Files%\Common Files\Microsoft Shared\OFFICE14 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF (4 bytes)
%Program Files%\WIRESHARK (212 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\WPF (4 bytes)
%WinDir%\assembly\GAC_MSIL (36 bytes)
%WinDir%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 (4 bytes)
%System%\ups.exe (1281 bytes)
%Documents and Settings%\NetworkService\Local Settings (4 bytes)
%System%\oobe\html (4 bytes)
%System%\sessmgr.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\blitzgames.xml (36 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109 (4 bytes)
C:\$ConvertToNonresident (4593 bytes)
%WinDir%\ime (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973 (12 bytes)
%WinDir%\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 (4 bytes)
%Documents and Settings%\%current user%\Cookies (192 bytes)
%Documents and Settings%\%current user%\Favorites (4 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50 (4 bytes)
%System%\bfdleoan.tmp (317 bytes)
C:\System Volume Information\catalog.wci\CiST0000.000 (54960 bytes)
C:\System Volume Information\catalog.wci\CiST0000.001 (18500 bytes)
C:\System Volume Information\catalog.wci\CiST0000.002 (18500 bytes)
C:\System Volume Information\catalog.wci\CiP10000.000 (7440 bytes)
C:\System Volume Information\catalog.wci\CiP10000.001 (20 bytes)
C:\System Volume Information\catalog.wci\CiP10000.002 (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\atari.xml (601 bytes)
C:\System Volume Information\catalog.wci\00010004.ci (2850 bytes)
%WinDir%\Microsoft.NET\assembly\GAC_32 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.exe (14770 bytes)
%Program Files%\WinPcap\kfmalkjc.tmp (327 bytes)
%WinDir%\Temp\Perflib_Perfdata_668.dat (4 bytes)
%System%\dllhost.exe (1281 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation (4 bytes)
%Documents and Settings%\LocalService (8 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b (4 bytes)
%System%\config\AppEvent.Evt (824 bytes)
%System%\fgdaahll.tmp (1811 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas# (4 bytes)
%WinDir%\pchealth\helpctr\OfflineCache (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users (4 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d (4 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e (4 bytes)
C:\System Volume Information\catalog.wci\00010009.dir (16 bytes)
C:\PROGRAM FILES (16 bytes)
%Documents and Settings%\Default User\Templates (4 bytes)
C:\System Volume Information\catalog.wci\0001000C.ci (2562 bytes)
%WinDir%\Help\Tours\WindowsMediaPlayer\Img (4 bytes)
C:\System Volume Information\catalog.wci\00010003.ci (2850 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d (4 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9 (4 bytes)
C:\System Volume Information\catalog.wci\CiVP0000.000 (240 bytes)
C:\System Volume Information\catalog.wci\00010001.ci (118 bytes)
%Documents and Settings%\Default User\Local Settings (4 bytes)
%WinDir%\$hf_mig$ (8 bytes)
%System%\spool\XPSEP\amd64 (4 bytes)
%System%\lbflmcjf.tmp (245 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles (4 bytes)
%System%\wbem\Repository\FS (12 bytes)
%WinDir%\ime\imjp8_1 (4 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\SystemCache\6.0 (8 bytes)
%System%\hnaacngl.tmp (1663 bytes)
%Documents and Settings%\LocalService\Application Data\Microsoft (4 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c (4 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80 (4 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f (4 bytes)
%WinDir%\Web\Wallpaper (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft (4 bytes)
%Program Files%\Microsoft Office\Office14 (4 bytes)
%System%\config\SysEvent.Evt (320 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501 (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\PresentationFramewo# (4 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59 (4 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdp.xml (20 bytes)
C:\System Volume Information\catalog.wci\00010007.dir (16 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a (4 bytes)
C:\System Volume Information\catalog.wci\CiP20000.002 (24 bytes)
C:\System Volume Information\catalog.wci\CiP20000.001 (20 bytes)
C:\System Volume Information\catalog.wci\CiP20000.000 (6720 bytes)
%System%\wbem\Repository\FS\OBJECTS.DATA (11634 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba (4 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9 (4 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8 (4 bytes)
%WinDir%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd (4 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9 (4 bytes)
%System%\vssvc.exe (3361 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\auran.xml (53 bytes)
%WinDir%\ime\imkr6_1 (4 bytes)
C:\System Volume Information\catalog.wci\propstor.bk2 (172088 bytes)
C:\System Volume Information\catalog.wci\propstor.bk1 (23840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\corel.xml (28 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729 (4 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers (4 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501 (4 bytes)
%Documents and Settings%\All Users\Documents\My Music (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\alawar.xml (8 bytes)
%Program Files%\Windows NT (4 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d (4 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f (4 bytes)
C:\System Volume Information\catalog.wci\0001000A.dir (16 bytes)
%System%\wbem\Logs\wbemcore.log (1056 bytes)
C:\totalcmd (4 bytes)
%System%\cheknboh.tmp (245 bytes)
%Program Files%\Common Files\System (4 bytes)
%System%\wbem\Repository\FS\MAPPING1.MAP (12 bytes)
C:\System Volume Information\catalog.wci\0001000A.ci (4642 bytes)
%WinDir%\Temp\vmware-SYSTEM\00000e7e (4 bytes)
%Program Files%\Windows Media Player (4 bytes)
C:\System Volume Information\catalog.wci\00010009.ci (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll (2256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\1c.xml (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (4 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df (4 bytes)
%WinDir%\AppPatch (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\ibippeaf.tmp (6427 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\CONFIG (4 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c (4 bytes)
C:\System Volume Information\catalog.wci\00010002.ci (4642 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (384 bytes)
%System%\fammdcpl.tmp (1610 bytes)
%WinDir%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313 (4 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0 (4 bytes)
%WinDir%\msagent (4 bytes)
%WinDir%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ekfpdphh.tmp (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\activision.xml (1425 bytes)
C:\System Volume Information\catalog.wci\00010007.ci (93 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944 (4 bytes)
C:\System Volume Information\catalog.wci\0001000B.ci (14690 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f (4 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda (4 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E (8 bytes)
%Program Files%\Movie Maker\Shared (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\apogee.xml (16 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32\PresentationFramewo# (4 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft (4 bytes)
%System%\mui (4 bytes)
%System%\locator.exe (1425 bytes)
%WinDir%\REGISTRATION (8 bytes)
%System%\spool\XPSEP\i386 (4 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cdv.xml (8 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client (8 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (8 bytes)
%System%\wbem\Logs\wbemess.log (768 bytes)
%System%\smlogsvc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
%System%\wbem\Repository\FS\INDEX.BTR (13297 bytes)
%System%\netdde.exe (4210 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ngen_service.log (8 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32\System.DirectorySer# (4 bytes)
%System%\msdtc.exe (1281 bytes)
%WinDir%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 (4 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.000 (18240 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.001 (92 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.002 (92 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.002 (124 bytes)
%WinDir%\Microsoft.NET\assembly\GAC_MSIL (28 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.000 (7200 bytes)
C:\System Volume Information\catalog.wci\CiFLfffc.001 (124 bytes)
C:\System Volume Information\catalog.wci\00010003.dir (16 bytes)
%Program Files%\WinPcap\rpcapd.exe (1425 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig (4 bytes)
C:\System Volume Information\catalog.wci\00010005.ci (4642 bytes)
%System%\config\systemprofile\Start Menu\Programs\Accessories (4 bytes)
C:\System Volume Information\catalog.wci\00010002.dir (16 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 (4 bytes)
C:\System Volume Information\catalog.wci\00010006.dir (16 bytes)
%WinDir%\Temp\Perflib_Perfdata_264.dat (100 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da (4 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be (4 bytes)
%System%\nabngjke.tmp (274 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75 (4 bytes)
C:\System Volume Information\catalog.wci\00010005.dir (116 bytes)
%System%\imapi.exe (2105 bytes)
%WinDir%\pchealth\helpctr\Config (4 bytes)
%Documents and Settings%\%current user%\Application Data\Adobe\Acrobat\9.0 (4 bytes)
C:\System Volume Information\catalog.wci\cicat.hsh (12 bytes)
%WinDir%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace (4 bytes)
%Documents and Settings%\%current user%\Templates (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\System.ServiceModel# (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\akella.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\2kg.xml (2105 bytes)
%System%\drivers (32 bytes)
%Program Files%\Common Files\Microsoft Shared\DW (4 bytes)
%System%\ahqghffi.tmp (312 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975 (4 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6 (4 bytes)
%System%\fanhjeei.tmp (1747 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\System.DirectorySer# (4 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\clearcrown.xml (8 bytes)
%WinDir%\security (4 bytes)
%System%\wbem\wmiapsrv.exe (2105 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426 (4 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.001 (9032 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\avg.xml (12 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.002 (8592 bytes)
%WinDir%\WinSxS\Manifests (28 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6 (4 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260 (4 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0 (4 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154 (4 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374 (4 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft (4 bytes)
%WinDir%\Web\printers (8 bytes)
C:\DOCUMENTS AND SETTINGS (8 bytes)
C:\System Volume Information\catalog.wci\0001000C.dir (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GameStopApp_setupfull[1].exe (33428 bytes)
%System%\config\systemprofile\Local Settings (4 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e (4 bytes)
%WinDir%\repair (4 bytes)
%System%\lnmjjbbk.tmp (1633 bytes)
%Program Files%\Internet Explorer (4 bytes)
C:\System Volume Information\catalog.wci\cicat.fid (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\icon_update.ico (4 bytes)
C:\System Volume Information\catalog.wci\00010006.ci (97 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5 (4 bytes)
%WinDir%\Prefetch\VERCLSID.EXE-3667BD89.pf (40 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.5 (4 bytes)
%Documents and Settings%\LocalService\Local Settings (4 bytes)
%WinDir%\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac (4 bytes)
%Program Files%\COMMON FILES (8 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\cache\6.0 (8 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Playlists (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard (4 bytes)
%System%\aaiaqplm.tmp (1615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E (16 bytes)
%Documents and Settings%\NetworkService\Application Data\Microsoft (4 bytes)
%WinDir%\MICROSOFT.NET (8 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5 (4 bytes)
%System%\oobe\html\mouse (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\amd.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\capcom.xml (673 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6 (4 bytes)
%Documents and Settings%\Default User\SendTo (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\bohemia.xml (45 bytes)
%Documents and Settings%\Default User\Application Data\Microsoft (4 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2 (4 bytes)
C:\System Volume Information\catalog.wci\CiSL0001.000 (9600 bytes)
C:\System Volume Information\catalog.wci\00010008.dir (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cinemaware.xml (601 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a (4 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf (4 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.001 (144 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.000 (7680 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.002 (144 bytes)
C:\System Volume Information\catalog.wci\0001000B.dir (116 bytes)
%System%\iajpffjm.tmp (1672 bytes)
%System%\mnmsrvc.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Slovenian (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_finish.dfm (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.dfm.miaf (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Catalan (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Hebrew (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_welcome.dfm (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Dutch (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Latvian (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Polish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\maintenance.dfm (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Thai (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Korean (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\welcome.dfm (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Catalan (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Japanese (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Czech (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Swedish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Portugese (Portugal) (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\finish.dfm (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registration.dfm.miaf (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Arabic (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\destination.dfm (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_reboot.dfm (877 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\progressprereq.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\progress.dfm.miaf (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Portugese (Portugal) (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Lithuanian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Chinese (PRC) (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Russian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_download.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Romanian (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Basque (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Map (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Greek (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Thai (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Latvian (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_install.dfm.miaf (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_schedule.dfm.miaf (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Italian (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Croatian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_notify_download.dfm.miaf (516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Polish (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Turkish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registrationwithserial.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Vietnamese (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Spanish (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\GameStopApp_setup.msi (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\finish.dfm.miaf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Slovak (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Portugese (Brazil) (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_finish.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Arabic (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Danish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\mMSIExec.dll (1723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\startmenu.dfm.miaf (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\license.rtf (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Chinese (Taiwan) (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Finnish (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Hebrew (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Hungarian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Original (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Hungarian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_install.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\Impulse®.mtx (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Russian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Portugese (Brazil) (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Swedish (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\prereq.dfm (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Spanish (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Estonian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Chinese (Taiwan) (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\licensecheck.dfm (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\prereq.dfm.miaf (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Norwegian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_account.dfm.miaf (872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\licensecheck.dfm.miaf (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Chinese (PRC) (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\registrationwithserial.dfm.miaf (722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Estonian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia.tmp (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\setuptype.dfm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Danish (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_reboot.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\gray.avi (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.French (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\icon.ico (995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_install.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Original (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\wizard.dfm (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Slovak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Basque (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Map (754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Slovenian (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Korean (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Finnish (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Croatian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.German (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Lithuanian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.French (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Turkish (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\readme.rtf (951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Greek (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.English (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Vietnamese (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.German (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Dutch (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Romanian (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\startinstallation.dfm (104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\mEXEFunc.dll (1869 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Norwegian (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.English (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lang.loc (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Czech (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\translations.Japanese (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\update_setup_welcome.dfm.miaf (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\shared.translations.Italian (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1\componentstree.dfm (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\zallag.xml (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fi.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.dll (6518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7z.dll (12291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\thq.xml (4453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GameStopNow.exe (29134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libGLESv2.dll (9760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\imp_top.png (709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.Shell.dll (9896 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VistaBridgeLibrary.dll (1880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pt-PT.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\shadow1.png (280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\WBOCXLib.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dcompiler_43.dll (30393 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avcodec-53.dll (17263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ta.pak (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cyan.xml (206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\stratfirst.xml (1598 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\cypron.xml (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\focushome.xml (1521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\warner.xml (1637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\kn.pak (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\vi.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\GSLogo.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sw.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libcef.dll (307427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\trion.xml (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\en-GB.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\snowball.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows_down.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\trisynergy.xml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ro.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\popcap.xml (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\microids.xml (1530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\merscom.xml (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe (2467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ignition.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\CleanGSA.exe.config (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.exe.config (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ca.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\UninstHelper.exe (693 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.InstallManager.dll (2248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\paradox.xml (14726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avformat-53.dll (2092 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\es.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wargaming.xml (1722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\freestuff.xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\uk.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\indies.xml (28249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\zh-CN.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\IptNetApi.dll (1312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\am.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\eidos.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\zh-TW.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\nb.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wastelands.xml (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\d3p.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ru.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\muzzylane.xml (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\GameStopApp.exe (15102 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\networks.xml (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\mia.lib (7403 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sl.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ar.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\myoffice.xml (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ImpulseSelfRefresh.exe.config (355 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\eula.txt (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sega.xml (5371 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\8AE63621\Sd.Irc.resources.dll (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\ImpulseSelfRefresh.exe.config (352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\light.xml (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sap.xml (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\frame.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\es-419.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zxr.dll (1638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fil.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pt-BR.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\en-US.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hi.pak (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\isv.xml (946 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ea.xml (6319 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2_down.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\tiltedm.xml (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\about.png (598 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.UI.dll (1915 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\gamehouse.xml (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\mIDEFunc.dll\mEXEFunc.dll (2549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\te.pak (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\drengin.xml (3226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.dll (5843 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\el.pak (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\bg.pak (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\n3vgames.xml (1036 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\id.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\threedonkeys.xml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\siber.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\TestResult.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fa.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\lv.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.IWshRuntimeLibrary.dll (639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\lt.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sv.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\da.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\mumbojumbo.xml (2670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\timegate.xml (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\squarenix.xml (4290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Central.Archive.dll (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\avutil-51.dll (2359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\meridian4.xml (5122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_main.ini (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_images.ini (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\pl.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Stardock.Central.Security.dll (38 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.exe (51798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\mr.pak (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\AF6861CC\impulse_logic.ini (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSAMini.exe (2216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_up.png (836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\it.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sr.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hr.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\imp_bottom.png (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\interplay.xml (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\GameStopApp_setup.msi (3597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\AxInterop.ShockwaveFlashObjects.dll (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\servers.xml (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\sk.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\digironin.xml (488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_over.png (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\ICSharpCode.SharpZipLib.dll (1259 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\d3dx9_43.dll (30010 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\he.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.dll (1241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\et.pak (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator.dll (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\tdesk.xml (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\SDSecurity.dll (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\libEGL.dll (2284 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Interop.ShockwaveFlashObjects.dll (1241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Agent.dll (51224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\wc.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7zip_license.txt (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sdsfresp.txt (950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Microsoft.WindowsAPICodePack.dll (1144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\positech.xml (1434 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Gibraltar.Packager.exe (2145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\GSANative.XmlSerializers.dll (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\playrix.xml (1499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Console.dll (15706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\kalypso.xml (4543 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\MyColors.xml (12701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\hothead.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\fr.pak (804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Newtonsoft.Json.dll (7274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Irc.dll (3642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\readme.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\setup.bmp (1045 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\shadow2.png (297 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\viva.xml (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\ncsoft.xml (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\icudt.dll (150569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_down.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\VDialog.dll (2566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\tr.pak (201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\oddworld.xml (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ml.pak (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_close_down.png (820 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\bn.pak (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\B3410A2A\chrome.pak (19944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\nival.xml (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\DeElevator64.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ja.pak (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\StardockCentralDSkin.dll (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Uninstall.dll (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\th.pak (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\rlx.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\sds.xml (2091 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\gsoft.xml (1906 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\prima.xml (5105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\7za.exe (6356 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\nl.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\impulse.xml (1137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\epic.xml (1320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Common.XmlSerializers.dll (4201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\odnt.xml (2747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\enl.xml (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\futurem.xml (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Web.dll (3362 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\topware.xml (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_up.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\ko.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\sd.central.cvp.server.XmlSerializers.dll (4372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\de.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows_over.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\iceberg.xml (817 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\btn_buynow_over.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\namco.xml (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\MyDock.Util.dll (1340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Activate.exe (5537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\cs.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\C46F2D9E\Sd.Zip.dll (2668 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\FED94973\Slider_Arrows2_over.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\hu.pak (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\railsimulator.xml (1891 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\33760513\D9B8C55E\gu.pak (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mia1.tmp\OFFLINE\1001D268\CBEFC624\iolo.xml (8 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (2105 bytes)
%System%\clipsrv.exe (1425 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (1425 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ojflpekc.tmp (300 bytes)
%System%\gadqjokm.tmp (272 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\hpckhakn.tmp (1646 bytes)
%System%\obgogopn.tmp (246 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ionpofea.tmp (264 bytes)
%System%\cisvc.exe (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini\impulse_setupfull.exe (145703 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: GameStop Corporation
Product Name: GameStop App
Product Version: 1, 1, 0, 1
Legal Copyright: Copyright (C) 2008-2012 GameStop Corporation
Legal Trademarks:
Original Filename: GSAMini.exe
Internal Name: EmergencyCord
File Version: 1, 1, 0, 1
File Description: GameStop App updater
Comments: Downloads and launches the GameStop App and checks for important updates
Language: English (United States)
Company Name: GameStop CorporationProduct Name: GameStop AppProduct Version: 1, 1, 0, 1Legal Copyright: Copyright (C) 2008-2012 GameStop CorporationLegal Trademarks: Original Filename: GSAMini.exeInternal Name: EmergencyCordFile Version: 1, 1, 0, 1File Description: GameStop App updaterComments: Downloads and launches the GameStop App and checks for important updatesLanguage: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 27052 | 27136 | 4.52366 | 0fc291b165420842e2acbf5f4fbc2deb |
| .rdata | 32768 | 19542 | 19968 | 3.12719 | 73d7e609f68a9993d71265f5d0b0243c |
| .data | 53248 | 7876 | 3072 | 1.85774 | 93c785b83290790fd9af87461853c325 |
| .rsrc | 61440 | 67456 | 67584 | 4.10629 | 66c8c351844df80e17b2e2205149c6c2 |
| .reloc | 131072 | 409600 | 245760 | 5.45136 | b14a08849ad676fad510159d845935dd |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://www.impulsedriven.com/downloads/gamestopapp/pc/full | 72.52.14.125 |
| hxxp://vip1.g5.cachefly.net/impulse/873/GameStopApp_setupfull.exe | |
| hxxp://dl.gamestop.com/impulse/873/GameStopApp_setupfull.exe | 205.234.175.175 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /impulse/873/GameStopApp_setupfull.exe HTTP/1.1
User-Agent: GSAMini/1.0
Connection: Keep-Alive
Host: dl.gamestop.com
HTTP/1.1 200 OK
Date: Wed, 16 Mar 2016 20:47:03 GMT
Content-Type: application/octet-stream
Content-Length: 19489472
Connection: keep-alive
X-CFHash: "77de68f034484e61f4f6d913554ba3b3"
Last-Modified: Thu, 24 Apr 2014 10:49:24 GMT
X-CF3: M
CF4Age: 0
CF4ttl: 31536000.000
X-CF2: H
Accept-Ranges: bytes
Server: CFS 0213
X-CF1: 15062:fD.fra2:cf:cacheA.fra2-v:M
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F...................................I...............................................<...........................Rich............................PE..L....G.I.....................0......p*............@..........................P......F.).....................................$........p...............J).............................................h...@...............L............................text............................... ..`.rdata...P.......R..................@..@.data....i..........................@....rsrc........p......................@..@........................................................................................................................................................................................................................................................................................................................................................V........D$..t.V.b...Y..^....0....A..U... ..z..VW..v....r..t..;.r. .A..;J.r.h..A..E.P.E.......c...E..8_^]....HxS.t$.....t$.3..1_..[...V...N.;H.t.2.^.W3...v. ....:.u.G@;.r..._^.2....8.u..x..u..x..u..x..u.3.@.3..SV.q.W3...~..I ...;.u..Y.;.t.G...;.|...._^[.....SV.q.W3...~..I ......;.u..Y.;.t.G...;.|...._^[.....SV.q0W3...~..I4...;.u..Y.;.t.G...;.|...._^[.......@......L$..I..A.u.Q.....Y3.....L$..I..A.u.j.Q.....3.....D$.......D$..t..t$......Y.D$.....@...t...P.Q...p......Y..L$..I..A.u.j.Q.....3.....D$.......D$.
<<< skipped >>>
GET /downloads/gamestopapp/pc/full HTTP/1.1
User-Agent: GSAMini/1.0
Host: VVV.impulsedriven.com
Connection: Keep-Alive
HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: hXXp://dl.gamestop.com/impulse/873/GameStopApp_setupfull.exe
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 16 Mar 2016 20:47:02 GMT
Content-Length: 183
Set-Cookie: akamai-cookie=550769836.20480.0000; path=/
<head><title>Document Moved</title></head>.<body><h1>Object Moved</h1>This document may be found <a HREF="hXXp://dl.gamestop.com/impulse/873/GameStopApp_setupfull.exe">here</a></body>HTTP/1.1 302 Redirect..Content-Type: text/html; charset=UTF-8..Location: hXXp://dl.gamestop.com/impulse/873/GameStopApp_setupfull.exe..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Wed, 16 Mar 2016 20:47:02 GMT..Content-Length: 183..Set-Cookie: akamai-cookie=550769836.20480.0000; path=/..<head><title>Document Moved</title></head>.<body><h1>Object Moved</h1>This document may be found <a HREF="hXXp://dl.gamestop.com/impulse/873/GameStopApp_setupfull.exe">here</a></body>..
Map
The Virus connects to the servers at the folowing location(s):
Strings from Dumps
cisvc.exe_1500:
.text
.text
`.data
`.data
.rsrc
.rsrc
query.dll
query.dll
msvcrt.dll
msvcrt.dll
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
cisvc.pdb
cisvc.pdb
.data
.data
.idata
.idata
.reloc
.reloc
.edata
.edata
%c*01
%c*01
4lUlVAQKjX.tZ
4lUlVAQKjX.tZ
vH%UxdO_dY->Z={05w{*QAK[LPA>db
vH%UxdO_dY->Z={05w{*QAK[LPA>db
i0pw>PnhFEo\6%X2slc^_"$
i0pw>PnhFEo\6%X2slc^_"$
aE8N~fWenT%d
aE8N~fWenT%d
G6fqi`w.rT
G6fqi`w.rT
SxdOiHT?8t/76OB{?cMaWt\m'.eo:Hh@
SxdOiHT?8t/76OB{?cMaWt\m'.eo:Hh@
%Wq%D
%Wq%D
&\x.KMN[
&\x.KMN[
CRTDLL.DLL
CRTDLL.DLL
4H4F4P4c4i4
4H4F4P4c4i4
kkqvx_.dll
kkqvx_.dll
.rdata
.rdata
@.data
@.data
.pdata
.pdata
@.idata
@.idata
}]Dj\h}G1\=%.pua@r
}]Dj\h}G1\=%.pua@r
NGmFa}@(F.yu`sb
NGmFa}@(F.yu`sb
{fTwZE{D%f]!
{fTwZE{D%f]!
udPr
udPr
kkqvx_64.dll
kkqvx_64.dll
K.$%D,3
K.$%D,3
sfc.dll
sfc.dll
crtdll.dll
crtdll.dll
Software\Policies\Microsoft\Windows\System
Software\Policies\Microsoft\Windows\System
%s%s\
%s%s\
1%u.%u.%u
1%u.%u.%u
\*.dat
\*.dat
22EnumDesktopWindows
22EnumDesktopWindows
Ouser32.dll
Ouser32.dll
F%s-%s-%s-%s
F%s-%s-%s-%s
c25RegEnumKeyExA
c25RegEnumKeyExA
02RegCreateKeyExA
02RegCreateKeyExA
00RegOpenKeyExA
00RegOpenKeyExA
26RegSetKeySecurity
26RegSetKeySecurity
04RegCloseKey
04RegCloseKey
Dadvapi32.dll
Dadvapi32.dll
shell32.dll
shell32.dll
09WinExec
09WinExec
48CreatePipe
48CreatePipe
47PeekNamedPipe
47PeekNamedPipe
*%X%X
*%X%X
#oleaut32.dll
#oleaut32.dll
sfc_os.dll
sfc_os.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
%s_37
%s_37
ole32.dll
ole32.dll
2consent.exe
2consent.exe
Rrsvp.exe
Rrsvp.exe
orundll32.exe
orundll32.exe
chrome.exe
chrome.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SetupWeb_
SetupWeb_
_sfx.exe
_sfx.exe
|MSASCui.exe|msseces.exe|mseinstall.exe|Tcpview.exe|cav_installer.exe|cfw_installer.exe|cispremium_installer.exe|PandaCloudAntivirus.exe|60Second.exe|Antivirus_Free_Edition.exe|OnlineArmorSetup.exe|McAfeeSetup.exe|Vba32.NT.T.exe|Vba32.P.exe|Vba32.S.exe|Vba32.Vista.exe|Vba32.W.exe|Vba32Check.exe|Vba32RCSInstallTuner.exe|avgmfapx.exe|avg_remover_expiro.exe|
|MSASCui.exe|msseces.exe|mseinstall.exe|Tcpview.exe|cav_installer.exe|cfw_installer.exe|cispremium_installer.exe|PandaCloudAntivirus.exe|60Second.exe|Antivirus_Free_Edition.exe|OnlineArmorSetup.exe|McAfeeSetup.exe|Vba32.NT.T.exe|Vba32.P.exe|Vba32.S.exe|Vba32.Vista.exe|Vba32.W.exe|Vba32Check.exe|Vba32RCSInstallTuner.exe|avgmfapx.exe|avg_remover_expiro.exe|
\\?\UN
\\?\UN
5.1.2600.5512 (xpsp.080413-0852)
5.1.2600.5512 (xpsp.080413-0852)
cisvc.exe
cisvc.exe
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512
.?;#18?7-
.?;#18?7-
cisvc.exe_1500_rwx_01001000_00001000:
cisvc.pdb
cisvc.pdb
query.dll
query.dll
msvcrt.dll
msvcrt.dll
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
\\?\UN
\\?\UN
cisvc.exe_1500_rwx_01003000_0003B000:
.text
.text
.data
.data
.idata
.idata
.reloc
.reloc
.edata
.edata
%c*01
%c*01
4lUlVAQKjX.tZ
4lUlVAQKjX.tZ
vH%UxdO_dY->Z={05w{*QAK[LPA>db
vH%UxdO_dY->Z={05w{*QAK[LPA>db
i0pw>PnhFEo\6%X2slc^_"$
i0pw>PnhFEo\6%X2slc^_"$
aE8N~fWenT%d
aE8N~fWenT%d
G6fqi`w.rT
G6fqi`w.rT
SxdOiHT?8t/76OB{?cMaWt\m'.eo:Hh@
SxdOiHT?8t/76OB{?cMaWt\m'.eo:Hh@
%Wq%D
%Wq%D
&\x.KMN[
&\x.KMN[
KERNEL32.dll
KERNEL32.dll
CRTDLL.DLL
CRTDLL.DLL
4H4F4P4c4i4
4H4F4P4c4i4
kkqvx_.dll
kkqvx_.dll
.rdata
.rdata
@.data
@.data
.pdata
.pdata
@.idata
@.idata
}]Dj\h}G1\=%.pua@r
}]Dj\h}G1\=%.pua@r
NGmFa}@(F.yu`sb
NGmFa}@(F.yu`sb
{fTwZE{D%f]!
{fTwZE{D%f]!
udPr
udPr
kkqvx_64.dll
kkqvx_64.dll
5.1.2600.5512 (xpsp.080413-0852)
5.1.2600.5512 (xpsp.080413-0852)
cisvc.exe
cisvc.exe
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512
.?;#18?7-
.?;#18?7-
cisvc.exe_1500_rwx_0103F000_00027000:
K.$%D,3
K.$%D,3
sfc.dll
sfc.dll
crtdll.dll
crtdll.dll
%c*01
%c*01
Software\Policies\Microsoft\Windows\System
Software\Policies\Microsoft\Windows\System
%s%s\
%s%s\
1%u.%u.%u
1%u.%u.%u
\*.dat
\*.dat
22EnumDesktopWindows
22EnumDesktopWindows
Ouser32.dll
Ouser32.dll
F%s-%s-%s-%s
F%s-%s-%s-%s
c25RegEnumKeyExA
c25RegEnumKeyExA
02RegCreateKeyExA
02RegCreateKeyExA
00RegOpenKeyExA
00RegOpenKeyExA
26RegSetKeySecurity
26RegSetKeySecurity
04RegCloseKey
04RegCloseKey
Dadvapi32.dll
Dadvapi32.dll
shell32.dll
shell32.dll
09WinExec
09WinExec
48CreatePipe
48CreatePipe
47PeekNamedPipe
47PeekNamedPipe
*%X%X
*%X%X
#oleaut32.dll
#oleaut32.dll
sfc_os.dll
sfc_os.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
%s_37
%s_37
ole32.dll
ole32.dll
2consent.exe
2consent.exe
Rrsvp.exe
Rrsvp.exe
orundll32.exe
orundll32.exe
chrome.exe
chrome.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SetupWeb_
SetupWeb_
_sfx.exe
_sfx.exe
|MSASCui.exe|msseces.exe|mseinstall.exe|Tcpview.exe|cav_installer.exe|cfw_installer.exe|cispremium_installer.exe|PandaCloudAntivirus.exe|60Second.exe|Antivirus_Free_Edition.exe|OnlineArmorSetup.exe|McAfeeSetup.exe|Vba32.NT.T.exe|Vba32.P.exe|Vba32.S.exe|Vba32.Vista.exe|Vba32.W.exe|Vba32Check.exe|Vba32RCSInstallTuner.exe|avgmfapx.exe|avg_remover_expiro.exe|
|MSASCui.exe|msseces.exe|mseinstall.exe|Tcpview.exe|cav_installer.exe|cfw_installer.exe|cispremium_installer.exe|PandaCloudAntivirus.exe|60Second.exe|Antivirus_Free_Edition.exe|OnlineArmorSetup.exe|McAfeeSetup.exe|Vba32.NT.T.exe|Vba32.P.exe|Vba32.S.exe|Vba32.Vista.exe|Vba32.W.exe|Vba32Check.exe|Vba32RCSInstallTuner.exe|avgmfapx.exe|avg_remover_expiro.exe|
impulse_setupfull.exe_1796:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
mscoree.dll
mscoree.dll
- This application cannot run using the active version of the Microsoft .NET Runtime
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
Please contact the application's support team for more information.
kernel32.dll
kernel32.dll
GetProcessWindowStation
GetProcessWindowStation
user32.dll
user32.dll
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
COMCTL32.dll
COMCTL32.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCreateKeyExA
RegCreateKeyExA
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
GetCPInfo
GetCPInfo
%Documents and Settings%\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini\impulse_setupfull.exe
%Documents and Settings%\All Users\Application Data\Stardock\Impulse\Temporary\impulse_mainmini\impulse_setupfull.exe
&$$$&&&''
&$$$&&&''
!!####$$$$%%%%
!!####$$$$%%%%
!$$$$%%#
!$$$$%%#
$367999::976541
$367999::976541
',0011/ ($
',0011/ ($
#&*,.... )&
#&*,.... )&
version="1.0.0.0"
version="1.0.0.0"
name="CompanyName.ProductName.YourApplication"
name="CompanyName.ProductName.YourApplication"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
Setup.exe
Setup.exe
This installation is password protected. Please &enter the password to start setup:
This installation is password protected. Please &enter the password to start setup:
heslem, kontrolu hesla a zkuste again.Internal chybu (nezn
heslem, kontrolu hesla a zkuste again.Internal chybu (nezn
ske du har det forkerte password. Hvis du har downloaded denne fil, venligst download en frisk kopi. Hvis filen er password beskyttet, kontroller dit password og pr
ske du har det forkerte password. Hvis du har downloaded denne fil, venligst download en frisk kopi. Hvis filen er password beskyttet, kontroller dit password og pr
digt, oder Sie haben das falsche Passwort eingegeben. Wenn Sie diese Datei heruntergeladen haben, laden Sie bitte eine neue Kopie herunter. Wenn die Datei durch ein Kennwort gesch
digt, oder Sie haben das falsche Passwort eingegeben. Wenn Sie diese Datei heruntergeladen haben, laden Sie bitte eine neue Kopie herunter. Wenn die Datei durch ein Kennwort gesch
fen Sie Ihr Passwort und versuchen Sie es erneut.
fen Sie Ihr Passwort und versuchen Sie es erneut.
Cannot start setup - the setup file may be corrupt, or you may have the wrong password. If you downloaded this file, please download a fresh copy. If the file is password protected, check your password and try again.
Cannot start setup - the setup file may be corrupt, or you may have the wrong password. If you downloaded this file, please download a fresh copy. If the file is password protected, check your password and try again.
Impossible de lancer l'installation - il est possible que le fichier d'installation soit corrompu, ou vous utilisez le mauvais mot de passe. Veuillez t
Impossible de lancer l'installation - il est possible que le fichier d'installation soit corrompu, ou vous utilisez le mauvais mot de passe. Veuillez t
par un mot de passe, verifiez votre mot de passe et reessayez.
par un mot de passe, verifiez votre mot de passe et reessayez.
Impossibile avviare il setup - il file di setup potrebbe essere corrotto, o hai inserito una password sbagliata. Se hai scaricato questo file, per favore scaricalo di nuovo. Se il file
Impossibile avviare il setup - il file di setup potrebbe essere corrotto, o hai inserito una password sbagliata. Se hai scaricato questo file, per favore scaricalo di nuovo. Se il file
protetto da password, controlla la password e riprova.
protetto da password, controlla la password e riprova.
InstallAware Wizard.Onmogelijk tijdelijke bestanden te verwijderen
InstallAware Wizard.Onmogelijk tijdelijke bestanden te verwijderen
Kan setup niet starten - het setup-bestand mogelijk beschadigd of u hebt het verkeerde wachtwoord ingevoerd. Als u dit bestand gedownload heeft, downloadt u een nieuw exemplaar. Als het bestand is beveiligd met een wachtwoord, controleer uw wachtwoord en probeer het opnieuw.
Kan setup niet starten - het setup-bestand mogelijk beschadigd of u hebt het verkeerde wachtwoord ingevoerd. Als u dit bestand gedownload heeft, downloadt u een nieuw exemplaar. Als het bestand is beveiligd met een wachtwoord, controleer uw wachtwoord en probeer het opnieuw.
re skadet, eller du kan ha feil passord. Hvis du lastet ned denne filen, vennligst laste ned en ny kopi. Hvis filen er passordbeskyttet, sjekk passordet og pr
re skadet, eller du kan ha feil passord. Hvis du lastet ned denne filen, vennligst laste ned en ny kopi. Hvis filen er passordbeskyttet, sjekk passordet og pr
Nemoguce je kreirati podatak%Unutarnja gre
Nemoguce je kreirati podatak%Unutarnja gre
Setup-ek - ez du hasi ahal fitxategia edo berori mindua egon ahal da pasahitz ez zuzen bat sartu du.Fitxategi hau deskargatu badu, mesedez descargue-a kopia berri bat. Fitxategia pasahitzagatik babestua egon edin, haren pasahitza egiazta dezan eta berriro saia bedi.
Setup-ek - ez du hasi ahal fitxategia edo berori mindua egon ahal da pasahitz ez zuzen bat sartu du.Fitxategi hau deskargatu badu, mesedez descargue-a kopia berri bat. Fitxategia pasahitzagatik babestua egon edin, haren pasahitza egiazta dezan eta berriro saia bedi.
ter a palavra-passe errada. Se transferiu este ficheiro, efectue a transferencia de uma nova c
ter a palavra-passe errada. Se transferiu este ficheiro, efectue a transferencia de uma nova c
pia. Se o ficheiro for protegido por uma palavra-passe, verifique a sua palavra-passe e tente novamente.
pia. Se o ficheiro for protegido por uma palavra-passe, verifique a sua palavra-passe e tente novamente.
n puede estar corrupto, o puede que usted tenga el password incorrecto. Si usted ha descargado este archivo, por favor descargue una nueva copia. Si el archivo est
n puede estar corrupto, o puede que usted tenga el password incorrecto. Si usted ha descargado este archivo, por favor descargue una nueva copia. Si el archivo est
protegido por password, checkee su password e int
protegido por password, checkee su password e int
e chcete operaci zru
e chcete operaci zru
Ukendt Fejl.Kan ikke loade konfigurations informationerne
Ukendt Fejl.Kan ikke loade konfigurations informationerne
Konfiguration mislykkedesQDenne installation er password beskyttet. &Angiv venligst password for at starte:
Konfiguration mislykkedesQDenne installation er password beskyttet. &Angiv venligst password for at starte:
&Annuller@Kan ikke oprette midlertidig mappe for udpakning af installation
&Annuller@Kan ikke oprette midlertidig mappe for udpakning af installation
Konfiguration fehlgeschlagengDiese Installation ist durch ein Passwort gesch
Konfiguration fehlgeschlagengDiese Installation ist durch ein Passwort gesch
Unknown ErrorÊnnot load configuration information
Unknown ErrorÊnnot load configuration information
Configuration failedMThis installation is password protected. Please &enter the password to begin:
Configuration failedMThis installation is password protected. Please &enter the password to begin:
e par un mot de passe. Veuillez ins
e par un mot de passe. Veuillez ins
rer le mot de passe pour commencer:
rer le mot de passe pour commencer:
Az irat nem a pontos arhiv.Nem lehets
Az irat nem a pontos arhiv.Nem lehets
protetta da password. Per favore &inserisci la password per iniziare:
protetta da password. Per favore &inserisci la password per iniziare:
un archivio corretto.Impossibile creare la cartella di destinazione
un archivio corretto.Impossibile creare la cartella di destinazione
Konfigurering mislyktesQDenne installasjonen er passordbeskyttet. Vennligst angi passordet for
Konfigurering mislyktesQDenne installasjonen er passordbeskyttet. Vennligst angi passordet for
da#Tem certeza de que deseja cancelar?
da#Tem certeza de que deseja cancelar?
rii.Nu s-a putut deschide fluxul de date compactat#Nu a putut fi g
rii.Nu s-a putut deschide fluxul de date compactat#Nu a putut fi g
'Directorul rezultat nu a putut fi creat%Sunte
'Directorul rezultat nu a putut fi creat%Sunte
Neznana napaka.Konfiguracijskih informacij ni mogo
Neznana napaka.Konfiguracijskih informacij ni mogo
jams izveidot izvadmapi.Vai j
jams izveidot izvadmapi.Vai j
KonfigurazioarenEpaitzaYInstalazio hau pasahitzagatik babestua egon zaitez.Mesedez, pasahitza sar dadin &hasteko:
KonfigurazioarenEpaitzaYInstalazio hau pasahitzagatik babestua egon zaitez.Mesedez, pasahitza sar dadin &hasteko:
protegida por uma palavra-passe. Por favor&introduza a palavra passe para come
protegida por uma palavra-passe. Por favor&introduza a palavra passe para come
da de dados"Tem a certeza que deseja cancelar?
da de dados"Tem a certeza que deseja cancelar?
protegida por password. Por favor &ingrese el password para comenzar:
protegida por password. Por favor &ingrese el password para comenzar:
opera
opera
uInstallAware Bertaratua paketearen instalazioaren neurriduna egiaztatzen ari da.Honek memento bat behar izan ahal du.
uInstallAware Bertaratua paketearen instalazioaren neurriduna egiaztatzen ari da.Honek memento bat behar izan ahal du.
This installation was built with InstallAware: hXXp://VVV.installaware.com
This installation was built with InstallAware: hXXp://VVV.installaware.com
GameStopApp_setup.exe_1108:
.text
.text
`.itext
`.itext
`.data
`.data
.idata
.idata
.rdata
.rdata
@.reloc
@.reloc
B.rsrc
B.rsrc
kernel32.dll
kernel32.dll
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
comctl32.dll
comctl32.dll
TaskDialogIndirect
TaskDialogIndirect
shell32.dll
shell32.dll
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
%s[%d]
%s[%d]
%s_%d
%s_%d
.Owner
.Owner
shfolder.dll
shfolder.dll
wininit.ini
wininit.ini
Uh!%C
Uh!%C
USER32.DLL
USER32.DLL
EInvalidGraphicOperation
EInvalidGraphicOperation
%s%.8x
%s%.8x
%s%s (*.%s)|*.%2:s
%s%s (*.%s)|*.%2:s
%s*.%s
%s*.%s
%s (%s)|%1:s|%s
%s (%s)|%1:s|%s
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
uxtheme.dll
uxtheme.dll
DWMAPI.DLL
DWMAPI.DLL
PasswordCharP
PasswordCharP
OnKeyDown
OnKeyDown
OnKeyPress
OnKeyPress
OnKeyUp
OnKeyUp
ssHorizontal
ssHorizontal
OnKeyUpx
OnKeyUpx
windows
windows
clWebSnow
clWebSnow
clWebFloralWhite
clWebFloralWhite
clWebLavenderBlush
clWebLavenderBlush
clWebOldLace
clWebOldLace
clWebIvory
clWebIvory
clWebCornSilk
clWebCornSilk
clWebBeige
clWebBeige
clWebAntiqueWhite
clWebAntiqueWhite
clWebWheat
clWebWheat
clWebAliceBlue
clWebAliceBlue
clWebGhostWhite
clWebGhostWhite
clWebLavender
clWebLavender
clWebSeashell
clWebSeashell
clWebLightYellow
clWebLightYellow
clWebPapayaWhip
clWebPapayaWhip
clWebNavajoWhite
clWebNavajoWhite
clWebMoccasin
clWebMoccasin
clWebBurlywood
clWebBurlywood
clWebAzure
clWebAzure
clWebMintcream
clWebMintcream
clWebHoneydew
clWebHoneydew
clWebLinen
clWebLinen
clWebLemonChiffon
clWebLemonChiffon
clWebBlanchedAlmond
clWebBlanchedAlmond
clWebBisque
clWebBisque
clWebPeachPuff
clWebPeachPuff
clWebTan
clWebTan
clWebYellow
clWebYellow
clWebDarkOrange
clWebDarkOrange
clWebRed
clWebRed
clWebDarkRed
clWebDarkRed
clWebMaroon
clWebMaroon
clWebIndianRed
clWebIndianRed
clWebSalmon
clWebSalmon
clWebCoral
clWebCoral
clWebGold
clWebGold
clWebTomato
clWebTomato
clWebCrimson
clWebCrimson
clWebBrown
clWebBrown
clWebChocolate
clWebChocolate
clWebSandyBrown
clWebSandyBrown
clWebLightSalmon
clWebLightSalmon
clWebLightCoral
clWebLightCoral
clWebOrange
clWebOrange
clWebOrangeRed
clWebOrangeRed
clWebFirebrick
clWebFirebrick
clWebSaddleBrown
clWebSaddleBrown
clWebSienna
clWebSienna
clWebPeru
clWebPeru
clWebDarkSalmon
clWebDarkSalmon
clWebRosyBrown
clWebRosyBrown
clWebPaleGoldenrod
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebLightGoldenrodYellow
clWebOlive
clWebOlive
clWebForestGreen
clWebForestGreen
clWebGreenYellow
clWebGreenYellow
clWebChartreuse
clWebChartreuse
clWebLightGreen
clWebLightGreen
clWebAquamarine
clWebAquamarine
clWebSeaGreen
clWebSeaGreen
clWebGoldenRod
clWebGoldenRod
clWebKhaki
clWebKhaki
clWebOliveDrab
clWebOliveDrab
clWebGreen
clWebGreen
clWebYellowGreen
clWebYellowGreen
clWebLawnGreen
clWebLawnGreen
clWebPaleGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumAquamarine
clWebMediumSeaGreen
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkOliveGreen
clWebDarkgreen
clWebDarkgreen
clWebLimeGreen
clWebLimeGreen
clWebLime
clWebLime
clWebSpringGreen
clWebSpringGreen
clWebMediumSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebPaleTurquoise
clWebLightCyan
clWebLightCyan
clWebLightBlue
clWebLightBlue
clWebLightSkyBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebDarkBlue
clWebIndigo
clWebIndigo
clWebMediumTurquoise
clWebMediumTurquoise
clWebTurquoise
clWebTurquoise
clWebCyan
clWebCyan
clWebPowderBlue
clWebPowderBlue
clWebSkyBlue
clWebSkyBlue
clWebRoyalBlue
clWebRoyalBlue
clWebMediumBlue
clWebMediumBlue
clWebMidnightBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebDarkTurquoise
clWebCadetBlue
clWebCadetBlue
clWebDarkCyan
clWebDarkCyan
clWebTeal
clWebTeal
clWebDeepskyBlue
clWebDeepskyBlue
clWebDodgerBlue
clWebDodgerBlue
clWebBlue
clWebBlue
clWebNavy
clWebNavy
clWebDarkViolet
clWebDarkViolet
clWebDarkOrchid
clWebDarkOrchid
clWebMagenta
clWebMagenta
clWebDarkMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebMediumVioletRed
clWebPaleVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebBlueViolet
clWebMediumOrchid
clWebMediumOrchid
clWebMediumPurple
clWebMediumPurple
clWebPurple
clWebPurple
clWebDeepPink
clWebDeepPink
clWebLightPink
clWebLightPink
clWebViolet
clWebViolet
clWebOrchid
clWebOrchid
clWebPlum
clWebPlum
clWebThistle
clWebThistle
clWebHotPink
clWebHotPink
clWebPink
clWebPink
clWebLightSteelBlue
clWebLightSteelBlue
clWebMediumSlateBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebLightSlateGray
clWebWhite
clWebWhite
clWebLightgrey
clWebLightgrey
clWebGray
clWebGray
clWebSteelBlue
clWebSteelBlue
clWebSlateBlue
clWebSlateBlue
clWebSlateGray
clWebSlateGray
clWebWhiteSmoke
clWebWhiteSmoke
clWebSilver
clWebSilver
clWebDimGray
clWebDimGray
clWebMistyRose
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlateBlue
clWebDarkSlategray
clWebDarkSlategray
clWebGainsboro
clWebGainsboro
clWebDarkGray
clWebDarkGray
clWebBlack
clWebBlack
Proportional
Proportional
OnExecute RE
OnExecute RE
{43826d1e-e718-42ee-bc55-a1e261c37bfe}
{43826d1e-e718-42ee-bc55-a1e261c37bfe}
%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s
AutoHotkeysh
AutoHotkeysh
AutoHotkeys
AutoHotkeys
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreviewH>F
KeyPreviewH>F
WindowState
WindowState
tagMSG
tagMSG
GlassFrame.Bottom
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Left
GlassFrame.Right
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.SheetOfGlass
GlassFrame.Top
GlassFrame.Top
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
User32.dll
User32.dll
MAPI32.DLL
MAPI32.DLL
msShiftSelect
msShiftSelect
ArrowKeys
ArrowKeys
vsReport
vsReport
RICHED32.DLL
RICHED32.DLL
%s.%.8X:%.8X
%s.%.8X:%.8X
TComboBoxExEnumerator
TComboBoxExEnumerator
ole32.dll
ole32.dll
RunTimeExecute
RunTimeExecute
Downloading Web Media:
Downloading Web Media:
Unable to download installation data from the web
Unable to download installation data from the web
Extracting Web Media:
Extracting Web Media:
Unable to extract installation data downloaded from the web
Unable to extract installation data downloaded from the web
Please locate your original setup sources to continue operation
Please locate your original setup sources to continue operation
Original setup sources required to complete operation, sources not found
Original setup sources required to complete operation, sources not found
Beginning synchronous operation
Beginning synchronous operation
Finishing synchronous operation
Finishing synchronous operation
A previously executed setup still has pending operations on the system. Please restart your computer before attempting to install this product.
A previously executed setup still has pending operations on the system. Please restart your computer before attempting to install this product.
Downloading of installation data from the web has failed. Would you like to try again?
Downloading of installation data from the web has failed. Would you like to try again?
Proxy &Port:
Proxy &Port:
Extraction of installation data downloaded from the web has failed. What would you like to do?
Extraction of installation data downloaded from the web has failed. What would you like to do?
Proxy Pass&word:
Proxy Pass&word:
Downloading of installation data from the web has failed. Please make sure you are connected to the Internet.
Downloading of installation data from the web has failed. Please make sure you are connected to the Internet.
PORTUGESE (BRAZIL)
PORTUGESE (BRAZIL)
PORTUGESE (PORTUGAL)
PORTUGESE (PORTUGAL)
Portugese (Brazil)
Portugese (Brazil)
Portugese (Portugal)
Portugese (Portugal)
%s, ClassID: %s
%s, ClassID: %s
%s, ProgID: "%s"
%s, ProgID: "%s"
mstask.exe
mstask.exe
olepro32.dll
olepro32.dll
Shell32.dll
Shell32.dll
KeyPreviewd
KeyPreviewd
IcsNtlmMsgs (c) 2004-2005 F. Piette V1.00
IcsNtlmMsgs (c) 2004-2005 F. Piette V1.00
TNTLM_Msg2_Info
TNTLM_Msg2_Info
TIcsURL (c) 1997-2005 F. Piette V1.0
TIcsURL (c) 1997-2005 F. Piette V1.0
http:
http:
wsoTcpNoDelay
wsoTcpNoDelay
Port
Port
LocalPort
LocalPort
PeerPort
PeerPort
SocksPort
SocksPort
SocksPassword8
SocksPassword8
wsock32.dll
wsock32.dll
Unable to load wsock32.dll Error #
Unable to load wsock32.dll Error #
%s: WSAStartup error #%d
%s: WSAStartup error #%d
ws2_32.dll
ws2_32.dll
Unable to load ws2_32.dll Error #
Unable to load ws2_32.dll Error #
0.0.0.0
0.0.0.0
Cannot change Port if not closed
Cannot change Port if not closed
Cannot change LocalPort if not closed
Cannot change LocalPort if not closed
255.255.255.255
255.255.255.255
WSocketResolveHost: Cannot convert host address '%s', Error #%d
WSocketResolveHost: Cannot convert host address '%s', Error #%d
WSocketResolvePort: Invalid Port.
WSocketResolvePort: Invalid Port.
WSocketResolvePort: Invalid Proto.
WSocketResolvePort: Invalid Proto.
WSocketResolvePort: Cannot convert port '%s', Error #%d
WSocketResolvePort: Cannot convert port '%s', Error #%d
WSocketResolveProto: Cannot convert protocol '%s', Error #%d
WSocketResolveProto: Cannot convert protocol '%s', Error #%d
GetPeerPort
GetPeerPort
%s: can't start DNS lookup, error #%d
%s: can't start DNS lookup, error #%d
winsock.bind failed, error #%d
winsock.bind failed, error #%d
winsock.getsockname failed, error #%d
winsock.getsockname failed, error #%d
Connect: No Port Specified
Connect: No Port Specified
Connect (Invalid operation in OnChangeState)
Connect (Invalid operation in OnChangeState)
setsockopt(IPPROTO_TCP, TCP_NODELAY)
setsockopt(IPPROTO_TCP, TCP_NODELAY)
listen: port not assigned
listen: port not assigned
Winsock.GetHostName failed
Winsock.GetHostName failed
Operation would block
Operation would block
Operation now in progress
Operation now in progress
Operation already in progress
Operation already in progress
Socket operation on non-socket
Socket operation on non-socket
Protocol not supported
Protocol not supported
Socket type not supported
Socket type not supported
Operation not supported on socket
Operation not supported on socket
Protocol family not supported
Protocol family not supported
Address family not supported by protocol family
Address family not supported by protocol family
WinSock DLL cannot support this application
WinSock DLL cannot support this application
Can't change socks port if not closed
Can't change socks port if not closed
Listening is not supported thru socks server
Listening is not supported thru socks server
tcp is the only protocol supported thru socks server
tcp is the only protocol supported thru socks server
0.0.0.1
0.0.0.1
command not supported
command not supported
address type not supported
address type not supported
THttpCli (c) 1997-2005 F. Piette V1.88
THttpCli (c) 1997-2005 F. Piette V1.88
EHttpException
EHttpException
THttpRequest
THttpRequest
httpABORT
httpABORT
httpGET
httpGET
httpPOST
httpPOST
httpPUT
httpPUT
httpHEAD
httpHEAD
httpCLOSE
httpCLOSE
HttpProt
HttpProt
THttpRequestDone
THttpRequestDone
THttpCliOption
THttpCliOption
httpoNoBasicAuth
httpoNoBasicAuth
httpoNoNTLMAuth
httpoNoNTLMAuth
THttpCliOptions
THttpCliOptions
THttpCli
THttpCli
THttpClit
THttpClit
HttpProt:
HttpProt:
ProxyPort
ProxyPort
Password
Password
ProxyPassword
ProxyPassword
%2.2d %s %4.4d %2.2d:%2.2d:%2.2d
%2.2d %s %4.4d %2.2d:%2.2d:%2.2d
application/x-www-form-urlencoded
application/x-www-form-urlencoded
Mozilla/4.0 (compatible; ICS)
Mozilla/4.0 (compatible; ICS)
https
https
HTTP/
HTTP/
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
hXXp://
hXXp://
hXXps://
hXXps://
HTTP component
HTTP component
HTTP component has nothing to post or put
HTTP component has nothing to post or put
document.htm
document.htm
Insupported HTTP version
Insupported HTTP version
EWebBrokerExceptionU
EWebBrokerExceptionU
%s: %s
%s: %s
%s:%s
%s:%s
dsBeginsyncoperation
dsBeginsyncoperation
dsEndsyncoperation
dsEndsyncoperation
dsFilterreportmimetype
dsFilterreportmimetype
Begin sync operation
Begin sync operation
End sync operation
End sync operation
Filter report mime type
Filter report mime type
TUrlCallBack
TUrlCallBack
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
urlmon.dll
urlmon.dll
URLDownloadToFileA
URLDownloadToFileA
URLDownloadToCacheFileA
URLDownloadToCacheFileA
wininet.dll
wininet.dll
Httpd
Httpd
HttpDocData
HttpDocData
TmiaWebForm
TmiaWebForm
umiaWebForm
umiaWebForm
pmLockKeyboard
pmLockKeyboard
KeySelect
KeySelect
KeyMove
KeyMove
%d x %d
%d x %d
%d, %d
%d, %d
t.hXZN
t.hXZN
advapi32.dll
advapi32.dll
OnActionExecute
OnActionExecute
1.1.3
1.1.3
Invalid ZStream operation!
Invalid ZStream operation!
Portable Network Graphics format handler error%s%s
Portable Network Graphics format handler error%s%s
Unknown Graphics Operation Code
Unknown Graphics Operation Code
Invalid Interlace Pass
Invalid Interlace Pass
TGif: %s
TGif: %s
htPrintMonochromeBlack
htPrintMonochromeBlack
OnKeyPressx
OnKeyPressx
.HTML
.HTML
.JPEG
.JPEG
password
password
HttpEq
HttpEq
TUrlTarget
TUrlTarget
3333333
3333333
msi.dll
msi.dll
MsiViewExecute
MsiViewExecute
flash.ocx
flash.ocx
*flash*.ocx
*flash*.ocx
myflash.ocx
myflash.ocx
shlwapi.dll
shlwapi.dll
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
shell32.dll.mui
shell32.dll.mui
Shell.Application
Shell.Application
netapi32.dll
netapi32.dll
ptstoDefaultKeyHandling
ptstoDefaultKeyHandling
ptsloDefaultKeyHandling
ptsloDefaultKeyHandling
OnKeyUpP
OnKeyUpP
TPTShellControlDefKeyRec
TPTShellControlDefKeyRec
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows\CurrentVersion\Explorer
TIndexEnableEvent
TIndexEnableEvent
%d line
%d line
Bitmaps (*.bmp)|*.bmp
Bitmaps (*.bmp)|*.bmp
Icon files (*.ico)|*.ico
Icon files (*.ico)|*.ico
%d - %s
%d - %s
OnGetEditorClassh
OnGetEditorClassh
tsShadow
tsShadow
TRzRegKey
TRzRegKey
hkeyClassesRoot
hkeyClassesRoot
hkeyCurrentUser
hkeyCurrentUser
hkeyLocalMachine
hkeyLocalMachine
hkeyUsers
hkeyUsers
hkeyPerformanceData
hkeyPerformanceData
hkeyCurrentConfig
hkeyCurrentConfig
hkeyDynData
hkeyDynData
TRzRegAccessKey
TRzRegAccessKey
keyQueryValue
keyQueryValue
keySetValue
keySetValue
keyCreateSubKey
keyCreateSubKey
keyEnumerateSubKeys
keyEnumerateSubKeys
keyNotify
keyNotify
keyCreateLink
keyCreateLink
keyRead
keyRead
keyWrite
keyWrite
keyExecute
keyExecute
keyAllAccess
keyAllAccess
RegKey
RegKey
\Software\Microsoft\Windows\CurrentVersion
\Software\Microsoft\Windows\CurrentVersion
ENotSupportedException
ENotSupportedException
TStringHashTable.TPair
TStringHashTable.TPair
TStringHashTable.TPairEnumerator
TStringHashTable.TPairEnumerator
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
RegDeleteKeyExA
RegDeleteKeyExA
Windows NT
Windows NT
winver.exe
winver.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SOFTWARE\Microsoft\.NETFramework
SOFTWARE\Microsoft\.NETFramework
SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
v4.0.30319
v4.0.30319
SOFTWARE\Microsoft\.NETFramework\Policy\v2.0
SOFTWARE\Microsoft\.NETFramework\Policy\v2.0
v2.0.50727
v2.0.50727
SOFTWARE\Microsoft\.NETFramework\Policy\v1.1
SOFTWARE\Microsoft\.NETFramework\Policy\v1.1
v1.1.4322
v1.1.4322
Fusion.dll
Fusion.dll
{2ec93463-b0c3-45e1-8364-327e96aea856}
{2ec93463-b0c3-45e1-8364-327e96aea856}
odbccp32.dll
odbccp32.dll
SQLConfigDataSource
SQLConfigDataSource
IIsWebService
IIsWebService
IIsWebServer
IIsWebServer
HEnableWebServiceExtension
HEnableWebServiceExtension
*.exe
*.exe
IIsWebVirtualDir
IIsWebVirtualDir
ContentIndexed
ContentIndexed
AccessExecute
AccessExecute
Uh.IX
Uh.IX
;!199{199
;!199{199
;0!8&2{199
;0!8&2{199
Windows 95
Windows 95
Windows 95 OSR-2
Windows 95 OSR-2
Windows 98
Windows 98
Windows 98 SE
Windows 98 SE
Windows ME
Windows ME
Windows 9x New
Windows 9x New
Windows NT 3
Windows NT 3
Windows NT 4
Windows NT 4
Windows 2000
Windows 2000
Windows XP
Windows XP
Windows 2003
Windows 2003
Windows Vista
Windows Vista
Windows 2008
Windows 2008
Windows 7
Windows 7
Windows 2008 R2
Windows 2008 R2
Windows NT New
Windows NT New
TMsgHandlers
TMsgHandlers
svrApi.dll
svrApi.dll
svrapi.dll
svrapi.dll
Software\Microsoft\Windows\CurrentVersion\Network\LanMan\
Software\Microsoft\Windows\CurrentVersion\Network\LanMan\
OLEAUT32.DLL
OLEAUT32.DLL
Invalid executable
Invalid executable
SOFTWARE\MimarSinan\InstallAware\Ident.Cache\
SOFTWARE\MimarSinan\InstallAware\Ident.Cache\
.native.elements.log
.native.elements.log
.native.data.log
.native.data.log
.native.weight.log
.native.weight.log
.native.bitness.log
.native.bitness.log
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
regsvr32.exe
regsvr32.exe
SOFTWARE\ODBC\ODBCINST.INI\
SOFTWARE\ODBC\ODBCINST.INI\
SOFTWARE\ODBC\ODBCINST.INI\ODBC Drivers
SOFTWARE\ODBC\ODBCINST.INI\ODBC Drivers
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
mscriptexecU
mscriptexecU
instance.dat
instance.dat
*.dat
*.dat
SUPPORTDIR
SUPPORTDIR
mgac.exe
mgac.exe
.config
.config
mgacy.exe
mgacy.exe
gacutlrc.dll
gacutlrc.dll
COPYWEBLOCK
COPYWEBLOCK
CMDLINE
CMDLINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
translations.Map
translations.Map
translations.Original
translations.Original
shared.translations.
shared.translations.
Weblock Abort
Weblock Abort
mMSIExec.dll
mMSIExec.dll
Web Media Block
Web Media Block
Microsoft.NET\Framework\v4.0.30319\ngen.exe
Microsoft.NET\Framework\v4.0.30319\ngen.exe
Microsoft.NET\Framework\v2.0.50727\ngen.exe
Microsoft.NET\Framework\v2.0.50727\ngen.exe
Microsoft.NET\Framework\v1.1.4322\ngen.exe
Microsoft.NET\Framework\v1.1.4322\ngen.exe
Run .NET Installer Class
Run .NET Installer Class
Microsoft.NET\Framework\v4.0.30319\installutil.exe
Microsoft.NET\Framework\v4.0.30319\installutil.exe
Microsoft.NET\Framework\v2.0.50727\installutil.exe
Microsoft.NET\Framework\v2.0.50727\installutil.exe
Microsoft.NET\Framework\v1.1.4322\installutil.exe
Microsoft.NET\Framework\v1.1.4322\installutil.exe
Microsoft.NET\Framework\v4.0.30319\regasm.exe
Microsoft.NET\Framework\v4.0.30319\regasm.exe
PublicKeyToken=
PublicKeyToken=
Microsoft.NET\Framework\v2.0.50727\regasm.exe
Microsoft.NET\Framework\v2.0.50727\regasm.exe
Microsoft.NET\Framework\v1.1.4322\regasm.exe
Microsoft.NET\Framework\v1.1.4322\regasm.exe
mia.lib
mia.lib
setup.bmp
setup.bmp
URLUpdateInfo
URLUpdateInfo
Microsoft.NET\Framework\
Microsoft.NET\Framework\
\aspnet_regiis.exe
\aspnet_regiis.exe
NO$KEY
NO$KEY
shdocvw.dll
shdocvw.dll
Microsoft.NET\Framework\v1.1.4322\gacutil.exe
Microsoft.NET\Framework\v1.1.4322\gacutil.exe
Reboot and Login
Reboot and Login
ahadmin_wrapper.dll
ahadmin_wrapper.dll
\ddeexec
\ddeexec
\ddeexec\application
\ddeexec\application
\ddeexec\topic
\ddeexec\topic
readme.txt
readme.txt
license.txt
license.txt
readme.rtf
readme.rtf
license.rtf
license.rtf
index.htm
index.htm
movie.swf
movie.swf
.miaf
.miaf
MaskEdit1KeyUp
MaskEdit1KeyUp
TreeView1KeyUp
TreeView1KeyUp
user32.dll
user32.dll
Built with InstallAware - hXXp://VVV.installaware.com/
Built with InstallAware - hXXp://VVV.installaware.com/
hXXp://VVV.installaware.com/
hXXp://VVV.installaware.com/
HTTP:
HTTP:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
Windows Installer
Windows Installer
%DoNotInstallComponentorSubComponents1x
%DoNotInstallComponentorSubComponents1x
offline\*.*
offline\*.*
mergemod\*.*
mergemod\*.*
Shlwapi.dll
Shlwapi.dll
PathIsURLA
PathIsURLA
PathIsURLW
PathIsURLW
SHDeleteEmptyKeyA
SHDeleteEmptyKeyA
UrlGetPartA
UrlGetPartA
UrlGetPartW
UrlGetPartW
UrlGetLocationA
UrlGetLocationA
UrlGetLocationW
UrlGetLocationW
UrlCanonicalizeA
UrlCanonicalizeA
Portable Network Graphics
Portable Network Graphics
fileexclude.txt
fileexclude.txt
pagefile.sys
pagefile.sys
hiberfil.sys
hiberfil.sys
regexclude.txt
regexclude.txt
roots.txt
roots.txt
MsiRestartManagerSessionKey
MsiRestartManagerSessionKey
ARPURLINFOABOUT
ARPURLINFOABOUT
ARPURLUPDATEINFO
ARPURLUPDATEINFO
PIDKEY
PIDKEY
WINDOWSFOLDER
WINDOWSFOLDER
WINDOWSVOLUME
WINDOWSVOLUME
MSINTSUITEWEBSERVER
MSINTSUITEWEBSERVER
MSINETASSEMBLYSUPPORT
MSINETASSEMBLYSUPPORT
MSIWIN32ASSEMBLYSUPPORT
MSIWIN32ASSEMBLYSUPPORT
OLEADVTSUPPORT
OLEADVTSUPPORT
REDIRECTEDDLLSUPORT
REDIRECTEDDLLSUPORT
SHAREDWINDOWS
SHAREDWINDOWS
SHELLADVTSUPPORT
SHELLADVTSUPPORT
TTCSUPPORT
TTCSUPPORT
WINDOWSBUILD
WINDOWSBUILD
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
lang.loc
lang.loc
mia.tmp
mia.tmp
This installation was created with InstallAware for Windows Installer.
This installation was created with InstallAware for Windows Installer.
Would you like to visit the InstallAware website shown below for more information?
Would you like to visit the InstallAware website shown below for more information?
hXXp://VVV.InstallAware.com/
hXXp://VVV.InstallAware.com/
(3-!0,1'8"5.*2$
(3-!0,1'8"5.*2$
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
HTTP-EQUIV
HTTP-EQUIV
burlywood
burlywood
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\lang.loc
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\lang.loc
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\mia.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\mia.tmp
e_logic.ini
e_logic.ini
OFFLINE\1001D268\AF6861CC\impulse_main.ini
OFFLINE\1001D268\AF6861CC\impulse_main.ini
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetKeyboardType
GetKeyboardType
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
SetKeyboardState
SetKeyboardState
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
MapVirtualKeyA
MapVirtualKeyA
LoadKeyboardLayoutA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
GetKeyNameTextA
GetKeyNameTextA
ExitWindowsEx
ExitWindowsEx
EnumWindows
EnumWindows
EnumThreadWindows
EnumThreadWindows
EnumChildWindows
EnumChildWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
gdi32.dll
gdi32.dll
SetViewportOrgEx
SetViewportOrgEx
GetViewportOrgEx
GetViewportOrgEx
GetViewportExtEx
GetViewportExtEx
version.dll
version.dll
mpr.dll
mpr.dll
WinExec
WinExec
GetWindowsDirectoryA
GetWindowsDirectoryA
GetCPInfo
GetCPInfo
RegQueryInfoKeyA
RegQueryInfoKeyA
RegOpenKeyA
RegOpenKeyA
RegFlushKey
RegFlushKey
RegEnumKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
ShellExecuteExA
ShellExecuteExA
ShellExecuteA
ShellExecuteA
winspool.drv
winspool.drv
comdlg32.dll
comdlg32.dll
winmm.dll
winmm.dll
avi10C.tmp.avi Video #1
avi10C.tmp.avi Video #1
&'!'-!!!'8.!
&'!'-!!!'8.!
! '-' ??'8.
! '-' ??'8.
!&..'?!!-
!&..'?!!-
-. ?.XsP
-. ?.XsP
'''? - !'
'''? - !'
33 33###
33 33###
avi10A.tmp.avi Video #1
avi10A.tmp.avi Video #1
avi108.tmp.avi Video #1
avi108.tmp.avi Video #1
avi1F.tmp.avi Video #1
avi1F.tmp.avi Video #1
I.RvFFb
I.RvFFb
d.IIaa
d.IIaa
^I.Iaa
^I.Iaa
11.Iaa
11.Iaa
11.Iax
11.Iax
aI..Ia
aI..Ia
.Rtx.5ii
.Rtx.5ii
I.IIaa
I.IIaa
11.Ia
11.Ia
avi103.tmp.avi Video #1
avi103.tmp.avi Video #1
[9$9$9$9$9$
[9$9$9$9$9$
avi10E.tmp.avi Video #1
avi10E.tmp.avi Video #1
avi105.tmp.avi Video #1
avi105.tmp.avi Video #1
avi21.tmp.avi Video #1
avi21.tmp.avi Video #1
.qa)z:)
.qa)z:)
dj.jj
dj.jj
333333333333333333
333333333333333333
33333833
33333833
3333339
3333339
3333333333333338
3333333333333338
:*"*"$3338
:*"*"$3338
33333333
33333333
33333333333
33333333333
3333333333338
3333333333338
33338?383
33338?383
333333333333
333333333333
:*3:"$3338
:*3:"$3338
333333333333333
333333333333333
333333330
333333330
33333333333333333333
33333333333333333333
33333333330
33333333330
3333333030
3333333030
33333330
33333330
333333333
333333333
33333339
33333339
33330333330
33330333330
3333033333
3333033333
33330333303
33330333303
333303333
333303333
0333337
0333337
3333333333
3333333333
33333333333333333
33333333333333333
333333333333333330
333333333333333330
3333330
3333330
3333338
3333338
3333333333033338
3333333333033338
3333333330
3333333330
3333333333330
3333333333330
3030330
3030330
030333003
030333003
0030330
0030330
333333333333330
333333333333330
3333333333333
3333333333333
333333303
333333303
0333333
0333333
3333303
3333303
033333333
033333333
03333333333
03333333333
&$$$&&&''
&$$$&&&''
!!####$$$$%%%%
!!####$$$$%%%%
!$$$$%%#
!$$$$%%#
$367999::976541
$367999::976541
',0011/ ($
',0011/ ($
#&*,.... )&
#&*,.... )&
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
portuguese-brazilian
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
operator
operator
GetProcessWindowStation
GetProcessWindowStation
IDispatch error #%d
IDispatch error #%d
Stdout pipe creation failed
Stdout pipe creation failed
Cannot call AppCmd
Cannot call AppCmd
F:\latest (manually copied the dll to the other folder too)\ahadmin_wrapper\src\ReleaseDLL\ahadmin_wrapper.pdb
F:\latest (manually copied the dll to the other folder too)\ahadmin_wrapper\src\ReleaseDLL\ahadmin_wrapper.pdb
CreatePipe
CreatePipe
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
OLEAUT32.dll
OLEAUT32.dll
zcÃ
zcÃ
9*:0:4:8:<:>
9*:0:4:8:<:>
1$121?1^1
1$121?1^1
=$=,=4=
=$=,=4=
0 0$0(0,0004080
0 0$0(0,0004080
2 2$2(2,202
2 2$2(2,202
mscoree.dll
mscoree.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
KERNEL32.DLL
KERNEL32.DLL
gacutil.pdb
gacutil.pdb
u.WVh
u.WVh
u.VSh
u.VSh
YYu.PS
YYu.PS
u.VWh
u.VWh
GetConsoleOutputCP
GetConsoleOutputCP
GetProcessHeap
GetProcessHeap
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
Thawte Certification1
Thawte Certification1
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
"hXXp://crl.verisign.com/tss-ca.crl0
"hXXp://crl.verisign.com/tss-ca.crl0
9hXXp://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl0
9hXXp://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl0
hXXp://microsoft.com0
hXXp://microsoft.com0
@.rsrc
@.rsrc
GACUTLRC.DLL
GACUTLRC.DLL
gacutlrc.pdb
gacutlrc.pdb
3hXXp://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
3hXXp://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
,hXXp://VVV.microsoft.com/pki/certs/CSPCA.crt0
,hXXp://VVV.microsoft.com/pki/certs/CSPCA.crt0
3hXXp://crl.microsoft.com/pki/crl/products/tspca.crl0H
3hXXp://crl.microsoft.com/pki/crl/products/tspca.crl0H
,hXXp://VVV.microsoft.com/pki/certs/tspca.crt0
,hXXp://VVV.microsoft.com/pki/certs/tspca.crt0
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
8*9094989
8*9094989
KWindows
KWindows
UrlMon
UrlMon
6mscriptexec
6mscriptexec
?HTTPApp
?HTTPApp
>WebConst
>WebConst
uWindows7Taskbar
uWindows7Taskbar
]mscriptexecthread
]mscriptexecthread
OURLSubs
OURLSubs
.HTMLGif2
.HTMLGif2
1uMIAWeb
1uMIAWeb
JumiaWebForm
JumiaWebForm
IcsUrl
IcsUrl
IcsNtlmMsgs
IcsNtlmMsgs
Font.Charset
Font.Charset
Font.Color
Font.Color
Font.Height
Font.Height
Font.Name
Font.Name
Font.Style
Font.Style
Items.Strings
Items.Strings
Glyph.Data
Glyph.Data
333333033
333333033
3333333333333333330
3333333333333333330
33333333033
33333333033
33333333333333330
33333333333333330
033333333333333
033333333333333
3333330033
3333330033
33333333333333
33333333333333
30333333333333333333
30333333333333333333
333333338
333333338
333330000
333330000
333333038
333333038
33333333333330
33333333333330
3333333333333333
3333333333333333
Icon.Data
Icon.Data
Tabs.Strings
Tabs.Strings
All (*.bmp;*.ico;*.emf;*.wmf,*.jpg)|*.bmp;*.ico;*.emf;*.wmf;*.jpg;*.jpeg|Bitmaps (*.bmp)|*.bmp|Icons (*.ico)|*.ico|Enhanced Metafiles (*.emf)|*.emf|Metafiles (*.wmf)|*.wmf|JPEG Images (*.jpg)|*.jpg;*.jpeg
All (*.bmp;*.ico;*.emf;*.wmf,*.jpg)|*.bmp;*.ico;*.emf;*.wmf;*.jpg;*.jpeg|Bitmaps (*.bmp)|*.bmp|Icons (*.ico)|*.ico|Enhanced Metafiles (*.emf)|*.emf|Metafiles (*.wmf)|*.wmf|JPEG Images (*.jpg)|*.jpg;*.jpeg
All (*.bmp;*.ico;*.emf;*.wmf;*.jpg)|*.bmp;*.ico;*.emf;*.wmf;*.jpg|Bitmaps (*.bmp)|*.bmp|Icons (*.ico)|*.ico|Enhanced Metafiles (*.emf)|*.emf|Metafiles (*.wmf)|*.wmf|JPEG Images (*.jpg)|*.jpg
All (*.bmp;*.ico;*.emf;*.wmf;*.jpg)|*.bmp;*.ico;*.emf;*.wmf;*.jpg|Bitmaps (*.bmp)|*.bmp|Icons (*.ico)|*.ico|Enhanced Metafiles (*.emf)|*.emf|Metafiles (*.wmf)|*.wmf|JPEG Images (*.jpg)|*.jpg
edtKeyPress
edtKeyPress
3333333333333333333
3333333333333333333
3333334
3333334
Picture.Data
Picture.Data
TMenuItem%DoNotInstallComponentorSubComponents1
TMenuItem%DoNotInstallComponentorSubComponents1
^Extraction of installation data downloaded from the web has failed. What would you like to do?
^Extraction of installation data downloaded from the web has failed. What would you like to do?
VDownloading of installation data from the web has failed. Would you like to try again?
VDownloading of installation data from the web has failed. Would you like to try again?
mDownloading of installation data from the web has failed. Please make sure you are connected to the Internet.
mDownloading of installation data from the web has failed. Please make sure you are connected to the Internet.
miaWebForm
miaWebForm
Mozilla/3.0 (compatible)
Mozilla/3.0 (compatible)
!application/x-www-form-urlencoded
!application/x-www-form-urlencoded
8a.Mz@`
8a.Mz@`
@QkEYrG_wIb|>Yt)Ca
@QkEYrG_wIb|>Yt)Ca
.Pm&H`
.Pm&H`
&)K*1z-4}.6| 4w(1t)5w.:|5@
&)K*1z-4}.6| 4w(1t)5w.:|5@
"#I $w!%x $u
"#I $w!%x $u
*>(3I&1G"*A&-F
*>(3I&1G"*A&-F
:GQ:BO29H.4G/4I05J/6J,5I-3J 3J-2K*1J*.J&-H!%A!(C&*F#*C$*A!)@$ >
:GQ:BO29H.4G/4I05J/6J,5I-3J 3J-2K*1J*.J&-H!%A!(C&*F#*C$*A!)@$ >
2((@54N:9S64Q/-K )G (HC&$B'%C*(E, E**B##:..6
2((@54N:9S64Q/-K )G (HC&$B'%C*(E, E**B##:..6
:#$F#%D
:#$F#%D
%.!/9*?2';("5
%.!/9*?2';("5
-('7)…/@70=
-('7)…/@70=
%,% 217>/5
%,% 217>/5
%)&/3)26!*. & '-2,16( -
%)&/3)26!*. & '-2,16( -
956C8;;255,/:36?:@IHJTSUJNOGKLKPQQYYPXXAKK2?=/@
956C8;;255,/:36?:@IHJTSUJNOGKLKPQQYYPXXAKK2?=/@
$(!',#).(.2),.
$(!',#).(.2),.
')'03%.1
')'03%.1
osZ2bO*\I(cR1dQ.iV1fT hV-jZ0fZ6
osZ2bO*\I(cR1dQ.iV1fT hV-jZ0fZ6
) !-/*36,58.7:*.0
) !-/*36,58.7:*.0
[kX%sd6~pF
[kX%sd6~pF
gl]%fX'l_1
gl]%fX'l_1
&))14-13
&))14-13
apr=OP5FIMabk}~evsaoi\g]HRB5;(5:Ã-edHywY`^@SR6HG II SQ3
apr=OP5FIMabk}~evsaoi\g]HRB5;(5:Ã-edHywY`^@SR6HG II SQ3
YZ@`_CKJ.LK/?>"BA%LJ,ywU
YZ@`_CKJ.LK/?>"BA%LJ,ywU
EF,:;!KJ.QO1WU3ljBhc6nh3
EF,:;!KJ.QO1WU3ljBhc6nh3
wuu9453-.:45;67734?=>DFFCGGCJJAII;BC9?@CGIPSUOSRMSQOTSAHG4:;BJJOWXBJKNUVKRQGMKAGB;?959147/68/./'77/01)35,:;2AA7;;/BA3VTDCA.RO7
wuu9453-.:45;67734?=>DFFCGGCJJAII;BC9?@CGIPSUOSRMSQOTSAHG4:;BJJOWXBJKNUVKRQGMKAGB;?959147/68/./'77/01)35,:;2AA7;;/BA3VTDCA.RO7
114214114111
114214114111
2111141141141.
2111141141141.
(4114141141141411
(4114141141141411
&41141114114.(11214
&41141114114.(11214
4114141414114%.1411
4114141414114%.1411
(411411411,414. 61221
(411411411,414. 61221
211414111
211414111
"41111.1.
"41111.1.
.="A421
.="A421
1411412
1411412
4122141
4122141
222.42114122
222.42114122
61211421212121
61211421212121
A14114141214
A14114141214
611142114141
611142114141
41114141412
41114141412
612114114
612114114
14142142
14142142
004204004000
004204004000
2000040040030-
2000040040030-
(4004040030040400
(4004040030040400
&40030003004-(00204
&40030003004-(00204
4003040404003$-0300
4003040404003$-0300
(400400400,403- 60220
(400400400,403- 60220
200404000
200404000
!40000-0-
!40000-0-
-
-
0400402
0400402
4022040
4022040
222-42004022
222-42004022
60200320202020
60200320202020
$4004004040204
$4004004040204
600032003040
600032003040
40004040402
40004040402
602003004
602003004
04032042
04032042
version="1.0.0.0"
version="1.0.0.0"
name="CompanyName.ProductName.YourApplication"
name="CompanyName.ProductName.YourApplication"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
HKEY_
HKEY_
THOTKEY
THOTKEY
TMIAWEBFORM
TMIAWEBFORM
*** MSI Directory ***GThe archive cannot be opened: unsupported archive or incorrect password
*** MSI Directory ***GThe archive cannot be opened: unsupported archive or incorrect password
Add a readme.V.txt or readme.txt file to your project as a support file/creative to display it here.
Add a readme.V.txt or readme.txt file to your project as a support file/creative to display it here.
Add a license.W.txt or license.txt file to your project as a support file/creative to display it here.
Add a license.W.txt or license.txt file to your project as a support file/creative to display it here.
.rtf or readme.rtf, or readme. .rtf or license.rtf, or license.oAdd an index.htm file to your project to display it here, along with any other additional support/linked files.8Add a movie.swf file to your project to display it here.
.rtf or readme.rtf, or readme. .rtf or license.rtf, or license.oAdd an index.htm file to your project to display it here, along with any other additional support/linked files.8Add a movie.swf file to your project to display it here.
LABEL re-defined: .Web Media Block name must be a legal file name3Web Media Block must have at least one download URL
LABEL re-defined: .Web Media Block name must be a legal file name3Web Media Block must have at least one download URL
NUnable to retrieve a pointer to a running object registered with OLE for %s/%s
NUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Brown2The chunk class index especified is out of range.1Can't read the PNG image, it has corrupted data. \This PNG image is invalid, the IHDR chunk is either not present or it isn't the first chunk.CThe current image being loaded has no data and could not be loaded.6The current image being loaded has an invalid palette!>Could not read the image because it has an unknown color type.MThe image could not be loaded because it uses an unknown set of filter types.*The image has an unknown interlace method.\The currently being loaded image contains critical(s) chunk(s) not reconized by the decoder.>The current image requeries a palette but it is not avaliable.^Can not get transparency information because the current image color type is not RGB (value 3)wThe especified chunk is not inside the chunk list containing the method being used. The funcion could not be completed.
Brown2The chunk class index especified is out of range.1Can't read the PNG image, it has corrupted data. \This PNG image is invalid, the IHDR chunk is either not present or it isn't the first chunk.CThe current image being loaded has no data and could not be loaded.6The current image being loaded has an invalid palette!>Could not read the image because it has an unknown color type.MThe image could not be loaded because it uses an unknown set of filter types.*The image has an unknown interlace method.\The currently being loaded image contains critical(s) chunk(s) not reconized by the decoder.>The current image requeries a palette but it is not avaliable.^Can not get transparency information because the current image color type is not RGB (value 3)wThe especified chunk is not inside the chunk list containing the method being used. The funcion could not be completed.
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design mode1Invalid URL encoded character (%s) at position %d
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design mode1Invalid URL encoded character (%s) at position %d
The archive file was not found*Illegal path used in a wildcard expressionGThe archive cannot be opened: unsupported archive or incorrect password
The archive file was not found*Illegal path used in a wildcard expressionGThe archive cannot be opened: unsupported archive or incorrect password
JPEG error #%d
JPEG error #%d
JPEG Image Fileúiled to allocate memory for GIF DIB Failed to create DIB from Bitmap
JPEG Image Fileúiled to allocate memory for GIF DIB Failed to create DIB from Bitmap
Scan line index out of rangeGInvalid Portable Graphics Network image, it has an invalid file header./The chunk index especified is out of the range.
Scan line index out of rangeGInvalid Portable Graphics Network image, it has an invalid file header./The chunk index especified is out of the range.
Failed to Save Stream %s is already associated with %sE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL
Failed to Save Stream %s is already associated with %sE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Could not activate "%s" task.
Could not activate "%s" task.
Task "%s" is not activated.'Task with the name "%s" already exists. Trigger index out of bounds (%d)&Task Scheduler service is not running.=Error decoding URL style (%%XX) encoded string at position %d
Task "%s" is not activated.'Task with the name "%s" already exists. Trigger index out of bounds (%d)&Task Scheduler service is not running.=Error decoding URL style (%%XX) encoded string at position %d
UTF-7"PageControl must first be assigned"%s requires Windows Vista or later
UTF-7"PageControl must first be assigned"%s requires Windows Vista or later
Failed to clear tab control Failed to delete tab at index %d"Failed to retrieve tab at index %d Failed to get object at index %d"Failed to set tab "%s" at index %d Failed to set object at index %d
Failed to clear tab control Failed to delete tab at index %d"Failed to retrieve tab at index %d Failed to get object at index %d"Failed to set tab "%s" at index %d Failed to set object at index %d
(%dx%d)
(%dx%d)
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.,Multiselect mode must be on for this feature
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.,Multiselect mode must be on for this feature
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned
Value must be between %d and %d
Value must be between %d and %d
All files (*.*)|*.*
All files (*.*)|*.*
Invalid clipboard format Clipboard does not support Icons
Invalid clipboard format Clipboard does not support Icons
Text exceeds memo capacity.There is no default printer currently selected/Menu '%s' is already being used by another form
Text exceeds memo capacity.There is no default printer currently selected/Menu '%s' is already being used by another form
Invalid input value7Invalid input value. Use escape key to abandon changes
Invalid input value7Invalid input value. Use escape key to abandon changes
!Control '%s' has no parent window$Parent given is not a parent of '%s'
!Control '%s' has no parent window$Parent given is not a parent of '%s'
%s property out of range
%s property out of range
%s on %s@GroupIndex cannot be less than a previous menu item's GroupIndex
%s on %s@GroupIndex cannot be less than a previous menu item's GroupIndex
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
Unsupported clipboard format
Unsupported clipboard format
Property %s does not exist
Property %s does not exist
Thread creation error: %s
Thread creation error: %s
Thread Error: %s (%d)"Unable to find a Table of Contents
Thread Error: %s (%d)"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed
No help found for %s#No context-sensitive help installed
List count out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
List index out of bounds (%d) Out of memory while expanding memory stream
%s on line %d
%s on line %d
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to get data for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Resource %s not found
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list
%s.Seek not implemented$Operation not allowed on sorted list
%s expected$%s not in a class registration group
%s expected$%s not in a class registration group
Cannot create file "%s". %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Cannot open file "%s". %s
Unable to write to %s
Unable to write to %s
Invalid file name - %s
Invalid file name - %s
Invalid stream format$''%s'' is not a valid component name
Invalid stream format$''%s'' is not a valid component name
Invalid property element: %s
Invalid property element: %s
Invalid data type for '%s'
Invalid data type for '%s'
Line too long List capacity out of bounds (%d)
Line too long List capacity out of bounds (%d)
Ancestor for '%s' not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Cannot assign a %s to a %s
''%s'' expectedECheckSynchronize called from thread $%x, which is NOT the main thread
''%s'' expectedECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Operation not supported
Operation not supported
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
System Error. Code: %d.
(Exception %s in module %s at %p.
(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted
Operation aborted
!'%s' is not a valid integer value('%s' is not a valid floating point value
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid GUID value
'%s' is not a valid GUID value
I/O error %d
I/O error %d
nKERNEL32.DLL
nKERNEL32.DLL
- floating point support not loaded
- floating point support not loaded
WUSER32.DLL
WUSER32.DLL
MACHINE/WEBROOT/APPHOST
MACHINE/WEBROOT/APPHOST
system.applicationHost/sites
system.applicationHost/sites
%systemdrive%\inetpub\wwwroot\
%systemdrive%\inetpub\wwwroot\
MACHINE/WEBROOT/APPHOST/
MACHINE/WEBROOT/APPHOST/
system.webServer/httpProtocol
system.webServer/httpProtocol
system.webServer/httpLogging
system.webServer/httpLogging
system.applicationHost/applicationPools
system.applicationHost/applicationPools
system.webServer/handlers
system.webServer/handlers
system.webServer/directoryBrowse
system.webServer/directoryBrowse
system.webServer/defaultDocument
system.webServer/defaultDocument
system.webServer/staticContent
system.webServer/staticContent
system.webServer/security/authentication/anonymousAuthentication
system.webServer/security/authentication/anonymousAuthentication
system.webServer/security/authentication/windowsAuthentication
system.webServer/security/authentication/windowsAuthentication
system.webServer/security/authentication/basicAuthentication
system.webServer/security/authentication/basicAuthentication
appcmd.exe
appcmd.exe
\system32\inetsrv\appcmd.exe
\system32\inetsrv\appcmd.exe
efusion.dll
efusion.dll
Microsoft (R) .NET Global Assembly Cache Utility. Version 2.0.50727.42
Microsoft (R) .NET Global Assembly Cache Utility. Version 2.0.50727.42
UNINSTALL_KEY
UNINSTALL_KEY
WINDOWS_INSTALLER
WINDOWS_INSTALLER
Microsoft (R) .NET Framework Global Assembly Cache Utility
Microsoft (R) .NET Framework Global Assembly Cache Utility
2.0.50727.42 (RTM.050727-4200)
2.0.50727.42 (RTM.050727-4200)
gacutil.exe
gacutil.exe
.NET Framework
.NET Framework
2.0.50727.42
2.0.50727.42
kInvalid file or assembly name. The name of the file must be the name of the assembly plus .dll or .exe .
kInvalid file or assembly name. The name of the file must be the name of the assembly plus .dll or .exe .
PAssembly cannot be uninstalled because it is required by the operating system.
PAssembly cannot be uninstalled because it is required by the operating system.
Unknown Error hr=0X%x
Unknown Error hr=0X%x
UNINSTALL_KEY
UNINSTALL_KEY
OAssembly could not be uninstalled because it is required by Windows Installer
OAssembly could not be uninstalled because it is required by Windows Installer
Error HRESULT=0x%0x
Error HRESULT=0x%0x
Number of items = %d
Number of items = %d
8/ungen is obsolete. Please use ngen.exe /delete instead.
8/ungen is obsolete. Please use ngen.exe /delete instead.
RAssembly could not be uninstalled because it is required by the operating system
RAssembly could not be uninstalled because it is required by the operating system
Failure enumerating assemblies: .Invalid assembly display name in input file.
Failure enumerating assemblies: .Invalid assembly display name in input file.
/Error deleting contents of the download cache: %Download cache deleted successfully
/Error deleting contents of the download cache: %Download cache deleted successfully
Failed to process assembly %ws.HAssembly %ws already exists in cache. Use /f option to force overwrite
Failed to process assembly %ws.HAssembly %ws already exists in cache. Use /f option to force overwrite
.Assembly %ws successfully added to the cache
.Assembly %ws successfully added to the cache
Number of assemblies processed = %d
Number of assemblies processed = %d
%Number of assemblies installed = %d
%Number of assemblies installed = %d
(Number of assemblies uninstalled = %d
(Number of assemblies uninstalled = %d
Number of failures = %d
Number of failures = %d
Example: /i myDll.dll/ /r FILEPATH c:\projects\myapp.exe "My App"
Example: /i myDll.dll/ /r FILEPATH c:\projects\myapp.exe "My App"
# Example: /il MyAssemblyList.txt- /r FILEPATH c:\projects\myapp.exe "My App"
# Example: /il MyAssemblyList.txt- /r FILEPATH c:\projects\myapp.exe "My App"
# myAssemblyList.txt content:
# myAssemblyList.txt content:
myAsm1.dll
myAsm1.dll
myAsm2.dll
myAsm2.dll
K /u myDll,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
K /u myDll,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
2 /r FILEPATH c:\projects\myapp.exe "My App"
2 /r FILEPATH c:\projects\myapp.exe "My App"
F Assembly will be removed unless referenced by Windows Installer.
F Assembly will be removed unless referenced by Windows Installer.
U Example: /uf myDll,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
U Example: /uf myDll,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
# Example: /ul myAssemblyList.txt
# Example: /ul myAssemblyList.txt
,/r FILEPATH c:\projects\myapp.exe "My App"
,/r FILEPATH c:\projects\myapp.exe "My App"
H myDll,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
H myDll,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
K myDll2,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
K myDll2,Version=1.1.0.0,Culture=en,PublicKeyToken=874e23ab874e23ab
(UNINSTALL_KEY, FILEPATH or OPAQUE).
(UNINSTALL_KEY, FILEPATH or OPAQUE).
; Example: /r FILEPATH c:\projects\myapp.exe "My App"
; Example: /r FILEPATH c:\projects\myapp.exe "My App"
gacutil.ex
gacutil.ex
4.0.30319.1 (RTMRel.030319-0100)
4.0.30319.1 (RTMRel.030319-0100)
4.0.30319.1
4.0.30319.1
8/ungen is obsolete. Please use ngen.exe /delete instead.%Unsupported target runtime version.
8/ungen is obsolete. Please use ngen.exe /delete instead.%Unsupported target runtime version.
gacutlrc.dl
gacutlrc.dl
Microsoft (R) .NET Global Assembly Cache Utility. Version 4.0.30319.1
Microsoft (R) .NET Global Assembly Cache Utility. Version 4.0.30319.1
yKERNEL32.DLL
yKERNEL32.DLL
This installation was built with InstallAware: hXXp://VVV.installaware.com
This installation was built with InstallAware: hXXp://VVV.installaware.com
cidaemon.exe_1988:
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
KERNEL32.dll
KERNEL32.dll
query.dll
query.dll
ntdll.dll
ntdll.dll
ole32.dll
ole32.dll
cidaemon.pdb
cidaemon.pdb
\\?\UN
\\?\UN
5.1.2600.0 (xpclient.010817-1148)
5.1.2600.0 (xpclient.010817-1148)
cidaemon.exe
cidaemon.exe
Windows
Windows
Operating System
Operating System
5.1.2600.0
5.1.2600.0