Qakbot_76507644f6

mzpefinder_pcap_file.YR, Qakbot.YR, GenericInjector.YR, GenericIRCBot.YR, TrojanDownloaderVundo.YR, TrojanPSWOnlineGames.YR, PUPHomePages.YR, PackedMysticCompressor.YR, GenericDownloader.YR, RATTurkojan.YR, GenericAutorunWorm.YR, SpyEye.YR, Necurs.YR, PackedThemida.YR, GenericPhysicalDrive0.YR, Bancos.YR, BankerGeneric.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan-PSW, Banker, OnlineGames, Trojan, Worm, Packed, PUP, WormAutorun, IRCBot

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

d-d-d d:d:d

d-d-d d:d:d

d:d:d

d:d:d

d-d-d

d-d-d

failed to allocate %u bytes of memory

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

failed memory resize %u to %u bytes

922337203685477580

922337203685477580

API call with %s database connection pointer

API call with %s database connection pointer

RowKey

RowKey

GetProcessHeap

GetProcessHeap

os_win.c:%d: (%lu) %s(%s) - %s

os_win.c:%d: (%lu) %s(%s) - %s

delayed %dms for lock/sharing conflict

delayed %dms for lock/sharing conflict

%s-shm

%s-shm

%s%c%s

%s%c%s

recovered %d pages from %s

recovered %d pages from %s

recovered %d frames from WAL file %s

recovered %d frames from WAL file %s

cannot limit WAL size: %s

cannot limit WAL size: %s

invalid page number %d

invalid page number %d

2nd reference to page %d

2nd reference to page %d

Failed to read ptrmap key=%d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

%d of %d pages missing from overflow list starting at %d

failed to get page %d

failed to get page %d

freelist leaf count too big on page %d

freelist leaf count too big on page %d

Page %d:

Page %d:

unable to get the page. error code=%d

unable to get the page. error code=%d

btreeInitPage() returns error code %d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On tree page %d cell %d:

On page %d at right child:

On page %d at right child:

Corruption detected in cell %d on page %d

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Page %d is never used

Pointer map page %d is referenced

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

Outstanding page count goes from %d to %d during this analysis

unknown database %s

unknown database %s

%s(%d)

%s(%d)

%s-mjXXXXXX9XXz

%s-mjXXXXXX9XXz

MJ delete: %s

MJ delete: %s

MJ collide: %s

MJ collide: %s

-mjX9X

-mjX9X

FOREIGN KEY constraint failed

FOREIGN KEY constraint failed

unable to use function %s in the requested context

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

bind on a busy prepared statement: [%s]

zeroblob(%d)

zeroblob(%d)

FOREIGN KEY

FOREIGN KEY

abort at %d in [%s]: %s

abort at %d in [%s]: %s

%s constraint failed: %s

%s constraint failed: %s

%s constraint failed

%s constraint failed

cannot open savepoint - SQL statements in progress

cannot open savepoint - SQL statements in progress

no such savepoint: %s

no such savepoint: %s

cannot release savepoint - SQL statements in progress

cannot release savepoint - SQL statements in progress

cannot commit transaction - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_temp_master

sqlite_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

cannot change %s wal mode from within a transaction

database table is locked: %s

database table is locked: %s

statement aborts at %d: [%s] %s

statement aborts at %d: [%s] %s

cannot open value of type %s

cannot open value of type %s

cannot open virtual table: %s

cannot open virtual table: %s

cannot open table without rowid: %s

cannot open table without rowid: %s

cannot open view: %s

cannot open view: %s

no such column: "%s"

no such column: "%s"

foreign key

foreign key

indexed

indexed

cannot open %s column for writing

cannot open %s column for writing

misuse of aliased aggregate %s

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s.%s

%s: %s.%s

%s: %s.%s

%s: %s

%s: %s

%s prohibited in partial index WHERE clauses

%s prohibited in partial index WHERE clauses

%s prohibited in CHECK constraints

%s prohibited in CHECK constraints

not authorized to use function: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

variable number must be between ?1 and ?%d

too many SQL variables

too many SQL variables

too many columns in %s

too many columns in %s

EXECUTE %s%s SUBQUERY %d

EXECUTE %s%s SUBQUERY %d

hex literal too big: %s

hex literal too big: %s

misuse of aggregate: %s()

misuse of aggregate: %s()

%.*s"%w"%s

%.*s"%w"%s

%s%.*s"%w"

%s%.*s"%w"

sqlite_rename_table

sqlite_rename_table

sqlite_rename_trigger

sqlite_rename_trigger

sqlite_rename_parent

sqlite_rename_parent

%s OR name=%Q

%s OR name=%Q

type='trigger' AND (%s)

type='trigger' AND (%s)

sqlite_

sqlite_

table %s may not be altered

table %s may not be altered

there is already another table or index with this name: %s

there is already another table or index with this name: %s

view %s may not be altered

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

sqlite_altertab_%s

sqlite_stat1

sqlite_stat1

sqlite_stat3

sqlite_stat3

sqlite_stat4

sqlite_stat4

CREATE TABLE %Q.%s(%s)

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE %s=%Q

DELETE FROM %Q.%s WHERE %s=%Q

SELECT tbl,idx,stat FROM %Q.sqlite_stat1

SELECT tbl,idx,stat FROM %Q.sqlite_stat1

too many attached databases - max %d

too many attached databases - max %d

database %s is already in use

database %s is already in use

unable to open database: %s

unable to open database: %s

no such database: %s

no such database: %s

cannot detach database %s

cannot detach database %s

database %s is locked

database %s is locked

sqlite_detach

sqlite_detach

sqlite_attach

sqlite_attach

%s %T cannot reference objects in database %s

%s %T cannot reference objects in database %s

%s cannot use variables

%s cannot use variables

access to %s.%s.%s is prohibited

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

object name reserved for internal use: %s

there is already an index named %s

there is already an index named %s

too many columns on %s

too many columns on %s

duplicate column name: %s

duplicate column name: %s

default value of column [%s] is not constant

default value of column [%s] is not constant

table "%s" has more than one primary key

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

PRIMARY KEY missing on table %s

PRIMARY KEY missing on table %s

CREATE %s %.*s

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

sqlite_stat%d

sqlite_stat%d

DELETE FROM %Q.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

sqlite_stat

sqlite_stat

table %s may not be dropped

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

use DROP VIEW to delete view %s

foreign key on %s should reference only one column of table %T

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

unknown column "%s" in foreign key definition

cannot create a TEMP index on non-TEMP table "%s"

cannot create a TEMP index on non-TEMP table "%s"

table %s may not be indexed

table %s may not be indexed

views may not be indexed

views may not be indexed

virtual tables may not be indexed

virtual tables may not be indexed

there is already a table named %s

there is already a table named %s

index %s already exists

index %s already exists

sqlite_autoindex_%s_%d

sqlite_autoindex_%s_%d

table %s has no column named %s

table %s has no column named %s

CREATE%s INDEX %.*s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q AND type='index'

DELETE FROM %Q.%s WHERE name=%Q AND type='index'

a JOIN clause is required before %s

a JOIN clause is required before %s

%s.%s

%s.%s

%s.rowid

%s.rowid

unable to identify the object to be reindexed

unable to identify the object to be reindexed

duplicate WITH table name: %s

duplicate WITH table name: %s

no such collation sequence: %s

no such collation sequence: %s

table %s may not be modified

table %s may not be modified

cannot modify %s because it is a view

cannot modify %s because it is a view

sqlite_version

sqlite_version

sqlite_source_id

sqlite_source_id

sqlite_log

sqlite_log

sqlite_compileoption_used

sqlite_compileoption_used

sqlite_compileoption_get

sqlite_compileoption_get

foreign key mismatch - "%w" referencing "%w"

foreign key mismatch - "%w" referencing "%w"

table %S has no column named %s

table %S has no column named %s

table %S has %d columns but %d values were supplied

table %S has %d columns but %d values were supplied

%d values for %d columns

%d values for %d columns

sqlite3_extension_init

sqlite3_extension_init

unable to open shared library [%s]

unable to open shared library [%s]

sqlite3_

sqlite3_

no entry point [%s] in shared library [%s]

no entry point [%s] in shared library [%s]

error during initialization: %s

error during initialization: %s

automatic extension loading failed: %s

automatic extension loading failed: %s

defer_foreign_keys

defer_foreign_keys

foreign_key_check

foreign_key_check

foreign_key_list

foreign_key_list

foreign_keys

foreign_keys

*** in database %s ***

*** in database %s ***

NULL value in %s.%s

NULL value in %s.%s

unsupported encoding: %s

unsupported encoding: %s

malformed database schema (%s)

malformed database schema (%s)

%s - %s

%s - %s

unsupported file format

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

cannot join using column %s - column not present in both tables

USE TEMP B-TREE FOR %s

USE TEMP B-TREE FOR %s

COMPOUND SUBQUERIES %d AND %d %s(%s)

COMPOUND SUBQUERIES %d AND %d %s(%s)

column%d

column%d

%s:%d

%s:%d

SELECTs to the left and right of %s do not have the same number of result columns

SELECTs to the left and right of %s do not have the same number of result columns

ORDER BY clause should come after %s not before

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

LIMIT clause should come after %s not before

no such index: %s

no such index: %s

multiple references to recursive table: %s

multiple references to recursive table: %s

circular reference: %s

circular reference: %s

table %s has %d values for %d columns

table %s has %d values for %d columns

multiple recursive references: %s

multiple recursive references: %s

recursive reference in a subquery: %s

recursive reference in a subquery: %s

sqlite_sq_%p

sqlite_sq_%p

too many references to "%s": max 65535

too many references to "%s": max 65535

%s.%s.%s

%s.%s.%s

no such table: %s

no such table: %s

SCAN TABLE %s%s%s

SCAN TABLE %s%s%s

sqlite3_get_table() called with two or more incompatible queries

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

no such trigger: %S

-- TRIGGER %s

-- TRIGGER %s

no such column: %s

no such column: %s

cannot VACUUM - SQL statements in progress

cannot VACUUM - SQL statements in progress

PRAGMA vacuum_db.synchronous=OFF

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor failed: %s

vtable constructor did not declare schema: %s

vtable constructor did not declare schema: %s

no such module: %s

no such module: %s

automatic index on %s(%s)

automatic index on %s(%s)

table %s: xBestIndex returned an invalid plan

table %s: xBestIndex returned an invalid plan

ANY(%s)

ANY(%s)

SUBQUERY %d

SUBQUERY %d

TABLE %s

TABLE %s

AS %s

AS %s

PRIMARY KEY

PRIMARY KEY

COVERING INDEX %s

COVERING INDEX %s

INDEX %s

INDEX %s

USING INTEGER PRIMARY KEY

USING INTEGER PRIMARY KEY

VIRTUAL TABLE INDEX %d:%s

VIRTUAL TABLE INDEX %d:%s

%s.xBestIndex() malfunction

%s.xBestIndex() malfunction

at most %d tables in a join

at most %d tables in a join

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

SQL logic error or missing database

SQL logic error or missing database

unknown operation

unknown operation

large file support is disabled

large file support is disabled

unknown database: %s

unknown database: %s

no such %s mode: %s

no such %s mode: %s

%s mode not allowed: %s

%s mode not allowed: %s

no such vfs: %s

no such vfs: %s

database corruption at line %d of [%.10s]

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

cannot open file at line %d of [%.10s]

no such table column: %s.%s

no such table column: %s.%s

operator >> (CSZVinaryData& failure

operator >> (CSZVinaryData& failure

CSZApplicationPipeServer::Reply

CSZApplicationPipeServer::Reply

CSZApplicationPipeServer::GetWrapper

CSZApplicationPipeServer::GetWrapper

CSZHomeServiceComponentResult::ParseTokenKey

CSZHomeServiceComponentResult::ParseTokenKey

pipe-name

pipe-name

key-invalid

key-invalid

key-inactive

key-inactive

key-in-use

key-in-use

key-mismatch

key-mismatch

external.product

external.product

external.edition

external.edition

external.affiliate_id

external.affiliate_id

external.downloader_id

external.downloader_id

external.reseller_id

external.reseller_id

CSZStoredAction::Execute

CSZStoredAction::Execute

CSZServiceApplication::ImportExternalConfig

CSZServiceApplication::ImportExternalConfig

client.presence.interactive

client.presence.interactive

client.presence.helper

client.presence.helper

CSZAppDB::ExecuteMigrationCode

CSZAppDB::ExecuteMigrationCode

last-execute-time

last-execute-time

last-execute-result

last-execute-result

last-execute-result-text

last-execute-result-text

stored-action.saved

stored-action.saved

never-executed

never-executed

CSZApplicationPipeClient::_Execute

CSZApplicationPipeClient::_Execute

pipe.closed

pipe.closed

CSZApplicationPipeClient::GetWrapper

CSZApplicationPipeClient::GetWrapper

CSZApplicationPipeClient::OnPacket

CSZApplicationPipeClient::OnPacket

external.home_service_url

external.home_service_url

stored-action.deleted

stored-action.deleted

Support

Support

CSZHomeServiceLicense::ExtractSupport

CSZHomeServiceLicense::ExtractSupport

update.binaries.full

update.binaries.full

update.binaries.incremental

update.binaries.incremental

u-u-uTu:u:u

u-u-uTu:u:u

SMTPErrorString

SMTPErrorString

CloseEmailWindowMsg

CloseEmailWindowMsg

BadUrlReplacementText

BadUrlReplacementText

BadUrlCheckingEnabled

BadUrlCheckingEnabled

BadUrlActionEnum

BadUrlActionEnum

WindowsLiveMailClientEnabled

WindowsLiveMailClientEnabled

Port

Port

BaseURL

BaseURL

LogToWindowsEventLog

LogToWindowsEventLog

Password

Password

vipre.ap.disabled

vipre.ap.disabled

vipre.ap.enabled

vipre.ap.enabled

vipre.ap.snoozed

vipre.ap.snoozed

vipre.targets.up_to_date

vipre.targets.up_to_date

CSZPipeClient::OnReadProc

CSZPipeClient::OnReadProc

CSZPipeClient::ReadData

CSZPipeClient::ReadData

CSZPipeClient::ReadProc

CSZPipeClient::ReadProc

CSZPipeClient::WriteProc

CSZPipeClient::WriteProc

X:\sz7.0.1.3\Build7\Release\x86\SZServer.pdb

X:\sz7.0.1.3\Build7\Release\x86\SZServer.pdb

KERNEL32.dll

KERNEL32.dll

MsgWaitForMultipleObjectsEx

MsgWaitForMultipleObjectsEx

USER32.dll

USER32.dll

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

ADVAPI32.dll

ADVAPI32.dll

ShellExecuteW

ShellExecuteW

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

MSVCP120.dll

MSVCP120.dll

RPCRT4.dll

RPCRT4.dll

MPR.dll

MPR.dll

MSVCR120.dll

MSVCR120.dll

_calloc_crt

_calloc_crt

__crtGetShowWindowMode

__crtGetShowWindowMode

_amsg_exit

_amsg_exit

_wcmdln

_wcmdln

_crt_debugger_hook

_crt_debugger_hook

__crtUnhandledException

__crtUnhandledException

__crtTerminateProcess

__crtTerminateProcess

__crtSetUnhandledExceptionFilter

__crtSetUnhandledExceptionFilter

WTSAPI32.dll

WTSAPI32.dll

USERENV.dll

USERENV.dll

CreateNamedPipeW

CreateNamedPipeW

ConnectNamedPipe

ConnectNamedPipe

WaitNamedPipeW

WaitNamedPipeW

DisconnectNamedPipe

DisconnectNamedPipe

VERSION.dll

VERSION.dll

.?AVDelegate@CSZApplicationPipeServer@@

.?AVDelegate@CSZApplicationPipeServer@@

.?AVCSZSQLDatabase@@

.?AVCSZSQLDatabase@@

.PAVbad_cast@std@@

.PAVbad_cast@std@@

.PAVexception@std@@

.PAVexception@std@@

.PAVrange_error@std@@

.PAVrange_error@std@@

.PAVruntime_error@std@@

.PAVruntime_error@std@@

.?AVListener@CSZApplicationPipeServer@@

.?AVListener@CSZApplicationPipeServer@@

.?AVCSZPWKeyValueNotify@@

.?AVCSZPWKeyValueNotify@@

.?AVCSZSQLStatement@@

.?AVCSZSQLStatement@@

.?AVCSZPacketPipeServer@@

.?AVCSZPacketPipeServer@@

.?AVCSZPipeServer@@

.?AVCSZPipeServer@@

.?AVCSZApplicationPipeServer@@

.?AVCSZApplicationPipeServer@@

.?AVCSZPipeClient@@

.?AVCSZPipeClient@@

.?AVCSZPacketPipeClient@@

.?AVCSZPacketPipeClient@@

.?AVCSZPacketPipeConnection@@

.?AVCSZPacketPipeConnection@@

.?AVCSZPipeConnection@@

.?AVCSZPipeConnection@@

.?AVCSZApplicationPipeClient@@

.?AVCSZApplicationPipeClient@@

.?AV?$TSZThreadQueue@VCSZPWHttpRetryRequest@@@@

.?AV?$TSZThreadQueue@VCSZPWHttpRetryRequest@@@@

.?AV?$TSZThreadQueue@USSZPendingHTTPRequest@@@@

.?AV?$TSZThreadQueue@USSZPendingHTTPRequest@@@@

.?AVDelegate@?$TSZThreadQueue@VCSZPWHttpRetryRequest@@@@

.?AVDelegate@?$TSZThreadQueue@VCSZPWHttpRetryRequest@@@@

.?AVDelegate@?$TSZThreadQueue@USSZPendingHTTPRequest@@@@

.?AVDelegate@?$TSZThreadQueue@USSZPendingHTTPRequest@@@@

.?AVCSZPWHttpResponse@@

.?AVCSZPWHttpResponse@@

.?AVCSZPWHttpRetryRequest@@

.?AVCSZPWHttpRetryRequest@@

.?AVCSZPWHttpStatus@@

.?AVCSZPWHttpStatus@@

.?AVCSQLMigrationStep@@

.?AVCSQLMigrationStep@@

.?AVCSZPWHttpRequest@@

.?AVCSZPWHttpRequest@@

.?AVCSZPWHttpRetryResponse@@

.?AVCSZPWHttpRetryResponse@@

.?AVCVIPREWebFilterEvents@@

.?AVCVIPREWebFilterEvents@@

.?AU_ISBWebFilterEvents@@

.?AU_ISBWebFilterEvents@@

.?AVCSZPipeServerThread@CSZPipeServer@@

.?AVCSZPipeServerThread@CSZPipeServer@@

.?AVCSZPipeConnectionThread@CSZPipeConnection@@

.?AVCSZPipeConnectionThread@CSZPipeConnection@@

.?AVIO@CSZPipeClient@@

.?AVIO@CSZPipeClient@@

.?AVCMD5Checksum@@

.?AVCMD5Checksum@@

]]>

]]>

true

true

?%? ?1?7?

?%? ?1?7?

8%9*9:9]9

8%9*9:9]9

2-343`3*414]4

2-343`3*414]4

67P7|7

67P7|7

0.080\0|1

0.080\0|1

3:3?3^3|3

3:3?3^3|3

>(?,?0?4?

>(?,?0?4?

0014181

0014181

7 7$7(7,7074787

7 7$7(7,7074787

8 8$8(8,808

8 8$8(8,808

9&9.979=9

9&9.979=9

88v8

88v8

2!32373[3

2!32373[3

0&242_2{2

0&242_2{2

7‚8u8

7‚8u8

1229235:5

1229235:5

1(2,2024282

1(2,2024282

=,>0>4>8>

=,>0>4>8>

5%6U6

5%6U6

7-8}8

7-8}8

0%1U1

0%1U1

5*565[5~5

5*565[5~5

:?;|;5

:?;|;5

1%2u2

1%2u2

3 3$3(3,3

3 3$3(3,3

%hs: ApplyThreatUpdateBlocking %s; definitions unchanged from %d

%hs: ApplyThreatUpdateBlocking %s; definitions unchanged from %d

%hs: ApplyThreatUpdateBlocking %s; definitions updated from %d to %d, but expected %d

%hs: ApplyThreatUpdateBlocking %s; definitions updated from %d to %d, but expected %d

%hs: ApplyThreatUpdateBlocking %s; definitions updated from %d to %d

%hs: ApplyThreatUpdateBlocking %s; definitions updated from %d to %d

%hs: missing full update required from version %d to (at least) %d

%hs: missing full update required from version %d to (at least) %d

%hs: full update to (at least) version %d required; update to version %d found

%hs: full update to (at least) version %d required; update to version %d found

%hs: non-sequential incremental update; expected %d, got %d

%hs: non-sequential incremental update; expected %d, got %d

Legacy DB: Failed to compile statement '%s' [%u|%s]

Legacy DB: Failed to compile statement '%s' [%u|%s]

Legacy DB: Failed to get value '%hs' for user '%hs' [%d|%s]

Legacy DB: Failed to get value '%hs' for user '%hs' [%d|%s]

Legacy DB: Failed to get system value '%hs' [%d|%s]

Legacy DB: Failed to get system value '%hs' [%d|%s]

Scan Thread: Awakened with scan request (0xX).

Scan Thread: Awakened with scan request (0xX).

scan_clean.xml

scan_clean.xml

%SystemDrive%\Program Files

%SystemDrive%\Program Files

%SystemDrive%\Program Files (x86)

%SystemDrive%\Program Files (x86)

%SystemDrive%\Windows

%SystemDrive%\Windows

%SystemDrive%\programdata

%SystemDrive%\programdata

%SystemDrive%\users

%SystemDrive%\users

%SystemDrive%\documents and settings

%SystemDrive%\documents and settings

settings.scan.low-severity

settings.scan.low-severity

settings.scan.root-kits

settings.scan.root-kits

settings.scan.low-priority

settings.scan.low-priority

settings.scan.update

settings.scan.update

settings.scan.archives

settings.scan.archives

settings.scan.auto-clean

settings.scan.auto-clean

settings.scan.reboot-after-clean

settings.scan.reboot-after-clean

settings.scan.cookies

settings.scan.cookies

settings.scan.removable

settings.scan.removable

nsettings.app.battery-power

nsettings.app.battery-power

%hs: stored scan '%s' (type %d) started.

%hs: stored scan '%s' (type %d) started.

%hs: stored scan '%s' (type %d) failed to start (ERROR)

%hs: stored scan '%s' (type %d) failed to start (ERROR)

%hs: stored scan '%s' (type %d) failed to start (BUSY)

%hs: stored scan '%s' (type %d) failed to start (BUSY)

%hs: stored scan '%s' (type %d) failed to start (CHECKING_FOR_UPDATES)

%hs: stored scan '%s' (type %d) failed to start (CHECKING_FOR_UPDATES)

%hs: stored scan '%s' (type %d) failed to start (REBOOT_REQUIRED)

%hs: stored scan '%s' (type %d) failed to start (REBOOT_REQUIRED)

%hs: stored scan '%s' (type %d) failed to start (RUNNING)

%hs: stored scan '%s' (type %d) failed to start (RUNNING)

ServerAction: Action recieved (%d).

ServerAction: Action recieved (%d).

ServerAction: Unknown action (%d).

ServerAction: Unknown action (%d).

%hs: Unexpected result from wait (%u).

%hs: Unexpected result from wait (%u).

updates.vipre-targets.available

updates.vipre-targets.available

GFI.Tools.Run64.exe

GFI.Tools.Run64.exe

SBSetupDrivers.exe" /update /HIPS /ARVA /FW /AP

SBSetupDrivers.exe" /update /HIPS /ARVA /FW /AP

SBSetupDrivers.exe

SBSetupDrivers.exe

VIPRE Reporting drivers already installed.

VIPRE Reporting drivers already installed.

SBSetupDrivers.exe" /install /HIPS /ARVA /FW /AP

SBSetupDrivers.exe" /install /HIPS /ARVA /FW /AP

SBSetupDrivers.exe" /uninstall /HIPS /ARVA /FW /AP

SBSetupDrivers.exe" /uninstall /HIPS /ARVA /FW /AP

Executed: (Exit Code - %u) "%s" %s

Executed: (Exit Code - %u) "%s" %s

Failed to get exit code executing: "%s" %s

Failed to get exit code executing: "%s" %s

Wait failed executing: (0xX) "%s" %s

Wait failed executing: (0xX) "%s" %s

Error executing: "%s" %s

Error executing: "%s" %s

Session: New session (%u) (First Run: %s)

Session: New session (%u) (First Run: %s)

STOPzilla.exe

STOPzilla.exe

Session: Unable to start '%s' [%u|%s].

Session: Unable to start '%s' [%u|%s].

Session: Closed session (%u)

Session: Closed session (%u)

license.legacy_check

license.legacy_check

Licensing: Imported legacy instance key '%s'.

Licensing: Imported legacy instance key '%s'.

license.legacy_imported

license.legacy_imported

dVIPRE: Request to toggle AV (Enable: %s).

dVIPRE: Request to toggle AV (Enable: %s).

VIPRE: Request to toggle AV Executing (Enable: %s).

VIPRE: Request to toggle AV Executing (Enable: %s).

VIPRE: AP Status change (%d).

VIPRE: AP Status change (%d).

VIPRE: AP State change (%d).

VIPRE: AP State change (%d).

%d-%m-%Y %H:%M

%d-%m-%Y %H:%M

System Boot: First Boot - Local Time: %s

System Boot: First Boot - Local Time: %s

System Boot: Rebooted - Local Time: %s

System Boot: Rebooted - Local Time: %s

System Boot: System did not reboot - Local Time: %s.

System Boot: System did not reboot - Local Time: %s.

userdata.db

userdata.db

VIPRE Infection: %s

VIPRE Infection: %s

%hs(%d)

%hs(%d)

[%d/%m/%Y %H:%M:%S]

[%d/%m/%Y %H:%M:%S]

(%s%s%s%s%s):

(%s%s%s%s%s):

%hs: '%s' (0xX)

%hs: '%s' (0xX)

%hs: unable to compile empty or missing SQL statement

%hs: unable to compile empty or missing SQL statement

%hs: failed to compile '%s' [%d|%hs]

%hs: failed to compile '%s' [%d|%hs]

"%s" %s

"%s" %s

explorer.exe

explorer.exe

hkcu\software\microsoft\windows\shell\associations\urlassociations\http\userchoice

hkcu\software\microsoft\windows\shell\associations\urlassociations\http\userchoice

hkcr\http\shell\open\command

hkcr\http\shell\open\command

%hs(%d): failed [%u|%s]

%hs(%d): failed [%u|%s]

%hs(%u, %u): failed [%u|%s]

%hs(%u, %u): failed [%u|%s]

Kernel32.dll

Kernel32.dll

s%s%s

s%s%s

%s%s%s%s

%s%s%s%s

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

HKEY_USERS

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_DYN_DATA

application-pipe-server

application-pipe-server

%hs: no wrapper for opCode %u

%hs: no wrapper for opCode %u

%hs: failed to download '%s' from '%hs' [%u|%s]

%hs: failed to download '%s' from '%hs' [%u|%s]

%hs: failed to decode '%s' from '%hs' [%u|%s]

%hs: failed to decode '%s' from '%hs' [%u|%s]

%hs: failed to open '%s' [%u|%s]

%hs: failed to open '%s' [%u|%s]

%hs: failed to get length of '%s' [%u|%s]

%hs: failed to get length of '%s' [%u|%s]

%hs: failed to verify length of '%s'; expected %I64u but got %I64u instead [%u|%s]

%hs: failed to verify length of '%s'; expected %I64u but got %I64u instead [%u|%s]

%hs: failed to compute hash of '%s' [%u|%s]

%hs: failed to compute hash of '%s' [%u|%s]

%hs: failed to verify hash of '%s'; expected '%hs' but got '%hs' instead [%u|%s]

%hs: failed to verify hash of '%s'; expected '%hs' but got '%hs' instead [%u|%s]

%hs: downloaded '%s' from '%hs' to '%s', with size %I64u

%hs: downloaded '%s' from '%hs' to '%s', with size %I64u

%hs: downloaded '%s' from '%hs' to '%s', with size %I64u and %s hash '%hs'

%hs: downloaded '%s' from '%hs' to '%s', with size %I64u and %s hash '%hs'

%hs: ENCODING_ZFZIP specified; failed to open archive '%s' [%u|%s]

%hs: ENCODING_ZFZIP specified; failed to open archive '%s' [%u|%s]

%hs: ENCODING_ZFZIP specified; archive does not contain '%s'

%hs: ENCODING_ZFZIP specified; archive does not contain '%s'

%hs: ENCODING_ZFZIP specified; failed to create/open unique file '%s' [%u|%s]

%hs: ENCODING_ZFZIP specified; failed to create/open unique file '%s' [%u|%s]

%hs: ENCODING_ZFZIP specified; failed to extract file '%s' [%u|%s]

%hs: ENCODING_ZFZIP specified; failed to extract file '%s' [%u|%s]

%hs: ENCODING_ZFZIP specified; failed to write file '%s' [%u|%s]

%hs: ENCODING_ZFZIP specified; failed to write file '%s' [%u|%s]

%hs: ENCODING_ZFZIP specified; '%s' extracted from '%s' into '%s'

%hs: ENCODING_ZFZIP specified; '%s' extracted from '%s' into '%s'

.available

.available

.timestamp

.timestamp

%hs: component '%hs' skipped with result %d

%hs: component '%hs' skipped with result %d

%hs: failed to delete file '%s' [%u|%s]

%hs: failed to delete file '%s' [%u|%s]

%hs: no token key provided

%hs: no token key provided

%hs: unexpected token key '%hs'

%hs: unexpected token key '%hs'

SetProcessAffinityMask failed [%u|%s]

SetProcessAffinityMask failed [%u|%s]

Working Directory: %s

Working Directory: %s

CSZLogManager::Initialize(0x%X) failed [%u|%s]

CSZLogManager::Initialize(0x%X) failed [%u|%s]

ConstructLogFile(%s) failed [%u|%s]

ConstructLogFile(%s) failed [%u|%s]

support.phone.%

support.phone.%

support.phone.

support.phone.

%hs: duplicate component (%d|%hs)

%hs: duplicate component (%d|%hs)

%hs: unable to parse received action content '%hs' [%u]

%hs: unable to parse received action content '%hs' [%u]

%hs: attempt to execute an action with no implementation!

%hs: attempt to execute an action with no implementation!

%hs: %hs named '%s' updated to %u

%hs: %hs named '%s' updated to %u

external.override.scheduled.updates.interval

external.override.scheduled.updates.interval

scheduled.phone-home.get.

scheduled.phone-home.get.

Error: Unexpected message loop (0xX).

Error: Unexpected message loop (0xX).

Install complete (%d).

Install complete (%d).

Upgrade complete (%d).

Upgrade complete (%d).

default_external_config.xml

default_external_config.xml

Default External Config: Document not found 'default_external_config.xml'.

Default External Config: Document not found 'default_external_config.xml'.

External Config: 'external.product' found. Bypassing default external config load.

External Config: 'external.product' found. Bypassing default external config load.

Failed to import property '%s'

Failed to import property '%s'

Unsuccessful import of SZSetup supplied external config

Unsuccessful import of SZSetup supplied external config

Rejected external property '%s' with value '%s'

Rejected external property '%s' with value '%s'

Importing external property '%s' with value '%s' as '%s'

Importing external property '%s' with value '%s' as '%s'

Importing external property '%s' with value '%s'

Importing external property '%s' with value '%s'

%s Initializing

%s Initializing

AllocConsole() failed [%u|%s]

AllocConsole() failed [%u|%s]

Unhandled exception processing console command: %s

Unhandled exception processing console command: %s

Unrecognized console command: %s

Unrecognized console command: %s

StartServiceCtrlDispatcher failed [%u|%s]

StartServiceCtrlDispatcher failed [%u|%s]

%hs(%s, %u)

%hs(%s, %u)

%hs(%u, %u)

%hs(%u, %u)

SetServiceStatus failed [%u|%s]

SetServiceStatus failed [%u|%s]

Could not create event '%s'.

Could not create event '%s'.

Unable to start pipe server.

Unable to start pipe server.

/sz_pipe

/sz_pipe

External Config: Failed to connect to SZSetup.exe '%s'. (%u)

External Config: Failed to connect to SZSetup.exe '%s'. (%u)

%s Version: %s

%s Version: %s

%s Product Version: %s

%s Product Version: %s

OS: %s

OS: %s

CPU Type: %s

CPU Type: %s

CPU Count: %d

CPU Count: %d

CPU Cores: %d

CPU Cores: %d

CPU Logical Cores: %d

CPU Logical Cores: %d

Memory Total: %d MB

Memory Total: %d MB

Memory Available: %d MB

Memory Available: %d MB

Memory Page File: %d MB

Memory Page File: %d MB

e%hs: Replacing client session information for process %u

e%hs: Replacing client session information for process %u

%hs: Caching client session information for process %u

%hs: Caching client session information for process %u

t%hs: discarding client information for terminating process %u

t%hs: discarding client information for terminating process %u

%hs: uncached client with process ID %u

%hs: uncached client with process ID %u

%hs: discarding client information for disconnected process %u

%hs: discarding client information for disconnected process %u

Failed: %s

Failed: %s

Exception: %s

Exception: %s

%s in transaction

%s in transaction

Licensing: Update License: valid(X) instance(%s) type(%d) start_date(%I64d) end_date(%I64d) renewable(%d) reseller(%d) haveContactInfo(%d)

Licensing: Update License: valid(X) instance(%s) type(%d) start_date(%I64d) end_date(%I64d) renewable(%d) reseller(%d) haveContactInfo(%d)

INSERT INTO migration_history (version, phase) VALUES (%d, %d)

INSERT INTO migration_history (version, phase) VALUES (%d, %d)

Failed to get value '%hs' for user '%hs' [%d|%s]

Failed to get value '%hs' for user '%hs' [%d|%s]

Failed to get system value '%hs' [%d|%s]

Failed to get system value '%hs' [%d|%s]

Failed to set value '%hs' for user '%hs' [%u|%s]

Failed to set value '%hs' for user '%hs' [%u|%s]

Failed to set system value '%hs' [%u|%s]

Failed to set system value '%hs' [%u|%s]

Failed to delete value '%hs' for user '%hs' [%u|%s]

Failed to delete value '%hs' for user '%hs' [%u|%s]

Failed to delete system value '%hs' [%u|%s]

Failed to delete system value '%hs' [%u|%s]

Failed to delete %hs keys %s %s [%u|%s]

Failed to delete %hs keys %s %s [%u|%s]

Failed to write message %d [%u|%s]

Failed to write message %d [%u|%s]

'%s' cannot be opened and cannot be set aside

'%s' cannot be opened and cannot be set aside

'%s' set aside but new file not opened

'%s' set aside but new file not opened

'%s' set aside and recreated

'%s' set aside and recreated

'%s' not created

'%s' not created

No phase %d (%hs) migration necessary; current migration is %d

No phase %d (%hs) migration necessary; current migration is %d

Phase %d (%hs) migration mismatch - DB is %d and application is %d

Phase %d (%hs) migration mismatch - DB is %d and application is %d

'%s' cannot be set aside

'%s' cannot be set aside

Migrated phase %d (%hs) from version %d to %d

Migrated phase %d (%hs) from version %d to %d

SELECT value_type, value_data FROM kv_data WHERE user=? AND key=?

SELECT value_type, value_data FROM kv_data WHERE user=? AND key=?

SELECT key, value_type, value_data FROM kv_data WHERE user=? AND key LIKE ?

SELECT key, value_type, value_data FROM kv_data WHERE user=? AND key LIKE ?

REPLACE INTO kv_data (user, key, value_type, value_data) VALUES (?, ?, ?, ?)

REPLACE INTO kv_data (user, key, value_type, value_data) VALUES (?, ?, ?, ?)

DELETE FROM kv_data WHERE user=? AND key=?

DELETE FROM kv_data WHERE user=? AND key=?

DELETE FROM kv_data WHERE user=? AND key LIKE ?

DELETE FROM kv_data WHERE user=? AND key LIKE ?

DELETE FROM kv_data WHERE user=? AND key NOT LIKE ?

DELETE FROM kv_data WHERE user=? AND key NOT LIKE ?

Failed to compile statement '%s' [%u|%s]

Failed to compile statement '%s' [%u|%s]

Failed to execute statement '%s' [%u|%s]

Failed to execute statement '%s' [%u|%s]

%hs: CreateFile('%s') failed [%u|%s]

%hs: CreateFile('%s') failed [%u|%s]

CONFIG.XML

CONFIG.XML

%hs: invalid option '%c' for component (%d/%hs)

%hs: invalid option '%c' for component (%d/%hs)

%hs: option '%c' for component (%d/%hs) requires value for variable %hs

%hs: option '%c' for component (%d/%hs) requires value for variable %hs

%hs: option '%c' for component (%d/%hs) contains unbalanced variable delimiters

%hs: option '%c' for component (%d/%hs) contains unbalanced variable delimiters

application-pipe-client

application-pipe-client

%hs: wait failed with unexpected result %u

%hs: wait failed with unexpected result %u

%hs: unhandled incoming packet - opCode(%u)

%hs: unhandled incoming packet - opCode(%u)

SZNetAssistant.exe

SZNetAssistant.exe

%hs: hang up request for incorrect context; expected %u and got %u

%hs: hang up request for incorrect context; expected %u and got %u

e%hs: request with context %u and payload '%hs' rejected by context %u

e%hs: request with context %u and payload '%hs' rejected by context %u

e%hs: no database available for SQL statement '%s'

e%hs: no database available for SQL statement '%s'

%hs: failed to compile SQL statement '%s'

%hs: failed to compile SQL statement '%s'

%hs: found duplicate name '%s' for type '%hs'

%hs: found duplicate name '%s' for type '%hs'

%hs: timer %I64u scheduled action '%s' to run in %ums

%hs: timer %I64u scheduled action '%s' to run in %ums

%hs: not scheduling action '%s' because it reported no future interval

%hs: not scheduling action '%s' because it reported no future interval

%hs: executing action '%s'

%hs: executing action '%s'

%hs: no action to execute

%hs: no action to execute

Failed to execute function '%hs' [%u|%s]

Failed to execute function '%hs' [%u|%s]

Failed to set value '%hs' [%u|%s]

Failed to set value '%hs' [%u|%s]

%hs: unsupported step '%hs'

%hs: unsupported step '%hs'

sSZFileAssistant.exe

sSZFileAssistant.exe

%hs: missing file '%s' required

%hs: missing file '%s' required

%hs: can't compute hash of '%s'; getting file

%hs: can't compute hash of '%s'; getting file

%hs: modified file '%s' required

%hs: modified file '%s' required

%hs: failed to create folder '%s' [%u|%s]

%hs: failed to create folder '%s' [%u|%s]

nexternal.type

nexternal.type

external.validation.file

external.validation.file

external.validation.version

external.validation.version

external.timestamp

external.timestamp

%hs: internal error - import failed

%hs: internal error - import failed

%hs: updated license type(%d) end_date(%I64d) renewable(%d) reseller(%d) haveContactInfo(%d)

%hs: updated license type(%d) end_date(%I64d) renewable(%d) reseller(%d) haveContactInfo(%d)

%hs: failed to update license type(%d) end_date(%I64d) renewable(%d) reseller(%d) haveContactInfo(%d) [%u|%s]

%hs: failed to update license type(%d) end_date(%I64d) renewable(%d) reseller(%d) haveContactInfo(%d) [%u|%s]

%hs: duplicate region key '%s'

%hs: duplicate region key '%s'

%hs: missing value for region '%s' and status '%hs'

%hs: missing value for region '%s' and status '%hs'

%hs: invalid status value '%hs' for region '%s'

%hs: invalid status value '%hs' for region '%s'

%hs: missing %d of %d expected statuses in region '%s'

%hs: missing %d of %d expected statuses in region '%s'

%hs: assistant '%s' being destroyed with %u clients

%hs: assistant '%s' being destroyed with %u clients

%hs: failed to launch assistant '%s' [%u|%s]

%hs: failed to launch assistant '%s' [%u|%s]

%hs: failure after launching assistant '%s' [%u|%s]

%hs: failure after launching assistant '%s' [%u|%s]

%hs: incremented open count (%u) for assistant '%s'

%hs: incremented open count (%u) for assistant '%s'

%hs: reusing connection for assistant '%s'

%hs: reusing connection for assistant '%s'

%hs: attempt to release unopened assistant '%s'

%hs: attempt to release unopened assistant '%s'

%hs: decrementing open count (%u) for assistant '%s'

%hs: decrementing open count (%u) for assistant '%s'

e%hs: invalid response opcode; expected %u, got %u

e%hs: invalid response opcode; expected %u, got %u

%hs: not closing assistant '%s' because its open count is %u

%hs: not closing assistant '%s' because its open count is %u

%hs: cannot reply to missing ack in assistant '%s'!

%hs: cannot reply to missing ack in assistant '%s'!

%hs: TerminateProcess failed on process %u [%u|%s]

%hs: TerminateProcess failed on process %u [%u|%s]

%hs: ExecuteUserProcess('%s', '%s', %s, %u, %d, %s, &m_process, &m_pid) failed [%u|%s]

%hs: ExecuteUserProcess('%s', '%s', %s, %u, %d, %s, &m_process, &m_pid) failed [%u|%s]

%hs: ExecuteSystemProcess('%s', '%s', %s, %s, &m_process, &m_pid) failed [%u|%s]

%hs: ExecuteSystemProcess('%s', '%s', %s, %s, &m_process, &m_pid) failed [%u|%s]

%hs: wait for '%s' interrupted by Close request

%hs: wait for '%s' interrupted by Close request

%hs: wait for '%s' interrupted by shutdown request

%hs: wait for '%s' interrupted by shutdown request

%hs: wait for '%s' interrupted by its' own termination

%hs: wait for '%s' interrupted by its' own termination

%hs: wait for '%s' interrupted for unexpected reason [%u]

%hs: wait for '%s' interrupted for unexpected reason [%u]

%hs: parse error on markup '%hs' [%u|%s]

%hs: parse error on markup '%hs' [%u|%s]

%hs: element '%hs' not supported by config object factory

%hs: element '%hs' not supported by config object factory

%hs: failed to delete '%s' [%u|%s]

%hs: failed to delete '%s' [%u|%s]

\msiexec.exe

\msiexec.exe

%hs: failed to launch msiexec [%u|%s]

%hs: failed to launch msiexec [%u|%s]

%hs: '%s' opened without an ack!

%hs: '%s' opened without an ack!

Global\update.binaries.skip_wait

Global\update.binaries.skip_wait

%hs: waiting %u ms before applying updates

%hs: waiting %u ms before applying updates

%hs: Warn did NOT timeout (%u)

%hs: Warn did NOT timeout (%u)

d%hs: file '%s' not found

d%hs: file '%s' not found

updates.binaries.

updates.binaries.

%hs: [empty original] %s

%hs: [empty original] %s

%hs: [remove] %s

%hs: [remove] %s

%hs: [missing replacement] %s

%hs: [missing replacement] %s

%hs: [add] %s

%hs: [add] %s

%hs: [replace] %s

%hs: [replace] %s

%hs: moved '%s' to '%s'

%hs: moved '%s' to '%s'

%hs: failed to move '%s' to '%s' [%u|%s]

%hs: failed to move '%s' to '%s' [%u|%s]

%hs: failed to locate '%s' [%u|%s]

%hs: failed to locate '%s' [%u|%s]

%hs: failed to reset dacl on '%s' [%u|%s]

%hs: failed to reset dacl on '%s' [%u|%s]

%hs: failed to remove '%s' [%u|%s]

%hs: failed to remove '%s' [%u|%s]

%hs: deleted '%s'

%hs: deleted '%s'

CreateInstance(CLSID_SBService) returned 0xX

CreateInstance(CLSID_SBService) returned 0xX

CreateInstance(CLSID_SBLogger) returned 0xX

CreateInstance(CLSID_SBLogger) returned 0xX

CreateInstance(CLSID_SBActiveProtection) returned 0xX

CreateInstance(CLSID_SBActiveProtection) returned 0xX

CreateInstance(CLSID_SBScanControl) returned 0xX

CreateInstance(CLSID_SBScanControl) returned 0xX

CreateInstance(CLSID_SBQuarantine) returned 0xX

CreateInstance(CLSID_SBQuarantine) returned 0xX

CreateInstance(CLSID_SBRegistration) returned 0xX

CreateInstance(CLSID_SBRegistration) returned 0xX

CreateInstance(CLSID_SBSoftwareUpdates) returned 0xX

CreateInstance(CLSID_SBSoftwareUpdates) returned 0xX

CreateInstance(CLSID_SBThreatDefinitions) returned 0xX

CreateInstance(CLSID_SBThreatDefinitions) returned 0xX

CreateInstance(CLSID_SBVipre) returned 0xX

CreateInstance(CLSID_SBVipre) returned 0xX

CreateInstance(CLSID_SBWSC) returned 0xX

CreateInstance(CLSID_SBWSC) returned 0xX

CreateInstance(CLSID_SBEmailAV) returned 0xX

CreateInstance(CLSID_SBEmailAV) returned 0xX

CreateInstance(CLSID_SBFirewall) returned 0xX

CreateInstance(CLSID_SBFirewall) returned 0xX

CreateInstance(CLSID_SBWebFilter) returned 0xX

CreateInstance(CLSID_SBWebFilter) returned 0xX

CreateInstance(CLSID_SBHIPS) returned 0xX

CreateInstance(CLSID_SBHIPS) returned 0xX

CreateInstance(CLSID_SBLanGuard) returned 0xX

CreateInstance(CLSID_SBLanGuard) returned 0xX

Released ISBFirewallWebFilter

Released ISBFirewallWebFilter

vipre.config.scan.known-apps.reset

vipre.config.scan.known-apps.reset

%hs: VIPRE failure [0xX|%s]

%hs: VIPRE failure [0xX|%s]

VIPRE: Error communicating to set back the config: %s

VIPRE: Error communicating to set back the config: %s

Incompatibles Check: Did not find program data in '%s' or '%s'

Incompatibles Check: Did not find program data in '%s' or '%s'

eEnableAP() returned 0xX

eEnableAP() returned 0xX

DisableAP() returned 0xX

DisableAP() returned 0xX

%hs: file error [%u|%s]

%hs: file error [%u|%s]

IncompatiblePrograms.dll

IncompatiblePrograms.dll

incompats.dat

incompats.dat

Incompatibles Check: Found '%s' but not '%s'

Incompatibles Check: Found '%s' but not '%s'

Incompatibles Check: Found but did not load '%s' [%u|%s]

Incompatibles Check: Found but did not load '%s' [%u|%s]

Incompatibles Check: '%s' does not contain function '%hs'

Incompatibles Check: '%s' does not contain function '%hs'

%PRODUCTLONG% detected %THREATNAME% in attachment %ATTACHMENTNAME%; The attachment has been cleaned.%CRLFÞfinitions Version = %THREATDEFVERSION%%CRLF%STOPzilla Version = %VIPREVERSION%

%PRODUCTLONG% detected %THREATNAME% in attachment %ATTACHMENTNAME%; The attachment has been cleaned.%CRLFÞfinitions Version = %THREATDEFVERSION%%CRLF%STOPzilla Version = %VIPREVERSION%

%PRODUCTLONG% detected %THREATNAME% in attachment %ATTACHMENTNAME%; The attachment has been quarantined. You can unquarantine this suspicious file from the %PRODUCT% application.%CRLFÞfinition Version = %THREATDEFVERSION%%CRLF%STOPzilla Version = %VIPREVERSION%

%PRODUCTLONG% detected %THREATNAME% in attachment %ATTACHMENTNAME%; The attachment has been quarantined. You can unquarantine this suspicious file from the %PRODUCT% application.%CRLFÞfinition Version = %THREATDEFVERSION%%CRLF%STOPzilla Version = %VIPREVERSION%

%PRODUCTLONG% detected %THREATNAME% in attachment %ATTACHMENTNAME%; The attachment has been deleted.%CRLFÞfinitions Version = %THREATDEFVERSION%%CRLF%STOPzilla Version = %VIPREVERSION%

%PRODUCTLONG% detected %THREATNAME% in attachment %ATTACHMENTNAME%; The attachment has been deleted.%CRLFÞfinitions Version = %THREATDEFVERSION%%CRLF%STOPzilla Version = %VIPREVERSION%

%PRODUCT% Anti-phishing removed a known bad URL from your email message. It was deleted or quarantined and replaced with this message.

%PRODUCT% Anti-phishing removed a known bad URL from your email message. It was deleted or quarantined and replaced with this message.

SZWSC.exe

SZWSC.exe

%hs: not launching '%s' - no arguments

%hs: not launching '%s' - no arguments

%hs: failed to launch '%s' with arguments '%s' [%u|%s]

%hs: failed to launch '%s' with arguments '%s' [%u|%s]

%hs: launched '%s' with arguments '%s'

%hs: launched '%s' with arguments '%s'

%hs: waiting for '%s' to finish...

%hs: waiting for '%s' to finish...

%hs: unexpected wait termination [%u]

%hs: unexpected wait termination [%u]

%hs: OpenSCManager failed [%u|%s]

%hs: OpenSCManager failed [%u|%s]

%hs: OpenService failed [%u|%s]

%hs: OpenService failed [%u|%s]

Advapi32.dll

Advapi32.dll

%hs: unable to load Advapi32.dll

%hs: unable to load Advapi32.dll

%hs: queue '%s', index %u - thread 0x%X started

%hs: queue '%s', index %u - thread 0x%X started

%hs: queue '%s', index %u - wait failed with result %u

%hs: queue '%s', index %u - wait failed with result %u

%hs: queue '%s', index %u - thread 0x%X ending

%hs: queue '%s', index %u - thread 0x%X ending

%hs: queue '%s' - attempt to start while abort is signalled

%hs: queue '%s' - attempt to start while abort is signalled

%hs: queue '%s', index %u - failed to start [%u|%s]

%hs: queue '%s', index %u - failed to start [%u|%s]

%hs: queue '%s', index %u - thread completed

%hs: queue '%s', index %u - thread completed

\\.\pipe\

\\.\pipe\

dbghelp.dll

dbghelp.dll

%s%d.dmp

%s%d.dmp

%s%d.log

%s%d.log

Unhandled Exception: Code(0xX) Addess(0xX)

Unhandled Exception: Code(0xX) Addess(0xX)

Windows 95

Windows 95

Windows 98

Windows 98

Windows ME

Windows ME

Windows NT 4.0

Windows NT 4.0

Windows 2000

Windows 2000

Windows XP

Windows XP

Windows .Net

Windows .Net

Windows Vista

Windows Vista

Windows 7

Windows 7

Windows Server 2008

Windows Server 2008

Windows Server 2008 R2

Windows Server 2008 R2

Windows 8

Windows 8

Windows 8.1

Windows 8.1

Windows 10

Windows 10

Windows 2012 Server

Windows 2012 Server

Windows 2012 Server R2

Windows 2012 Server R2

Web Server

Web Server

%s ~%d MHZ

%s ~%d MHZ

GetLogicalProcessorInformation is not supported.

GetLogicalProcessorInformation is not supported.

Unable to determine windows version

Unable to determine windows version

%u.%u.%u

%u.%u.%u

kernel32.dll

kernel32.dll

Windows Vista

Windows Vista

Windows Server 2008

Windows Server 2008

Windows 7

Windows 7

Windows Server 2008 R2

Windows Server 2008 R2

Windows 8

Windows 8

Windows Server 2012

Windows Server 2012

Web Server Edition

Web Server Edition

Windows Server 2003 R2,

Windows Server 2003 R2,

Windows Storage Server 2003

Windows Storage Server 2003

Windows Home Server

Windows Home Server

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition

Windows Server 2003,

Windows Server 2003,

Web Edition

Web Edition

Windows XP

Windows XP

Windows 2000

Windows 2000

(build %d)

(build %d)

%hs: expected sequence number greater than or equal to %u; got %u instead

%hs: expected sequence number greater than or equal to %u; got %u instead

%hs: packet %u of request %u indicated no more data when %u packets remain.

%hs: packet %u of request %u indicated no more data when %u packets remain.

[Client]: Closing connection (0xX).

[Client]: Closing connection (0xX).

[Client]: Open connection (0xX).

[Client]: Open connection (0xX).

%hs: async read failed [%u|%s]

%hs: async read failed [%u|%s]

%hs: failed to process %u transfered bytes

%hs: failed to process %u transfered bytes

a%hs: ReadFileEx failed [%u|%s]

a%hs: ReadFileEx failed [%u|%s]

%hs: expected packet buffer of %u bytes; got %u bytes

%hs: expected packet buffer of %u bytes; got %u bytes

%hs: expected packet size in %u bytes; got %u bytes

%hs: expected packet size in %u bytes; got %u bytes

%hs: received %u bytes; 0 expected

%hs: received %u bytes; 0 expected

xx

xx

C:\ProgramData\STOPzilla!\dumps\SZServer.exefatal

C:\ProgramData\STOPzilla!\dumps\SZServer.exefatal

7.0.1.3

7.0.1.3

SZServer.exe

SZServer.exe

SBAMSvc.exe_3448:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

t SSh

t SSh

SShTZ6

SShTZ6

<.t>

<.t>

777777777

777777777

7777777

7777777

!7"77#7$%&7'()77* ,7-./017237747756

!7"77#7$%&7'()77* ,7-./017237747756

-up9}

-up9}

-ud9}

-ud9}

!"#$%&'()* ,-./01

!"#$%&'()* ,-./01

SSSSh`

SSSSh`

t.ht,

t.ht,

t2h%D

t2h%D

t.htI

t.htI

t.hk]

t.hk]

t.hjd

t.hjd

t.hgf

t.hgf

t.hDs

t.hDs

t.hN{

t.hN{

t.hQ}

t.hQ}

t.ho!

t.ho!

t.hG.

t.hG.

t.hm4

t.hm4

t.hI

t.hI

t.hq-

t.hq-

t.VhX

t.VhX

8%uvP

8%uvP

u.hp22

u.hp22

SSSht

SSSht

/u%Sj

/u%Sj

xSSSh

xSSSh

FTPjKS

FTPjKS

FtPj;S

FtPj;S

C.PjRV

C.PjRV

Tu.AUu

Tu.AUu

ffff28a4-0506-49af-8a0f-dfa9a4188c50

ffff28a4-0506-49af-8a0f-dfa9a4188c50

.ZH

.ZH

SbWF_AddPort

SbWF_AddPort

SbWF_ClearPorts

SbWF_ClearPorts

SbFweIds_LogPortScans

SbFweIds_LogPortScans

SbFwe_LogPacketsToUnopenedPorts

SbFwe_LogPacketsToUnopenedPorts

Unsupported XML version

Unsupported XML version

XML character encoding not supported

XML character encoding not supported

xmlns:xsi="hXXp://VVV.w3.org/2001/XMLSchema-instance"

xmlns:xsi="hXXp://VVV.w3.org/2001/XMLSchema-instance"

line:%d-'

line:%d-'

External Entity definitions not supported

External Entity definitions not supported

Visual C CRT: Not enough memory to complete call to strerror.

Visual C CRT: Not enough memory to complete call to strerror.

GetProcessWindowStation

GetProcessWindowStation

portuguese-brazilian

portuguese-brazilian

operator

operator

01050;0;0

01050;0;0

( ) / / _ _

( ) / / _ _

0!0)080:0

0!0)080:0

0 0 06070>0?0

0 0 06070>0?0

# #!#|#|#

# #!#|#|#

#"#(# #{#}#

#"#(# #{#}#

'()* ,-./0123456789:;

'()* ,-./0123456789:;

&!&!*! !.!.!

&!&!*! !.!.!

unterminated entity reference s

unterminated entity reference s

hXXp://VVV.w3.org/XML/1998/namespace

hXXp://VVV.w3.org/XML/1998/namespace

hXXp://

hXXp://

PTF://

PTF://

default%d

default%d

%.20s%d

%.20s%d

http-equiv

http-equiv

@/:=?;#%&,

@/:=?;#%&,

dot operator, U 22C5 ISOamsb

dot operator, U 22C5 ISOamsb

tilde operator = varies with = similar to, U 223C ISOtech

tilde operator = varies with = similar to, U 223C ISOtech

proportional to, U 221D ISOtech

proportional to, U 221D ISOtech

asterisk operator, U 2217 ISOtech

asterisk operator, U 2217 ISOtech

zero width joiner, U 200D NEW RFC 2070

zero width joiner, U 200D NEW RFC 2070

zero width non-joiner, U 200C NEW RFC 2070

zero width non-joiner, U 200C NEW RFC 2070

pluginurl

pluginurl

accesskey

accesskey

onkeyup

onkeyup

onkeydown

onkeydown

onkeypress

onkeypress

Memory allocation failed : %s

Memory allocation failed : %s

HTTP-EQUIV

HTTP-EQUIV

Char 0x%X out of allowed range

Char 0x%X out of allowed range

Unsupported encoding %s

Unsupported encoding %s

Bytes: 0xX 0xX 0xX 0xX

Bytes: 0xX 0xX 0xX 0xX

Bytes: 0xX

Bytes: 0xX

Opening and ending tag mismatch: %s and %s

Opening and ending tag mismatch: %s and %s

hXXp://VVV.w3.org/TR/REC-html40/loose.dtd

hXXp://VVV.w3.org/TR/REC-html40/loose.dtd

Element %s embeds close tag

Element %s embeds close tag

Invalid char in CDATA 0x%X

Invalid char in CDATA 0x%X

ParsePI: PI %s space expected

ParsePI: PI %s space expected

ParsePI: PI %s never end ...

ParsePI: PI %s never end ...

htmlParseCharRef: invalid xmlChar value %d

htmlParseCharRef: invalid xmlChar value %d

Attribute %s redefined

Attribute %s redefined

Unexpected end tag : %s

Unexpected end tag : %s

Tag %s invalid

Tag %s invalid

Couldn't find end of Start Tag %s

Couldn't find end of Start Tag %s

Internal error, xmlCopyCharMultiByte 0x%X out of bound

Internal error, xmlCopyCharMultiByte 0x%X out of bound

encoding not supported %s

encoding not supported %s

new input from entity: %s

new input from entity: %s

Cannot parse entity %s

Cannot parse entity %s

Internal entity %s without content !

Internal entity %s without content !

Internal parameter entity %s without content !

Internal parameter entity %s without content !

Predefined entity %s without content !

Predefined entity %s without content !

new input from file: %s

new input from file: %s

failed to load external entity "%s"

failed to load external entity "%s"

Found NULL content in content model of %s

Found NULL content in content model of %s

Found PCDATA in content model of %s

Found PCDATA in content model of %s

ContentModel broken for element %s

ContentModel broken for element %s

Cannot create automata for element %s

Cannot create automata for element %s

Content model of %s is not determinist: %s

Content model of %s is not determinist: %s

Redefinition of element %s

Redefinition of element %s

Element %s has too many ID attributes defined : %s

Element %s has too many ID attributes defined : %s

Attribute %s of %s: invalid default value

Attribute %s of %s: invalid default value

Attribute %s of element %s: already defined

Attribute %s of element %s: already defined

Element %s has too may ID attributes defined : %s

Element %s has too may ID attributes defined : %s

xmlAddNotationDecl: %s already defined

xmlAddNotationDecl: %s already defined

ID %s already defined

ID %s already defined

NOTATION %s is not declared

NOTATION %s is not declared

ENTITY attribute %s reference an unknown entity "%s"

ENTITY attribute %s reference an unknown entity "%s"

ENTITY attribute %s reference an entity "%s" of wrong type

ENTITY attribute %s reference an entity "%s" of wrong type

ENTITIES attribute %s reference an unknown entity "%s"

ENTITIES attribute %s reference an unknown entity "%s"

ENTITIES attribute %s reference an entity "%s" of wrong type

ENTITIES attribute %s reference an entity "%s" of wrong type

NOTATION attribute %s reference an unknown notation "%s"

NOTATION attribute %s reference an unknown notation "%s"

standalone: %s on %s value had to be normalized based on external subset declaration

standalone: %s on %s value had to be normalized based on external subset declaration

Syntax of default value for attribute %s of %s is not valid

Syntax of default value for attribute %s of %s is not valid

ID attribute %s of %s is not valid must be #IMPLIED or #REQUIRED

ID attribute %s of %s is not valid must be #IMPLIED or #REQUIRED

Element %s has %d ID attribute defined in the internal subset : %s

Element %s has %d ID attribute defined in the internal subset : %s

Element %s has %d ID attribute defined in the external subset : %s

Element %s has %d ID attribute defined in the external subset : %s

Element %s has ID attributes defined in the internal and external subset : %s

Element %s has ID attributes defined in the internal and external subset : %s

Default value "%s" for attribute %s of %s is not among the enumerated set

Default value "%s" for attribute %s of %s is not among the enumerated set

Definition of %s has duplicate references of %s

Definition of %s has duplicate references of %s

Definition of %s has duplicate references of %s:%s

Definition of %s has duplicate references of %s:%s

Definition of %s has duplicate references to %s

Definition of %s has duplicate references to %s

Definition of %s has duplicate references to %s:%s

Definition of %s has duplicate references to %s:%s

No declaration for attribute %s of element %s

No declaration for attribute %s of element %s

Syntax of value for attribute %s of %s is not valid

Syntax of value for attribute %s of %s is not valid

Value for attribute %s of %s is different from default "%s"

Value for attribute %s of %s is different from default "%s"

Value "%s" for attribute %s of %s is not a declared Notation

Value "%s" for attribute %s of %s is not a declared Notation

Value "%s" for attribute %s of %s is not among the enumerated notations

Value "%s" for attribute %s of %s is not among the enumerated notations

Value "%s" for attribute %s of %s is not among the enumerated set

Value "%s" for attribute %s of %s is not among the enumerated set

Value for attribute %s of %s must be "%s"

Value for attribute %s of %s must be "%s"

No declaration for attribute xmlns:%s of element %s

No declaration for attribute xmlns:%s of element %s

No declaration for attribute xmlns of element %s

No declaration for attribute xmlns of element %s

Syntax of value for attribute xmlns:%s of %s is not valid

Syntax of value for attribute xmlns:%s of %s is not valid

Syntax of value for attribute xmlns of %s is not valid

Syntax of value for attribute xmlns of %s is not valid

Value for attribute xmlns:%s of %s is different from default "%s"

Value for attribute xmlns:%s of %s is different from default "%s"

Value for attribute xmlns of %s is different from default "%s"

Value for attribute xmlns of %s is different from default "%s"

Value "%s" for attribute xmlns:%s of %s is not a declared Notation

Value "%s" for attribute xmlns:%s of %s is not a declared Notation

Value "%s" for attribute xmlns of %s is not a declared Notation

Value "%s" for attribute xmlns of %s is not a declared Notation

Value "%s" for attribute xmlns:%s of %s is not among the enumerated notations

Value "%s" for attribute xmlns:%s of %s is not among the enumerated notations

Value "%s" for attribute xmlns of %s is not among the enumerated notations

Value "%s" for attribute xmlns of %s is not among the enumerated notations

Value "%s" for attribute xmlns:%s of %s is not among the enumerated set

Value "%s" for attribute xmlns:%s of %s is not among the enumerated set

Value "%s" for attribute xmlns of %s is not among the enumerated set

Value "%s" for attribute xmlns of %s is not among the enumerated set

Value for attribute xmlns:%s of %s must be "%s"

Value for attribute xmlns:%s of %s must be "%s"

Value for attribute xmlns of %s must be "%s"

Value for attribute xmlns of %s must be "%s"

Element %s content does not follow the DTD, expecting %s, got %s

Element %s content does not follow the DTD, expecting %s, got %s

Element content does not follow the DTD, expecting %s, got %s

Element content does not follow the DTD, expecting %s, got %s

No declaration for element %s

No declaration for element %s

Element %s was declared EMPTY this one has content

Element %s was declared EMPTY this one has content

Element %s was declared #PCDATA but contains non text nodes

Element %s was declared #PCDATA but contains non text nodes

Element %s is not declared in %s list of possible children

Element %s is not declared in %s list of possible children

standalone: %s declared in the external subset contains white spaces nodes

standalone: %s declared in the external subset contains white spaces nodes

Element %s does not carry attribute %s

Element %s does not carry attribute %s

Element %s does not carry attribute %s:%s

Element %s does not carry attribute %s:%s

Element %s required attribute %s:%s has no prefix

Element %s required attribute %s:%s has no prefix

Element %s required attribute %s:%s has different prefix

Element %s required attribute %s:%s has different prefix

Element %s namespace name for default namespace does not match the DTD

Element %s namespace name for default namespace does not match the DTD

Element %s namespace name for %s does not match the DTD

Element %s namespace name for %s does not match the DTD

root and DTD name do not match '%s' and '%s'

root and DTD name do not match '%s' and '%s'

attribute %s line %d references an unknown ID "%s"

attribute %s line %d references an unknown ID "%s"

IDREF attribute %s references an unknown ID "%s"

IDREF attribute %s references an unknown ID "%s"

IDREFS attribute %s references an unknown ID "%s"

IDREFS attribute %s references an unknown ID "%s"

xmlValidateAttributeCallback(%s): internal error

xmlValidateAttributeCallback(%s): internal error

attribute %s: could not find decl for element %s

attribute %s: could not find decl for element %s

NOTATION attribute %s declared for EMPTY element %s

NOTATION attribute %s declared for EMPTY element %s

%s:%d:

%s:%d:

Entity: line %d:

Entity: line %d:

element %s:

element %s:

%d;

%d;

%X;

%X;

:/?_.#&;=

:/?_.#&;=

%s: out of memory

%s: out of memory

Entity(%s) document marked standalone but requires external subset

Entity(%s) document marked standalone but requires external subset

Failure to process entity %s

Failure to process entity %s

Entity(%s) already defined in the internal subset

Entity(%s) already defined in the internal subset

Entity(%s) already defined in the external subset

Entity(%s) already defined in the external subset

SAX.xmlSAX2EntityDecl(%s) called while not in subset

SAX.xmlSAX2EntityDecl(%s) called while not in subset

SAX.xmlSAX2AttributeDecl(%s) called while not in subset

SAX.xmlSAX2AttributeDecl(%s) called while not in subset

SAX.xmlSAX2ElementDecl(%s) called while not in subset

SAX.xmlSAX2ElementDecl(%s) called while not in subset

SAX.xmlSAX2NotationDecl(%s) externalID or PublicID missing

SAX.xmlSAX2NotationDecl(%s) externalID or PublicID missing

SAX.xmlSAX2NotationDecl(%s) called while not in subset

SAX.xmlSAX2NotationDecl(%s) called while not in subset

SAX.xmlSAX2UnparsedEntityDecl(%s) called while not in subset

SAX.xmlSAX2UnparsedEntityDecl(%s) called while not in subset

invalid namespace declaration '%s'

invalid namespace declaration '%s'

Avoid attribute ending with ':' like '%s'

Avoid attribute ending with ':' like '%s'

xmlns: %s not a valid URI

xmlns: %s not a valid URI

xmlns: URI %s is not absolute

xmlns: URI %s is not absolute

Empty namespace name for prefix %s

Empty namespace name for prefix %s

xmlns:%s: %s not a valid URI

xmlns:%s: %s not a valid URI

xmlns:%s: URI %s is not absolute

xmlns:%s: URI %s is not absolute

Namespace prefix %s of attribute %s is not defined

Namespace prefix %s of attribute %s is not defined

Attribute %s in %s redefined

Attribute %s in %s redefined

xml:id : attribute value %s is not an NCName

xml:id : attribute value %s is not an NCName

standalone: attribute %s on %s defaulted from external subset

standalone: attribute %s on %s defaulted from external subset

Namespace prefix %s is not defined

Namespace prefix %s is not defined

Namespace prefix %s was not found

Namespace prefix %s was not found

Attempt to load network entity %s

Attempt to load network entity %s

Operation timed out

Operation timed out

Broken pipe

Broken pipe

Operation not permitted

Operation not permitted

Inappropriate I/O control operation

Inappropriate I/O control operation

Not supported

Not supported

Operation in progress

Operation in progress

Operation canceled

Operation canceled

creating HTTP output context

creating HTTP output context

xmlIOHTTPWrite: %s

xmlIOHTTPWrite: %s

%s '%s'.

%s '%s'.

xmlIOHTTPCloseWrite: %s '%s' %s '%s'.

xmlIOHTTPCloseWrite: %s '%s' %s '%s'.

failed. HTTP return code:

failed. HTTP return code:

xmlIOHTTPCloseWrite: HTTP '%s' of %d %s

xmlIOHTTPCloseWrite: HTTP '%s' of %d %s

'%s' %s %d

'%s' %s %d

failed to load HTTP resource "%s"

failed to load HTTP resource "%s"

failed to load HTTP resource

failed to load HTTP resource

Unknown encoding %s

Unknown encoding %s

xmlRegisterCharEncodingHandler: Too many handler registered, see %s

xmlRegisterCharEncodingHandler: Too many handler registered, see %s

0xX 0xX 0xX 0xX

0xX 0xX 0xX 0xX

input conversion failed due to input error, bytes %s

input conversion failed due to input error, bytes %s

output conversion failed due to conv error, bytes %s

output conversion failed due to conv error, bytes %s

Attribute %s:%s redefined

Attribute %s:%s redefined

conditional section INCLUDE or IGNORE keyword expected

conditional section INCLUDE or IGNORE keyword expected

Pbm popping %d NS

Pbm popping %d NS

Excessive depth in document: %d use XML_PARSE_HUGE option

Excessive depth in document: %d use XML_PARSE_HUGE option

Popping input %d

Popping input %d

%s(%d):

%s(%d):

Pushing input %d : %.30s

Pushing input %d : %.30s

xmlParseCharRef: invalid xmlChar value %d

xmlParseCharRef: invalid xmlChar value %d

xmlParseStringCharRef: invalid xmlChar value %d

xmlParseStringCharRef: invalid xmlChar value %d

new blanks wrapper for entity: %s

new blanks wrapper for entity: %s

PEReference: %s

PEReference: %s

PEReference: %%%s; not found

PEReference: %%%s; not found

PEReference: %s is not a parameter entity

PEReference: %s is not a parameter entity

Name %s is not XML Namespace compliant

Name %s is not XML Namespace compliant

EntityValue: '%c' forbidden except for entities references

EntityValue: '%c' forbidden except for entities references

PCDATA invalid Char value %d

PCDATA invalid Char value %d

xmlParseComment: invalid xmlChar value %d

xmlParseComment: invalid xmlChar value %d

colon are forbidden from PI names '%s'

colon are forbidden from PI names '%s'

Catalog PI syntax error: %s

Catalog PI syntax error: %s

colon are forbidden from notation names '%s'

colon are forbidden from notation names '%s'

colon are forbidden from entities names '%s'

colon are forbidden from entities names '%s'

Invalid URI: %s

Invalid URI: %s

xmlParseEntityDecl: entity %s not terminated

xmlParseEntityDecl: entity %s not terminated

standalone: attribute notation value token %s duplicated

standalone: attribute notation value token %s duplicated

standalone: attribute enumeration value token %s duplicated

standalone: attribute enumeration value token %s duplicated

xmlParseElementChildrenContentDecl : depth %d too deep, use XML_PARSE_HUGE

xmlParseElementChildrenContentDecl : depth %d too deep, use XML_PARSE_HUGE

xmlParseElementChildrenContentDecl : '%c' expected

xmlParseElementChildrenContentDecl : '%c' expected

xmlParseElementContentDecl : %s '(' expected

xmlParseElementContentDecl : %s '(' expected

Entity '%s' failed to parse

Entity '%s' failed to parse

Entity '%s' not defined

Entity '%s' not defined

Entity reference to unparsed entity %s

Entity reference to unparsed entity %s

Attribute references external entity '%s'

Attribute references external entity '%s'

'

'

Attempt to reference the parameter entity '%s'

Attempt to reference the parameter entity '%s'

Internal: %%%s; is not a parameter entity

Internal: %%%s; is not a parameter entity

Reading %s entity content input

Reading %s entity content input

xmlLoadEntityContent: invalid char value %d

xmlLoadEntityContent: invalid char value %d

%%%s; is not a parameter entity

%%%s; is not a parameter entity

Specification mandate value for attribute %s

Specification mandate value for attribute %s

Malformed value for xml:lang : %s

Malformed value for xml:lang : %s

Invalid value "%s" for xml:space : "default" or "preserve" expected

Invalid value "%s" for xml:space : "default" or "preserve" expected

Opening and ending tag mismatch: %s line %d and %s

Opening and ending tag mismatch: %s line %d and %s

Failed to parse QName '%s'

Failed to parse QName '%s'

Failed to parse QName '%s:'

Failed to parse QName '%s:'

Failed to parse QName '%s:%s:'

Failed to parse QName '%s:%s:'

xmlns: '%s' is not a valid URI

xmlns: '%s' is not a valid URI

hXXp://VVV.w3.org/2000/xmlns/

hXXp://VVV.w3.org/2000/xmlns/

xmlns:%s: Empty XML namespace is not allowed

xmlns:%s: Empty XML namespace is not allowed

xmlns:%s: '%s' is not a valid URI

xmlns:%s: '%s' is not a valid URI

Namespace prefix %s for %s on %s is not defined

Namespace prefix %s for %s on %s is not defined

Namespaced Attribute %s in '%s' redefined

Namespaced Attribute %s in '%s' redefined

Namespace prefix %s on %s is not defined

Namespace prefix %s on %s is not defined

Couldn't find end of Start Tag %s line %d

Couldn't find end of Start Tag %s line %d

Premature end of data in tag %s line %d

Premature end of data in tag %s line %d

Unsupported version '%s'

Unsupported version '%s'

Free catalog entry %s

Free catalog entry %s

%s entry lacks '%s'

%s entry lacks '%s'

Found %s: '%s' '%s'

Found %s: '%s' '%s'

Found %s: '%s'

Found %s: '%s'

%s entry '%s' broken ?: %s

%s entry '%s' broken ?: %s

Invalid value for prefer: '%s'

Invalid value for prefer: '%s'

Failed to parse catalog %s

Failed to parse catalog %s

%d Parsing catalog %s

%d Parsing catalog %s

File %s is not an XML Catalog

File %s is not an XML Catalog

Found %s in file hash

Found %s in file hash

%s not found in file hash

%s not found in file hash

%s added to file hash

%s added to file hash

Detected recursion in catalog %s

Detected recursion in catalog %s

Found system match %s, using %s

Found system match %s, using %s

Using rewriting rule %s

Using rewriting rule %s

Trying system delegate %s

Trying system delegate %s

Found public match %s

Found public match %s

Trying public delegate %s

Trying public delegate %s

Found URI match %s

Found URI match %s

Trying URI delegate %s

Trying URI delegate %s

Public URN ID %s expanded to NULL

Public URN ID %s expanded to NULL

Public URN ID expanded to %s

Public URN ID expanded to %s

System URN ID %s expanded to NULL

System URN ID %s expanded to NULL

System URN ID expanded to %s

System URN ID expanded to %s

URN ID %s expanded to NULL

URN ID %s expanded to NULL

URN ID expanded to %s

URN ID expanded to %s

Resolve: pubID %s sysID %s

Resolve: pubID %s sysID %s

Resolve: pubID %s

Resolve: pubID %s

Resolve: sysID %s

Resolve: sysID %s

Resolve URI %s

Resolve URI %s

libxml2.dll

libxml2.dll

Adding document catalog %s

Adding document catalog %s

Local Resolve: pubID %s sysID %s

Local Resolve: pubID %s sysID %s

Local Resolve: pubID %s

Local Resolve: pubID %s

Local Resolve: sysID %s

Local Resolve: sysID %s

failed to compile: %s

failed to compile: %s

creating execution context

creating execution context

ftp_proxy

ftp_proxy

FTP_PROXY

FTP_PROXY

ftp_proxy_user

ftp_proxy_user

ftp_proxy_password

ftp_proxy_password

allocating FTP context

allocating FTP context

USER %s

USER %s

PASS anonymous@

PASS anonymous@

PASS %s

PASS %s

SITE %s

SITE %s

USER anonymous@%s

USER anonymous@%s

USER %s@%s

USER %s@%s

FTP server asking for ACCNT on anonymous

FTP server asking for ACCNT on anonymous

%u,%u,%u,%u,%u,%u

%u,%u,%u,%u,%u,%u

PORT %d,%d,%d,%d,%d,%d

PORT %d,%d,%d,%d,%d,%d

RETR %s

RETR %s

http_proxy

http_proxy

HTTP_PROXY

HTTP_PROXY

HTTP/

HTTP/

error connecting to HTTP server

error connecting to HTTP server

Not a valid HTTP URI

Not a valid HTTP URI

%s hXXp://%s:%d%s

%s hXXp://%s:%d%s

%s hXXp://%s%s

%s hXXp://%s%s

%s %s

%s %s

HTTP/1.0

HTTP/1.0

Host: %s

Host: %s

Host: %s:%d

Host: %s:%d

Content-Type: %s

Content-Type: %s

Content-Length: %d

Content-Length: %d

Invalid operand

Invalid operand

Missing closing curly brace

Missing closing curly brace

hXXp://relaxng.org/ns/structure/1.0

hXXp://relaxng.org/ns/structure/1.0

hXXp://VVV.w3.org/2001/XMLSchema

hXXp://VVV.w3.org/2001/XMLSchema

SupplementalMathematicalOperators

SupplementalMathematicalOperators

MathematicalOperators

MathematicalOperators

hXXp://VVV.w3.org/2001/XMLSchema-instance

hXXp://VVV.w3.org/2001/XMLSchema-instance

%d.%d.%d.%d

%d.%d.%d.%d

RegOpenKeyTransactedW

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

RegDeleteKeyExW

FenumOperation

FenumOperation

AllowedOperations

AllowedOperations

MonitoredURL

MonitoredURL

HttpServerConfig\HttpServerConfig.cpp

HttpServerConfig\HttpServerConfig.cpp

HttpServerConfig

HttpServerConfig

18446744073709551615

18446744073709551615

URL="

URL="

-2147483648

-2147483648

2147483647

2147483647

enumOperation="

enumOperation="

Password

Password

Port

Port

4294967295

4294967295

4.0.0

4.0.0

LanGuardConfig\LanGuardConfig.cpp

LanGuardConfig\LanGuardConfig.cpp

Port="

Port="

Password="

Password="

ProductKey

ProductKey

Web_Alerts

Web_Alerts

port

port

fileurl

fileurl

passwordHistory

passwordHistory

minimumPasswordAge

minimumPasswordAge

maximumPasswordAge

maximumPasswordAge

minimumPasswordLength

minimumPasswordLength

transport

transport

LoginShell

LoginShell

BadPasswordsCount

BadPasswordsCount

PasswordAge

PasswordAge

passworded

passworded

PrimaryKey

PrimaryKey

udp_ports

udp_ports

ports

ports

transports

transports

iswindows

iswindows

Importance

Importance

SystemUpdateScanResults\SystemUpdateScanResults.cpp

SystemUpdateScanResults\SystemUpdateScanResults.cpp

Importance="

Importance="

PrimaryKey="

PrimaryKey="

passworded="

passworded="

transport="

transport="

ProductKey="

ProductKey="

RegistrationKey

RegistrationKey

RegistrationKey="

RegistrationKey="

Telemetry\Telemetry.cpp

Telemetry\Telemetry.cpp

LanGuardToolCfg_Updates\LanGuardToolCfg_Updates.cpp

LanGuardToolCfg_Updates\LanGuardToolCfg_Updates.cpp

LanGuardResults\LanGuardResults.cpp

LanGuardResults\LanGuardResults.cpp

LogToWindowsEventLog

LogToWindowsEventLog

LogToWindowsEventLog="

LogToWindowsEventLog="

ServiceConfig\ServiceConfig.cpp

ServiceConfig\ServiceConfig.cpp

ScanConfig\ScanConfig.cpp

ScanConfig\ScanConfig.cpp

SendFileURL

SendFileURL

ThreatNetQueryURL

ThreatNetQueryURL

ThreatNetURL

ThreatNetURL

TelemetryURL

TelemetryURL

TelemetryURL="

TelemetryURL="

ThreatNetURL="

ThreatNetURL="

ThreatNetQueryURL="

ThreatNetQueryURL="

SendFileURL="

SendFileURL="

ThreatNetConfig\ThreatNetConfig.cpp

ThreatNetConfig\ThreatNetConfig.cpp

ThreatNetResponse\ThreatNetResponse.cpp

ThreatNetResponse\ThreatNetResponse.cpp

ntosExport

ntosExport

ntdllExport

ntdllExport

reportonly

reportonly

authorURL

authorURL

RegKey

RegKey

MsgID

MsgID

ThreatNetTransfer\ThreatNetTransfer.cpp

ThreatNetTransfer\ThreatNetTransfer.cpp

MsgID="

MsgID="

RegKey="

RegKey="

reportonly="

reportonly="

ntdllExport="

ntdllExport="

ntosExport="

ntosExport="

AutoGetURL

AutoGetURL

UpdateURL

UpdateURL

RegistrationURL

RegistrationURL

RegistrationURL="

RegistrationURL="

UpdateURL="

UpdateURL="

AutoGetURL="

AutoGetURL="

RegistrationConfig\RegistrationConfig.cpp

RegistrationConfig\RegistrationConfig.cpp

BaseURL

BaseURL

ThreatDefinitionsConfig\ThreatDefinitionsConfig.cpp

ThreatDefinitionsConfig\ThreatDefinitionsConfig.cpp

BaseURL="

BaseURL="

NVPairs\NVPairs.cpp

NVPairs\NVPairs.cpp

APEvent\APEvent.cpp

APEvent\APEvent.cpp

ScanResults\ScanResults.cpp

ScanResults\ScanResults.cpp

QuarantineFile\QuarantineFile.cpp

QuarantineFile\QuarantineFile.cpp

ProcessList\ProcessList.cpp

ProcessList\ProcessList.cpp

SoftwareUpdateConfig\SoftwareUpdateConfig.cpp

SoftwareUpdateConfig\SoftwareUpdateConfig.cpp

BadUrl

BadUrl

SocialWatchHistory\SocialWatchHistory.cpp

SocialWatchHistory\SocialWatchHistory.cpp

Url="

Url="

WindowsLiveMailClientEnabled

WindowsLiveMailClientEnabled

BadUrlActionEnum

BadUrlActionEnum

BadUrlCheckingEnabled

BadUrlCheckingEnabled

BadUrlReplacementText

BadUrlReplacementText

CloseEmailWindowMsg

CloseEmailWindowMsg

SMTPErrorString

SMTPErrorString

SMTPErrorString="

SMTPErrorString="

CloseEmailWindowMsg="

CloseEmailWindowMsg="

BadUrlReplacementText="

BadUrlReplacementText="

BadUrlCheckingEnabled="

BadUrlCheckingEnabled="

BadUrlActionEnum="

BadUrlActionEnum="

WindowsLiveMailClientEnabled="

WindowsLiveMailClientEnabled="

EmailAVConfig\EmailAVConfig.cpp

EmailAVConfig\EmailAVConfig.cpp

QuarantineRecord\QuarantineRecord.cpp

QuarantineRecord\QuarantineRecord.cpp

WSCConfig\WSCConfig.cpp

WSCConfig\WSCConfig.cpp

APConfig\APConfig.cpp

APConfig\APConfig.cpp

BadUrls

BadUrls

FWWebFilterHourlyStats

FWWebFilterHourlyStats

FWWebFilterHourlyStats\FWWebFilterHourlyStats.cpp

FWWebFilterHourlyStats\FWWebFilterHourlyStats.cpp

FWWebFilterStats

FWWebFilterStats

UserKnownBadUrl

UserKnownBadUrl

BadUrlBlockingException

BadUrlBlockingException

UserKnownBadUrls

UserKnownBadUrls

BadUrlBlockingExceptions

BadUrlBlockingExceptions

Ports

Ports

WebFilterStatsFreq

WebFilterStatsFreq

LogWebFilterEvents

LogWebFilterEvents

LogWebFilterEvents="

LogWebFilterEvents="

WebFilterStatsFreq="

WebFilterStatsFreq="

WebFilterConfig\WebFilterConfig.cpp

WebFilterConfig\WebFilterConfig.cpp

WebConfig

WebConfig

BadUrlRule

BadUrlRule

WebFilterEvent

WebFilterEvent

BadUrlRule="

BadUrlRule="

FWFilterHourlyStats

FWFilterHourlyStats

FWFilterHourlyStats\FWFilterHourlyStats.cpp

FWFilterHourlyStats\FWFilterHourlyStats.cpp

PortScanIntrusions

PortScanIntrusions

FWIDSHourlyStats

FWIDSHourlyStats

FWIDSHourlyStats\FWIDSHourlyStats.cpp

FWIDSHourlyStats\FWIDSHourlyStats.cpp

PortScanIntrusions="

PortScanIntrusions="

TcpOutPackets

TcpOutPackets

TcpOutBytes

TcpOutBytes

TcpInPackets

TcpInPackets

TcpInBytes

TcpInBytes

UdpOutPackets

UdpOutPackets

UdpOutBytes

UdpOutBytes

UdpInPackets

UdpInPackets

UdpInBytes

UdpInBytes

FWNetworkHourlyStats

FWNetworkHourlyStats

FWNetworkHourlyStats\FWNetworkHourlyStats.cpp

FWNetworkHourlyStats\FWNetworkHourlyStats.cpp

UdpInBytes="

UdpInBytes="

UdpInPackets="

UdpInPackets="

UdpOutBytes="

UdpOutBytes="

UdpOutPackets="

UdpOutPackets="

TcpInBytes="

TcpInBytes="

TcpInPackets="

TcpInPackets="

TcpOutBytes="

TcpOutBytes="

TcpOutPackets="

TcpOutPackets="

RemotePorts

RemotePorts

LocalPorts

LocalPorts

PortEnd

PortEnd

PortStart

PortStart

PortType

PortType

PortScanLog

PortScanLog

PortScanAllow

PortScanAllow

LogPacketsToUnopenedPorts

LogPacketsToUnopenedPorts

LogPortScans

LogPortScans

LogPortScans="

LogPortScans="

LogPacketsToUnopenedPorts="

LogPacketsToUnopenedPorts="

FirewallConfig\FirewallConfig.cpp

FirewallConfig\FirewallConfig.cpp

PortScanAllow="

PortScanAllow="

PortScanLog="

PortScanLog="

PortType="

PortType="

PortStart="

PortStart="

PortEnd="

PortEnd="

Tcp_Udp_RemotePort

Tcp_Udp_RemotePort

Tcp_Udp_LocalPort

Tcp_Udp_LocalPort

PacketToUnopenedPortEvent

PacketToUnopenedPortEvent

FWEvent\FWEvent.cpp

FWEvent\FWEvent.cpp

Tcp_Udp_LocalPort="

Tcp_Udp_LocalPort="

Tcp_Udp_RemotePort="

Tcp_Udp_RemotePort="

Msg="

Msg="

FWIDSRules\FWIDSRules.cpp

FWIDSRules\FWIDSRules.cpp

HipsConfig\HipsConfig.cpp

HipsConfig\HipsConfig.cpp

HipsHourlyStats

HipsHourlyStats

HipsHourlyStats\HipsHourlyStats.cpp

HipsHourlyStats\HipsHourlyStats.cpp

ScanResultsSummary\ScanResultsSummary.cpp

ScanResultsSummary\ScanResultsSummary.cpp

Operation

Operation

?#%X.y

?#%X.y

%S#[k

%S#[k

d:\projects\workspace\sdk-sdk\src\bin\Release\SBAMSvc.pdb

d:\projects\workspace\sdk-sdk\src\bin\Release\SBAMSvc.pdb

SpursDownload.dll

SpursDownload.dll

SBTE.dll

SBTE.dll

SBAPSetReportCallbackEx

SBAPSetReportCallbackEx

SBAPSetReportCallback

SBAPSetReportCallback

sbap.dll

sbap.dll

SBArva.dll

SBArva.dll

VERSION.dll

VERSION.dll

WinHttpSendRequest

WinHttpSendRequest

WinHttpCloseHandle

WinHttpCloseHandle

WinHttpSetStatusCallback

WinHttpSetStatusCallback

WinHttpCrackUrl

WinHttpCrackUrl

WinHttpOpen

WinHttpOpen

WinHttpConnect

WinHttpConnect

WinHttpWriteData

WinHttpWriteData

WinHttpOpenRequest

WinHttpOpenRequest

WinHttpReadData

WinHttpReadData

WinHttpReceiveResponse

WinHttpReceiveResponse

WinHttpSetCredentials

WinHttpSetCredentials

WinHttpQueryAuthSchemes

WinHttpQueryAuthSchemes

WinHttpQueryDataAvailable

WinHttpQueryDataAvailable

WinHttpQueryHeaders

WinHttpQueryHeaders

WINHTTP.dll

WINHTTP.dll

WinHttpSetTimeouts

WinHttpSetTimeouts

WINMM.dll

WINMM.dll

PSAPI.DLL

PSAPI.DLL

SbHips.dll

SbHips.dll

WS2_32.dll

WS2_32.dll

msi.dll

msi.dll

GetExtendedTcpTable

GetExtendedTcpTable

GetExtendedUdpTable

GetExtendedUdpTable

IPHLPAPI.DLL

IPHLPAPI.DLL

GetProcessHeap

GetProcessHeap

SetThreadExecutionState

SetThreadExecutionState

KERNEL32.dll

KERNEL32.dll

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

USER32.dll

USER32.dll

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

RegCreateKeyExW

RegCreateKeyExW

RegDeleteKeyW

RegDeleteKeyW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegEnumKeyExW

RegEnumKeyExW

ReportEventW

ReportEventW

RegCreateKeyW

RegCreateKeyW

CryptDestroyKey

CryptDestroyKey

CryptDeriveKey

CryptDeriveKey

ADVAPI32.dll

ADVAPI32.dll

ShellExecuteExW

ShellExecuteExW

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

sfc.dll

sfc.dll

pdh.dll

pdh.dll

UrlGetPartW

UrlGetPartW

SHLWAPI.dll

SHLWAPI.dll

HttpAddUrl

HttpAddUrl

HttpInitialize

HttpInitialize

HttpCreateHttpHandle

HttpCreateHttpHandle

HttpReceiveHttpRequest

HttpReceiveHttpRequest

HttpSendHttpResponse

HttpSendHttpResponse

HttpReceiveRequestEntityBody

HttpReceiveRequestEntityBody

HttpRemoveUrl

HttpRemoveUrl

HTTPAPI.dll

HTTPAPI.dll

USERENV.dll

USERENV.dll

WinHttpSetOption

WinHttpSetOption

GetCPInfo

GetCPInfo

PeekNamedPipe

PeekNamedPipe

.?AV?$CAtlExeModuleT@VCSBAMSvcModule@@@ATL@@

.?AV?$CAtlExeModuleT@VCSBAMSvcModule@@@ATL@@

.PA_W

.PA_W

.?AVISBWebFilterEvents@@

.?AVISBWebFilterEvents@@

.?AV?$CProxy_ISBWebFilterEvents@VCSBWebFilter@@@@

.?AV?$CProxy_ISBWebFilterEvents@VCSBWebFilter@@@@

.?AV?$IConnectionPointImplMT@VCSBWebFilter@@$1?_GUID_eecd4897_dd51_476d_9913_b9c808885f03@@3U__s_GUID@@BVCComDynamicUnkArray@ATL@@@ATL@@

.?AV?$IConnectionPointImplMT@VCSBWebFilter@@$1?_GUID_eecd4897_dd51_476d_9913_b9c808885f03@@3U__s_GUID@@BVCComDynamicUnkArray@ATL@@@ATL@@

.?AV?$CComClassFactorySingleton@VCSBWebFilter@@@ATL@@

.?AV?$CComClassFactorySingleton@VCSBWebFilter@@@ATL@@

.?AV?$CComObject@VCSBWebFilter@@@ATL@@

.?AV?$CComObject@VCSBWebFilter@@@ATL@@

.?AVCSBWebFilter@@

.?AVCSBWebFilter@@

.?AV?$CComCoClass@VCSBWebFilter@@$1?CLSID_SBWebFilter@@3U_GUID@@B@ATL@@

.?AV?$CComCoClass@VCSBWebFilter@@$1?CLSID_SBWebFilter@@3U_GUID@@B@ATL@@

.?AV?$IConnectionPointContainerImpl@VCSBWebFilter@@@ATL@@

.?AV?$IConnectionPointContainerImpl@VCSBWebFilter@@@ATL@@

.?AUISBWebFilter@@

.?AUISBWebFilter@@

.?AV?$CComContainedObject@VCSBWebFilter@@@ATL@@

.?AV?$CComContainedObject@VCSBWebFilter@@@ATL@@

.?AV?$CComObjectCached@VCSBWebFilter@@@ATL@@

.?AV?$CComObjectCached@VCSBWebFilter@@@ATL@@

.?AV?$CComAggObject@VCSBWebFilter@@@ATL@@

.?AV?$CComAggObject@VCSBWebFilter@@@ATL@@

.?AV?$CComObjectNoLock@V?$CComClassFactorySingleton@VCSBWebFilter@@@ATL@@@ATL@@

.?AV?$CComObjectNoLock@V?$CComClassFactorySingleton@VCSBWebFilter@@@ATL@@@ATL@@

zcÁ

zcÁ

.?AVCHttpServerConfig@SbXmlHttpServerConfig@@

.?AVCHttpServerConfig@SbXmlHttpServerConfig@@

.?AVCMonitoredURL@SbXmlHttpServerConfig@@

.?AVCMonitoredURL@SbXmlHttpServerConfig@@

.?AVCAllowedOperations@SbXmlHttpServerConfig@@

.?AVCAllowedOperations@SbXmlHttpServerConfig@@

.?AVCWeb_Alerts@SbXmlSystemUpdateScanResults@@

.?AVCWeb_Alerts@SbXmlSystemUpdateScanResults@@

.?AVCudp_ports@SbXmlSystemUpdateScanResults@@

.?AVCudp_ports@SbXmlSystemUpdateScanResults@@

.?AVCudp_ports_port@SbXmlSystemUpdateScanResults@@

.?AVCudp_ports_port@SbXmlSystemUpdateScanResults@@

.?AVCports@SbXmlSystemUpdateScanResults@@

.?AVCports@SbXmlSystemUpdateScanResults@@

.?AVCport@SbXmlSystemUpdateScanResults@@

.?AVCport@SbXmlSystemUpdateScanResults@@

.?AVCtransports@SbXmlSystemUpdateScanResults@@

.?AVCtransports@SbXmlSystemUpdateScanResults@@

.?AVCBadUrls@SbXmlEmailAvEvent@@

.?AVCBadUrls@SbXmlEmailAvEvent@@

.?AVCBadUrls@SbXmlBadUrls@@

.?AVCBadUrls@SbXmlBadUrls@@

.?AVCFWWebFilterHourlyStats@SbXmlFWWebFilterHourlyStats@@

.?AVCFWWebFilterHourlyStats@SbXmlFWWebFilterHourlyStats@@

.?AVCFWWebFilterStats@SbXmlFWWebFilterHourlyStats@@

.?AVCFWWebFilterStats@SbXmlFWWebFilterHourlyStats@@

.?AVCWebConfig@SbXmlWebFilterConfig@@

.?AVCWebConfig@SbXmlWebFilterConfig@@

.?AVCUserKnownBadUrls@SbXmlWebFilterConfig@@

.?AVCUserKnownBadUrls@SbXmlWebFilterConfig@@

.?AVCUserKnownBadUrl@SbXmlWebFilterConfig@@

.?AVCUserKnownBadUrl@SbXmlWebFilterConfig@@

.?AVCBadUrlBlockingExceptions@SbXmlWebFilterConfig@@

.?AVCBadUrlBlockingExceptions@SbXmlWebFilterConfig@@

.?AVCBadUrlBlockingException@SbXmlWebFilterConfig@@

.?AVCBadUrlBlockingException@SbXmlWebFilterConfig@@

.?AVCPorts@SbXmlWebFilterConfig@@

.?AVCPorts@SbXmlWebFilterConfig@@

.?AVCPort@SbXmlWebFilterConfig@@

.?AVCPort@SbXmlWebFilterConfig@@

.?AVCWebFilterEvent@SbXmlWebFilterEvent@@

.?AVCWebFilterEvent@SbXmlWebFilterEvent@@

.?AVCBadUrl@SbXmlWebFilterEvent@@

.?AVCBadUrl@SbXmlWebFilterEvent@@

.?AVCFWFilterHourlyStats@SbXmlFWFilterHourlyStats@@

.?AVCFWFilterHourlyStats@SbXmlFWFilterHourlyStats@@

.?AVCFWFilterStats@SbXmlFWFilterHourlyStats@@

.?AVCFWFilterStats@SbXmlFWFilterHourlyStats@@

.?AVCFWIDSHourlyStats@SbXmlFWIDSHourlyStats@@

.?AVCFWIDSHourlyStats@SbXmlFWIDSHourlyStats@@

.?AVCFWIDSStats@SbXmlFWIDSHourlyStats@@

.?AVCFWIDSStats@SbXmlFWIDSHourlyStats@@

.?AVCFWNetworkHourlyStats@SbXmlFWNetworkHourlyStats@@

.?AVCFWNetworkHourlyStats@SbXmlFWNetworkHourlyStats@@

.?AVCFWNetworkStats@SbXmlFWNetworkHourlyStats@@

.?AVCFWNetworkStats@SbXmlFWNetworkHourlyStats@@

.?AVCRemotePorts@SbXmlFirewallConfig@@

.?AVCRemotePorts@SbXmlFirewallConfig@@

.?AVCLocalPorts@SbXmlFirewallConfig@@

.?AVCLocalPorts@SbXmlFirewallConfig@@

.?AVCPort@SbXmlFirewallConfig@@

.?AVCPort@SbXmlFirewallConfig@@

.?AVCRemotePorts@SbXmlFWEvent@@

.?AVCRemotePorts@SbXmlFWEvent@@

.?AVCLocalPorts@SbXmlFWEvent@@

.?AVCLocalPorts@SbXmlFWEvent@@

.?AVCPort@SbXmlFWEvent@@

.?AVCPort@SbXmlFWEvent@@

.?AVCPacketToUnopenedPortEvent@SbXmlFWEvent@@

.?AVCPacketToUnopenedPortEvent@SbXmlFWEvent@@

.?AVCHipsHourlyStats@SbXmlHipsHourlyStats@@

.?AVCHipsHourlyStats@SbXmlHipsHourlyStats@@

.?AVCHipsStats@SbXmlHipsHourlyStats@@

.?AVCHipsStats@SbXmlHipsHourlyStats@@

'SBAMSvc.EXE'

'SBAMSvc.EXE'

SBAMSvc.SBScanControl.1 = s 'SBScanControl Class'

SBAMSvc.SBScanControl.1 = s 'SBScanControl Class'

CLSID = s '{EC88394A-429C-4DDB-91EA-570E938B79DF}'

CLSID = s '{EC88394A-429C-4DDB-91EA-570E938B79DF}'

SBAMSvc.SBScanControl = s 'SBScanControl Class'

SBAMSvc.SBScanControl = s 'SBScanControl Class'

CurVer = s 'SBAMSvc.SBScanControl.1'

CurVer = s 'SBAMSvc.SBScanControl.1'

ForceRemove {EC88394A-429C-4DDB-91EA-570E938B79DF} = s 'SBScanControl Class'

ForceRemove {EC88394A-429C-4DDB-91EA-570E938B79DF} = s 'SBScanControl Class'

ProgID = s 'SBAMSvc.SBScanControl.1'

ProgID = s 'SBAMSvc.SBScanControl.1'

VersionIndependentProgID = s 'SBAMSvc.SBScanControl'

VersionIndependentProgID = s 'SBAMSvc.SBScanControl'

'TypeLib' = s '{78FA6088-B9C6-4749-833B-4421E29E84E7}'

'TypeLib' = s '{78FA6088-B9C6-4749-833B-4421E29E84E7}'

SBAMSvc.SBQuarantine.1 = s 'SBQuarantine Class'

SBAMSvc.SBQuarantine.1 = s 'SBQuarantine Class'

CLSID = s '{8B404080-4780-4199-92ED-B05B61C657EE}'

CLSID = s '{8B404080-4780-4199-92ED-B05B61C657EE}'

SBAMSvc.SBQuarantine = s 'SBQuarantine Class'

SBAMSvc.SBQuarantine = s 'SBQuarantine Class'

CurVer = s 'SBAMSvc.SBQuarantine.1'

CurVer = s 'SBAMSvc.SBQuarantine.1'

ForceRemove {8B404080-4780-4199-92ED-B05B61C657EE} = s 'SBQuarantine Class'

ForceRemove {8B404080-4780-4199-92ED-B05B61C657EE} = s 'SBQuarantine Class'

ProgID = s 'SBAMSvc.SBQuarantine.1'

ProgID = s 'SBAMSvc.SBQuarantine.1'

VersionIndependentProgID = s 'SBAMSvc.SBQuarantine'

VersionIndependentProgID = s 'SBAMSvc.SBQuarantine'

SBAMSvc.SBLogger.1 = s 'SBLogger Class'

SBAMSvc.SBLogger.1 = s 'SBLogger Class'

CLSID = s '{24CEBDF0-E1CC-4933-893E-F1D1A4078D97}'

CLSID = s '{24CEBDF0-E1CC-4933-893E-F1D1A4078D97}'

SBAMSvc.SBLogger = s 'SBLogger Class'

SBAMSvc.SBLogger = s 'SBLogger Class'

CurVer = s 'SBAMSvc.SBLogger.1'

CurVer = s 'SBAMSvc.SBLogger.1'

ForceRemove {24CEBDF0-E1CC-4933-893E-F1D1A4078D97} = s 'SBLogger Class'

ForceRemove {24CEBDF0-E1CC-4933-893E-F1D1A4078D97} = s 'SBLogger Class'

ProgID = s 'SBAMSvc.SBLogger.1'

ProgID = s 'SBAMSvc.SBLogger.1'

VersionIndependentProgID = s 'SBAMSvc.SBLogger'

VersionIndependentProgID = s 'SBAMSvc.SBLogger'

SBAMSvc.SBService.1 = s 'SBService Class'

SBAMSvc.SBService.1 = s 'SBService Class'

CLSID = s '{FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}'

CLSID = s '{FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}'

SBAMSvc.SBService = s 'SBService Class'

SBAMSvc.SBService = s 'SBService Class'

CurVer = s 'SBAMSvc.SBService.1'

CurVer = s 'SBAMSvc.SBService.1'

ForceRemove {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} = s 'SBService Class'

ForceRemove {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} = s 'SBService Class'

ProgID = s 'SBAMSvc.SBService.1'

ProgID = s 'SBAMSvc.SBService.1'

VersionIndependentProgID = s 'SBAMSvc.SBService'

VersionIndependentProgID = s 'SBAMSvc.SBService'

SBAMSvc.SBSoftwareUpdates.1 = s 'SBSoftwareUpdates Class'

SBAMSvc.SBSoftwareUpdates.1 = s 'SBSoftwareUpdates Class'

CLSID = s '{2017CFB9-B2A2-4A98-BD9B-0D9D980B2193}'

CLSID = s '{2017CFB9-B2A2-4A98-BD9B-0D9D980B2193}'

SBAMSvc.SBSoftwareUpdates = s 'SBSoftwareUpdates Class'

SBAMSvc.SBSoftwareUpdates = s 'SBSoftwareUpdates Class'

CurVer = s 'SBAMSvc.SBSoftwareUpdates.1'

CurVer = s 'SBAMSvc.SBSoftwareUpdates.1'

ForceRemove {2017CFB9-B2A2-4A98-BD9B-0D9D980B2193} = s 'SBSoftwareUpdates Class'

ForceRemove {2017CFB9-B2A2-4A98-BD9B-0D9D980B2193} = s 'SBSoftwareUpdates Class'

ProgID = s 'SBAMSvc.SBSoftwareUpdates.1'

ProgID = s 'SBAMSvc.SBSoftwareUpdates.1'

VersionIndependentProgID = s 'SBAMSvc.SBSoftwareUpdates'

VersionIndependentProgID = s 'SBAMSvc.SBSoftwareUpdates'

SBAMSvc.SBWSC.1 = s 'SBWSC Class'

SBAMSvc.SBWSC.1 = s 'SBWSC Class'

CLSID = s '{157EAC4E-6E3C-419A-BDCB-546345690DEB}'

CLSID = s '{157EAC4E-6E3C-419A-BDCB-546345690DEB}'

SBAMSvc.SBWSC = s 'SBWSC Class'

SBAMSvc.SBWSC = s 'SBWSC Class'

CurVer = s 'SBAMSvc.SBWSC.1'

CurVer = s 'SBAMSvc.SBWSC.1'

ForceRemove {157EAC4E-6E3C-419A-BDCB-546345690DEB} = s 'SBWSC Class'

ForceRemove {157EAC4E-6E3C-419A-BDCB-546345690DEB} = s 'SBWSC Class'

ProgID = s 'SBAMSvc.SBWSC.1'

ProgID = s 'SBAMSvc.SBWSC.1'

VersionIndependentProgID = s 'SBAMSvc.SBWSC'

VersionIndependentProgID = s 'SBAMSvc.SBWSC'

SBAMSvc.SBVipre.1 = s 'SBVipre Class'

SBAMSvc.SBVipre.1 = s 'SBVipre Class'

CLSID = s '{C4F66612-D788-4F33-92AF-6DAC6FC80C35}'

CLSID = s '{C4F66612-D788-4F33-92AF-6DAC6FC80C35}'

SBAMSvc.SBVipre = s 'SBVipre Class'

SBAMSvc.SBVipre = s 'SBVipre Class'

CurVer = s 'SBAMSvc.SBVipre.1'

CurVer = s 'SBAMSvc.SBVipre.1'

ForceRemove {C4F66612-D788-4F33-92AF-6DAC6FC80C35} = s 'SBVipre Class'

ForceRemove {C4F66612-D788-4F33-92AF-6DAC6FC80C35} = s 'SBVipre Class'

ProgID = s 'SBAMSvc.SBVipre.1'

ProgID = s 'SBAMSvc.SBVipre.1'

VersionIndependentProgID = s 'SBAMSvc.SBVipre'

VersionIndependentProgID = s 'SBAMSvc.SBVipre'

SBAMSvc.SBThreatDefinitions.1 = s 'SBThreatDefinitions Class'

SBAMSvc.SBThreatDefinitions.1 = s 'SBThreatDefinitions Class'

CLSID = s '{05191E1B-B7D8-42DD-A52A-88011228A14F}'

CLSID = s '{05191E1B-B7D8-42DD-A52A-88011228A14F}'

SBAMSvc.SBThreatDefinitions = s 'SBThreatDefinitions Class'

SBAMSvc.SBThreatDefinitions = s 'SBThreatDefinitions Class'

CurVer = s 'SBAMSvc.SBThreatDefinitions.1'

CurVer = s 'SBAMSvc.SBThreatDefinitions.1'

ForceRemove {05191E1B-B7D8-42DD-A52A-88011228A14F} = s 'SBThreatDefinitions Class'

ForceRemove {05191E1B-B7D8-42DD-A52A-88011228A14F} = s 'SBThreatDefinitions Class'

ProgID = s 'SBAMSvc.SBThreatDefinitions.1'

ProgID = s 'SBAMSvc.SBThreatDefinitions.1'

VersionIndependentProgID = s 'SBAMSvc.SBThreatDefinitions'

VersionIndependentProgID = s 'SBAMSvc.SBThreatDefinitions'

SBAMSvc.SBActiveProtection.1 = s 'SBActiveProtection Class'

SBAMSvc.SBActiveProtection.1 = s 'SBActiveProtection Class'

CLSID = s '{5F6DA338-15AC-4927-BC8B-B8C52EEEC9EB}'

CLSID = s '{5F6DA338-15AC-4927-BC8B-B8C52EEEC9EB}'

SBAMSvc.SBActiveProtection = s 'SBActiveProtection Class'

SBAMSvc.SBActiveProtection = s 'SBActiveProtection Class'

CurVer = s 'SBAMSvc.SBActiveProtection.1'

CurVer = s 'SBAMSvc.SBActiveProtection.1'

ForceRemove {5F6DA338-15AC-4927-BC8B-B8C52EEEC9EB} = s 'SBActiveProtection Class'

ForceRemove {5F6DA338-15AC-4927-BC8B-B8C52EEEC9EB} = s 'SBActiveProtection Class'

ProgID = s 'SBAMSvc.SBActiveProtection.1'

ProgID = s 'SBAMSvc.SBActiveProtection.1'

VersionIndependentProgID = s 'SBAMSvc.SBActiveProtection'

VersionIndependentProgID = s 'SBAMSvc.SBActiveProtection'

SBAMSvc.SBRegistration.1 = s 'SBRegistration Class'

SBAMSvc.SBRegistration.1 = s 'SBRegistration Class'

CLSID = s '{15C44439-2DE8-4217-B61D-146E347199A6}'

CLSID = s '{15C44439-2DE8-4217-B61D-146E347199A6}'

SBAMSvc.SBRegistration = s 'SBRegistration Class'

SBAMSvc.SBRegistration = s 'SBRegistration Class'

CurVer = s 'SBAMSvc.SBRegistration.1'

CurVer = s 'SBAMSvc.SBRegistration.1'

ForceRemove {15C44439-2DE8-4217-B61D-146E347199A6} = s 'SBRegistration Class'

ForceRemove {15C44439-2DE8-4217-B61D-146E347199A6} = s 'SBRegistration Class'

ProgID = s 'SBAMSvc.SBRegistration.1'

ProgID = s 'SBAMSvc.SBRegistration.1'

VersionIndependentProgID = s 'SBAMSvc.SBRegistration'

VersionIndependentProgID = s 'SBAMSvc.SBRegistration'

SBAMSvc.SBEmailAV.1 = s 'SBEmailAV Class'

SBAMSvc.SBEmailAV.1 = s 'SBEmailAV Class'

CLSID = s '{DB7777B6-5C67-4C49-BD93-EE9AE1F03085}'

CLSID = s '{DB7777B6-5C67-4C49-BD93-EE9AE1F03085}'

SBAMSvc.SBEmailAV = s 'SBEmailAV Class'

SBAMSvc.SBEmailAV = s 'SBEmailAV Class'

CurVer = s 'SBAMSvc.SBEmailAV.1'

CurVer = s 'SBAMSvc.SBEmailAV.1'

ForceRemove {DB7777B6-5C67-4C49-BD93-EE9AE1F03085} = s 'SBEmailAV Class'

ForceRemove {DB7777B6-5C67-4C49-BD93-EE9AE1F03085} = s 'SBEmailAV Class'

ProgID = s 'SBAMSvc.SBEmailAV.1'

ProgID = s 'SBAMSvc.SBEmailAV.1'

VersionIndependentProgID = s 'SBAMSvc.SBEmailAV'

VersionIndependentProgID = s 'SBAMSvc.SBEmailAV'

SBAMSvc.SBWebFilter.1 = s 'SBWebFilter Class'

SBAMSvc.SBWebFilter.1 = s 'SBWebFilter Class'

CLSID = s '{2BAA4D68-DB29-40DF-806A-B392073A7EF2}'

CLSID = s '{2BAA4D68-DB29-40DF-806A-B392073A7EF2}'

SBAMSvc.SBWebFilter = s 'SBWebFilter Class'

SBAMSvc.SBWebFilter = s 'SBWebFilter Class'

CurVer = s 'SBAMSvc.SBWebFilter.1'

CurVer = s 'SBAMSvc.SBWebFilter.1'

ForceRemove {2BAA4D68-DB29-40DF-806A-B392073A7EF2} = s 'SBWebFilter Class'

ForceRemove {2BAA4D68-DB29-40DF-806A-B392073A7EF2} = s 'SBWebFilter Class'

ProgID = s 'SBAMSvc.SBWebFilter.1'

ProgID = s 'SBAMSvc.SBWebFilter.1'

VersionIndependentProgID = s 'SBAMSvc.SBWebFilter'

VersionIndependentProgID = s 'SBAMSvc.SBWebFilter'

SBAMSvc.SBFirewall.1 = s 'SBFirewall Class'

SBAMSvc.SBFirewall.1 = s 'SBFirewall Class'

CLSID = s '{F2C6E6BB-C773-4941-B61B-3CBEFD46F64D}'

CLSID = s '{F2C6E6BB-C773-4941-B61B-3CBEFD46F64D}'

SBAMSvc.SBFirewall = s 'SBFirewall Class'

SBAMSvc.SBFirewall = s 'SBFirewall Class'

CurVer = s 'SBAMSvc.SBFirewall.1'

CurVer = s 'SBAMSvc.SBFirewall.1'

ForceRemove {F2C6E6BB-C773-4941-B61B-3CBEFD46F64D} = s 'SBFirewall Class'

ForceRemove {F2C6E6BB-C773-4941-B61B-3CBEFD46F64D} = s 'SBFirewall Class'

ProgID = s 'SBAMSvc.SBFirewall.1'

ProgID = s 'SBAMSvc.SBFirewall.1'

VersionIndependentProgID = s 'SBAMSvc.SBFirewall'

VersionIndependentProgID = s 'SBAMSvc.SBFirewall'

SBAMSvc.SBHIPS.1 = s 'SBHIPS Class'

SBAMSvc.SBHIPS.1 = s 'SBHIPS Class'

CLSID = s '{4BB09156-340D-491A-B86B-A0C2A7BA26A9}'

CLSID = s '{4BB09156-340D-491A-B86B-A0C2A7BA26A9}'

SBAMSvc.SBHIPS = s 'SBHIPS Class'

SBAMSvc.SBHIPS = s 'SBHIPS Class'

CurVer = s 'SBAMSvc.SBHIPS.1'

CurVer = s 'SBAMSvc.SBHIPS.1'

ForceRemove {4BB09156-340D-491A-B86B-A0C2A7BA26A9} = s 'SBHIPS Class'

ForceRemove {4BB09156-340D-491A-B86B-A0C2A7BA26A9} = s 'SBHIPS Class'

ProgID = s 'SBAMSvc.SBHIPS.1'

ProgID = s 'SBAMSvc.SBHIPS.1'

VersionIndependentProgID = s 'SBAMSvc.SBHIPS'

VersionIndependentProgID = s 'SBAMSvc.SBHIPS'

SBAMSvc.SBLanGuard.1 = s 'SBLanGuard Class'

SBAMSvc.SBLanGuard.1 = s 'SBLanGuard Class'

CLSID = s '{85300480-82AD-4892-9043-35D62E097D66}'

CLSID = s '{85300480-82AD-4892-9043-35D62E097D66}'

SBAMSvc.SBLanGuard = s 'SBLanGuard Class'

SBAMSvc.SBLanGuard = s 'SBLanGuard Class'

CurVer = s 'SBAMSvc.SBLanGuard.1'

CurVer = s 'SBAMSvc.SBLanGuard.1'

ForceRemove {85300480-82AD-4892-9043-35D62E097D66} = s 'SBLanGuard Class'

ForceRemove {85300480-82AD-4892-9043-35D62E097D66} = s 'SBLanGuard Class'

ProgID = s 'SBAMSvc.SBLanGuard.1'

ProgID = s 'SBAMSvc.SBLanGuard.1'

VersionIndependentProgID = s 'SBAMSvc.SBLanGuard'

VersionIndependentProgID = s 'SBAMSvc.SBLanGuard'

3 373

3 373

6e6%7s8

6e6%7s8

4%5u5

4%5u5

(12171

(12171

6)73787=7

6)73787=7

5"546>6`6|6

5"546>6`6|6

3>~?

3>~?

7%8S8i8

7%8S8i8

3?7u7

3?7u7

0S0^1u1

0S0^1u1

: :$:(:,:0:4:8:

: :$:(:,:0:4:8:

7!7(7/787

7!7(7/787

1$2-2*3/3

1$2-2*3/3

=$=*=/=}=

=$=*=/=}=

>-?2?7?{?

>-?2?7?{?

9,:1:6:}:

9,:1:6:}:

= =0=5=:=

= =0=5=:=

>'>5>:>?>_>

>'>5>:>?>_>

9$:0:5:::

9$:0:5:::

0050:0[0

0050:0[0

2!252:2?2

2!252:2?2

<.>

<.>

;!;(;/;8;

;!;(;/;8;

94999>9}9

94999>9}9

0 0%0*1/141

0 0%0*1/141

: ;$;(;,;

: ;$;(;,;

4O4S4

4O4S4

: :':,:1:

: :':,:1:

0#0*01080

0#0*01080

1/141:1{1

1/141:1{1

6!6&676=6

6!6&676=6

5 5_5x5

5 5_5x5

3 3=3I3N3{3

3 3=3I3N3{3

4O4

4O4

5%5U5^5g5

5%5U5^5g5

6%6U6^6g6

6%6U6^6g6

7%7U7^7g7

7%7U7^7g7

8%8U8^8g8

8%8U8^8g8

9%9U9^9g9

9%9U9^9g9

00C0[0k0p0u0

00C0[0k0p0u0

3

1%2*2/2~2

5_5a5

7#868[9`9

0?0D0,3t3

2 2$2(2,2

6!676?6{6

191>1!232

1,252@2{2

: :$:(:,:0:4:8:<:>
> ?$?(?,?0?4?8?@?
5 5$5(5,50545
= >$>(>,>0>4>
9 949
2$2,282\2|2
>,>8>@>`>
? ?(?0?`?
:$:<:>
0 0@0\0|0
3VIPREHttpServer
Failed in starting process commandLine
WaitForSingleObject returned WAIT_ABANDONED commandLine
WaitForSingleObject returned WAIT_TIMEOUT commandLine
fullCmd waitTime mils
Failed to open Registry key, regRc.
Failed to read registry key , regRc.
HttpServer Thread stopped.
Couldn't terminate HttpServer thread.
SBHttpServer
CSBHttpServerImpl::StopThread
Couldn't stop HttpServer thread. Attempting to Terminate Thread.
CSBHttpServerImpl::StopController
HttpServer controller stopped.
127.0.0.1
Config file may not exist or is corrupted. Creating default config file for the HttpServer controller.
HttpServer Thread quit event set.
Unknown return status from WaitForMultipleObjects() [%u].
Waiting for HttpServer events.
Registering %s failed with %lu
hXXp:// :53911/WOT/Query/
CSBHttpServerImpl::HttpServerThread
HttpInitialize failed with %lu
HttpServer thread succesfully started
Failed starting HttpServer thread.
The HttpServer thread is already running.
CSBHttpServerImpl::StartThread
Starting HttpServer thread.
the HttpServer config file
CSBHttpServerImpl::SaveConfigToDisk
HttpServerConfig.xml
CSBHttpServerImpl::GetConfigObjectFromDisk
Couldn't start HttpServer controller's thread.
HttpServer thread started successfully.
HttpServerConfig not loaded successfully. Using default values, changes not persisted.
HttpServerConfig Loaded successfully.
HttpServer thread already started, exiting StartController.
CSBHttpServerImpl::StartController
Entering HttpServer module StartController.
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
CSBLanGuard::StopAllRemediationOperations
CSBLanGuard::GetWindowsUpdateSettings
CSBLanGuard::SetWindowsUpdateSettings
Setting the this pointer for the LanGuard CoClass [%x].
An error occurred attempting to get the Windows Update ScheduledInstallationTime setting hr=[%x].
An error occurred attempting to get the Windows Update ScheduledInstallationDay setting hr=[%x].
An error occurred attempting to get the Windows Update ReadOnly setting hr=[%x].
An error occurred attempting to get the Windows Update Required setting hr=[%x].
An error occurred attempting to get the Windows Update notification level setting hr=[%x].
An error occurred attempting to get the Windows Update settings hr=[%x].
An error occurred attempting to set the Windows Update ServiceEnabled setting hr=[%x].
CSBLanGuardImpl::GetWindowsUpdateSettings
Unable to CoCreateInstance for AutomaticUpdateSettings, hr=[%x].
Enabled the Windows Update service.
An error occurred attempting to enable the Windows Update service hr=[%x].
Unable to set Windows Updates settings because they are ReadOnly. This may be caused by a GroupPolicy setting that prevents this user from changing the settings.
An error occurred attempting to save the current Windows Update settings hr=[%x].
An error occurred attempting to set the Windows Update ScheduledInstallationTime setting to [%d], hr=[%x].
An error occurred attempting to set the Windows Update ScheduledInstallationDay setting to [%d], hr=[%x].
An error occurred attempting to set the Windows Update notification level setting to [%d], hr=[%x].
An error occurred attempting to read the current Windows Update setting hr=[%x].
CSBLanGuardImpl::SetWindowsUpdateSettings
IDispatch error #%d
Adding System Update schedule item. The last scan was run on (%s), the ScanInterval is [%d] hours.
Adding System Update schedule item. The last definition update check was run on (%s), the UpdateInterval is [%d] hours.
Unable to locate an item in the HiddenUpdates collection while trying to remove an item from the HiddenUpdates collection. The update ID (%s) may not be removed from the Hidden Updates collection and may NOT be show to the user.
Found Update name (%s), with matching Digest of (%s).
Last successful scan results path is .
An error occurred attempting to initialize LanGuard; com error(0x%x) : (%s)
An error occurred attempting to initialize LanGuard; return code (0x%x)
Got current thread state (%s) and reboot required is (%s).
Error creating the MantleServer object; com error: (%s). Unable to communicate with the LanGuard process.
Failed connecting to the MantleServer object; com error: (%s)
Error creating the MantleServer object; com error:  (%s). Unable to communicate with the LanGuard process.
We were unable to Create an instance of the LanGuard interface and the result returned was [0x%x]. We are NOT connected to the LanGuard interface.
An error occurred attempting to StopAllScans; com error(0x%x) : (%s)
An error occurred attempting to StopAllRemediationOperations; com error(0x%x) : (%s)
Stopped all LanGuard RemediationOperations successfully.
CSBLanGuardImpl::StopAllRemediationOperations
Unable to stop all LanGuard RemediationOperations. This may be because there are no RemediationOperations currently running.
An error occurred attempting to configure the System Update proxy settings; com error(0x%x) : (%s)
The System Update ProxySettings are (%s) in the configuration file. The LanGuard system will be configured to use (%s) Proxy settings.
An error occurred attempting to ResetProxyToAutomatic; return code (0x%x)
An error occurred attempting to SetProxyServer; return code (0x%x)
An error occurred attempting to SetProxyCredentials; return code (0x%x)
Couldn't find the product element for this patch (%s) in the scan results. Unable to populate the telemetry data.
DownloadFileUrl
Found the product element for this patch (%s) in the scan results. Will populate the telemetry data.
An error occurred attempting to get Languard Build; com error(0x%x) : (%s)
Languard version is , build is 
MantleServer build returned: (%s)
ERROR: error geting the MantleServer Build; hr: (%x)
An error occurred attempting to get Languard Version; com error(0x%x) : (%s)
MantleServer version returned: (%s)
ERROR: error geting the MantleServer Version; hr: (%x)
Could not create volatile registry key after update.
Created volatile registry key after update.
Languard Definitions version is , install date is 
An error occurred trying to read the version file (%s) for System Update definitions version.
\toolcfg_updates.xml
MantleServer GetDataDir returned: (%s)
ERROR: error geting the Languard DataDir; hr: (%x)
An error [%d] (%s) occurred de-serializing System Update Scan from the file . Unable to determine if a postreboot scan is required.
Failed to serialize %s.
Error serializing %s--%s
Bad argument; pXmlBuf is NULL. %s.
Failed to deserialize %s.
Error deserializing %s--%s
While trying to write LanGuard Config File (%s), received error.
Unable change attributes on the config file: %s
LanGuardConfig.xml
While trying to write a default LanGuard Config File (%s), received error.
While reading the LanGuard Config File (%s). Config file may not exist or is corrupted. Creating default config file for the LanGuard controller.
There are [%u] total updates, [%u] hidden updates and [%u] critical updates.
Update name (%s) is a Microsoft Update. Skipping
The LMX Error [%d] occurred trying to add a blank Update item to the Updates collection. LMX errors are listed in ..\vendor\LMX\include\lmxinternals.h
Added Update name (%s), with Importance of (%s).
Adding [%d] Updates for Product name (%s).
Added dateTimeStamp start: (%s) and end: (%s).
Adding Updates for [%d] Products to the Updates collection.
An error [%d] (%s) occurred de-serializing System Update Scan from the file . Unable to calculate the Update counts for these scan results.
The most recent System Updates scan results file is (%s). We will calculate the counts for Updates using this scan results file.
\LG*.xml
Initialized m_sbxmlTelemetry object from %s
%s\%s
teltempfile.tmp
\telemetryfile.xml
Transferred telemetry data file named (%s) to the service as (%s).
SbXml::SaveToFileSimply returned false trying to save (%s).
An error occurred attempting to RemediatePatches; com error(0x%x) : (%s)
RemediatePatches returned an unknown error [%u] (%s).
RemediatePatches returned [%u] remediation was successfull, but some patch requires a reboot to be effective.
RemediatePatches returned an error [%u] remediation engine error (timeout expired while executing patches, default 6 hours) (%s).
RemediatePatches returned an error [%u] unexpected exception (%s).
RemediatePatches returned an error [%u] failure while reading the scanresults database (%s).
RemediatePatches returned an error [%u] one of the patch digests passed for deployment was not found in the scan results (%s).
RemediatePatches returned an error [%u] command XML is invalid (%s).
%s: hr = %d
An error occurred attempting to RemediatePatches; return code (0x%x)
Will remediate using the Patches collection provided (%s).
An error [%d] (%s) occurred de-serializing System Update Scan from the file . Unable to remediate these scan results.
Remediation input file moved from  to .
Failed copying file from  to . System Updates unable to complete the remediation operation.
The System Updates scan results file is (%s). We will build the list of updates to apply using this scan results file.
An error occurred attempting to LaunchScan; com error(0x%x) : (%s)
An error occurred attempting to LaunchScan; return code (0x%x)
Couldn't deserialize LanGuard Scan results , unable to process the scan results.
An error [%d] (%s) occurred saving the System Update Scan results to . The results of this scan will not be available.
Successfully updated System Update Scan results from .
Launching (%s) Scan. Directing scan output to (%s).
LG%Y%m%d%H%M%S.xml
An error occurred attempting to UpdateAgent; com error(0x%x) : (%s)
An error occurred attempting to UpdateAgent; return code (0x%x)
Couldn't deserialize LanGuard Scan results , unable to process the post remediation scan results.
Successfully updated System Update Post Remediation Scan results from .
Unexpected return status from WaitForMultipleObjects() [%u]. Will ignore and wait for next event.
System Update is set to auto apply patches after a scan. Setting the event to start the remediation process using the scan results file (%s).
It has been [%d] days since our last check for System Update definitions. Definitions update before scan starting.
_pt-BR.dll
_it-IT.dll
_en-US.dll
_de-DE.dll
Loaded resource file 
Unable to load resource file 
\SBRES_*_*.dll
UI Default Language is: %d
Lazy scan stopping at folder=, file=
Lazy scan stopping at folder=
Lazy scan root folder=
User is %s
UserIdleTime=
CPU is %s, Disk is %s
SBWinHttp callback returned result: %d
Error sending file to BD: [%u].
Adding File to cache: %s
Could not open MIMETypes.txt
Invalid word on MIMEtype.txt for ON/OFF field: (%s)
SiteID is in range. The Enabled flag is .
SiteID=, Enable=, MinID=, MaxID=
\MIMETypes.txt
Unable to get file handle for: (%s)
Could not create ThreatNetTransfer XML for: (%s)
Could not crack the ThreaNet URL nothing will be getting sent. URL=%s
Could not create temp file for transfer. Skipping: %s
Saving query list to %s
%s\Query-%d.xml
Received action response from query: %u
Send file queue max reached in SENDFILE. Dropping file: (%s)
Send file queue max reached in SENDFILEANDCACHE. Dropping file: (%s)
Response file path not found in Query: (%s)
ThreatNetConfig.xml
Setting Threatnet send URL to: (%s).
Setting Threatnet URL to: (%s).
Setting Threatnet query URL to: (%s).
Failed starting ThreatNet thread. Windows Security Center status will not be updated.
Error opening reg key Software\Microsoft\Windows\CurrentVersion\Run.
Sucessfully read keys from Software\Microsoft\Windows\CurrentVersion\Run.
Software\Microsoft\Windows\CurrentVersion\Run
Error opening reg key SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run.
Sucessfully read keys from SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run.
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
%d.%d
ThreatNetFileCache.txt
RegOpenKeyEx failed deleting sbamui run key value.
RegDeleteValue failed with return code [%ld] deleting sbamui run key value. Key will not exist after first run.
DeleteRunKeyValue
SBAMUI run key value not found.
AdjustTokenPrivileges (%s) failed.
LookupPrivilegeValue (%s) failed.
{31463A1D-577C-4D78-A9C8-0A65C17727B5}
OnPowerEvent dwEeventType=[%d].
Updated checkpoint [%d] and ServiceStatus is [%d].
OLEAUT32.DLL
Failed starting update_status_thread_handle thread. The service status may not be reported correctly during shutdown process.
HandlerEx dwEeventType=[%d].
HandlerEx dwOpcode=[%d].
Waiting for the Threat Engine Open thread to finish, current CheckPoint is (%d). CheckPoints occur every five seconds until the Threat Engine open completes.
Renamed the old scan history folder (%s) to (%s).
CoInitializeSecurity() failed. HR=0xx
Mscoree.dll
CProxy_ISBServiceEvents::Fire_SendMsgToClientsCB
CSBService::SendMsgToClients
CSBService::OnSendMsgToClientsCB
Setting the this pointer for the Service CoClass [%x].
SERVICE_CONTROL_STOP control message has been sent to the service (%s)
OpenService for (%s) failed. Unable to send the Stop command to the Service.
Set the Service thread priority to %d. This should be THREAD_PRIORITY_NORMAL.
The power status is %d.
Service ErrorState is currently [%s].
CSBServiceImpl::SendMsgToClients
A client is sending a message of type %d, parameters [%u], [%u] to all other clients.
The Embassy Trust Suites wxvault.dll was successfully unloaded from our process space.
Couldn't unload the Embassy Trust Suites wxvault.dll from our process space.
Found the Embassy Trust Suites wxvault.dll loaded into our process space. Attempting to unload it.
wxvault.dll
Failed to OpenService on (%s).
Couldn't read "HKLM\Software" key.
Couldn't read "HKLM\Software\SBAMSvc" key.
Retrieved Enterprise Product Code value [%d] under HKLM\Software\SBAMSvc key. This is an Enterprise agent.
CSBServiceImpl::RetrieveEnterpriseRegKeys
Couldn't get Enterprise Product Code value under "HKLM\Software\SBAMSvc" key. This is not an Enterprise agent.
Couldn't read (%s) key.
CSBServiceImpl::CreateVolatileSystemUpdateRestartKey
Couldn't open "HKLM\Software" key.
Couldn't open "HKLM\Software\SBAMSvc" key.
couldn't set "Company" value under "HKLM\Software\SBAMSvc" key
couldn't set "Product" value under "HKLM\Software\SBAMSvc" key
company  and product  names persisted
Could not write TypesSupported registry key, error [%ld].
TypesSupported
Could not write EventMessageFile registry key, error [%ld], path (%s).
Could not write CategoryMessageFile registry key, error [%ld], path (%s).
Could not write CategoryCount registry key, error [%ld].
Could not open CurrentControlSet\Services\EventLog\Application\SBAMSvc registry key, error [%ld].
CSBServiceImpl::WriteEventLogKeyToRegistry
Could not open HKLM\System registry key.
Scheduled update or scan is starting now (%s), the last time we woke from sleep was (%s), tNow - tWakeTime = [%d].
Have not already sent this Threat file  to ThreatNet.
Threat file  with no MD5 was already sent to ThreatNet. Threat file will not be sent to ThreatNet again.
Threat file  with MD5  was already sent to ThreatNet. Threat file will not be sent to ThreatNet again.
Unable to save company  and product  names. There may be problem with the registry. Application data may be written to a different folder.
Saved company  and product  names.
version is 
Unable to set the service startup type to delayed auto start. Non Vista OS doesn't support that setting.
ChangeServiceConfig2 called with service type of delayed SERVICE_AUTO_START for the service (%s)
ChangeServiceConfig2 for (%s) failed. Unable to set the service startup type to delayed auto start.
ChangeServiceConfig called with service type of SERVICE_AUTO_START for the service (%s)
ChangeConfigService for (%s) failed. Unable to send the ChangeServiceConfig command to set the service startup type to auto start.
OpenService for (%s) failed. Unable to send the ChangeServiceConfig command to set the service startup type to auto start.
HTTP Error:%ld
%ld:%s
winhttp.dll
Couldn't create "HKLM\Software\SBAMSvc" key.
Couldn't create default "Product" value under "HKLM\Software\SBAMSvc" key
Couldn't create default "Company" value under "HKLM\Software\SBAMSvc" key.
Created default "(%s)" value under "HKLM\Software\SBAMSvc" key.
Couldn't get "Company" value under "HKLM\Software\SBAMSvc" key. Creating default values.
Company  and product  names retrieved.
Unable to create folder. AppDataFolder specified but the path (%s) was invalid.
Wrote data of length  into file path .
Wrote  but expected to write . Write file operation failed, file incomplete.
Failed writing data into file . Write file operation failed.
Failed writing BOM into file path . Write file operation failed.
Couldn't open file path . Write file operation failed.
-X.xml
\%Y%m%d%H%M%S.xml
\AP-%Y%m%d%H%M%S
knownType=%d MD5= csOriginalThreatFilepath=.
Threw an error trying to launch one or more Trays with the path of %s.
An error occured launching one or more Trays with a path of %s.
Tray Execute
The Tray(s) were successfully executed %s.
SBAMTray.exe"
Converted Threat Name (%s) to valid file name.
Checking (%s) to make sure it is valid file name.
/\:?"*|
Couldn't get the installation folder. Unable to set  environment variable.
Exceeded max %d in m_AlreadySentToTN. Removing the first in the collection .
Remembering file path  so we don't send it to ThreatNet again.
Remembering MD5  for threat  so we don't send it to ThreatNet again.
Unable to transfer suspicious file (%s) from APEventID (%s). One or both of the parameters is empty.
Error encrypting Suspicious file  to . ThreatNet will not be updated.
Error removing file .
Suspicious threat file  transfered to ThreatNet.
File transfer operation failed sending Suspicious file  to ThreatNet. ThreatNet will not be updated.
Could not remove old Threatnet file . File is orphaned on the disk.
%Y/%m/%d
quarantine\QR{*.xml
Couldn't set threat engine's Quarantine callback. Operation failed.
Couldn't set threat engine's log callback. Operation failed.
Setting quarantine path to .
Setting Threat engine definitions folder location to .
Created TEL zip file (%s) for transfer to ThreatNet.
Deleted temp TEL zip file (%s).
Error renaming the temp TEL zip file (%s) to (%s).
Improperly formatted file path passed in. Unable to transfer file [%s].
TEL-{%s}
Created FPF zip file (%s) for transfer to ThreatNet.
Deleted temp FPQ zip file (%s).
Error renaming the temp FPF zip file (%s) to (%s).
Error adding FP file (%s) to zip file (%s). FP file will not be sent to ThreatNet.
FPF-{%s}
GetQuarantineFilePathFromID didn't return a path for Quarantine ID (%s). Threat file will not be sent to ThreatNet.
Quarantined threat file  transfered to ThreatNet.
File transfer operation failed sending file  to ThreatNet. ThreatNet will not be updated.
Error copying file  to . ThreatNet will not be updated.
There wasn't a Quarantine item for APEventID (%s) might be a suspicious item that wasn't quarantined.
Error adding FP Quarantine trace file (%s) to zip file (%s). FP file will not be sent to ThreatNet. Will attempt to get remaining traces.
Error adding FP Quarantine Meta Data file (%s) to zip file (%s). FP file will not be sent to ThreatNet.
FPQ-%Y%m%d%H%M%S_
While saving the Private Config File (%s), InitObjectFromXmlBufferAndLog failed.
While saving the Private Config File (%s), SaveToFileAndLog failed.
While trying to write Service Config File (%s), received error.
ServiceConfig.xml
Incremented the %s counter to %d.
%Y-%m-%d
Failed to exec Process64.exe to enumerate the 64 bit processes.
Failed to retreive the RunningProcsList at (%s).
Retreived the RunningProcsList at (%s).
Exec'd Process64.exe to enumerate the 64 bit processes.
Path to program for reading 64 bit OS process list is (%s).
\x64\Process64.exe"
Error while reading the Private Config File (%s). Config file may not exist or is corrupted.
While trying to write a default Service Config File (%s), received error.
While reading the Service Config File (%s). Config file may not exist or is corrupted. Creating default config file for the Service controller.
CountScans.XML
CountCleanedScans.XML
CountCleanedAP.XML
CountCleanedEmailAV.XML
CountBlockedByFirewall.XML
Internet access is %s
SBAMUIConfig.xml
SocialWatchConfig.xml
Error [%d] (%s) occurred saving the Social Watch History to . The history of this scan will not be available.
\SW{%s}.xml
Not opted in to ThreatNet bypassing ThreatNet processing.
Setting Long Product Name from Short Product Name (%s).
Did not find the Email AV Bad Url Replacement message text. Cannot set sku specific config values.
Did not find the Email AV SMTP error string. Cannot set sku specific config values.
Did not find the SPURS Base URL string resource. Cannot set software update sku specific config values.
Did not find the ThreatNet telemetry Enterprise URL string resource. Cannot set sku specific config values.
Did not find the ThreatNet Send Enterprise URL string resource. Cannot set sku specific config values.
Did not find the ThreatNet Query Enterprise URL string resource. Cannot set sku specific config values.
Did not find the ThreatNet Enterprise URL string resource. Cannot set sku specific config values.
Did not find the SPURS base URL string resource. Cannot set sku specific config values.
Did not find the AutoGet URL string resource. Cannot set sku specific config values.
Did not find the Registration Update URL string resource. Cannot set sku specific config values.
Did not find the Registration URL string resource. Cannot set sku specific config values.
Setting Long Product Name (%s).
Setting Enterprise Long Product Name (%s).
Error setting Company (%s) Product (%s). Cannot set sku specific config values.
Firing System error state changed event. Error State is now [%s].
%u: %s
\EV%s%.02d.xml
%Y-%m-%dT%H:%M:%S
A client is logging a system event of type %d for subsystem %d.
APEvent  transfered to ThreatNet.
File transfer operation failed sending APEvent:  to ThreatNet. ThreatNet will not be updated.
FindFirstFile returned an error when we tried to find . There are no FP files to send to ThreatNet.
Could not delete FP file . File is orphaned on the disk but will be cleaned by the 30 day purge.
File transfer operation failed sending FP file  to ThreatNet.
Found FP file to send to ThreatNet .
FP*.zip
FindFirstFile returned an error when we tried to find . There are no telemetry files to send to ThreatNet.
Found telemetry file to send to ThreatNet .
TEL*.xml
FindFirstFile returned an error when we tried to find . There are no Scan History file to send to ThreatNet.
Could not unlink Threatnet file . File is orphaned on the disk.
Could not process Suspicious Threat file for APEvent .
Could not process Quarantine Threat file for APEvent . Looking for Suspicious file.
Found APEvent xml file to send to ThreatNet .
Error removing file . Exceeded %d APEvent xml files to send to ThreatNet.
Exceeded %d APEvent xml files to send to ThreatNet. Removed APEvent xml file .
Found scan results file to send to ThreatNet .
20*.xml
FindFirstFile returned an error when we tried to find . There are no AP Event XML files to send to ThreatNet.
AP*.xml
Set the Service thread priority to %d. This should be THREAD_PRIORITY_LOWEST to minimize the impact of ThreatNet transfers on other applications.
Preparing to purge the quarantine. Days to keep = %d.
Delete of quarantined item with QId = [%s] failed.
Deleted quarantine item with QId = [%s].
Preparing to delete QId = [%s].
The results for quarantining a file is 
The results for quarantining a file are 
The results for quaranting a buffer are 
Couldn't get quarantine record. QId=
Successfully got the quarantine record. QId=
Got size of quarantined record. quarantineItemSize=[%d]
Couldn't get quarantine item following szQID=
Successfully queried next quarantined item szQID=
Unkown quarantine action type [%d].
Found a full path trace to update in known bad apps = [%s], MoveToAlwaysAllowed = %s.
Found a threat to add to the always allow [%d].
The bulk trojan or AP Holding threat was asked to be added to the ignored threats list from QId = [%s]. That would be bad so adding to known good collection by path instead.
Checking threat traces for a file trace to unquarantine for QId = [%s], MoveToAlwaysAllowed = [%s].
Could NOT desrialize the quarantine data from the service for ID [%s]. Will not remove quarantine item from always blocked list.
Could NOT get the quarantine date for ID [%s]. Will not remove quarantine item from always blocked list.
Unquarantined failed, no client PID provided, QId = [%s], folder = [%s], MoveToAlwaysAllowed = [%s].
Unquarantined failed because impersonation failed, QId = [%s], folder = [%s], MoveToAlwaysAllowed = [%s].
Unquarantined with impersonation failed QId = [%s], folder = [%s], MoveToAlwaysAllowed = [%s].
Unquarantined with impersonation succeeded, QId = [%s], folder= [%s], MoveToAlwaysAllowed = [%s].
Unquarantined QId = [%s], folder= [%s], MoveToAlwaysAllowed = [%s].
Preparing to unquarantine QId = [%s], folder= [%s], MoveToAlwaysAllowed = [%s].
Processed %d quarantine queue items.
Invalid quarantine item action if %d.
3.0.1
1.0.0.1
Unable to delete file (%s).
Removing old software update download (%s).
\*.exe
Returning path to software update: (%s).
SoftwareUpdateConfig.xml
The configuration information was saved to file .
Just retrieved the SPURS latest version number of %s
Got software update file=.
Couldn't find any executables in the Download folder. Software update isn't available.
Software update enabled flag %s.
Current local software version is (%s).
Exception thrown by SPURS SDK on download: , continuing anyway. Thread will wait for next event.
Exception thrown by SPURS SDK on scheduled download: , continuing anyway. Thread will wait for next event.
Unknown dwWaitStatus [%u]. Ignoring this wait return.
Wait for event to start operation.
Vipre dll version is 
definitions\vcore.dll
0.0.0.0
CSBThreatDefinitions::ReportClientUpdateStatus
Setting the this pointer for the ThreatDefinitions CoClass to .
Did not get the mutex but the wait returned with %d, so go ahead and scan.
Error retrieving Proxy values (Server = %s, Username %s, Password = %s or Port = %ld) from registry.
ProxyPort
ProxyPassword
Setting the event to wake up the threat definitions controller thread to check for threat defs. Is manual %s.
Undefined known state for file .
Couldn't get known state for file  from threat engine. Leaving now.
Successfully added a one time schedule item for pre-scan threat defs update check at %s. The timer %s wake up the computer.
Deleted defs version file [%s] to force an update to a compatible definitions version.
Could not delete defs version file [%s]. The system may run with incompatible definitions until the next update.
Definitions\DefVer.txt
Current defs are version %d, which are newer than or equal to the min needed of %d, definitions version file was not deleted and we will not force an update.
Checking to see if this machine has the minimum required defs version needed. Minimum version required is %d, local version is %d.
%d (%s)
SBCSApplyDefinitionUpdate called back to see if we want to continue and returned (%s). Updates applied %d, total updates to apply %d, reload is (%s).
While trying to write the ThreatDefinitions Config File (%s).
Error while reading the Config File (%s). Config file may not exist or is corrupted, creating default config file.
ThreatDefinitionsConfig.xml
Couldn't save config data, dwError=. New settings were NOT saved into the file.
Error converting the config buffer from the client. Unable to save the configuration information to file . Error code was %d.
Threat definitions enabled flag %s.
CSBThreatDefinitionsImpl::ReportClientUpdateStatus
Using threat defs file in folder .
Performing a check for Threat definitions updates. Is manual %s.
Unable to apply update .
Apply of threat definitions update file  succeeded.
Unable to manually apply update. There may be a problem with the definitions file (%s).
Unknown dwWaitStatus [%d]. Ignoring this wait return.
The event to check for a threat definition update before a scan was signalled for schedule item . Checking if an update is needed.
The scheduled check for a threat definition update event was signalled for schedule item . Checking if an update is needed.
Failed starting worker thread. Threat definitions controller is inoperable.
Error encountered deserializing the config information .
Unable to open the WSC / Action Center service using Service Control Manager, the WSC / Action Center service is not installed and our status will not be reported.
Unable to OpenService wscsvc. Vipre features may not be reported correctly in WSC.
Unable to OpenSCManager. Vipre features may not be reported correctly in WSC.
Unable to get Service settings config object. Vipre features will not be reported in WSC.
IsVipre returning %s.
QueryStatus returned apState [%d], apStatus [%d].
QueryStatus returned fwStatus [%d].
Couldn't terminate WSC thread. Windows Security Center status may not correctly reflect the state of the service.
Removed Firewall instance from WSC, hr=[%x].
Unable to Uninstall Firewall Class from WSC, hr=[%x].
Removed AntiSpyware instance from WSC, hr=[%x].
Unable to Uninstall AntiSpyware Class from WSC, hr=[%x].
Removed AntiVirus instance from WSC, hr=[%x].
Unable to Uninstall AntiVirus Class from WSC, hr=[%x].
CoCreateInstance for Firewall interface failed, hr=[%x]. Unable to remove our instance from WSC
Uninstalled Firewall from WSC, hr=[%x].
Unable to Uninstall Firewall from WSC, hr=[%x].
CoCreateInstance for AntiVirus interface failed, hr=[%x]. Unable to remove our instance from WSC
Uninstalled AntiVirus from WSC, hr=[%x].
Unable to Uninstall AntiVirus from WSC, hr=[%x].
CoCreateInstance for AntiSpyware interface failed, hr=[%x]. Unable to remove our instance from WSC
Uninstalled AntiSpyware from WSC, hr=[%x].
Unable to Uninstall AntiSpyware from WSC, hr=[%x].
Windows type is Vista or newer so we updated AntiSpyware state [%d] and (%s) to WSC.
Unable to write AS status to WSC, hr=[%x].
IsFirewallSKU returned true so we updated Firewall state [%d] to WSC, hr=[%x].
Unable to write FW status to WSC, hr=[%x].
IsVipreSKU returned true so we updated AntiVirus state [%d] and (%s) to WSC.
Unable to write AV status to WSC, hr=[%x].
IsFirewallSKU returned true so we updated Firewall state [%d] to WSC API.
Unable to write FW status to WSC, Failed UpdateStatus hr=[%x].
Unable to CoCreateInstance for FW with WSC, hr=[%x].
IsVipreSKU returned true so we updated AntiVirus state [%d] and (%s) to WSC API.
Unable to write AV status to WSC, Failed UpdateStatus hr=[%x].
Unable to CoCreateInstance for AV with WSC, hr=[%x].
Windows type is Vista or newer so we updated AntiSpyware state [%d] and (%s) to WSC API.
Unable to write AS status to WSC, Failed UpdateStatus hr=[%x].
Unable to CoCreateInstance for AS with WSC, hr=[%x].
SBAMWSC.EXE
Unable to update Windows Security Center with current status.
Registered FW product [%s] with display name [%s] with WSC, hr=[%x].
Unable to Register FW [%s] with display name [%s] with WSC, hr=[%x].
Registered AV product [%s] with display name [%s] with WSC, hr=[%x].
Unable to Register AV [%s] with display name [%s] with WSC, hr=[%x].
Registered AS product [%s] with display name [%s] with WSC, hr=[%x].
Unable to Register AS [%s] with display name [%s] with WSC, hr=[%x].
WSCConfig.xml
Invalid UpdateCheckIntervalHours value [%d] in WSC Config File.
FW state did not change. Current state is [%d]
FW state changed. Current state is [%d], new state is [%d]
AP state did not change. Current state is [%d]
AP state changed. Current state is [%d], new state is [%d]
WSC Controller is disabled and we tried to remove ourself from WSC and failed, maybe we were never installed into WSC [%x].
Note: Versions of Windows before Vista don't support AntiSpyware in Windows Security Center.
UpdateCheckInterval timer expired after [%d] hours.
Failed starting WSC thread. Windows Security Center status will not be updated.
CProxy_ISBActiveProtectionEvents::Fire_APReportingCB
CSBActiveProtection::OnAPReportingCB
Add of PID [%d] to AP failed with error %d.
Added PID [%d] to AP.
APConfig.xml
\Logs\ap.etl
Wrong user known type %d.
Couldn't encode the Hash for passing to the scan controller.
Received prompt ACK for msg_id [%s].
Message %s has been answered by the user
CSBActiveProtectionImpl::ReportCallback
report event has been received.
Extension in list is NOT in file. Removing it from the collection; Extension = [%s].
Adding file extension to collection; File ext = [%s].
Unable to decrypt extensions file [%s]. The extensions collection was NOT updated.
\apincl.dat
AP%s.xml
Registration Code Status is [%d], Enabled is [%s].
RegistrationConfig.xml
Install date is invalid. Deleting the SBAMConfig.dll file. This file determines the evaluation period.
File  deleted
Could not delete file: %s
CheckInstallDateFile unable to get install date. Deleting the SBAMConfig.dll file. This file determines the evaluation period.
SBAMConfig.bin
There is a Registration Key in the config file or in the Registry. We don't need to request one from SKMS.
The registration key we received from SKMS returned an invalid status when we sent it back for an Update check. Will try request a key again on next check.
CheckRegistration returned (%s).
Couldn't get pointer to CSBRegistrationImpl instance. Will not be able to start Check Registration thread or check users regisrtration key status for the application.
There is a Registration Key in the Registry but not in the config file. Update the Config file, and get the key status from SKMS.
Failed starting thread. Application will not be able to verify registration key status.
Failed creating CheckRegistration event. Application will not be able to verify registration key status.
Failed creating m_hQuitCheckRegistrationThread event. Application will not be able to verify registration key status.
Registration thread DIDN'T start. Application will not be able to verify registration key status.
Registration Code Status is [%d].
Setting log level to %d.
Setting log roll over size to %d.
Setting log file count to %d.
Url  contains a known %s domain.
Couldn't replace bad url link node; search and replace will be aborted and HTML will not be modified.
SBAntiPhishing::ProcessHTMLElement
Bad url link node successfully replaced.
HTML document successfully processed; no bad url link nodes were found.
HTML document successfully processed; %d bad url link nodes were replaced.
Exception occurred while trying to process the text; text will not be modified. (%S)
Text successfully processed; no bad urls were found.
Text successfully processed; %d bad urls were replaced.
Bad url successfully replaced.
{(((https?)|(ftp)://)|(www\.)|(ftp\.))([-A-Z0-9 &@#/%?=~_|!:,.;]*)([-A-Z0-9 &@#/$=~_|])}
CSBEmailAV::BadUrlAction
CSBEmailAV::IsBadUrlCheckingEnabled
CloseEmailWindowMsgText is NULL
CSBEmailAV::GetCloseEmailWindowMsgText
Invalid parameter: MessageAttachment = [%p], OriginalBufferSize = [%d], AttachmentName = [%p], DateTime = [%p], Subject = [%p]
Invalid parameter: Subject = [%p], Extension = [%p], Buffer = [%p], BufferSize = [%d]
CSBEmailAV::ScanTextForBadUrls
priority=, msg=
Expanding %%CRLF%%...
%CRLF%
Invalid %%PRODUCTVERSION%% [%s]
Replacing %%PRODUCTVERSION%% with [%s]
Invalid %%ATTACHMENTNAME%% [%s]
Replacing %%ATTACHMENTNAME%% with [%s]
Invalid %%THREATNAME%% [%s]
Invalid %%THREATDEFVERSION%% [%d]
Replacing %%THREATNAME%% with [%s]
Replacing %%THREATDEFVERSION%% with [%s]
Invalid %%VIPREVERSION%% [%s]
Replacing %%VIPREVERSION%% with [%s]
Invalid %%COMPANY%% [%s] or %%PRODUCT%% [%s]
Replacing %%COMPANY%% with [%s], %%PRODUCT%% with [%s]
Expanding %%COMPANY%% and %%PRODUCT%%...
%COMPANY%
Invalid %%PRODUCTLONG%% [%s]
Replacing %%PRODUCTLONG%% with [%s]
Expanding tokenized string; Text = [%s], Threat Name = [%s], Attachment Name = [%s]
cmclient1.dll
Failed to open file; key=, error=
Failed to read file; key=, error=
Failed to create file; key=, error=
Failed to write data; key=, error=
Failed to delete file; key=, error=
op=, key=, success=
EmailAVConfig.xml
Bad url definition file could not be loaded.
LoadBadUrlDefs
Bad url definition file was successfully loaded.
Couldn't copy known bad url dll from defs folder to install folder; will continue using previous dll.
Successfully copied known bad url dll from defs folder to install folder.
kbu.dll
EmailAV released known bad url dll.
Definitions were updated; we need to unload the known bad url dll, copy it from the defs to the install dir, and then reload it.
Returning undelivered subject prefix [%s]
Returning undelivered body text [%s]
CSBEmailAVImpl::GetCloseEmailWindowMsgText
Returning close email window message text [%s]
CSBEmailAVImpl::GetBadUrlReplacementText
Returning text to replace bad urls [%s]
Failed to quarantine the email message; subject=, filename=
Successfully quarantined the email message; subject=, filename=, cleaner result=, quarantine id=
.email
Failed to create client; error=
Failed to set client persist callback; error=
Failed to create client description; error=
Failed to set client description; error=
Failed to start client; error=
Failed to wait for client ready; error=
Failed to create catalog session; error=
IFailed to parse message; error=
Failed to query catalog session; error=
Failed getting threat id [%d] name
Got name  for threat id [%d]
BadUrls collection
CSBEmailAVImpl::ScanTextForBadUrls
Returning text to append [%s]
Returning inbound text to append [%s]
Cloudmark scan %s; message %s spam
Sender= is not in the address list; scan the message for spam
Sender= is in the address list as allow; do not mark the message as spam
Sender= is in the address list as block; mark the message as spam
Scanning message for spam; subject=, date=, sender=
No threat definitions; attachment = [%s] will not be scanned
Buffer contains threat; nThreatId=[%u]
Unknown buffer; will attempt to %s it if a threat is detected
Failed to quarantine buffer; passing through unmodified
Detected non-cleanable pseudo threat; will attempt to %s it
Scanning attachment; MessageBuffer = [%p], OriginalBufferSize = [%d], strAttachmentName = [%s]
State changed from [%s] to [%s]
Arva failed to start : [%d]
Could not enable monitor [%d] on port [%d] : [%d]
WindowsLiveMail Support: [%s]
SHELL Executed to register WlMailApiCom.dll
-s WLMailApiCom.dll
SHELL Executed to register WlMailApiStore.dll
-s WLMailApiStore.dll
Failed to register [%s],WindowsLiveMail support Will not work
SHELL Executed to register WlMailApiInit.dll
-s WLMailApiInit.dll
regsvr32.exe
{93ABC5F0-879F-4400-9AE9-F2742A03A229}
EmailAV is configured to quarantine messages containing bad urls; make a backup of the original message now.
EmailAV is not configured to quarantine messages containing bad urls; do not make a backup of the original message.
Pseudo-bad url successfully replaced.
VIPRE_PSEUDO_BAD_URL
Unexpected result= while waiting for events
Unexpected result= waiting for config thread to stop; config thread will be terminated
Body did not contain bad url
Body contained bad url and was replaced
Bad url checking is disabled; message body will not be scanned.
Incorrect date/time passed [%s]. Cannot convert to a time_t value.
An invalid length or invalid buffer was passed into ReadFromFile.
Read all data from file .

d:d:d %d/%d/%d

%x %X

FindFirstFile did not succeed on path . No files were found.

Deleted (%s) - [%d] files remaining.

Error removing file (%s).

The (%s) list has (%d) items.

List is empty adding files (%s) to list.

%s\%s*.xml

SBAM.Common

Env var value too big(>%u)!

GetProcAddress('%s') failed

LoadLibrary('%s') failed

Failed to read env var

We have an error trying to build the envPath from %s

Rpcrt4.dll

Programmer error! The size of PIDs is NOT large enough! (index) %d > %u (size).

PID[d] = d .

Found process - d  hTask16 (%d).

Found process - d .

NTVDM.EXE

VDMDBG.DLL

Kernel32.DLL

Successfully launched  for user u .

DuplicateTokenEx 0xX dup(0xX).

OpenProcessToken 0xX token 0xX.

OpenProcess %u HANDLE 0xX.

OpenProcess failed for PID %d. Cannot run the command as a logged on user.

Trying to launch  for user u .

Only handling the first %u users.

%u users found.

explorer.exe

CmdLine = .

ISBWebFilterEvents

CProxy_ISBWebFilterEvents::Fire_ConfigChangeCB

CProxy_ISBWebFilterEvents::Fire_WebFilterStateChangeCB

CProxy_ISBWebFilterEvents::Fire_WebFilterStatsCB

CProxy_ISBWebFilterEvents::Fire_WebFilterPublishingCB

CProxy_ISBWebFilterEvents::Fire_WebFilterReportingCB

#SBWebFilter

Web Filter CoClass

CSBWebFilter::GetConfig

CSBWebFilter::SetConfig

WebFilterStatus is NULL

CSBWebFilter::GetWebFilterStatus

CSBWebFilter::EnableWebFilter

CSBWebFilter::DisableWebFilter

CSBWebFilter::WFResetToDefaults

CSBWebFilter::OnConfigChangeEvent

CSBWebFilter::OnWebFilterStateChangeEvent

CSBWebFilter::OnWebFilterStatsEvent

CSBWebFilter::OnPublishingEvent

CSBWebFilter::OnReportingEvent

CSBWebFilterImpl::StopThread

CSBWebFilterImpl::SetCoClassPtr

Failed to add the Port to the WebFilter collection. This Port will not be available.

Failed to clear the Ports in the WebFilter. The Ports collection could not be loaded in the WebFilter.

The Dirty flag is set for the Ports collection in the WebFilter Config file. The Ports collection will be reloaded in the WebFilter.

ApplyConfigPorts

The Dirty Flag was not set on the Ports Collection from the WebFilter Config file. Will NOT update the Ports settings in the WebFilter.

CSBWebFilterImpl::GetWebFilterStatus

This is a Firewall SKU and this function requires the WebFilter SDK, but WebFilter dll is not loaded! Unable to proceed.

SbWF:WebFilter

Event received from WebFilter module; adding to event queue

CSBWebFilterImpl::NotificationCB

Stats received from WebFilter module; adding to stats queue

CSBWebFilterImpl::StatsCB

Resetting all Web Filter settings back to the defaults for VIPRE Premium SKU.

Resetting all Web Filter settings back to the default settings for Enterprise SKU.

CSBWebFilterImpl::ResetDefaultSiteValues

Resetting all Web Filter settings back to the default settings for (%s) mode.

Unknown:%d

SbWebFilter.dll

WebFilterConfig.xml

CSBWebFilterImpl::SetDefaultConfigValues

Config file may not exist or is corrupted. Creating default config file for the Webfilter controller.

Web filter notification callback didn't include valid data pointer.

staticUrlInspectionCB

Web filter notification callback didn't include valid context pointer.

Web filter stats callback didn't include valid data pointer.

Web filter stats callback didn't include valid context pointer.

Failed to add the BadUrlBlockingException (%s) to the KnownGoodDomain collection. This BadUrlBlockingException will not be available.

The Dirty flag is set for the BadUrlBlockingExceptions collection in the WebFilter Config file. The BadUrlBlockingExceptions collection will be reloaded in the WebFilter.

ApplyConfigBadUrlBlockingExceptions

The Dirty Flag was not set on the BadUrlBlockingExceptions Collection from the WebFilter Config file. Will NOT update the BadUrlBlockingExceptions settings in the WebFilter.

Failed to add the UserKnownBadUrl (%s) to the KnownBadDomain collection. This UserKnownBadUrl will not be available.

The Dirty flag is set for the UserKnownBadUrls collection in the WebFilter Config file. The UserKnownBadUrls collection will be reloaded in the WebFilter.

ApplyConfigUserKnownBadUrls

The Dirty Flag was not set on the UserKnownBadUrls Collection from the WebFilter Config file. Will NOT update the UserKnownBadUrls settings in the WebFilter.

Updated WebFilter Info system configuration.

CSBWebFilterImpl::UpdateInfoConfig

SbWFInfo_UpdateConfig failed. Unable to update Web Filter Info system configuration, statistics may not be reported correctly.

SbWF_UpdateConfig failed. The WebFilter configuration was not correctly updated. The WebFilter may not function as expected.

Called SbWF_SetBlockPage(SbWF_BlockPage_BadUrl) with path (%s). The WebFilter will now use the blocked web page html.

CSBWebFilterImpl::LoadBlockPages

SbWF_SetBlockPage(SbWF_BlockPage_BadUrl) failed with path (%s). The WebFilter will not use the blocked web page html.

BlockedWebPage.htm

SbWF_Stop failed. The WebFilter may not function as expected.

CSBWebFilterImpl::StopWebFilter

SbWFInfo_Stop failed. The WebFilter may not function as expected.

Web Filter controller stopped.

CSBWebFilterImpl::StopController

WebFilter dll is not loaded!

the Webfilter config file

CSBWebFilterImpl::SaveConfigToDisk

the default webfilter config file

the webfilter config file

CSBWebFilterImpl::GetConfigObjectFromDisk

SbWFInfo_Start failed. Unable to start WebFilter.

Unable to read WebFilter Config information. Unable to start WebFilter.

CSBWebFilterImpl::StartWebFilter

SbWF_Start failed. Unable to start WebFilter.

CSBWebFilterImpl::ResetInfoConfig

Unable to read WebFilter Config information. Unable to reset the WebFilter Info Stats Update Frequency.

Out. WebFilter status = %u

Calling OnWebFilterStateChangeEvent().

WebFilter is already stopped.

Failed to stop the WebFilter.

Stopped the WebFilter.

The config file says to turn OFF the WebFilter.

UpdateInfoConfig failed. The WebFilter Info System frequency configuration was not correctly updated. The WebFilter may not report statistics as expected.

WebFilter is already running.

Failed to start the WebFilter.

Started the WebFilter.

The config file says to turn ON the WebFilter.

In. WebFilter status = %u

CSBWebFilterImpl::ApplyConfig

SbWF_SetLoggerCallback failed. Unable to configure WebFilter logging callback.

Resetting all Web Filter settings, user defined Ad Rules and predefined web sites back to the default settings.

CSBWebFilterImpl::WFResetToDefaults

Unable to read WebFilter Config information can't %s the WebFilter.

CSBWebFilterImpl::EnableWebFilter

the webfilter config object

CSBWebFilterImpl::GetConfig

CSBWebFilterImpl::SetConfig

Failed to get webfilter config object from disk; webfilter settings will not be updated

Failed to apply webfilter config settings; webfilter settings may be in an inconsistent state

Successfully applied webfilter config settings

Successfully loaded webfilter config from disk; applying its settings

CSBWebFilterImpl::DoConfigThread

Invalid hour %u. There are only 24 hours in a day. Did not accumulate webfilter statistics.

%Y-%m-%dT00:00:00

%s\%sWS_%s.xml

%Y%m%d

Couldn't add to %s. Folder is NULL.

web filter hourly stats file

WebFilter Stats XML

No listeners for Reporting event

Firing Reporting event

WebFilter event file

WF{%s}.xml

WebFilter Event XML

CSBWebFilterImpl::WebFilterThread

Failed starting the thread. Web filtering will not be operational.

CSBWebFilterImpl::StartThread

WebFilter dll successfully loaded

Could not load WebFilter dll; controller not started.

CSBWebFilterImpl::StartController

CProxy_ISBFirewallEvents::Fire_FWReportingCB

CSBFirewall::OnReportingEvent

Unknown event type in callback type = (%d)

Callback type = (%d) %s.

Packet To Unopened Port event type

SbFweIds_DeleteUserIDSRule for ID [%d] returned [%d]. Unable to delete user IDS rule.

Failed to add the Application Rule for [%s] to the firewall collection. This Rule will not be loaded into the Firewall.

Failed to add the Network rule (%s) to the firewall collection. This rule will not be loaded into the Firewall.

Failed to add the gateway address %s (%s) to the firewall collection. The gateway collection will not be loaded into the Firewall.

Failed to add the Zone (%s) to the firewall collection. The Zones collection will not be loaded into the Firewall.

Invalid or unknown Address type for zone (%s). This zone will not have any Address Addresses.

Product version %s

Dequeued the data object for dispatch for msgId %s. EventDispatcherThread did not handle this.

Event signaled 0xX. Received the data dequeue for msgId %s.

Timeout while waiting for the data dequeue event 0xX for msgId %s.

Error while waiting for the data dequeue event 0xX for msgId %s. Wait result: %u.

Waiting for data dequeue event 0xX for msgId %s.

Failed to signal the dispatch event 0xX for msgId %s. Not notifying the user.

Signaling the dispatch event 0xX for msgId %s.

Queued the data object for dispatch for msgId %s.

Failed to signal the dispatch event 0xX for msgId %s. Not reporting to the user.

Failed to create EventData object. Unable to process the Report Callback.

There is no dispatch event. Cannot report to the user.

CSBFirewallImpl::ReportCB

Network event report callback didn't include valid data pointer.

Threat Def version %s

Threat Def version %d, release date %s

Firewall event Report callback.

staticReportCB

Network event report callback didn't include valid context pointer.

Failed to add the firewall filter rule--id  application  description . This rule will not be available.

Unable to allocate the RemotePorts array from the Firewall Config file. The RemotePorts collection was not be loaded into the Firewall.

Unable to allocate the LocalPorts array from the Firewall Config file. The LocalPorts collection was not be loaded into the Firewall.

Setting Basic Firewall default IDS Rules to the settings for (%s) mode.

Setting Basic Firewall default Network Rules to the settings for (%s) mode.

sbagentdiagnostictool.exe

winlogon.exe

lsass.exe

sbamsvc.exe

Setting Basic Firewall default Application Rules to the settings for (%s) mode.

Setting Basic Firewall settings back to the settings for (%s) mode.

direc=out & (proto=TCP | proto=UDP) & (rport=137 | rport=138 | rport=139 | rport=445)

direc=in & (proto=TCP | proto=UDP) & (lport=137 | lport=138 | lport=139 | lport=445)

(proto=UDP & rport=88 & direc=out)

(proto=UDP & lport=88 & direc=in)

(proto=TCP | proto=UDP) & (rport=389 | rport=636) & direc=out

(proto=TCP | proto=UDP) & (lport=389 | lport=636) & direc=in

(direc=out & proto=47) | (proto=TCP & rport=1723 & direc=out) | (direc=out & proto=50) | (direc=out & proto=108)

(direc=in & proto=47) | (proto=TCP & lport=1723 & direc=in) | (direc=in & proto=50) | (direc=in & proto=108)

proto=UDP & rport=53 & direc=out

proto=UDP & lport=53 & direc=in

((lport=68 & rport=67) | (lport=67 & rport=68)) & proto=UDP & direc=out

((rport=68 & lport=67) | (rport=67 & lport=68)) & proto=UDP & direc=in

Ping and Tracert

Failed to signal the dispatch event (0xX).

Signaling the dispatch event 0xX.

kSbFwe.dll

Unable to create a blank app rule in the config object. Not setting the app rule for svchost.exe.

%WINDIR%\system32\svchost.exe

Unable to create a blank app rule in the config object. Not setting the app rule for winlogon.exe.

%WINDIR%\system32\winlogon.exe

Unable to create a blank app rule in the config object. Not setting the app rule for services.exe.

%WINDIR%\system32\services.exe

Unable to create a blank app rule in the config object. Not setting the app rule for lsass.exe.

%WINDIR%\system32\lsass.exe

%PROGRAMFILES%\Internet Explorer\iexplore.exe

SBPIMSvc.EXE

SBAgentDiagnosticTool.EXE

SBAMUI.EXE

SBAMSvc.EXE

Resetting all Basic Firewall settings back to the default settings for (%s) mode.

FirewallConfig.xml

FW SDK Version "%s"

%u.%u.%u

SbFwe_GetVersion returned SDK %u.%u.%u IDS %u.%u.%u

Loaded the Event Object for %s data from firewall.

Packet To Unopened Port Event.

SbFweInfo_UpdateConfig failed. Unable to update Firewall Info system configuration, statistics may not be reported correctly.

Failed to add the Disabled IDS Rule [%d] in the firewall. This rule will not be available.

Failed to update the Rules Path (%s). The Firewall may not be able to locate the correct Rules files.

SbFwe_EnableFilterRules failed. Filter Rules may not be (%s) as expected.

SbFwe_EnableNetworkRules failed. Network Rules may not be (%s) as expected.

SbFwe_EnableApplicationRules failed. Appplication Rules may not be (%s) as expected.

Failed to update the LogPacketsToUnopenedPorts setting. Packets To Unopened Ports may not be logged correctly.

Failed to update the Log Port Scans setting. Port Scan may not be logged correctly.

SbFweIds_Start failed. Unable to start IDS because the IDS system didn't have all the required data. Most likely the IDSRules.dat file is missing.

Unable to read Firewall Config information can't %s the Basic Firewall.

Updated HIPS Config information to %s the Firewall HIPS controller.

Updated WebFilter Config information to %s the Firewall WebFilter controller.

Updated Firewall Config information to %s the Firewall controller.

Failed to allocate the buffer for (%d) IDS items. Unable to read Firewall IDS Rules information.

SbFweIds_CreateUserIDSRule returned [%d]. Unable to create user IDS rule.

SbFweIds_UpdateUserIDSRule returned [%d]. Unable to create user IDS rule.

Called SbFweIds_GetDefinitionsRules with path (%s). The Firewall will now use the updated definition rules.

SbFweIds_GetDefinitionsRules failed with path (%s). The Firewall will not use the updated definition rules.

\idsrules.dat

No such data object stored for msgId %s. Cannot remove nor destroy the data object.

Removed the data object from the map for msgId %s.

Event signaled 0xX. Received the prompt answer for msgId %s. Returning answer in Result back to FW SDK.

Timeout while waiting for the prompt answer event 0xX for msgId %s. Allowing.

Error while waiting for the prompt answer event 0xX for msgId %s. Wait result %u.

Waiting for prompt answer event 0xX for msgId %s.

Event signaled 0xX. Received the prompt ACK for msgId %s. Prompt is being displayed to the user.

Timeout while waiting for the prompt ACK event 0xX for msgId %s. Maybe no clients. Allowing.

Error while waiting for the prompt ACK event 0xX for msgId %s. Wait result: %u.

Waiting for prompt ACK event 0xX for msgId %s.

Timeout while waiting for the data dequeue event 0xX for msgId %s. Allowing.

Failed to signal the dispatch event 0xX for msgId %s. Allowing.

Stored the data object in the map for msgId %s.

Prompt for outbound traffic for the any other app rule for known good app (%s); allow the event instead of prompting.

An error occurred trying to updated rule information in the config file for Rule Id (%d) from event related to application (%s).

Updated rule information saved in the config object for Rule Id (%d) from event related to application (%s).

Found an existing rule for application [%s] in the config object. Only changing the action enum for the application.

No existing Network or Application rule found for RuleID [%d], application [%s]. Creating a new Application rule with ID [%d].

Found an existing network rule for rule id [%d] in the config object. Only changing the action enum for the network rule.

We need to create rule for Rule ID [%d] related to application (%s).

Received a request to disable a rule for a (%s) event type.

Unable to read Firewall Config. Not able to disable the rule (ID %d).

Unable to create a new DisabledDefinitionIDSRule in the config object. DisabledDefinitionIDSRule for Rule Id (%d) was not saved to the config file.

Error saving the Firewall Config file. DisabledDefinitionIDSRule for Rule Id (%d) was not saved to the config file.

Found an existing DisabledDefinitionIDSRule for rule [%d] in the config object. No need to disable the rule.

DisabledDefinitionIDSRule saved in the config object for Rule Id (%d).

No existing DisabledDefinitionIDSRule found for rule [%d]. Creating a new DisabledDefinitionIDSRule.

Expecting an adapter event, but received a %s event. Not adding adapter or zone.

Unable to read Firewall Config. Not adding the adapter or zone to the collection for adapter (ID %s).

Unable to create a blank zone in the config object for adapter (ID %s). Not saving the added adapter.

Zone not found in config object for adapter (ID %s). Adding a new zone to the collection.

Unable to create a blank adapter (ID %s) in the config object. Not adding zone either.

Adapter not found in config object. Adding a new adapter (ID %s) to the collection.

Adapter found in config object for adapter (ID %s).

Received a request to disable the notifications for (%s) event type.

Unknown request enum (%d). Cannot figure out request.

Received a request from a client in response to a Firewall event, but we are unable to serialize the event xml data.Cannot figure out request.

sbpimsvc.exe

sbamui.exe

Added default application rule for SBAgentDiagnosticTool.EXE to firewall configuration.

Invalid hour %u. There are only 24 hours in a day. Did not accumulate network statistics.

%s\%sNS_%s.xml

network hourly stats file

Invalid hour %u. There are only 24 hours in a day. Did not accumulate IDS statistics.

%s\%sIS_%s.xml

IDS hourly stats file

Invalid hour %u. There are only 24 hours in a day. Did not accumulate Filter statistics.

%s\%sFS_%s.xml

Filter hourly stats file

More items on the event dispatch queue so NOT resetting the dispatch event. Keep processing more messages until the queue is empty. Queue size = %d.

Failed to reset the event dispatch event (0xX).

Resetting the dispatch event because the queue is empty. This will allow this thread to wait for the next event. Queue size = %d.

Finished processing the event and determining if we need to reset the dispatch event. Only reset it if the queue is empty. Queue size = %d.

No listeners for Reporting event for msgId %s. The COM event to notify any interested client apps of a firewall report event was NOT fired.

Calling OnReportingEvent() for msgId %s. This is the COM event to notify any interested client apps of a firewall report event.

%s\%s%s.xml

Invalid or unknown ClientRuleData value for event type (%s). Unable to determine which list of event files to pass to ManageEventFiles.

%s%s.xml

FWPORT

No client apps listening for Publishing event for msgId %s. The user will not receive any pop up for this event.

Calling OnPublishingEvent() for msgId %s. The COM event is being fired to alert any listening clients of the event that is ready for publishing.

Failed to signal the data dequeued event 0xX for msgId %s.

Event signaled, handle = 0xX. Dequeued and dispatching the queued firewall event for msgId %s. Signaling the data dequeued event so the firewall SDK callback can return, handle = 0xX.

While dequeueing the data object for dispatch for msgId %s, found an uknown event type (%d). Whatever event caused this to occur is discarded.

Failed to reset the stats dispatch event (0xX).

Event signaled 0xX. Dispatch the queued firewall stats.

Error while waiting for dispatch event 0xX. Wait result: %u.

Waiting for dispatch event 0xX and 0xX.

Out. Firewall status = %u

In. Firewall status = %u

Failed to signal the prompt answer event 0xX for msgId %s.

Signaling the prompt answer event 0xX for msgId %s.

No such data object stored for msgId %s. Not found. Not sending the answer to the prompt to the Firewall SDK.

No such data object stored for msgId %s. iter->second was NULL. Not sending the answer to the prompt to the Firewall SDK.

Saving the prompt answer for msgId %s in the map.

Received prompt answer for msgId %s.

Failed to signal prompt ACK event 0xX for msgId %s.

Signaling prompt ACK event 0xX for msgId %s.

No such data object queued for msgId %s. Not found. Not signaling prompt ACK.

No such data object stored for msgId %s. iter->second was NULL. Not signaling prompt ACK.

Received prompt ACK for msgId %s.

Failed starting the event dispatcher thread. Firewall will not be operational.

Failed creating the dispatch the firewall stats...event. Event dispatcher thread start failed.

Failed creating the dispatch the firewall event...event. Event dispatcher thread start failed.

This %s a Firewall SKU and the Firewall dll was successfully loaded.

This %s a Firewall SKU but we could not load Firewall dll, the controller will not be started.

Unable to get the Enterprise Agent (%s) start function (%s) address. Unable to stop the Enterprise Agent.

Enterprise Agent (%s) start function (%s) returned %s.

Calling the Enterprise Agent (%s) start function (%s).

SBEAgent.dll

Unable to get the Enterprise Agent (%s) stop function (%s) address. Unable to stop the Enterprise Agent.

Calling the Enterprise Agent (%s) stop function (%s).

Unable to get the Enterprise Agent (%s) reset firwall function (%s) address. Unable to reset the firewall.

Calling the Enterprise Agent (%s) reset firewall to policy function (%s).

CProxy_ISBHIPSEvents::Fire_HIPSReportingCB

CSBHIPS::OnReportingEvent

Unexpected result= waiting for worker thread to stop; worker thread will be terminated

Resetting all HIPS settings back to the default settings for (%s) mode.

HIPSConfig.xml

Added program=, md5=, authority=, protection=

Failed to add program=, md5=, authority=, protection=

Couldn't compute the MD5 for program= with authority=; error=. May not be able to add it to HIPS.

ApplyConfig %s; PrevState=, State=

Unable to read HIPS Config information can't %s the Firewall HIPS.

Invalid hour %u. There are only 24 hours in a day. Did not accumulate HIPS statistics.

%s\%sHS_%s.xml

hips hourly stats file

Processed %d event(s) from the queue

There was an error adding to the HIPS Hourly Stats buckets. This HIPS event may not have been added to the stats correctly.

No listeners for Publishing/Reporting events

Firing Publishing/Reporting events

HIPS{%s}.xml

Unexpected result= waiting for controller events; ignore it

Got current thread state  and reboot  statuses.

Boot time scanner REGISTRATION .

Boot time scanner UNREGISTRATION .

Couldn't get boot time scanner status. Operation failed.

Current boot time scanner registration status is .

Threat engine returned an unsupported state: %d. Scan state event won't fire event to subscribed clients.

Scan thread change to  state.

Failed scanning file . Didn't get any result.

File  has threat id  (0 - not a threat).

File  %s good.

Invalid source buffer pointer or length. Write file operation failed.

Couldn't open file on path . Write file operation failed.

Failed writing data into file path . Write file operation failed.

Unexpected length  written into file pat . Write file operation failed, file incomplete.

Data completely written into file .

File successfully opened on path  to write data.

Couldn't open file path . Couldn't read file.

Read data of length  from file on path .

Failed reading data from file on path . Couldn't read file.

Failed reading BOM from file path . Couldn't read file.

Successfully retrieved file length .

File successfully opened on path  to read data.

Invalid file length . Couldn't read file.

Last successful scan results path generated .

Couldn't get signature for file  from threat engine.

Threat Engine returned (%s) signature for file  from threat engine.

Failed to purge history because this is an unknown history type %d.

File  deleted since it's older than  days.

Could not delete file on path . Search for the next history file.

Delete history events for (%s) older than  days.

SW*.xml

LG*.xml

FWCHG*.xml

FWPUP*.xml

FWADP*.xml

FWIDS*.xml

FWADV*.xml

FWNET*.xml

Port Events

FWPORT*.xml

FWAPP*.xml

HIPS*.xml

FW*.xml

Web Filter Events

WF*.xml

FW Hourly Stats

*.xml

Deleting quarantine items older than  days.

EV*.xml

EM*.xml

2*.xml

Delete is enabled. HistoryType=[%d]

Delete is disabled. HistoryType=[%d]

Firing the cleaner control  using  as the input file.

Cleaner input file moved from  to .

Failed copying file from  to . Cleaning operatation won't proceed.

Got input scan results file name the cleaner will use .

Checking for a user known entity [%s] and signature [%s].

Unknown trace type detected iuTraceType=[%d].

Scan thread resumed to previous  state.

Non-cookie trace from  was deleted or quarantined. Send it to threat net.

Cleaner results  didn't meet criteria. File NOT sent to threat net.

Got trace  of threat  from . Test if there are non-cookie threats deleted or quarantined.

Got threat  from . Test if there are non-cookie threats deleted or quarantined.

Threats from  were quarantined or deleted. Proceed calculating criteria.

Successfully got cleaner results summary from . Proceed calculating criteria.

Couldn't deserialize scan results . Clean ends and thread waits for next event.

Cleaner results  %s meet deep after quick criteria.

Got trace  of threat  from . Test if there are non-cookie threats.

Got threat  level [%d] from . Test if there are non-cookie threats.

Threats from  were detected. Proceed checking criteria.

Successfully got cleaner results summary from . Proceed checking deep after quick criteria.

Couldn't deserialize scan results . Thread waits for next event.

Scan results criteria applied successfully to .

Couldn't apply scan results criteria successfully to . Clean ends and thread waits next event.

Wrote cleaner results file on path  successfully.

Couldn't write clean results file on path . Clean ends and thread waits next event.

Got cleaner results lenght  on path 

Cleaner operation completed successfully.

Cleaner returns unknown state . Clean ends and thread waits for the next event.

Scan results data on path  successfully read.

Couldn't read scan results data on path . Clean ends and thread waits for next event.

Got scan results file size of length  on path  successfully.

Coulnd't read scan results size on path . Clean ends and thread waits for next event.

Current clean input file on path .

CSBScanControlImpl::ExecuteCleaner

Couldn't serialize default scan config file on path . Serialize operation failed.

Threat engine max  and min  file lengths.

Default quarantine folder path .

Default system events folder path .

Default history folder path .

Couldn't serialize scan config file path . Config file may not exist or is corrupted, it will try to create a default scan config file. Will try to create a default scan config file.

ScanConfig.xml

Scan type  %s found.

Couldn't get scan config object. Operation failed.

Adding the randomized scheduled definitions update before the next scheduled scan for (%s) failed. Scheduled update before the next scheduled scan will not occur.

d:d

Randomized the scheduled definitions update before the next scheduled scan by [%d] seconds to (%s).

Current time is (%s).

Couldn't get application data folder . Unable to convert any user knowns by signature, crc8 to fullpath.

Couldn't find scan schedule ; unable to determine scan type.

Scan configuration name  is invalid OR empty. Scan thread won't start a scan.

Scan config  is valid. Scan thread is starting a scan now.

Couldn't delete Social Watch history older than [%d] days. Wait for the next event.

Couldn't delete System Update Scan history older than [%d] days. Wait for the next event.

Couldn't delete hips event files older than [%d] days. Wait for the next event.

Couldn't delete webfilter event files older than [%d] days. Wait for the next event.

Couldn't delete firewall event files older than [%d] days. Wait for the next event.

Couldn't delete firewall stats files older than [%d] days. Wait for the next event.

Couldn't delete quarantined files older than [%d] days. Wait for the next event.

Couldn't delete system events events older than [%d] days. Wait for the next event.

Couldn't delete EmailAV events older than [%d] days. Wait for the next event.

Couldn't delete AP events older than [%d] days. Wait for the next event.

Couldn't delete Scan history older than [%d] days. Wait for the next event.

Couldn't set scheduled scan  for scan type . This scheduled scan will not happen.

Successfully set scheduled scan  for scan type .

Invalid cleanerAction= (categoryName=, categoryId=). Threat category action was not pushed into the threat engine.

Threat categoryName=, categoryId=, and cleanerAction= added to threat engine.

Failed adding threat categoryName=, categoryId=, and cleanerAction= to threat engine. Threat category action was not pushed into the threat engine.

Invalid categoryId= (categoryName=, cleanerAction=). Threat category action was not pushed into the threat engine.

Couldn't add threat id to ignore list . One or more ignored threat was not pushed into the threat engine.

Threat id added to ignore list .

Failed setting SBCSEnableRootkitEngine . Value may be incorrect in the threat engine.

Failed setting SBCSSetLowRiskThreatDetection . Value may be incorrect in the threat engine.

Couldn't get application data folder . It won't set new content for scan config file.

Scan config data %ssaved.

Scan config data %s saved.

Saved current total scan elapsed time of  seconds.

Add a user known entity [%s] of type %d to scan config. Item Type is %d.

Adding file [%s] to known good because MoveToAlwaysAllowed is true.

Removing known bad file [%s] from Always Blocked list.

Moving file [%s] from Always Blocked list to Always Allowed list.

Couldn't exclude path  from scan. Leaving now.

Scan settings for type  successfully applied to the threat engine.

User has invalid or expired registration state.Disabling the auto disposition.

Added path  to scan.

Failed setting EnableFileCache to ; scan will NOT use file cache.

Set EnableFileCache to ; scan %s use file cache.

Set SBCS_OPT_SCAN_ROOTKITS to .

Failed setting SBCS_OPT_SCAN_ROOTKITS . Leaving now.

Set SBCS_OPT_SCAN_VIPRE_SUSPICIOUS to .

Failed setting SBCS_OPT_SCAN_VIPRE_SUSPICIOUS . Leaving now.

Set SBCS_OPT_SUSPEND_ACTIVE_THREATS to .

Failed setting SBCS_OPT_SUSPEND_ACTIVE_THREATS . Leaving now.

Set SBCS_OPT_SCAN_REGISTRY to .

Failed setting SBCS_OPT_SCAN_REGISTRY . Leaving now.

Set SBCS_OPT_SCAN_PROCESSES_DEEP to .

Failed setting SBCS_OPT_SCAN_PROCESSES_DEEP . Leaving now.

Set SBCS_OPT_SCAN_PROCESSES to .

Failed setting SBCS_OPT_SCAN_PROCESSES . Leaving now.

Set SBCS_OPT_SCAN_KNOWN_FILE_TYPES_ONLY to .

Failed setting SBCS_OPT_SCAN_KNOWN_FILE_TYPES_ONLY . Leaving now.

Set SBCS_OPT_SCAN_FILES to .

Failed setting SBCS_OPT_SCAN_FILES . Leaving now.

Set SBCS_OPT_SCAN_FILENAME_AND_CHECKSUM to .

Failed setting SBCS_OPT_SCAN_FILENAME_AND_CHECKSUM . Leaving now.

Set SBCS_OPT_SCAN_DONT_CALC_CHECKSUM to .

Failed setting SBCS_OPT_SCAN_DONT_CALC_CHECKSUM . Leaving now.

Set SBCS_OPT_SCAN_DERIVATIVES to .

Failed setting SBCS_OPT_SCAN_DERIVATIVES . Leaving now.

set SBCS_OPT_SCAN_COOKIES to 

Failed setting SBCS_OPT_SCAN_COOKIES . Leaving now.

Set SBCS_OPT_SCAN_COMMON_TACTICS to .

Failed setting SBCS_OPT_SCAN_COMMON_TACTICS . Leaving now.

Set SBCS_OPT_SCAN_ARCHIVES to .

Failed setting SBCS_OPT_SCAN_ARCHIVES . Leaving now.

Set SBCS_OPT_SCAN_ALL_USERS to .

Failed setting SBCS_OPT_SCAN_ALL_USERS . Leaving now.

Set SBCS_OPT_EXCLUDE_REMOVABLE_DRIVES to .

Failed setting SBCS_OPT_EXCLUDE_REMOVABLE_DRIVES . Leaving now.

Set SBCS_OPT_SCAN_ALL_LOCAL_DRIVES to .

Failed setting SBCS_OPT_SCAN_ALL_LOCAL_DRIVES . Leaving now.

Set SBCS_OPT_RECURSIVE_FILE_SCAN to .

Failed setting SBCS_OPT_RECURSIVE_FILE_SCAN . Leaving now.

Set SBCS_OPT_KEEP_SCAN_RECORD to .

Failed setting SBCS_OPT_KEEP_SCAN_RECORD . Leaving now.

Thread priority successfully set to .

Failed setting thread priority to . Still applying other settings.

Scan type  successfully applied to Threat Engine.

Couldn't set scan description . Still applying other settings to Threat Engine.

%d - %s, %d - %s

Found settings for scan type .

Did not find scan schedule to get scan settings from for this Scheduled Custom Scan . Leaving now.

Did not find settings for scan type . Leaving now.

Set SBCSSetLowRiskThreatDetection() to .

Failed setting SBCSSetLowRiskThreatDetection(). Value may be incorrect in the threat engine.

%s initialized loop. Scan will %s

Removing missed scheduled scan item after its timer was fired. Scan name [%s], Id [%d], start time [%s].

Looking for missed scheduled scan items to remove. Scan name [%s], Id [%d], start time [%s], now [%s].

Scanner returned unknown state . Scan ends and thread waits for the next event.

Scan executed successfully, user feedback is expected.

A scan was executed successfully and no threats were found. Performing the clean to set the clean results and fire the appropriate events.

The system is configued to perform cleaning without user dispositioning of threats found. Results file is .

Last scan type  SAVED. Wait for the next event.

Couldn't save last scan type . Wait for the next event.

Config data for scan type  SAVED. Wait for the next event.

Couldn't save config data for scan type . Wait for the next event.

Saved scan results file .

Couldn't save scan results into . Scan ends and thread waits for the next event.

%Y%m%d%H%M%S.xml

Config data for the next scheduled scan date/time SAVED. Proceed with scan operation.

Couldn't save the next scheduled scan date/time. Proceed with scan operation.

CSBScanControlImpl::ExecuteScanner

Added a new missed scheduled scan to the schedules collection with start time of [%s]. Persisting silently to the scan config file.

Last scheduled scan was missed, schedule a one time scan in %d minutes.

We missed a scheduled scan. The action to take is %d.

Checking to see if we missed a scheduled scan. Next scheduled scan is [%s].

Thread initialization failed. Cannot execute clean, will wait for the next one.

It's NOT valid to execute a clean operation, but no threats were found. Proceed with cleaning process in order to advance the state of the scan controller.

It's VALID to execute a clean operation. Proceed with cleaning process.

It's INVALID to executed a clean operation. Abort the cleaning process.

Unexpected scan type [%d] updating system event log. Will wait for the next event.

Thread initialization failed. Cannot execute scan, will wait for the next one.

Scan thread is waiting for event, current state is .

Couldn't create scan thread, scan operations will not happen.

Pre-loop actions executed successfully. Procced with scan thread execution.

Failed executing action taken BEFORE starting loop. Scan thread will end now.

Scan thread already running. Leaving operation now!

%s:%s

SBWinHttp

Failed opening session with proxy: proxy server=%s

SBWinHttp::CSBWinHttpSession::Initialize

Opened session with proxy: proxy server=%s

Failed opening connection: server=%s, port=%d

SBWinHttp::CSBWinHttpConnection::Initialize

Opened connection: server=%s, port=%d

Got unexpected WINHTTP_CALLBACK_STATUS_xxx. Status code: %d

Got WINHTTP_CALLBACK_STATUS_REQUEST_ERROR. dwResult=%d dwError=%d

OnReadComplete returned: %d

Completed sending request. WinHttpReceiveResponse returned error: %d

Error after sending request. OnWriteDAta returned: %d

SBWinHttp::CSBWinHttpRequest::OnCallback

Request returned %d

Unable to send the user credentials to the Web service.

WinHttpSetCredentials failed GetLastError returned [%d].

Request returned HTTP_STATUS_PROXY_AUTH_REQ.

Request returned HTTP_STATUS_NOT_FOUND.

Request returned HTTP_STATUS_BAD_REQUEST.

Request returned HTTP_STATUS_SERVICE_UNAVILABLE

SBWinHttp::CSBWinHttpRequest::OnHeadersAvailable

VIPREHttpServer::CSBHttpMonitor::SendHttpResponse

HttpSendHttpResponse failed with %lu

HttpReceiveRequestEntityBody failed with %lu

VIPREHttpServer::CSBHttpMonitor::SendHttpPostResponse

VIPREHttpServer::CSBHttpMonitor::DoReceiveRequests

[Error %u, %s].

%s\%s*.csv

%s%s_%d.csv

d-d-d d:d:d

\\.\root\SecurityCenter

pathToSignedProductExe

FirewallProduct.instanceGuid="

AntiVirusProduct.instanceGuid="

AntiSpywareProduct.instanceGuid="

Cancelled waitable timer for item .

Cancel of waitable timer failed for item . Timer may still be set.

Deleting schedule item  object.

Closing timer handle 0xX.

Sun - Sat [%d, %d, %d, %d, %d, %d, %d]

Created waitable timer; handle 0xX.

Waitable timer already exists; here is the handle 0xX.

Setting waitable timer for %I64d 100 nano second units in the future which is %s (local time).

Randomizing timer by %I64u 100ns units, %d seconds.

Scheduling item  for %s. Time d:d, Day %s, Days: %s.

Looking for next week schedule items. Checking schedule item . Time d:d, Days: %s.

Deleting expired one time schedule. Schedule item . Time d:d, Days: %s.

Looking for this week schedule items. Checking schedule item . Time d:d, Days: %s.

Looking for next schedule item. Today is %s. Day of week as int = %d.

%m/%d/%y Day %A, %H:%M.

Potentially too small of a repeat interval caused adding of max number of schedules. Truncating to max schedules. Repeat interval %d minutes.

Added schedule item  object. Start d:d.

Malformed stop time passed in . Rejecting this schedule.

Malformed time passed in . Rejecting this schedule.

Maximum count [50] of scheduled items exceeded for itemData . Rejecting this schedule.

Added schedule item  object.

okernel32.dll

Unable to locate the WDStatus and WDEnable functions in the MPClient.dll.

Request to (%s) Defender failed hr = .

Request to (%s) Defender processed successfully.

Request was to (%s) and Defender is already (%s).

Load of MPClient.dll failed. Defender not installed on this system.

\Windows Defender\MpClient.dll

Invalid source buffer pSourceBuff=[0x%x], dwSourceLen=[%d]. Crypt will abort now.

Invalid target buffer pTargetBuff=[0x%x], pdwTargetLen=[0x%x]. Crypt will abort now.

There is no valid key handle=[0x%x]. Crypt will abort now.

There is no valid key string set. Crypt will abort now.

Couldn't encrypt/decrypt data using key=[%s]. Crypt failed.

Couldn't create block cypher session basd on hash of key=[%s]. Crypt will abort now.

Couldn't populate cryptographic hash object using key=[%s]. Crypt will abort now.

Invalid target buffer ppTargetBuff=[0x%x], pdwTargetLen=[%d]. Crypt will abort now.

Successfully retrieved file size .

Got source data  and size  from path  successfully.

Coulnd't read file size on path . Crypt will abort now.

Invalid source path string length=[%d]. Crypt will abort now.

Wrote all data into file .

Unexpected size written into file %s.

Failed writing data into file %s.

Couldn't open file %s.

Could not write RegInfo registry key, error [%ld].

Could not open SBAMSvc registry key, error [%ld].

SKMSRegistration::WriteRegistrationKeyToRegistry

Could not open HKLM\Software registry key.

Could not read RegInfo registry key.

SKMSRegistration::ReadRegistrationKeyFromRegistry

Could not open HKLM\Software\SBAMSvc registry key.

Could not read MachineGuid registry key.

Could not open HKLM\Software\Microsoft\Cryptography registry key.

InstallEXEName

InternetReadFile successful. SKMS Return Value = %s.

Error getting SKMS status code from skms. Registration key will not be able to be verified.

Error getting install date from SBAMConfig.bin

Error writting install date to SBAMConfig.bin

Invalid date from SBAMConfig.bin

Error getting data from SBAMConfig.bin. Date is in the future, resetting to now.

SBAMConfig.bin exists

Query for operating system name failed.

Failed to Create the Web Object

Error getting SKMS status code from skms, it return an empty string. Registration key will not be able to be verified.

Unique Key = %s

Validating Registration Code: %s

Didn't receive a registration key from SKMS. Will try again on next attempt.

The Registration code returned by SKMS did not validate as a registration key. This data will not be used.

Request to SKMS for a trial key returned success, will attempt to validate that this looks like a valid key. SKMS Returned = (%s).

The request to SKMS was unable to AutoGet Registration key. Will try again on next attempt.

SKMSRegistration::AutoGetRegistrationKey

?KEYVALUE=

kbu.dat

Proxy is enabled, using server name (%s).

WinHttpOpen failed error [%d]. Proxy server name is (%s). Returning false.

Leaving SBInternetAccess after WinHttpOpen returning false.

WinHttpOpen returned valid handle, checking request url .

hXXps://

Invalid RequestURL (%s) unable to retrieve server name.

Invalid RequestURL (%s) unable to retrieve application request name.

WinHttpConnect to  failed error [%d]. Request not performed.

Leaving SBInternetAccess after WinHttpConnect returning false.

WinHttpConnect to  successful.

WinHttpOpenRequest of  failed error [%d]. Request not performed.

Leaving SBInternetAccess after WinHttpOpenRequest returning false.

WinHttpOpenRequest  successful.

WinHttpSendRequest returned [%s] GetLastError returned [%d].

WinHttpReceiveResponse returned [%s] GetLastError returned [%d].

error = ERROR_WINHTTP_RESEND_REQUEST, so resending request...

A WinHttp* call returned an error, GetLastError returned [%d].

WinHttpQueryHeaders returned [%s].

Received HTTP_STATUS_SERVICE_UNAVAIL response to WinHttpQueryHeaders.

Received HTTP_STATUS_OK response to WinHttpQueryHeaders.

Received HTTP_STATUS_PROXY_AUTH_REQ response to WinHttpQueryHeaders. The proxy requires authentication. Sending credentials.

GetLastError = [%d] calling WinHttpQueryAuthSchemes during Proxy Authentication processing.

Status code [%d] returned from WinHttpQueryHeaders while reading response from web service.

WinHttpQueryHeaders returned status [%d], GetLastError = [%d]

WinHttpQueryDataAvailable returned [%d] bytes available to read.

Reading the data into file .

WinHttpReadData() error . Download not completed successfully.

Open of download file  failed with error [%d]. Download not performed.

Closed download file, [%d] total bytes downloaded.

Returning buffer data (%S).

Progress call back indicated cancel download. Deleting partial download file .

Caught an exception error [%d] trying to get data from internet. Request not performed.

Leaving SBInternetAccess returning [%s].

Request URL is empty. Unable to request data from internet server.

SBAMInternetAccess::SBPostURLReadResult

SBPostURLReadResult Request URL is (%s).

SBAMInternetAccess::SBPostURLSaveToFile

Request URL is empty. Cannot request data from internet server.

SBPostURLSaveToFile Request URL is (%s).

z:\lmx\sw\lmx-0050\lmxparse.h

lmxparse.cpp

l_event != EXE_UNKNOWN

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

mscoree.dll

w.bat

WUSER32.DLL

!#%*,/:;?@[]__{{}}

!#%'**,,./:;?@\\

$$  ^^``||~~

  ||~~

tnft_temp.zip

hXXp://dbteam_testbox/ThreatNetResTService/SendFileService.svc/ThreatNetTransferFile?

sFilePath: ; sURL: ; sPassword: 

Error deleting zip file: 

File  is too large to transfer to ThreatNet. Unable to transfer file to Threatnet.

COM error: x> Description: .

Args: sFilePath: ; sURL: ; sPassword: 

Error %d. Unable to open file: . File(s) will not be transfered to ThreatNet

GetZipFile Args: sZipPathFileName: ; iFileLength: 

COM error: x> Description: . Unable to transfer file to ThreatNet.

Xceed error: . Unable to transfer file to ThreatNet.

ZipFiles Args: sBasePath: ; sFilesToProcess: ; sZipPathFileName: ; sPassword: 

The file is read only. Unable change file attributes for %s .

Error saving %s --%s

Failed to save %s .

Bad argument; pFilePath is NULL. %s.

Error reading %s --%s

Failed to read %s .

r4.0.0

Couldn't resolve path=.

Couldn't get file info from path=. Go to next item.

Couldn't get value from [hive:key:value]=[0x%x:%s:%s]. Leave now.

Couldn't resolve path=. Go to next item.

Got valid class path [%s] from [hive:key:value]=[0x%x:%s:%s].

Couldn't traverse for SUBKEYS under [hive:key]=[0x%x:%s]. Proceed normally.

Couldn't traverse for VALUES under [hive:key]=[0x%x:%s]. Proceed normally.

Couldn't access subkeys nor values under registry location [hive:key]=[0x%x:%s]. Returning now.

Couldn't find any ClsIds on registry location [hive:key]=[0x%x:%s]. Returning now.

Couldn't get path from ClsId=. Go to next item.

No Clsid paths were found under [hive:key]=[0x%x:%s].

Got Clsid paths under [hive:key]=[0x%x:%s] successfully.

Couldn't traverse for ClsId paths under [hive:key]=[0x%x:%s]. Returning now.

Couldn't resolve path=. Proceed normally.

Couldn't get file info from path=. Proceed normally.

No Clsid info were found under [hive:key]=[0x%x:%s].

Got Clsid info objects under [hive:key]=[0x%x:%s] successfully.

software\microsoft\windows\currentversion\explorer\browser helper objects

Couldn't get the BHOs under HKEY_LOCAL_MACHINE.

Couldn't get the BHOs under HKEY_CURRENT_USER.

%sClsIds were found under the BHO registry location.

Couldn't get ActiveX objects under HKEY_LOCAL_MACHINE.

Couldn't get ActiveX objects under HKEY_CURRENT_USER.

%sClsIds were found under the Active X registry location.

software\microsoft\windows\currentversion\explorer\shellexecutehooks

Couldn't get ShellExecHooks under HKEY_LOCAL_MACHINE.

CSBExplorer::GetShellExecHookColl

Couldn't get ShellExecHooks under HKEY_CURRENT_USER.

%sClsIds were found under the windows shell execute registry location.

Couldn't get Shell Execution Hooks.

CSBExplorer::GetShellExecHooks

Got info from no Shell Execution Hook.

Got all Shell Execution Hooks info successfully.

Couldn't get ip address from input string [%s].

Couldn't get host information from Ip address [%s].

There is no server name for Ip address [%s].

Buffer for host name is not big enough iLen=[%d], strRemoteHost=[%s].

It failed in getting info from file path [%s]. Leave now.

Couldn't get host name from ip address [%s]. Go to next item.

GetModuleFileNameEx failed [%u]

Invalid start up type eType=[%d].

Couldn't get list of files under path=[%s].

desktop.ini

Couldn't get shortcut info path=[%s] or it's not a shortcut. Proceed normally.

Couldn't resolve path to file pointer by shortcut path=[%s]. Go to next file.

Couldn't get file info path=[%s]. Proceed normally.

software\microsoft\windows\currentversion\run

Invalid start up type eType=[%d].Leave now.

Registry location empty eType=[%d]. Leave now.

Couldn't get file path from command strCmd=[%s].Go to command.

Couldn't get file info path=[%s].Proceed normally.

software\microsoft\windows nt\currentversion\winlogon

Invalid start up type eType=[%d]. Leave now.

Got empty string on registry location [hive:key:value]=[0x%x:%s:%s]. Leave now.

Couldn't get file path from registry location [hive:key:value]=[0x%x:%s:%s]. Go to next item.

Couldn't resolve path to file path=[%s]. Go to next item.

There is no Windows logon to get info from.

Got info from all Windows logon programs successfully.

Couldn't find host file on location paht=[%s].

Successfully got path to host file paht=[%s].

Couldn't open hosts file on path=[%s]. Leave now

Couldn't memory to get data from file path=[%s]. Leave now

Failed reading data from hosts file path=[%s]. Leave now.

Push data host into collection [HostName:IpAddr]=[%s:%s]

Couldn't get wisock version from registry location [hive,key,value]=[0x%x:%s]. Leave now.

Got wisock version from registry location [hive,key,value]=[0x%x:%s] successfully.

Found no subkeys under [hive,key]=[0x%x:%s]. Returning now.

Got no data from registry location [hive:key:value]=[0x%x:%s:%s]. Go to next item.

Got registry binary value successfully from [hive:key:value]=[0x%x:%s:%s]. Proceed normally.

Unknown value type queried from registry location [hive:key:value]=[0x%x:%s:%s]. Go to next item.

Couldn't query value from registry location [hive:key:value]=[0x%x:%s:%s]. Go to next item.

mswsock.dll

rsvpsp.dll

Couldn't resolve path=[%s]. Go to next item.

Couldn't get file info from path=[%s]. Go to next item.

Got version info, dwInfoSize=[%d] and pInfoBuff=[0x%p].

Unexpected file version data structure size, uiDataLen=[%d]. Leave now.

XX

FileVersion = 

CompanyName = 

ProductName = 

SpecialBuild = 

InternalName = 

PrivateBuild = 

FileDescription = 

ProductVersion = 

LegalCopyright = 

LegalTrademarks = 

OriginalFileName = 

Couldn't open file to calculate the MD5, errno = %d, strPath = %s.

Couldn't set mode to file, errno = %d, strPath = %s.

Source file path must be a valid full path, strPath=. Leave now.

Couldn't calculate the MD5, strPath=. Proceed normally now.

Couldn't get version information from file strPath=. Proceed normally now.

Couldn't open file, strPath=. Proceed normally now.

Couldn't get file times, strPath=. Proceed normally now.

Windows

Operating System

(Export Version)

Calculated non-version file info successfully, strPath=.

Path to file [%s] found on [%s].

Invalid file name [%s].

inetinfo.exe

Path to file [%s] NOT found.

Path to file in the registry [%s] found on [%s].

Invalid command string path strCmd=[%s].

CSBFileSystem::ResolveCmdLine

%1\"" %*

""%1"" %*

Got valid full path for strResolvedCmd=[%s].

Got valid full path for strResolved=[%s].

Got valid full path strResolved=[%s].

Invalid file path or name [%s]

Invalid directory path [%s]

Couldn't test folder existance [%s].

Folder existance tested successfully [%s].

Invalid path [%s]

Skipping default directories under [%s]

Couldn't traverse all files under [%s]

Directory doesn't exist [%s].

Failed getting info of all files under path=[%s].

Got info of all files under path=[%s].

Failed to get files under directory path=[%s].

Current file to get info from [%s].

File doesn't exist path=[%s].

Couldn't get hive handle: Hive:Key=[0x%x:%s].

Couldn't get hive handle: Hive:Key:Value=[0x%x:%s:%s].

Couldn't get registry key: Hive:Key:Value=[0x%x:%s:%s].

No buffer nor size for data : pbvData = 0x%p, dwSize = %d.

No size for data buffer : pbvData = 0x%p, dwSize = %d.

Get registry value : Hive:Key:Value=[0x%x:%s:%s].

Registry value successfully queried: Hive:Key:Value=[0x%x:%s:%s].

Registry value size successfully queried: Hive:Key:Value=[0x%x:%s:%s], dwDataSize = %d.

Got no data from registry location [hive:key:value]=[0x%x:%s:%s]. Leave now.

Got registry string successfully, strData=%s : Hive:Key:Value=[0x%x:%s:%s].

CSBRegistry::EnumRegistrySubkeyColl

Enumerate all subkeys under a given key : Hive:Key=[0x%x:%s].

Got subkey [index=%d, name=%s] successfully from: Hive:Key=[0x%x:%s].

Failed enumerating subkeys from: Hive:Key=[0x%x:%s].

Couldn't get registry key: Hive:Key=[0x%x:%s].

Invalid value or data sizes, dwValue=%d, dwData=%d : Hive:Key=[0x%x:%s].

Found the value [%s] under [hive:key]=[0x%x:%s] successfully.

Failed enumerating values from: Hive:Key=[0x%x:%s].

Found [%d] values under [hive:key]=[0x%x:%s] successfully.

No values were found under [hive:key]=[0x%x:%s] successfully.

gAdvapi32.dll

Got process dwPID=[%d] file path [%s].

Couldn't get file name on process id [%d] to get its path.

Couldn't open process id [%d] to get its path.

Couldn't get module handle from process PID[%d]

Couldn't get info from module handle from process PID[%d]

Unable to set platform info platform ID, BuildNo MajorVersNo MinorVersNo ServicePackInfo

SHGetFolderPath API call failed when getting CSIDL 

SHGetSpecialFolderPath API call failed when getting CSIDL 

Got CSDIL path  successfully

Failed to expand environment strings 

Source string  is too big when expanded 

Source string  expanded to 

Couldn't get registry data value from registry location [hHive:Key:Value]=[%d:%s:%s]. Leave now.

Couldn't expand any environment variables on 

%SYSTEMDIRECTORY%

%SYSTEM%

%SYSTEMROOT%

%WINDOWS%

SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELL FOLDERS

SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ACTIVEX CACHE

%DOWNLOAD_PROGRAM_FILES%

%STARTUP%

%COMMON_STARTUP%

%COOKIES%

ÞSKTOPDIRECTORY%

úVORITES%

%STARTMENU%

%COMMON_STARTMENU%

%COMMON_PROGRAMS%

%COMMON_FAVORITES%

%COMMMON_ALTSTARTUP%

%COMMON_DESKTOPDIRECTORY%

%COMMON_APPDATA%

ÞFAULT_STARTUP%

%DRIVERS_ETC%

Got full path  from abreviated path 

Couldn't find full path for abreviated path 

Failed getting file path for the shell link object, hr=[%d].

Failed getting description for the shell link object, hr=[%d].

Couldn't find shell link object shortcut, hr=[%d].

Couldn't open shell link object shortcut, hr=[%d].

Assertion failed: %s, file %s, line %d

74.0.0

7.0.0.4

%Program Files% (x86)\STOPzilla\SBAMSvc.exe

SBAMSvc.exe

SBAMSvc.exe_3448_rwx_00D60000_00001000:

.edata

.rsrc

.rdata

.debug

.idata

.reloc

SBAMSvc.exe_3448_rwx_00D90000_00004000:

gmer.dllGMERgmer.exe -l.text

.rsrc

.data

.rdata

checkpoint.com

\\.\PrimaxPointingDeviceFilterSoftware\Primax\Mouse Suite 98.text

.reloc

.idata

hXXp://tufei

03.ho

4u.ch

SET RESCUEAPP_MAJOR=%d

SET RESCUEAPP_MINOR=%d

.text

pexcel.jar

pocketword.jar

xmerge.jar

clasOpenOffice.org Calc

OpenOffice.org Calc XML Document

{C6AB3E74-9F4F-4370-.reloc

ADVAPI32.dll

USER32.dll

KERNEL32.dll

COMCTL32.dll

WhatsUp-Setup.exe

.rsrc.data.rdata.textPEMZ

techinline.com

idlecrawler.com

support@fixila.com

WEB PICK - INTERNET HOLDINGS LTD

Webroot Inc.

ComboFix.exe

14.3.1.53697

.ndata

icuuc40.dl

Winlogon.exe

%SYSTEM%\Winlogon.exe

masswatermark.com

SBAMSvc.exe_3448_rwx_00DA0000_00006000:

Mimetype_mscab found type %d
STOPzilla.exe_3836:
.text
`.rdata
@.data
.rsrc
@.reloc
t.jTj
t.jtj
t.jpj
u.PPh
t.jHj
t.jhj
t.jLj
t.jPj
uO8^ItJSSh7
8SQLi
u.hp{
f;F.sA
f;H.sA
L$4f;P.sF3
.6.78.9:;
B.CDEFFG
FUu.AUu FUu
pt.Vot/vptClpt
setting_smtp
email_advanced_error_port
cleaner_option_report
scan_month_select_day_%d
scan_day_select_day_%d
.ZH
theme.dialogs.dialog(descriptor:
license_instance_key
support_phone_demo
support_phone_expired
support_phone_full
support_phone_suspended
support_phone_free
support_phone_current
pipe.closed
setting.app.direct3d
option_flag_enforcer_execution
action_support
support_back
support_action_chat
support_action_web
support_action_email
support_action_phone
support_value_instance
page_support
scan.results_xml
options_support_instance_copy_failed
options_support_instance_copied
setting.app.show-splash
scheduled.phone-home.get.vipre-targets
settings.app.battery-power
setting.app.notify-detected-threats
settings.scan.root-kits
settings.scan.low-priority
settings.scan.update
settings.scan.archives
settings.scan.low-severity
settings.scan.auto-clean
settings.scan.cookies
settings.scan.removable
theme.dialogs.dialog(descriptor:dialog_options)
nag.demo.next_nag
nag.expired.next_nag
nag.suspended.next_nag
nag.subscription.next_nag
activate_key_1
activate_key_2
activate_key_3
activate_key_4
activate_key_%d
activate_result_key_invalid
activate_result_key_inactive
external.reseller_id
theme.dialogs.dialog(descriptor:dialog_splash)
SQLite format 3
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYWITHOUTERELEASEATTACHAVINGROUPDATEBEGINNERECURSIVEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTRIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
CREATE TABLE sqlite_master(
sql text
3.8.8.3
CREATE TEMP TABLE sqlite_temp_master(
%s>
%s?>
operator >> (CSZVinaryData& failure
last-execute-time
last-execute-result
last-execute-result-text
stored-action.saved
never-executed
CSZStoredAction::Execute
pipe-name
CSZApplicationPipeClient::_Execute
CSZApplicationPipeClient::GetWrapper
CSZApplicationPipeClient::OnPacket
stored-action.deleted
external.edition
external.product
external.downloader_id
external.affiliate_id
Support
CSZHomeServiceLicense::ExtractSupport
CSZHomeServiceComponentResult::ParseTokenKey
CSZAppDB::ExecuteMigrationCode
CSZApplicationPipeServer::Reply
key-inactive
key-invalid
key-mismatch
key-in-use
SMTPErrorString
CloseEmailWindowMsg
BadUrlCheckingEnabled
BadUrlReplacementText
WindowsLiveMailClientEnabled
BadUrlActionEnum
Port
MsgID
RegKey
BaseURL
LogToWindowsEventLog
Password
custom.all-drives
custom.ignore-removable
custom.known-file-types
custom.processes
custom.cookies
custom.registry
custom.deep-processes
custom.derivatives
custom.all-users
custom.archives
custom.root-kits
custom.path.
custom.common-tactics
theme.assets
ds_noidlemsg
lbs_wantkeyboardinput
es_password
lvs_report
CSZHttpContentHandler::StatusCode
CSZHttpContentHandler::ContentLength
CSZHttpContentHandler::ReceiveContent
CSZHttpContentHandler::CompleteContent
CSZHttp::Request
CSZHttp::ReportStatusCode
CSZHttp::ReportContentLength
CSZHttp::ReportComplete
CSZHttp::ReportContent
CSZSQLDatabase::ExecuteSQL
CSZSQLDatabase::CompileSQL
SQLITE_

d:d:d

d-d-d

d-d-d d:d:d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

RowKey

GetProcessHeap

os_win.c:%d: (%lu) %s(%s) - %s

delayed %dms for lock/sharing conflict

%s-shm

%s%c%s

recovered %d pages from %s

recovered %d frames from WAL file %s

cannot limit WAL size: %s

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

invalid page number %d

2nd reference to page %d

freelist leaf count too big on page %d

Page %d:

%d of %d pages missing from overflow list starting at %d

failed to get page %d

On tree page %d cell %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Page %d is never used

Fragmentation of %d bytes reported as %d on page %d

unknown database %s

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

%s(%d)

MJ collide: %s

-mjX9X

%s-mjXXXXXX9XXz

MJ delete: %s

FOREIGN KEY constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

FOREIGN KEY

%s constraint failed

cannot open savepoint - SQL statements in progress

abort at %d in [%s]: %s

%s constraint failed: %s

cannot commit transaction - SQL statements in progress

no such savepoint: %s

cannot release savepoint - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

database table is locked: %s

statement aborts at %d: [%s] %s

cannot change %s wal mode from within a transaction

cannot open value of type %s

cannot open table without rowid: %s

cannot open view: %s

cannot open virtual table: %s

indexed

cannot open %s column for writing

no such column: "%s"

foreign key

misuse of aliased aggregate %s

%s: %s.%s

%s: %s

%s: %s.%s.%s

%s prohibited in partial index WHERE clauses

%s prohibited in CHECK constraints

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

EXECUTE %s%s SUBQUERY %d

misuse of aggregate: %s()

hex literal too big: %s

%s%.*s"%w"

sqlite_rename_table

%.*s"%w"%s

%s OR name=%Q

sqlite_rename_trigger

sqlite_rename_parent

sqlite_

table %s may not be altered

type='trigger' AND (%s)

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

there is already another table or index with this name: %s

view %s may not be altered

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

sqlite_altertab_%s

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_stat3

sqlite_stat4

sqlite_stat1

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE %s=%Q

too many attached databases - max %d

SELECT tbl,idx,stat FROM %Q.sqlite_stat1

unable to open database: %s

database %s is already in use

database %s is locked

no such database: %s

cannot detach database %s

%s %T cannot reference objects in database %s

%s cannot use variables

sqlite_detach

sqlite_attach

access to %s.%s is prohibited

access to %s.%s.%s is prohibited

there is already an index named %s

object name reserved for internal use: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

too many columns on %s

duplicate column name: %s

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

PRIMARY KEY missing on table %s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

CREATE %s %.*s

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

sqlite_stat

sqlite_stat%d

DELETE FROM %Q.sqlite_sequence WHERE name=%Q

use DROP VIEW to delete view %s

foreign key on %s should reference only one column of table %T

table %s may not be dropped

use DROP TABLE to delete table %s

cannot create a TEMP index on non-TEMP table "%s"

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

views may not be indexed

virtual tables may not be indexed

table %s may not be indexed

sqlite_autoindex_%s_%d

table %s has no column named %s

there is already a table named %s

index %s already exists

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q AND type='index'

no such index: %S

a JOIN clause is required before %s

%s.rowid

unable to identify the object to be reindexed

%s.%s

table %s may not be modified

cannot modify %s because it is a view

duplicate WITH table name: %s

no such collation sequence: %s

sqlite_version

sqlite_compileoption_used

sqlite_compileoption_get

sqlite_source_id

sqlite_log

foreign key mismatch - "%w" referencing "%w"

%d values for %d columns

table %S has no column named %s

table %S has %d columns but %d values were supplied

unable to open shared library [%s]

sqlite3_

sqlite3_extension_init

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_key_check

defer_foreign_keys

foreign_key_list

foreign_keys

*** in database %s ***

NULL value in %s.%s

unsupported encoding: %s

malformed database schema (%s)

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

%s - %s

database schema is locked: %s

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

unknown or unsupported join type: %T %T%s%T

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

USE TEMP B-TREE FOR %s

column%d

%s:%d

COMPOUND SUBQUERIES %d AND %d %s(%s)

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

circular reference: %s

table %s has %d values for %d columns

no such index: %s

multiple references to recursive table: %s

sqlite_sq_%p

too many references to "%s": max 65535

multiple recursive references: %s

recursive reference in a subquery: %s

no such table: %s

%s.%s.%s

SCAN TABLE %s%s%s

sqlite3_get_table() called with two or more incompatible queries

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

no such column: %s

no such trigger: %S

-- TRIGGER %s

cannot VACUUM - SQL statements in progress

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0

PRAGMA vacuum_db.synchronous=OFF

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

vtable constructor did not declare schema: %s

vtable constructor failed: %s

automatic index on %s(%s)

no such module: %s

table %s: xBestIndex returned an invalid plan

ANY(%s)

AS %s

PRIMARY KEY

SUBQUERY %d

TABLE %s

COVERING INDEX %s

INDEX %s

VIRTUAL TABLE INDEX %d:%s

%s.xBestIndex() malfunction

USING INTEGER PRIMARY KEY

at most %d tables in a join

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

SQL logic error or missing database

unknown operation

large file support is disabled

unknown database: %s

no such %s mode: %s

%s mode not allowed: %s

no such vfs: %s

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

database corruption at line %d of [%.10s]

no such table column: %s.%s

X:\sz7.0.1.3\Build7\Release\x86\STOPzilla.pdb

mfc120u.dll

__crtGetShowWindowMode

_amsg_exit

_wcmdln

MSVCR120.dll

_calloc_crt

__crtSetUnhandledExceptionFilter

_crt_debugger_hook

__crtUnhandledException

__crtTerminateProcess

KERNEL32.dll

ExitWindowsEx

EnumChildWindows

GetKeyState

USER32.dll

GDI32.dll

SHELL32.dll

COMCTL32.dll

ole32.dll

OLEAUT32.dll

GdiplusShutdown

gdiplus.dll

MSVCP120.dll

RPCRT4.dll

MPR.dll

d3d9.dll

WinHttpOpen

WinHttpConnect

WinHttpCloseHandle

WinHttpOpenRequest

WinHttpSetOption

WinHttpQueryOption

WinHttpSendRequest

WinHttpReceiveResponse

WinHttpQueryHeaders

WinHttpQueryDataAvailable

WinHttpReadData

WINHTTP.dll

EnumWindows

MsgWaitForMultipleObjectsEx

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

ShellExecuteW

VERSION.dll

WaitNamedPipeW

.?AVCCmdTarget@@

.PAVCException@@

.PAVbad_cast@std@@

.PAVexception@std@@

.?AVDelegate@CSZApplicationPipeClient@@

.?AVListener@CSZHttpContentHandler@@

.PAVrange_error@std@@

.PAVruntime_error@std@@

.?AVCSZPWKeyValueNotify@@

.?AVDelegate@CSZApplicationPipeServer@@

.?AVCSZPacketPipeConnection@@

.?AVCSZPipeConnection@@

.?AVCSZApplicationPipeClient@@

.?AVCSZSQLDatabase@@

.?AVCSZPacketPipeClient@@

.?AVCSZPipeClient@@

.?AVCSQLMigrationStep@@

.?AVCVIPREWebFilterEvents@@

.?AU_ISBWebFilterEvents@@

.?AVCSZGraphicsShape@@

.?AVCSZGraphicsShapeRectangle@@

.?AVCSZHttpContentHandler@@

.?AVCSZPipeConnectionThread@CSZPipeConnection@@

.?AVCSZSQLStatement@@

]]>

true

true

0%1X1

1$2(2,202

78I8

2/2$3F3X3o3

1(2,2024282

4080
5_5S5h5u5
=$=
2&252\2}2
3]3&454{4
1o1v102F2%3X3x3
7%8X8
5Y5F5O5k5{5
9%9U9c9z9
8(9,9094989
2-2O2
3,4044484
> >$>(>,>0>4>8>
8 8$8(8,82999
: :$:(:,:0:4:8:
6 6$6(6,60646
>#>)>9>?>
9 9$9(9,909
;(;7;\;~;
6%7U7
; ;$;(;,;
> >$>(>,>0>4>
0 0(0,0004080
3 3$3(3,3
7 7$7(7,7074787
:,=0=4=8=
%s (%s:%d)
%Program Files% (x86)\Microsoft Visual Studio 12.0\VC\atlmfc\include\afxwin1.inl
eu
Theme: Loading "STOPzilla" at "%s".
Theme: Failed Loading "STOPzilla" at "%s".
hXXp://VVV.stopzilla.com/
{8DFC6702-AF86-4CBB-9D8B-00055514603A}
Detected 'pipe.closed' trigger...
scan.custom.
scan.custom.partials
scan.custom.fulls
url_store
url_chat
url_support
email_support
durl_help
EMAIL AV: %s
durl_purchase
url_register
external.home_service_url
hXXps://secure.logmeinrescue.com/customer/Code.aspx
Content-Type: application/x-www-form-urlencoded
Support.exe
Global\update.binaries.skip_wait
url_renew
Windows 95
Windows 98
Windows ME
Windows NT 4.0
Windows 2000
Windows XP
Windows .Net
Windows Vista
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows 8
Windows 8.1
Windows 10
Windows 2012 Server
Windows 2012 Server R2
Web Server
%s ~%d MHZ
GetLogicalProcessorInformation is not supported.
Unable to determine windows version
%u.%u.%u
okernel32.dll
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8
Windows Server 2012
Web Server Edition
Windows Server 2003 R2,
Windows Storage Server 2003
Windows Home Server
Windows XP Professional x64 Edition
Windows Server 2003,
Web Edition
Windows XP
Windows 2000
(build %d)
[%d/%m/%Y %H:%M:%S]
(%s%s%s%s%s):
shfolder.dll
"%s" %s
hkcu\software\microsoft\windows\shell\associations\urlassociations\http\userchoice
hkcr\http\shell\open\command
%hs(%d): failed [%u|%s]
%hs(%u, %u): failed [%u|%s]
https
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
Kernel32.dll
%s%s%s%s
system.last_boot_time
e%hs: %hs named '%s' updated to %u
%hs: unable to parse received action content '%hs' [%u]
%hs: attempt to execute an action with no implementation!
support.phone.%
support.phone.
e%s Initializing
Process ID: %u
Unable to start pipe client. (0xX)
SetProcessAffinityMask failed [%u|%s]
Working Directory: %s
CSZLogManager::Initialize(0x%X) failed [%u|%s]
ConstructLogFile(%s) failed [%u|%s]
application-pipe-client
%hs: wait failed with unexpected result %u
%hs: no wrapper for opCode %u
%hs: unhandled incoming packet - opCode(%u)
e%hs: unable to compile empty or missing SQL statement
%hs: no database available for SQL statement '%s'
%hs: failed to compile SQL statement '%s'
%hs: found duplicate name '%s' for type '%hs'
CONFIG.XML
%hs: duplicate component (%d|%hs)
%hs: updated license type(%d) end_date(%I64d) renewable(%d) reseller(%d) haveContactInfo(%d)
t%hs: failed to update license type(%d) end_date(%I64d) renewable(%d) reseller(%d) haveContactInfo(%d) [%u|%s]
%hs: component '%hs' skipped with result %d
%hs: missing value for region '%s' and status '%hs'
%hs: duplicate region key '%s'
%hs: missing %d of %d expected statuses in region '%s'
%hs: invalid status value '%hs' for region '%s'
%hs: no token key provided
%hs: unexpected token key '%hs'
%hs: parse error on markup '%hs' [%u|%s]
%hs: element '%hs' not supported by config object factory
%hs: request execution failed
%hs: request failed with result %u [%s]
%hs: Received %u
Exception: %s
Failed: %s
%s in transaction
INSERT INTO migration_history (version, phase) VALUES (%d, %d)
Failed to get value '%hs' for user '%hs' [%d|%s]
Failed to set value '%hs' for user '%hs' [%u|%s]
Failed to get system value '%hs' [%d|%s]
Failed to delete value '%hs' for user '%hs' [%u|%s]
Failed to set system value '%hs' [%u|%s]
Failed to delete system value '%hs' [%u|%s]
Failed to delete %hs keys %s %s [%u|%s]
'%s' set aside but new file not opened
'%s' cannot be opened and cannot be set aside
'%s' not created
'%s' set aside and recreated
No phase %d (%hs) migration necessary; current migration is %d
'%s' cannot be set aside
Phase %d (%hs) migration mismatch - DB is %d and application is %d
Migrated phase %d (%hs) from version %d to %d
SELECT value_type, value_data FROM kv_data WHERE user=? AND key=?
REPLACE INTO kv_data (user, key, value_type, value_data) VALUES (?, ?, ?, ?)
SELECT key, value_type, value_data FROM kv_data WHERE user=? AND key LIKE ?
DELETE FROM kv_data WHERE user=? AND key LIKE ?
DELETE FROM kv_data WHERE user=? AND key=?
DELETE FROM kv_data WHERE user=? AND key NOT LIKE ?
Failed to compile statement '%s' [%u|%s]
Failed to execute statement '%s' [%u|%s]
%hs: CreateFile('%s') failed [%u|%s]
tFailed to execute function '%hs' [%u|%s]
lFailed to set value '%hs' [%u|%s]
%hs: unsupported step '%hs'
%hs: invalid option '%c' for component (%d/%hs)
%hs: option '%c' for component (%d/%hs) requires value for variable %hs
%hs: option '%c' for component (%d/%hs) contains unbalanced variable delimiters
CreateInstance(CLSID_SBLogger) returned 0xX
CreateInstance(CLSID_SBService) returned 0xX
CreateInstance(CLSID_SBScanControl) returned 0xX
CreateInstance(CLSID_SBActiveProtection) returned 0xX
CreateInstance(CLSID_SBRegistration) returned 0xX
CreateInstance(CLSID_SBQuarantine) returned 0xX
CreateInstance(CLSID_SBThreatDefinitions) returned 0xX
CreateInstance(CLSID_SBSoftwareUpdates) returned 0xX
CreateInstance(CLSID_SBWSC) returned 0xX
CreateInstance(CLSID_SBVipre) returned 0xX
CreateInstance(CLSID_SBFirewall) returned 0xX
CreateInstance(CLSID_SBEmailAV) returned 0xX
CreateInstance(CLSID_SBHIPS) returned 0xX
CreateInstance(CLSID_SBWebFilter) returned 0xX
CreateInstance(CLSID_SBLanGuard) returned 0xX
Released ISBFirewallWebFilter
vipre.config.scan.known-apps.reset
%hs: VIPRE failure [0xX|%s]
gVIPRE: Error communicating to set back the config: %s
Incompatibles Check: Did not find program data in '%s' or '%s'
incompats.dat
IncompatiblePrograms.dll
Incompatibles Check: Found '%s' but not '%s'
Incompatibles Check: '%s' does not contain function '%hs'
Incompatibles Check: Found but did not load '%s' [%u|%s]
B%PRODUCTLONG% detected %THREATNAME% in attachment %ATTACHMENTNAME%; The attachment has been cleaned.%CRLFÞfinitions Version = %THREATDEFVERSION%%CRLF%STOPzilla Version = %VIPREVERSION%
%PRODUCTLONG% detected %THREATNAME% in attachment %ATTACHMENTNAME%; The attachment has been quarantined. You can unquarantine this suspicious file from the %PRODUCT% application.%CRLFÞfinition Version = %THREATDEFVERSION%%CRLF%STOPzilla Version = %VIPREVERSION%
%PRODUCTLONG% detected %THREATNAME% in attachment %ATTACHMENTNAME%; The attachment has been deleted.%CRLFÞfinitions Version = %THREATDEFVERSION%%CRLF%STOPzilla Version = %VIPREVERSION%
%PRODUCT% Anti-phishing removed a known bad URL from your email message. It was deleted or quarantined and replaced with this message.
*.theme
theme.xml
.theme
nCSZGraphicsHive::_ReferenceFont - Failed to load font '%S'.
CSZGraphicsHive::_LoadTTF - Failed to load system font '%s' (0xX).
CSZGraphicsHive::_LoadTTF - Loading font '%S'.
CSZGraphicsHive::_LoadTTF - Failed to load memory font '%S' (0xX).
CSZGraphicsHive::_LoadTTF - Failed to find container file '%s'.
CSZGraphicsHive::_LoadTTF - Failed to find font face '%S'.
Direct3D: Could not create IDirect3DDevice9 (0xX).
Error: Unexpected message loop (0xX).
ColumnData_%d
ColumnWidth_%d
comctl32.dll
UxTheme.dll
%Program Files% (x86)\Microsoft Visual Studio 12.0\VC\atlmfc\include\afxwin2.inl
CSZGraphicsFont::Load - GDI Failed to load '%s' (0xX)
%hs (%p): uStatusCode = %u
%hs (%p): actual content length (%I64u) exceeds reported (%I64u)
HTTPS
SZHttp/1.0
%hs: WinHttpConnect(%s, %u) failure [%u|%s]
%hs: WinHttpOpen failure [%u|%s]
%hs: WinHttpSetOption - WINHTTP_OPTION_CONNECT_TIMEOUT - failure [%u|%s]
%hs: WinHttpOpenRequest(%s, %s) failure [%u|%s]
%hs: WinHttpSetOption - WINHTTP_OPTION_RECEIVE_TIMEOUT - failure [%u|%s]
%hs: WinHttpSetOption - WINHTTP_OPTION_SEND_TIMEOUT - failure [%u|%s]
%hs: WinHttpSetOption - WINHTTP_OPTION_RESOLVE_TIMEOUT - failure [%u|%s]
%hs: WinHttpSetOption - WINHTTP_OPTION_RECEIVE_RESPONSE_TIMEOUT - failure [%u|%s]
%hs: WinHttpSetOption failure [%u|%s]
%hs: WinHttpQueryOption failure [%u|%s]
%hs: WinHttpReceiveResponse failure [%u|%s]
%hs: WinHttpSendRequest failure [%u|%s]
%hs: request failed with status %u
%hs: WinHttpQueryHeaders(WINHTTP_QUERY_STATUS_CODE) failure [%u|%s]
%hs: WinHttpQueryDataAvailable failure [%u|%s]
%hs: WinHttpQueryHeaders(WINHTTP_QUERY_CONTENT_LENGTH) failure [%u|%s]
%hs: WinHttpReadData failure [%u|%s]
\\.\pipe\
%hs: queue '%s', index %u - wait failed with result %u
%hs: queue '%s', index %u - thread 0x%X started
%hs: queue '%s', index %u - thread 0x%X ending
%hs: queue '%s' - attempt to start while abort is signalled
%hs: queue '%s', index %u - failed to start [%u|%s]
%hs: queue '%s', index %u - thread completed
_%hs: '%s' (0xX)
%hs: failed to compile '%s' [%d|%hs]
dbghelp.dll
%s%d.log
%s%d.dmp
Unhandled Exception: Code(0xX) Addess(0xX)
%hs: expected sequence number greater than or equal to %u; got %u instead
%hs: packet %u of request %u indicated no more data when %u packets remain.
%hs: expected packet size in %u bytes; got %u bytes
%hs: received %u bytes; 0 expected
%hs: expected packet buffer of %u bytes; got %u bytes

xx

C:\ProgramData\STOPzilla!\dumps\STOPzilla.exefatal

7.0.1.3

STOPzilla.exe

SBAMSvc.exe_3448_rwx_00DC0000_00004000:

.upx2

.upx1

.upx0

.reloc

.idata

.rdata

.data

.text

AutoIT 3.3.12.0

AutoIT 3.2.6.0

AutoIT 3.2.0.0

AutoIT 3.0.100.0

AutoIT 3.0.102

Upack 0.3.9

SBAMSvc.exe_3448_rwx_00E20000_0000A000:

T$.RV

Compiler Detection: Borland C/C   1999 %d

Compiler Detection: Borland C   Dll %d

Compiler Detection: FreeBasic_0_14 %d

Compiler Detection: MASM_TASM %d

Compiler Detection: MASM32 %d

Compiler Detection: Microsoft_Visual_C_2_0 %d

Compiler Detection: Microsoft_Visual_Cpp %d

Compiler Detection: Microsoft_Visual_Cpp_3_0_old_crap_ %d

Compiler Detection: Microsoft_Visual_Cpp_7_0_Custom %d

Compiler Detection: Microsoft_Visual_Cpp_8_0_Debug %d

Compiler Detection: Microsoft Visual C   8.0 Release %d

Compiler Detection: Microsoft_Visual_Cpp_DLL %d

Compiler Detection: Microsoft_Visual_Cpp_v4_x %d

Compiler Detection: Microsoft_Visual_Cpp_v5_0_v6_0_MFC_ %d

Compiler Detection: Microsoft_Visual_Cpp_v6_0_Debug_Version_ %d

Compiler Detection: Microsoft_Visual_Cpp_v6_0_DLL %d

Compiler Detection: Microsoft_Visual_Cpp_v6_0_SPx %d

Compiler Detection: Microsoft_Visual_Cpp_v7_0 %d

Compiler Detection: Microsoft_Visual_Cpp_v7_0_DLL %d

Compiler Detection: Microsoft_Visual_Cpp_v7_1_DLL %d

Compiler Detection: Microsoft_Visual_Cpp_v7_1_DLL_Debug_ %d

Compiler Detection: Microsoft_Visual_Cpp_v7_1_EXE %d

Compiler Detection: Microsoft_Visual_Cpp_vx_x %d

Compiler Detection: Microsoft_Visual_Cpp_vx_x_DLL %d

Compiler Detection: Microsoft_Visual_CSharp_Basic_NET %d

Compiler Detection: MinGW_GCC_DLL_v2xx %d

Compiler Detection: MinGW_GCC_v2_x %d

Compiler Detection: MingWin32_Dev_Cpp_v4_9_9_1_h_ %d

Compiler Detection: MingWin32_Dev_Cpp_v4_x_h_ %d

Compiler Detection: MingWin32_GCC_3_x %d

Compiler Detection: MingWin32_vn_n_h_ %d

Compiler Detection: PowerBASIC_CC_3_0x %d

Compiler Detection: PowerBASIC_CC_4_0 %d

Compiler Detection: PowerBASIC_Win_7_0x %d

Compiler Detection: PseudoSigner_0_1_Borland_Delphi_6_0_7_0_Anorganix %d

Compiler Detection: PseudoSigner_0_1_Microsoft_Visual_Basic_5_0_6_0_Anorganix %d

Compiler Detection: PseudoSigner_0_1_Microsoft_Visual_Cpp_5_0p_MFC_Anorganix %d

Compiler Detection: PseudoSigner_0_1_Microsoft_Visual_Cpp_6_0_Debug_Version_Anorganix %d

Compiler Detection: PseudoSigner_0_1_Microsoft_Visual_Cpp_7_0_DLL_Anorganix %d

Compiler Detection: PseudoSigner_0_2_Borland_Cpp_1999_Anorganix %d

Compiler Detection: PseudoSigner_0_2_Borland_Cpp_DLL_Method_2_Anorganix %d

Compiler Detection: PseudoSigner_0_2_Borland_Delphi_DLL_Anorganix %d

Compiler Detection: PseudoSigner_0_2_Borland_Delphi_Setup_Module_Anorganix %d

Compiler Detection: PseudoSigner_0_2_Microsoft_Visual_Basic_5_0_6_0_Anorganix %d

Compiler Detection: PseudoSigner_0_2_Microsoft_Visual_Cpp_7_0_DLL_Anorganix %d

Compiler Detection: PseudoSigner_0_2_MinGW_GCC_2_x_Anorganix %d

Compiler Detection: PseudoSigner_0_2_REALBasic_Anorganix %d

Compiler Detection: PseudoSigner_0_2_Watcom_C_Cpp_DLL_Anorganix %d

Compiler Detection: PseudoSigner_0_2_WATCOM_C_Cpp_EXE_Anorganix %d

Compiler Detection: REALbasic %d

Compiler Detection: Star_PseudoSigner_0_1_Borland_Delphi_3_0_Anorganix %d

Compiler Detection: Star_PseudoSigner_0_1_Borland_Delphi_5_0_KOL_MCK_Anorganix %d

Compiler Detection: Star_PseudoSigner_0_1_Microsoft_Visual_Basic_6_0_DLL_Anorganix %d

Compiler Detection: Star_PseudoSigner_0_1_Microsoft_Visual_Cpp_6_0_Debug_Version_Anorganix %d

Compiler Detection: Star_PseudoSigner_0_1_Microsoft_Visual_Cpp_6_20_Anorganix %d

Compiler Detection: Star_PseudoSigner_0_1_MinGW_GCC_2_x_Anorganix %d

Compiler Detection: Star_PseudoSigner_0_1_WATCOM_C_Cpp_EXE_Anorganix %d

Compiler Detection: Stranik_1_3_Modula_C_Pascal %d

Compiler Detection: Symantec_Visual_Cafe_v3_0 %d

Compiler Detection: TASM_MASM %d

VB Signature: %x

VB Header Startaddress: %x

Compiler Detection: WATCOM_C_Cpp %d

Compiler Detection: WATCOM C/C   1.7 %d

Compiler Detection: WATCOM_C_Cpp_32_Run_Time_System_1988_1995 %d

Compiler Detection: ZipWorxSecureEXE_v2_5_ZipWORX_Technologies_LLC_h_ %d

SBAMSvc.exe_3448_rwx_00E30000_0000E000:

 =-=/=*=&=,=>
() -/*&[]
SBAMSvc.exe_3448_rwx_06F50000_00156000:
%SYSTEM%
Win32.Unair
{4b87fd04-2b89-0306-b0db-7dd6740e6c89}
{4481a693-e8d2-9549-4315-0ef724694f3f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beaec9c9-2c0a-1c56-3063-e776919a4d6c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB73411E-48F7-9D19-6293-EA0AD71836D4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fc85afd-096d-731e-a871-6c0f1af600dc}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beaec9c9-2c0a-1c56-3063-e776919a4d6c}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB73411E-48F7-9D19-6293-EA0AD71836D4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3698A47F-0E80-000E-7948-960CF605F542}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc85afd-096d-731e-a871-6c0f1af600dc}
HKEY_CURRENT_USER\Software\{C5D43B9E-F5B7-480B-B8C4-C3A78AF3E670}
HKEY_CURRENT_USER\Software\{5d90b4ad-0f8f-c24a-865f-900f2caccae2}
HKEY_CURRENT_USER\Software\{59301c76-ede9-a1a9-f66d-c99effa3aa02}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{3698A47F-0E80-000E-7948-960CF605F542}
u$
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS\
explorer.exe csrcs.exe
124.40.51.17
58.17.236.92
360.cn
360safe.cn
360safe.com
60.210.176.251
chinakv.com
cnnod32.cn
dswlab.com
duba.net
eset.com
ikaka.com
jiangmin.com
kaspersky.com
kingsoft.com
lanniao.org
nod32.com
nod32club.com
qihoo.cn
qihoo.com
rising.com
sucop.com
virustotal.com
7.0.600
7.0.3790.
7.0.2600.
msvcrt.dll
sfcfiles.dll
.reloc
.rsrc
.data
.text
Menu\Programs\Startup\TEMP.HTA""",65
/* 'if (!document.getElementById('JSSS')){ document.getElementsByTagName('head').item(0).appendChild(js) };  */
/script>
/script>/scr' 'ipt>
yourtruemate.ru
yourtruegame.ru
yourtruecrime.ru
yourtopfilms.ru
yourtolltag.ru
yourtagheuer.ru
yourmaxmedia.ru
yourauthentic.ru
yourarray.ru
xxlwebhost.ru
xboxliveweb.ru
worldwebworld.ru
worldwebmarkets.ru
worldsouth.ru
worldrat.ru
worldmusicmagazine.ru
worldhighspeed.ru
wintersaleonline.ru
window.redirect
whosaleonline.ru
webworldshop.ru
webpowerguide.ru
webnetloans.ru
webnetlinks.ru
webnetlender.ru
webnetexperts.ru
webnetenglish.ru
weblessnet.ru
webithost.ru
webdirectbroker.ru
webdesktopnet.ru
wavebank.ru
warbest.ru
votrelib.ru
vipodnososki.ru
viewhomesale.ru
videostan.ru
videosaleonline.ru
video-bum.ru
usaworldwideweb.ru
urlnext.ru
trueworldmedia.ru
truesoulonline.ru
truerealtime.ru
truelifefamily.ru
trueblueberyl.ru
trueblueally.ru
townwebmail.ru
topmediasite.ru
toplinemarine.ru
thetruehelp.ru
thestocksite.ru
thespeeddate.ru
theprocast.ru
themobisite.ru
themobilewindow.ru
thelifetag.ru
thelaceweb.ru
thegiftsale.ru
thechocolateweb.ru
theaworld.ru
theatticsale.ru
theaonline.ru
theantimatrix.ru
testoogle.ru
testilla.ru
teenwebdesign.ru
tagsaleusa.ru
supertruelife.ru
superpropicks.ru
superore.ru
supernun.ru
supernil.ru
supernewstuff.ru
supernetbet.ru
supermyweb.ru
superhometours.ru
superhomeschool.ru
superhighest.ru
superaguide.ru
sugaryhome.ru
suesite.ru
sportwebnet.ru
soul-in-you.ru
smert-vest.ru
smartgaragesale.ru
sitesages.ru
sitedesigninc.ru
simpleworldhouse.ru
simplehomelink.ru
serialarchive.ru
seamscreative.info
saletradeonline.ru
rentbesthome.ru
regaught.ru
redtagjewelry.ru
redtagcruises.ru
redtagcentral.ru
recentmexico.ru
qualitysuper.ru
protechradio.ru
privius-life.ru
previouslife.ru
poxudeli.ru
pornomig.ru
popcorn-tv.ru
piezenia.ru
pieeonline.ru
ourfreesite.ru
orderseasilver.ru
oneanotherlife.ru
officialohsupplies.ru
obmanulis.ru
nowhomecare.ru
newworldlink.ru
newwaronline.ru
newvillagefresh.ru
newsourceworld.ru
newhomeline.ru
newgolfonline.ru
newcitymap.ru
netmusicbank.ru
myworldcampus.ru
myskysite.ru
myownage.ru
mygreatsale.ru
mycontentguide.ru
musicboxpro.ru
moviehit.ru
moremindpower.ru
mingleas.ru
mindgameworks.ru
mediatagonline.ru
maxserviceworld.ru
manbest.ru
lulucabana.com
ljinet.ru
linuxwebcam.ru
limowebcam.ru
libprojet.ru
letterssite.ru
lagworld.ru
kindpea.ru
jthek.ru
johnsite.ru
jerseyhomesite.ru
innewterra.ru
indiawebnet.ru
illsite.ru
icq-antivirus.ru
huzzahwebdesign.ru
huntalong.ru
hXXp://zerosmak-kiev-ua.1gb.ua/
hXXp://zeraa-com-ua.1gb.ua/
hXXp://whhothatgirl-kiev-ua.1gb.ua/
hXXp://unb0rn.biz/
hXXp://toldspeak.com/
hXXp://tiltandgrin.com/
hXXp://promajik.com/
hXXp://piazzacreative.com/
hXXp://panhandlepointers.com/
hXXp://mvblaw.com/
hXXp://mabcom.net/
hXXp://lendermedia.com/images/z.htm
hXXp://kendoaruba.net/
hXXp://iritirlast0.co.cc/
hXXp://holcombewaller.com/
hXXp://govos-com-ua.1gb.ua/
hXXp://fixuss.bravehost.com/
hXXp://ereintza.com/
hXXp://dwmmanagement.com/
hXXp://dottiehope.com/
hXXp://dextersss-com-ua.1gb.ua/
hXXp://alumicool.com/
hXXp://3torres.com/
hXXp://12s83.com/
hotnewguide.ru
homeusaonline.ru
homesweetnetwork.ru
homesiteworld.ru
homesitedesigns.ru
homesaleplus.ru
homeproair.ru
homehousemiami.ru
homegreatloans.ru
homecarenation.ru
homebuyerscd.ru
highestdog.ru
halfsite.ru
guiderose.ru
guidebat.ru
gridrevolutions.ru
greenscometrue.ru
greatwebradio.ru
greatvelocity.ru
greatsalecenter.ru
greatcarscity.ru
goldgolfbag.ru
gethomesite.ru
genuinenorth.ru
genuinehollywood.ru
genuineholly wood.ru
genuinecolors.ru
genuinecol ors.ru
gametopsite.ru
funwebmail.ru
freewebship.ru
freeprosports.ru
freemindlive.ru
forhomessale.ru
foresaleonline.ru
forallpro.ru
flywebcam.ru
ezsalebuy.ru
ezpoh.ru
extrafreeweb.ru
euroshares.ru
erogod.ru
egreatsale.ru
easytabletennis.ru
easymusicstore.ru
easylifedirect.ru
dub-dubom.ru
directscsi.ru
digitalsiteonline.ru
dietichka.ru
cybercityworld.ru
counterbest.ru
comingbig.ru
cometruestar.ru
cobalttrueblue.ru
cityhomesaustin.ru
cherrypieusa.ru
carswebnet.ru
carprotech.ru
busop.info
burkewebservices.ru
buejackmusic.ru
brownbagbar.ru
boardsaw.ru
blueseaguide.ru
bluejackmusic.ru
bluejackin.ru
blackseatrade.ru
biltop.ru
besttechhome.ru
beststyleweb.ru
bestsis.ru
bestseasilver.ru
bestnewsmall.ru
bestnewhaven.ru
bestmedpro.ru
bestlifeusa.ru
bestjackoff.ru
bestcia.ru
bestbondsite.ru
bestbob.ru
bestartsale.ru
beachdoo.ru
battop.ru
avattop.ru
authentictype.ru
atwebhost.ru
aohna.ru
anycitytown.ru
antivirusicq.ru
anti-virus2010.ru
ampsguide.ru
allpropro.ru
allbagshop.ru
accurategenuine.ru
/script>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxNet
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxCls
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
c:\windows\system32\userinit.exe,
%SYSTEM%\userinit.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
7"7.reloc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nwsapagent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Irmon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ias
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4
\bin\dcc32.exe"uses windows;
hXXp://VVV.wdheaven.cn/
hXXp://VVV.thysearch.net
hXXp://VVV.quary888.cn/
hXXp://VVV.musicmoa.net/
hXXp://VVV.membres.lycos.fr/chouhacasa/
hXXp://VVV.membres.lycos.fr/bmwvir/
hXXp://VVV.freewebtown.com/crman/
hXXp://VVV.82vv.com/
hXXp://VVV.77zb.com/
hXXp://VVV.6783.com/?u2
hXXp://VVV.223224.com/taobao/
hXXp://VVV.17oye.cn/
hXXp://wa3ra.110mb.com/
hXXp://volam111.110mb.com/
hXXp://thoidep.com/
hXXp://test004.adultsexual.info/
hXXp://ro7ei.com/
hXXp://rmksa.com/
hXXp://qgi.org.sa/
hXXp://ms-dl-center3699.info/
hXXp://moxulica.evonet.ro/
hXXp://members.lycos.co.uk/sauytre00/
hXXp://laylalesb.sitesled.com/
hXXp://lauxanhus.110mb.com/
hXXp://italiandirectory.com/
hXXp://images2008.8866.org/
hXXp://files.myopera.com/roball/
hXXp://diendansinhvienvnn.com/
hXXp://dichvum4g.net/
hXXp://43leloi43.110mb.com/
hXXp://194.160.227.34/
hXXp://133666620.host.dj58.net/
208.109.220.95
173.236.97.27
173.201.254.6
64.117.35.255
127.0.0.1 localhost
Host file has been infected by :W32.Depkominfo.A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
'))\/\/\o\n\l\y\f\i\n\d\.\n\e\t\/\i\n\.\c\g\i\?
1\$ 1\$(1\$,1\$03
kernel32.dll
.mdata
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\A-
%SYSTEM%\Tasks\A-
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\net /f
REG COPY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\net HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network /s
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\mini /f
REG COPY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\mini HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal /s
REG COPY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\jjonjo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HashVsSTDTest
HKEY_LOCAL_MACHINE\SOFTWARE\HashVsSTDTest
\Temp\UuU.uUu
\TEMP\XxX.xXx
firefox
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ParseAutoexec
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
{CAB8D20A-31A9-4505-AD1B-6014A0F32D9D}
{1EBE9E45-C4BB-4B2A-84CA-7257C9D28992}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\CryptoLocker_0388
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\27\
HKCU\softwaremicrosoftwindowscurrentversionpoliciesexplorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKCU\Software\Policies\Microsoft\Windows NT\Terminal Services
SCRNSAVE.EXE
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
NoChangeKeyboardNavigationIndicators
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
rundll32.exe
.txt,
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
%WINDOWS%\Active.bat
SkypeAutoConect.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPPortMapService
.dspak
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67EFG7H6-8IJL-56YT-KLH4-76WE2D3RAM87}
%APPDATA%\Microsoft\Windows\xGgUF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Host-process Windows (Rundll32.exe)
Service Host Process for Windows
WINDOWS SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
198.175.125.141 sotialmonstercookie.ru
198.175.125.141 m.ok.ru
198.175.125.141 m.odnoklassniki.ru
198.175.125.141 odnoklassniki.ru
198.175.125.141 m.vk.com
198.175.125.141 m.my.mail.ru
198.175.125.141 my.mail.ru
198.175.125.141 ok.ru
198.175.125.141 VVV.odnoklassniki.ru
198.175.125.141 vk.com
WINDOWS NT SERVICE
[1 5 7 17]
%WINDOWS%\TASKS\FLASHDRV.JOB
.exe.exe
.ndata
%SYSTEM%\drivers\etc\h
T.TEQUILA
4ffffuser32.dll
advapi32.dll
mpr.dllffffuser32.dll
mpr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
KERNEL32.dll
.UPX0
.vmp1
.vmp0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions present
HKEY_CLASSES_ROOT\batfile\shell\open\command
HKEY_CLASSES_ROOT\VBSFile\Shell\Open2\Command
HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command
HKEY_CLASSES_ROOT\VBEFile\Shell\Open2\Command
HKEY_CLASSES_ROOT\VBEFile\Shell\Open\Command
HKEY_CLASSES_ROOT\scrfile\shell\open\command
HKEY_CLASSES_ROOT\exefile\shell\runas\command
HKEY_CLASSES_ROOT\exefile\shell\open\command
%SystemRoot%\System32\CScript.exe "%1" %*
%SystemRoot%\System32\WScript.exe "%1" %*
%WINDOWS%
%PROGRAMS%\Foto.lnk
ÞSKTOPDIRECTORY%\Foto.lnk
%PROGRAMS%\SUPER CONTENUTI.lnk
ÞSKTOPDIRECTORY%\SUPER CONTENUTI.lnk
%PROGRAMS%\Club del Vizio - Foto Video Calendari - VM18.lnk
ÞSKTOPDIRECTORY%\Club del Vizio - Foto Video Calendari - VM18.lnk
%SYSTEM%\winxtx
%SYSTEM%\Winsystens
%SYSTEM%\Winsysten
%SYSTEM%\Winsystemt
%SYSTEM%\Winsystemq
%SYSTEM%\Winsystempo
%SYSTEM%\Winsystemp
%SYSTEM%\Winsystemm
%SYSTEM%\Winsysteml
%SYSTEM%\Winsystemk
%SYSTEM%\Winsystemc
%SYSTEM%\Winsystemas
%SYSTEM%\Winsystem
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
{C7E341C1-655B-48EB-9FCC-5B56B4A96121}
{491A5872-C30F-4E54-8FF1-BF31CC73DC4B}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{45525B3D-F0A7-4050-A067-3D0AFF22C45D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DDF887BD-D021-4E54-ABC9-550A6FDCFA7F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDFA4C7-FB54-493B-B751-99591FC0DD63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF866D80-2D98-49B9-A1F4-B8061C7E2C42}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99767248-6535-4064-A342-48DCBBFEDE21}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75CBFD0C-1513-4288-A5A9-F3D6C7DDD342}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6778D566-49BD-466D-9386-DD74E6AF5A23}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6725959F-EB01-4AA3-B75E-2E75E806C825}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{497F4F5A-5665-483B-8CD2-565750DEE151}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C368A69-8A30-4B49-8451-FF65636F123A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CA02EA2-55E6-429A-8246-A25AD3106C6F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C7E341C1-655B-48EB-9FCC-5B56B4A96121}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{491A5872-C30F-4E54-8FF1-BF31CC73DC4B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{45525B3D-F0A7-4050-A067-3D0AFF22C45D}
HKEY_LOCAL_MACHINE\SOFTWARE\Freeware\{491A5872-C30F-4E54-8FF1-BF31CC73DC4B}
HKEY_CURRENT_USER\Software\Freeware\{491A5872-C30F-4E54-8FF1-BF31CC73DC4B}
HKEY_CURRENT_USER\Software\Freeware\{45525B3D-F0A7-4050-A067-3D0AFF22C45D}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
DisableCMD
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
symldrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
DontReportInfectionInformation
explorer.exe
Explorer.exe %WINDIR%\system32\drivers\service.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{F2C63239-A5DB-487B-B283-4132351E7AB6}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\
hXXp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
hXXp://VVV.baidu.com/index.php?tn=mm667_pg
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
eHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
%SystemRoot%
C:\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
%SystemRoot%\System32\drivers\etc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{H8I22RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}
dmboot.sys
dmload.sys
sermouse.sys
vga.sys
Keyboard
{36FC9E60-C465-11CF-8056-444553540000}
{4D36E965-E325-11CE-BFC1-08002BE10318}
{4D36E969-E325-11CE-BFC1-08002BE10318}
{4D36E96A-E325-11CE-BFC1-08002BE10318}
{4D36E96B-E325-11CE-BFC1-08002BE10318}
{4D36E977-E325-11CE-BFC1-08002BE10318}
{4D36E97B-E325-11CE-BFC1-08002BE10318}
{4D36E97D-E325-11CE-BFC1-08002BE10318}
{71A27CDD-812A-11D0-BEC7-08002BE2092F}
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Tcpip
dmio.sys
rdpcdd.sys
rdpwd.sys
tdpipe.sys
tdtcp.sys
vgasave.sys
sr.sys
{4D36E967-E325-11CE-BFC1-08002BE10318}
{4D36E96F-E325-11CE-BFC1-08002BE10318}
{4D36E972-E325-11CE-BFC1-08002BE10318}
{4D36E974-E325-11CE-BFC1-08002BE10318}
{4D36E975-E325-11CE-BFC1-08002BE10318}
{4D36E980-E325-11CE-BFC1-08002BE10318}
t\system32\sfcfiles.dat
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sr\Parameters
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
"%Program Files%\Internet Explorer\IEXPLORE.EXE"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command
"%Program Files%\Internet Explorer\IEXPLORE.EXE" "%1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command
"%SystemRoot%\winhlp32.exe" "%1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command
"%SystemRoot%\hh.exe" "%1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command
regedit.exe "%1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command
%SystemRoot%\system32\NOTEPAD.EXE %1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
%SYSTEM%\winupdate86.exe
%SYSTEM%\winlogon86.exe
%SYSTEM%\winhelper86.dll
%SYSTEM%\critical_warning.html
%SYSTEM%\AVR10.exe
%SYSTEM%\41.exe
wdmaud.drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
smss32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
%System%\winlogon32.exe
%WinDir%\SYSTEM32\USERINIT.exe,
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\
HKEY_CLASSES_ROOT\secfile
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\.exe\shell
HKEY_CLASSES_ROOT\.exe\DefaultIcon
HKEY_CLASSES_ROOT\txtfile\shell\open\command
%WINDOWS%\OK.ini
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
securityGuard.exe
SAa34e.exe
MSW.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKEY_CLASSES_ROOT\securityGuard.DocHostUIHandler
HKEY_CLASSES_ROOT\securityGuard.DocHostUIHandler\Clsid
HKEY_CLASSES_ROOT\SAa34e.DocHostUIHandler
HKEY_CLASSES_ROOT\SAa34e.DocHostUIHandler\Clsid
HKEY_CLASSES_ROOT\MSW.DocHostUIHandler
HKEY_CLASSES_ROOT\CLSID\
HKEY_CLASSES_ROOT\MSW.DocHostUIHandler\Clsid
CheckExeSignatures
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
hXXp://search-gala.com
hXXp://findgala.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
svchost.exe
explorer.exe rundll32.exe nynw.wmo mynleeq
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
VPTRAY.EXE
USBGUARD.EXE
regedit.exe
pctstray.exe
pctsgui.exe
msconfig.exe
mmc.exe
AVP.EXE
AVGNT.EXE
ashdisp.exe
HKEY_CURRENT_USER\Software\vlad
\SYSTEM32\USERINIT.EXE,
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dfcsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_LOCAL_MACHINE\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Win Antispyware Center
explorer.exe rundll32.exe thxr.wgo nwfdtx
{260E99CE-9462-361D-9C07-5C104B50DC6D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{260E99CE-9462-361D-9C07-5C104B50DC6D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{260E99CE-9462-361D-9C07-5C104B50DC6D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\D.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\D\CLSID
{2D046A82-BED0-36C5-85BC-4BC759C9C472}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D046A82-BED0-36C5-85BC-4BC759C9C472}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D046A82-BED0-36C5-85BC-4BC759C9C472}
rundll32 svchost.dll,get
rundll32 csrrss.dll,get
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2BA40A2-75F1-51BD-F413-04B15A2C8950}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
.dll, RestoreWindows
mcexecwin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
,93.188.16
93.188.16
255.255.255.255
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
Explorer.exe
csrss.exe
c:\windows\csrss.exe
%WINDOWS%\csrss.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROV\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSN\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPNPHOST\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTMSSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTMSSVC\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT\0000
{8ECC055D-047F-11D1-A537-0000F8753ED1}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWSAPAGENT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATION
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IRMON
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IAS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
%WinDir%\sp.htm
%System%\net.vbs
%System%\launch.vbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\Policies
C:\windows\sp.htm
HKEY_CURRENT_USER\Identities\Software\Microsoft\Outlook Express\5.0\signatures
HKEY_CURRENT_USER\Software\Patchou
c:\windows\system32\userinit.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
hXXp://VVV.mavideniz.gen.tr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP Pass-through Filter
TCPIP Pass-through Filter
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\GFI_BC_PT_RegKeyToBeDeleted
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\GFI_BC_PT_RegKeyCreated
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\GFI_BC_PT_RegKeyToBeDeleted
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\GFI_BC_PT_RegKeyCreated
C:\GFI_BC_PT_FolderToBeDeleted
C:\GFI_BC_PT_FolderCreated
C:\GFI_BC_CleanFile.txt
C:\GFI_BC_PT_FileCreated.txt
C:\GFI_BC_PT_FileToBeDeleted.txt
Administrator1\winlogon.exe
Default_Search_URL
Default_Page_URL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr
HKEY_CURRENT_USER\Control Panel\Sound
%System%\drivers\etc\hosts
%SYSTEM%\drivers\etc\hosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
HKEY_CURRENT_USER\Software\mdnkso81qq2
HKEY_CLASSES_ROOT\VBEfile\shell\Open
HKEY_CLASSES_ROOT\VBSfile\shell\Open
HKEY_CLASSES_ROOT\regfile\shell\Merge
HKEY_CLASSES_ROOT\inffile\shell\Install
HKEY_CLASSES_ROOT\lnkfile\shell\Delete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
hXXp://VVV.bendot.co.nr
HKEY_CURRENT_USER\Software\Classes\exefile
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
%System%\MS586.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sessmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPathAddress
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\HideFileExt
%PROFILE%\Start Menu\Programs\Windows XP Recovery
%PROFILE%\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
%PROFILE%\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
ÞSKTOPDIRECTORY%\Windows XP Recovery.lnk
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
CertificateRevocation
WarnonBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
@shell32.dll,-21785
HKEY_LOCAL_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
cmd.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
%system%\userinit.exe,
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command
HKEY_CURRENT_USER\Control Panel\International
%system%\logon.scr
@%SystemRoot%\system32\SHELL32.dll,-8964
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}
@%SystemRoot%\system32\SHELL32.dll,-9216
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer
A%system%\drivers\etc\hosts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-ABX5-00401C608512}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635853}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
fbdirecto.net/1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters
%SystemRoot%\System32\wscsvc.dll
%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Parameters
%ProgramFiles%\Windows Defender\mpsvc.dll
Windows Defender
%SystemRoot%\System32\svchost.exe -k secsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters
%SYSTEM%\wuauserv.dll
%systemroot%\system32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportSetup.exe
RPXService.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportSetup-Full.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe
RPService.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyEze.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.eze
HKEY_CLASSES_ROOT\MyEze.1
HKEY_CLASSES_ROOT\.eze
%ALLUSERSPROFILE%\Start Menu\Programs\Startup\desktop.ini
ÞSKTOPDIRECTORY%\System_Check.lnk
ÞSKTOPDIRECTORY%\SMART_HDD.lnk
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
rundll32.exe
lsass.exe
%STARTUP%\msconfig.lnk
%STARTUP%\runctf.lnk
%STARTUP%\ctfmon.lnk
services.exe_
%WINDOWS%\winsxs\Backup\
%WINDOWS%\Installer\
%WINDOWS%\assembly\GAC_64\Desktop.ini
%WINDOWS%\assembly\GAC_32\Desktop.ini
%WINDOWS%\assembly\GAC\Desktop.ini
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}
%WINDOWS%\system32\services.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\10.0\Excel\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Excel\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Excel\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Excel\Security
hXXp://tours.kichwas-ecuador.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
prosqlserv40001.bak
prosqlserv4.dll
HKEY_CLASSES_ROOT\CLSID\{8BCBB738-FCFA-F17F-134C-1167371C59F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BCBB738-FCFA-F17F-134C-1167371C59F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm
HKCU\Software\Microsoft\Windows\CurrentVersion
%COMMON_APPDATA%
%PROGRAMS%\System Progressive Protection\System Progressive Protection.lnk
ÞSKTOPDIRECTORY%\System Progressive Protection.lnk
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
C:\PROGRA~3\LOCALS~1\Temp\msnato.exe
jeema.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\Software\KHATRA\Startup_List
NoUnsafeTypeCautionForEXE
Software\Microsoft\Windows NT\CurrentVersion\Windows
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\System
%LOCAL_APPDATA%\Microsoft\CD Burning\autorun.inf
%COMMON_STARTUP%\(Empty).lnk
%WINDOWS%\Youtube.cab
%WINDOWS%\supermodels.cab
%WINDOWS%\new-screamsaver.com.cab
%WINDOWS%\New WinZip File.cab
%WINDOWS%\New WinRAR ZIP archive.cab
%WINDOWS%\New WinRAR archive.cab
%WINDOWS%\mario675.cab
%WINDOWS%\kavSetupEng3857.cab
%WINDOWS%\fh_antivirussetup6534.cab
%WINDOWS%\CyberWar.cab
%WINDOWS%\K.Backup
HKEY_LOCAL_MACHINE\SOFTWARE\rising
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
\srvany.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot
%WINDOWS%\ShellNew
bron.tok
HKEY_LOCAL_MACHINE\Software\Classes\MIDfile\shell\play\command
HKEY_LOCAL_MACHINE\Software\Classes\txtfile\shell\open\command
%WINDOWS%\system\explorer.exe
%WINDOWS%\system\fndfst32.exe
%WINDOWS%\system\applets.exe
%WINDOWS%\system\mplayerw.exe
%WINDOWS%\system\Sysexp32.exe
%WINDOWS%\Help\intret.cnt
%WINDOWS%\Syssrc32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\
XX--XX--XX.txt
UuU.uUu
XxX.xXx
index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{NH8ONC0M-V2S2-AQ8L-8OGF-WNY1SA685WDT}
HKEY_CURRENT_USER\SOFTWARE\E&BA09AZL
%TEMP%\0sexy.jpg.exe
%TEMP%\0sexy.jpg
%APPDATA%\Microsoft\Windows\E&bA09AzL.cfg
%APPDATA%\Microsoft\Windows\E&bA09AzL.dat
%SYSTEM%\zlib.dll
%SYSTEM%\tcphost.tmp
%SYSTEM%\tcphost.ini
HKEY_CURRENT_USER\SOFTWARE\oSTDyTHg
%LOCAL_SETTINGS%\Temp\aviso.bak
HKEY_CURRENT_USER\SOFTWARE\gjm4Yw1WM
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5S15K25F-2471-O311-2B56-1HL8G5821ACD}
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5S15K25F-2471-O311-2B56-1HL8G5821ACD}
%WINDOWS%\832images.jpg.exe
%TEMP%\832images.jpg
%WINDOWS%\832images.jpg
%APPDATA%\Microsoft\Windows\gjm4Yw1WM.cfg
%APPDATA%\Microsoft\Windows\gjm4Yw1WM.dat
\%SYSTEM%\lncom_.jpg
%WINDOWS%\ktd32.atm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432node\Microsoft\Windows NT\CurrentVersion\Winlogon
DirectX For Microsoft Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}
HKCU\Software\Microsoft\Windows NT Script Host\Microsoft DxDiag
%WINDOWS%\system\
%SYSTEM%\
sservice.exe
reginv.dll
fservice.exe
winkey.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432node\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432node\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}
%LOCAL_SETTINGS%\TEMP\w5vpouUpqc.txt
%LOCAL_SETTINGS%\TEMP\wboy.txt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d7f312-b0f6-11d2-94ab-0080c33c7e95}
HKEY_LOCAL_MACHINE\SOFTWARE\Google\SpoolCDS
HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\CommonFiles
Software\Mozilla\Firefox
Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
\Documents\ntuser{4CB43D7F-7EEE-4906-8698-60DA70737200}.pol
%COMMON_DESKTOPDIRECTORY%
%SYSTEM%\SourceSystem
%SYSTEM%\SourceSystem\logs.dat
MozillaUpdate
%SYSTEM%\SourceSystem\Syscheck.exe
Microsoft Windows
%APPDATA%\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\
MSDCSC\msdcsc.exe
\```````````````````````````.JPG
\```````.JPG
userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_CURRENT_USER\Software\DC3_FEXEC
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
%APPDATA%\system32\system.exe
%SYSTEMROOT%\SysWoW64\system32\system.exe
%SYSTEMROOT%\system32\system32\system.exe
Microsoft\lsass.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
\HKCU\Software\WOW6432node\Microsoft\Windows\CurrentVersion\Run
%WINDOWS%\
%WINDOWS%\SYSWOW64\
setup.ini
winhelp.ini
winhelp.exe
regsvr.exe
rundll.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\singaraja eto les lubi sebua polnostu
%Program Files%\sri teplim kalom\singaraja eto les\sobaki_ya_edu_vas_ebat.yahaha
%Program Files%\sri teplim kalom\singaraja eto les\sleep_my_darling_sleppp.vbs
%Program Files%\sri teplim kalom\singaraja eto les\sleep_my_darling_sleppp.lll
%Program Files%\sri teplim kalom\singaraja eto les\net_v_zizni_nehera_etogo_kak_ego_o_stastia.jog
%Program Files%\sri teplim kalom\singaraja eto les\Uninstall.ini
%Program Files%\sri teplim kalom\singaraja eto les\Uninstall.exe
HKCU\Software\WOW6432node\Microsoft\Windows\CurrentVersion\Run
msdcsc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4JFT3224-0O8K-7ONV-CHFJ-5U18T0P61VRW}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4JFT3224-0O8K-7ONV-CHFJ-5U18T0P61VRW}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{TML0304K-328R-7856-T8O1-V57227U3M100}
Software\Microsoft\Active Setup\Installed Components\{TML0304K-328R-7856-T8O1-V57227U3M100}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{TML0304K-328R-7856-T8O1-V57227U3M100}
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{TML0304K-328R-7856-T8O1-V57227U3M100}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\luafv
\HKCU\Software\Microsoft\Windows\CurrentVersion\Run
32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
HKCU\Software\Policies\Microsoft\Windows\System
HKCU\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sr
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile
IsShortcut
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls
asr_skey
%SYSTEM%\findsink.dll
%SYSTEM%\mqsvgsvc.dll
%SYSTEM%\cmdlvert.dll
\HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
.tmp.exe
%WINDOWS%\system64
Windows
HKEY_LOCAL_MACHINE\SYSTEM\Select
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Control\Session Manager\SubSystems
Windows Defender\
%APPDATA%\postclean.bat
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
winhlp32.exe
twunk_32.exe
%Documents and Settings%\Administrator\Desktop\DisplaySwitch.exe
mdcsc.exe
HKCU\Software\DC3_FEXEC
ÞSKTOPDIRECTORY%\Internet Security PRO.lnk
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
MaxUserPort
{310DE29C-0AD3-4A43-A2DB-221F1160CACB}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlogon
HKCU\Software\Microsoft\Internet Explorer\New Windows
HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
WindowsStart
taskhost.exe
\HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CLASSES_ROOT\S7.Document\shell\printto\command
HKEY_CLASSES_ROOT\S7.Document\shell\print\command
HKEY_CLASSES_ROOT\S7.Document\shell\open\command
HKEY_CLASSES_ROOT\S7.Document\DefaultIcon
%COMMON_APPDATA%\Dirty
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system
216.146.36.240
216.146.35.240
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
3838:TCP
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\
4421:UDP
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
\??\%System%\hide.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ialdnwxf\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ialdnwxf\Security\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ialdnwxf\Enum\
HKEY_CLASSES_ROOT\comfile\shell\open\command
rund1132.exe %1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
{EA6F9A77-5617-406E-AAFA-D7C897C38BA7}
{581907C4-33B7-439A-85BA-3DB34D65D3CD}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
C:\CMPSUCCESS
%SystemRoot%\system32\wbem\WMIsvc.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters
%LOCAL_APPDATA%\Temp\TarFA22.tmp
%LOCAL_APPDATA%\Temp\TarE7F0.tmp
%LOCAL_APPDATA%\Temp\TarE7DF.tmp
%LOCAL_APPDATA%\Temp\CabFA21.tmp
%LOCAL_APPDATA%\Temp\CabE7EF.tmp
%LOCAL_APPDATA%\Temp\CabE7DE.tmp
\svchost.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system
TcpMaxHalfOpen
HKEY_LOCAL_MACHINE\ControlSet001\Services\Tcpip\Parameters\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
%Program Files%\Common Files\lsass.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
%SystemDrive%
%DOWNLOAD_PROGRAM_FILES%
úVORITES%
%SYSTEMROOT%
%SYSTEMDIRECTORY%
%STARTUP%
%STARTMENU%
%USERPROFILE%
ÞSKTOPDIRECTORY%
%COOKIES%
%COMMON_STARTUP%
%COMMON_FAVORITES%
%COMMON_STARTMENU%
%COMMON_PROGRAMS%
%COMMMON_ALTSTARTUP%
%WINDOWS%\system32\userinit.exe
rHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe
HKEY_CLASSES_ROOT\exefile
HKLM\Software\{5AFD725B-CB98-3C32-ADDC-1F6713561294}
HKCU\Software\{5AFD725B-CB98-3C32-ADDC-1F6713561294}
ÞSKTOPDIRECTORY%\pQAbGYBP.zip
\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Microsoft\Windows NT\CurrentVersion\Windows
Microsoft\Windows NT\CurrentVersion\Winlogon
Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Microsoft\Windows\CurrentVersion\Run
Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
%APPDATA%\Sample.lnk
PENDINGFILERENAMEOPERATIONS
u%system%\drivers\etc\hosts
\Uninstall.ini
\Uninstall.exe
\mirniatom.bat
\iosdbfvadj.jka
\alkoid.vbs
System32\DRIVERS\asyncmac.sys
HKEY_CURRENT_USER\Software\Microsoft\DeviceControl
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
%SYSTEM%\user32.dll
%SYSTEM%\user32.vxe
\AutoConfigURL
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
rHKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION
%APPDATA%\restore.ini
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
zlclient.exe
wireshark.exe
winmgr.exe
spybotsd.exe
SBPIMSvc.exe
sbamui.exe
SBAMTray.exe
SBAMSvc.exe
rstrui.exe
msseces.exe
MsMpEng.exe
MSASCui.exe
MpCmdRun.exe
mbamservice.exe
mbamscheduler.exe
mbampt.exe
mbamgui.exe
mbam.exe
Mantle.exe
lnssatt.exe
keyscrambler.exe
instup.exe
hijackthis.exe
egui.exe
ComboFix.exe
ccuac.exe
bdagent.exe
avscan.exe
avp.exe
avgwdsvc.exe
avgui.exe
avguard.exe
avgrsx.exe
avgnt.exe
avgidsagent.exe
avgcsrvx.exe
avconfig.exe
avcenter.exe
AvastUI.exe
AvastSvc.exe
Windows Live
WindowsUpdate
HKCU\Software\Microsoft\Windows\CurrentVersion\ime
\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
\HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM
01000000
HKEY_CURRENT_USER\Software\
\HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
C:\Windows\InstallDir\help.exe
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
{FD38A8A8-5C04-44A4-8C9B-D51223EF50F8}
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS DEFENDER\MP SCHEDULED SCAN
6040515
6816302
C:\USERS\TAUSER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SECURITY TOOL.LNK
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{F835BF8E-6878-4F76-A634-5A258533E717}\{8B98EAC1-8153-42F5-BEF9-3814AA8233F4}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{AED7EE88-954D-420E-A01F-44BDFF4B8E8A}\{B1CC4B02-3772-4C36-AD98-6926DE9C6E2E}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{AED7EE88-954D-420E-A01F-44BDFF4B8E8A}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{A9840446-BEF8-4616-B901-49964C4E3DF7}\{8B98EAC1-8153-42F5-BEF9-3814AA8233F4}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{A9840446-BEF8-4616-B901-49964C4E3DF7}
HKCU\SOFTWARE\MICROSOFT\MEDIAPLAYER\HEALTH\{B1E5ABB6-6F14-41F6-AEA2-BF537406A4B6}
HKCU\SOFTWARE\MICROSOFT\MEDIAPLAYER\HEALTH\{91899B3D-A02F-4D78-B90E-40BBB59E4A2D}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{BF7E0C08-D53E-46EB-A653-B53C167582F4}\{BD7663B9-926E-4E94-B6BA-F222D979B734}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{BF7E0C08-D53E-46EB-A653-B53C167582F4}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{A771865F-3BF1-43CD-8F63-07035ACEAFFE}\{D78FE903-1652-4F28-A4CD-EB8704749713}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{A771865F-3BF1-43CD-8F63-07035ACEAFFE}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{3FCF9120-D0DD-4AA2-946F-F99DC6FCEA29}\{D78FE903-1652-4F28-A4CD-EB8704749713}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{3FCF9120-D0DD-4AA2-946F-F99DC6FCEA29}\{BD7663B9-926E-4E94-B6BA-F222D979B734}
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTPAGE\NEWSHORTCUTS
HKCU\SOFTWARE\MICROSOFT\MEDIAPLAYER\HEALTH\{555660CB-2037-4BE0-AAAA-ADB09BB0DFE6}
HKCU\SOFTWARE\MICROSOFT\MEDIAPLAYER\HEALTH\{2208559D-C10C-4288-9048-B27B5E72746C}
HKLM\SOFTWARE\MICROSOFT\WINDOWS MEDIA PLAYER NSS\3.0\EVENTS\{F835BF8E-6878-4F76-A634-5A258533E717}\{B1CC4B02-3772-4C36-AD98-6926DE9C6E2E}
%LOCAL_APPDATA%\TEMP\5440629.BAT
%LOCAL_APPDATA%\TEMP\86283760.BAT
%PROFILE%\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SECURITY TOOL.LNK
\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\S-1-5-21-1921027029-3133593505-18383363-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN
%STARTMENU%\PROGRAMS\STARTUP\SYSTEM CHECK.LNK
Original Size: %d
c%WINDOWS%\SBS_wininit.vxe
%SYSTEM%\wininit.exe
%WINDOWS%\SBS_explorer.vxe
%WINDOWS%\explorer.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wmicucltsvc
%WINDOWS%\SBS_wininit.vxe
%WINDOWS%\SBS_winlogon.vxe
%SYSTEM%\winlogon.exe
YZH.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
%SYSTEM%\Drivers\VDWFP.sys
%SYSTEM%\Drivers\VDWFP64.sys
%Program_Files%\Lenovo\VisualDiscovery\VisualDiscovery.tlb
%Program_Files%\Lenovo\VisualDiscovery\VisualDiscovery.exe
%Program_Files%\Lenovo\VisualDiscovery\VDWFPInstaller.exe
%Program_Files%\Lenovo\VisualDiscovery\VDWFP64.sys
%Program_Files%\Lenovo\VisualDiscovery\VDWFP.sys
%Program_Files%\Lenovo\VisualDiscovery\uninstall.exe
%Program_Files%\Lenovo\VisualDiscovery\SuperfishCert.dll
%Program_Files%\Lenovo\VisualDiscovery\ssl3.dll
%Program_Files%\Lenovo\VisualDiscovery\sqlite3.dll
%Program_Files%\Lenovo\VisualDiscovery\softokn3.dll
%Program_Files%\Lenovo\VisualDiscovery\smime3.dll
%Program_Files%\Lenovo\VisualDiscovery\Run.exe
%Program_Files%\Lenovo\VisualDiscovery\nssutil3.dll
%Program_Files%\Lenovo\VisualDiscovery\nssdbm3.dll
%Program_Files%\Lenovo\VisualDiscovery\nssckbi.dll
%Program_Files%\Lenovo\VisualDiscovery\nss3.dll
%Program_Files%\Lenovo\VisualDiscovery\libplds4.dll
%Program_Files%\Lenovo\VisualDiscovery\libplc4.dll
%Program_Files%\Lenovo\VisualDiscovery\libnspr4.dll
%Program_Files%\Lenovo\VisualDiscovery\freebl3.dll
HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C864484869D41D2B0D32319C5A62F9315AAF2CBD
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=127.0.0.1:5555
HKEY_LOCAL_MACHINE\Software\avsuite
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\Software\AvScan
HKEY_CURRENT_USER\Software\AvScan
HKEY_LOCAL_MACHINE\Software\avsoft
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
.pptx
.xlsx
.docx
SBAMSvc.exe_3448_rwx_2F60A000_00060000:
Vh%cQ
3l3u3>