mzpefinder_pcap_file.YR, GenericEmailWorm.YR, WormAutoItGen.YR, PUPSpigot.YR (Lavasoft MAS)Behaviour: Worm, EmailWorm, PUP
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 3ee7b24cb9c194581274bf779833009a
SHA1: 1568e5a258d882eabfa4eb3f7bb01a0c32e941a1
SHA256: 4ce50fda6feaa6a3683cfc46b882a9dd5a21dbbd285ccba85eb301d84898f255
SSDeep: 24576:efq0UWcA7XRI16f/gDhg2I1hrRlWbbjwx2X jhqb4T0h4ZkA:b0UDVm/gDhP4lQ0wGK8kA
Size: 1134160 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: NCH Software
Created at: 2014-12-18 02:47:27
Analyzed on: Windows7Ada SP1 64-bit
Summary: Worm. A program that is primarily replicating on networks or removable drives.
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The Worm creates the following process(es):
GoogleUpdate.exe:1996
GoogleUpdate.exe:1960
GoogleUpdate.exe:3008
GoogleUpdate.exe:4028
GoogleUpdate.exe:1808
ffmpeg16.exe:3088
NCH_GoogleToolbar.exe:860
googletoolbarinstaller_en_signed.exe:3328
GoogleUpdaterService_B33FC4DD36A473C6.exe:3800
GoogleUpdateSetup_latest.exe:1228
nchsetup.exe:1656
nchsetup.exe:264
regsvr32.exe:3852
GoogleToolbarManager_8CA8B41417E66DEB.exe:3452
GoogleToolbarManager_8CA8B41417E66DEB.exe:3972
GoogleToolbarManager_8CA8B41417E66DEB.exe:3960
GoogleToolbarNotifier.exe:3840
GoogleToolbarNotifier.exe:3880
GoogleUpdaterService.exe:3860
GoogleUpdaterService.exe:3820
eyeline.exe:2824
eyeline.exe:108
eyeline.exe:2100
eyeline.exe:2176
eyeline.exe:1900
%original file name%.exe:1632
x264enc6.exe:1676
SearchWithGoogleUpdate_C993F490EED40C1B.exe:3832
The Worm injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process GoogleUpdate.exe:1960 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Update\Install\{240D2921-958E-4DFC-A1AE-1CB4B1E42CE2}\googletoolbarinstaller_en_signed.exe (38734 bytes)
%Program Files% (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe (38249 bytes)
C:\Windows\Temp\gui3D8D.tmp (15 bytes)
The process GoogleUpdate.exe:3008 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\GUM1E4.tmp\goopdateres_en.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdate.dll (835 bytes)
The process ffmpeg16.exe:3088 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Windows\Temp\250D.tmp (2 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\swscale-2.nch.dll (6720 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\swresample-0.nch.dll (2712 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avcodec-54.nch.dll (85319 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avformat-54.nch.dll (17751 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avdevice-54.nch.dll (22 bytes)
C:\Windows\Temp\25FB.tmp (6 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avfilter-3.nch.dll (8368 bytes)
C:\Windows\Temp\260D.tmp (33 bytes)
C:\Windows\Temp\25FC.tmp (146 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avutil-52.nch.dll (4232 bytes)
C:\Windows\Temp\258C.tmp (82 bytes)
C:\Windows\Temp\257C.tmp (439 bytes)
C:\Windows\Temp\25EB.tmp (88 bytes)
The process NCH_GoogleToolbar.exe:860 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsjFC88.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleUpdateSetup_latest.exe (25250 bytes)
The process googletoolbarinstaller_en_signed.exe:3328 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe (620 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar.7.5.5111.1712.manifest.xml (36 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_0A4439FF67F61065.dll (2 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe (50 bytes)
C:\Windows\System32\config\SOFTWARE (77691 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_F8ED9B719A89F8EF.dll (489 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8E471B27054D20F5.dll (149 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_365102BD7F6C8091.dll (390 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe (801 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleCld_187F9D811452062B.dll (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller2.log (43974 bytes)
C:\$Directory (288 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe (50 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_54BD4059920ABC8A.dll (514 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe (1480 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe (390 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (72244 bytes)
The process GoogleUpdaterService_B33FC4DD36A473C6.exe:3800 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (390 bytes)
The process GoogleUpdateSetup_latest.exe:1228 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\GUM1E4.tmp\goopdateres_el.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_vi.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_hi.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_da.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_uk.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_nl.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ko.dll (23 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_zh-CN.dll (21 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sw.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_mr.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_pt-PT.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_it.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_pt-BR.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_es-419.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ja.dll (24 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdateHelper.msi (25 bytes)
%Program Files% (x86)\GUM1E4.tmp\npGoogleUpdate3.dll (838 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_fr.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ml.dll (31 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_fil.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sl.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_en-GB.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdate.exe (234 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ar.dll (26 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ms.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_th.dll (27 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_bn.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_hu.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdate.dll (1702 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_is.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdateSetup.exe (5441 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleCrashHandler64.exe (550 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_fi.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_hr.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\psmachine.dll (159 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ca.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ur.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleCrashHandler.exe (212 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sr.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_de.dll (31 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_iw.dll (26 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sv.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_lt.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_zh-TW.dll (21 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_tr.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_te.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_pl.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_kn.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_am.dll (25 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ru.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_id.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_en.dll (27 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_gu.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_cs.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_bg.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\psuser.dll (159 bytes)
%Program Files% (x86)\GUT1F5.tmp (4 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sk.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_fa.dll (27 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_es.dll (31 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_no.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ro.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_et.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_lv.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ta.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdateBroker.exe (59 bytes)
The process nchsetup.exe:1656 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\NCH Software\Eyeline\x264enc6.exe (483 bytes)
The process nchsetup.exe:264 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\ajax.js (2 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\table.js (388 bytes)
C:\Users\"%CurrentUserName%"\Favorites\NCH Software Download Site.lnk (312 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video Capture Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\greybg.gif (275 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe (11567 bytes)
%Program Files% (x86)\NCH Software\Eyeline\eyelinesetup_v2.01.exe (7547 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Slideshow Creator Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\upsort.gif (123 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\nchplayer.swf (1444 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyeline Video Surveillance System.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\downsort.gif (123 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\print.css (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk (1 bytes)
C:\Users\Public\Desktop\Eyeline Video Surveillance System.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\s.css (196 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\darkblue.gif (257 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video Streaming Server.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Email Template.txt (208 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video File Format Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video Tape to DVD Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk (1 bytes)
C:\Users\Public\Desktop\NCH Suite.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Eyeline\x264enc6.exe (61948 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\favicon.ico (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\VideoPad Video Editor.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk (1 bytes)
The process regsvr32.exe:3852 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (348 bytes)
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3452 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (1281 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (673 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (41641 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelper_signed.msi (28 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe (2321 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp (125 bytes)
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3972 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\ProgramData\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (3179 bytes)
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3960 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (2418 bytes)
The process GoogleToolbarNotifier.exe:3840 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (1 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (151 bytes)
The process eyeline.exe:2824 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Windows\Temp\Eyeline-980-1\ffmpeg16.exe (39 bytes)
The process eyeline.exe:108 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\ProgramData\NCH Software\Eyeline\Logs\2015-02-13 Eyeline Video Surveillance System Log.txt (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_eyeline_rl_adm (8 bytes)
The process eyeline.exe:2100 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\NCH Software\Components\NCHToolbars\google\NCH_GoogleToolbar.exe (382879 bytes)
The process eyeline.exe:1900 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Windows\Temp\Eyeline-980-1\ffmpeg16.exe (1416950 bytes)
The process %original file name%.exe:1632 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.dat (10160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.cab (616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.cab (497 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.exe (25694 bytes)
The process x264enc6.exe:1676 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files% (x86)\NCH Software\Components\x264enc6\x264enc6.exe (20838 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\x264enc6_.cab (468 bytes)
The process SearchWithGoogleUpdate_C993F490EED40C1B.exe:3832 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (346 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll (49 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (79 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url (212 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (150 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (1 bytes)
Registry activity
The process GoogleUpdate.exe:1996 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"usagestats" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
"eulaaccepted"
The process GoogleUpdate.exe:1960 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"DayOfLastActivity" = "4294967295"
"usagestats" = "0"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"pv" = "7.5.5111.1712"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"InstallProgressPercent" = "4294967295"
"StateValue" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"DayOfLastRollCall" = "4294967295"
"LastCheckSuccess" = "1423812338"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"DownloadTimeRemainingMs" = "4294967295"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"DayOfInstall" = "2964"
"InstallTime" = "1423812312"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"InstallTimeRemainingMs" = "4294967295"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"brand" = "NCHD"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"DownloadProgressPercent" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerExtraCode1"
"LastInstallerSuccessLaunchCmdLine"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"eulaaccepted"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"usagestats"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"ap"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResult"
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"iid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"LastInstallerResult"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResultUIString"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"eulaaccepted"
"UpdateAvailableSince"
"LastInstallerError"
"LastInstallerResultUIString"
"experiment_labels"
"tttoken"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"browser"
"LastInstallerExtraCode1"
"LastInstallerSuccessLaunchCmdLine"
The process GoogleUpdate.exe:3008 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"usagestats" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\network\secure]
"sk"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"eulaaccepted"
[HKCU\Software\Google\Update]
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\network\secure]
"c"
[HKCU\Software\Google\Update]
"uid"
The process GoogleUpdate.exe:4028 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E]
"LanguageList" = "en-US, en"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process GoogleUpdate.exe:1808 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process ffmpeg16.exe:3088 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKU\.DEFAULT\SOFTWARE\NCH Swift Sound\Components\ffmpeg16]
"Version" = "1.02"
[HKLM\SOFTWARE\Wow6432Node\NCH Swift Sound\Components\ffmpeg16]
"Version" = "1.02"
[HKU\.DEFAULT\SOFTWARE\NCH Software\Components\ffmpeg16]
"Version" = "1.02"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Components\ffmpeg16]
"Version" = "1.02"
"Path" = "%Program Files% (x86)\NCH Software\Components\ffmpeg16\avcodec-54.nch.dll"
[HKU\.DEFAULT\SOFTWARE\NCH Swift Sound\Components\ffmpeg16]
"Path" = "%Program Files% (x86)\NCH Software\Components\ffmpeg16\avcodec-54.nch.dll"
[HKU\.DEFAULT\SOFTWARE\NCH Software\Components\ffmpeg16]
"Path" = "%Program Files% (x86)\NCH Software\Components\ffmpeg16\avcodec-54.nch.dll"
[HKLM\SOFTWARE\Wow6432Node\NCH Swift Sound\Components\ffmpeg16]
"Path" = "%Program Files% (x86)\NCH Software\Components\ffmpeg16\avcodec-54.nch.dll"
The process googletoolbarinstaller_en_signed.exe:3328 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"sin" = "0"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"NextVersion" = "7.5.5111.1712"
"currentVersion" = "7.5.5111.1712"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"ein" = "1"
[HKCU\Software\Google\Google Toolbar\4.0\Setup]
"InstallProgress" = "3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar]
"test" = "41"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"EnabledExperiments" = "POSI,PUMA"
[HKCU\Software\Google\Google Toolbar\4.0\Setup]
"Command" = "2"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"FirstInstallTime" = "1423812338"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Worm deletes the following value(s) in system registry:
[HKCU\Software\Google\Google Toolbar]
"LastInstallError"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"NextVersion"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"ProxyServer"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"PrimaryInstallDone"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"FailedInstallPing"
The process GoogleUpdaterService_B33FC4DD36A473C6.exe:3800 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Common\Google Updater\apps\tbie]
"auto" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Common\Google Updater]
"Path" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
"Version" = "2.4.2617.4952"
The process nchsetup.exe:1656 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process nchsetup.exe:264 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"EditOutput_Resize" = "0"
[HKCU\Software\Classes\CABFolder\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\divxfile\Shell]
"(Default)" = "open"
[HKCU\Software\NCH Software\Eyeline\Settings]
"InstallerPath" = "%Program Files% (x86)\NCH Software\Eyeline"
[HKCU\Software\Classes\pngfile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKCU\Software\Classes\neffile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Pixillion %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"VersionMinor" = "01"
[HKCU\Software\Classes\aifffile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\mpegfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\.mov]
"(Default)" = "movfile"
[HKCU\Software\Classes\giffile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"WindowsMedia_LiveSource" = "0"
[HKCU\Software\Classes\docfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\AcroExch.Document\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Doxillion %L"
[HKCU\Software\Classes\.MP3]
"(Default)" = "mp3file"
[HKCU\Software\Classes\.AAC]
"(Default)" = "aacfile"
[HKCU\Software\Classes\FirefoxHTML\shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Doxillion %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"FLV_VideoCodec" = "28"
[HKCU\Software\Classes\wavfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\gsmfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\avifile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\giffile\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKCU\Software\Classes\jpegfile\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKCU\Software\Classes\odtfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\WebServer]
"Enabled" = "0"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Service]
"Enabled" = "1"
[HKCU\Software\Classes\.OGG]
"(Default)" = "oggfile"
[HKCU\Software\Classes\asffile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\mohfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\movfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"WindowsMedia_VideoCodec" = "0"
[HKCU\Software\Classes\docfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Doxillion %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Settings]
"InstalledByAdmin" = "1"
[HKCU\Software\Classes\.tar]
"(Default)" = "tarfile"
[HKCU\Software\Classes\.WAV]
"(Default)" = "wavfile"
[HKCU\Software\Classes\neffile\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Software]
"Toolbar" = "cnm-installed"
[HKCU\Software\Classes\aufile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"EditOutput_Height" = "576"
[HKCU\Software\Classes\dctfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"EditOutput_ChangeFramerate" = "0"
[HKCU\Software\Classes\tar.gzfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\TIFImage.Document\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Pixillion %L"
[HKCU\Software\Classes\.dss]
"(Default)" = "dssfile"
[HKCU\Software\Classes\mpdpfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\aacfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\mpgfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\vocfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Settings]
"RelatedRuns" = "-1"
[HKCU\Software\Classes\jpegfile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Pixillion %L"
[HKCU\Software\Classes\.m4v]
"(Default)" = "m4vfile"
[HKCU\Software\Classes\wavfile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"EditOutput_ResizeKeepRatio" = "0"
[HKCU\Software\Classes\avifile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\xvidfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\ds2file\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\asffile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\.mp4]
"(Default)" = "mp4file"
[HKCU\Software\Classes\m4afile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKCU\Software\Classes\aacfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Service]
"StartTypeText" = "Auto Start"
[HKCU\Software\Classes\wpdfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Doxillion %L"
[HKCU\Software\Classes\asffile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\vobfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\mpgfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"WindowsMedia_VideoBitrate" = "512000"
"FLV_AudioBitrate" = "64"
[HKCU\Software\Classes\mp3file\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\gzfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\mpeg2file\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\pngfile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Pixillion %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"VersionMajor" = "2"
[HKCU\Software\Classes\aufile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\.gz]
"(Default)" = "gzfile"
[HKCU\Software\Classes\oggfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKCU\Software\Classes\mpeg2file\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\.meo]
"(Default)" = "meofile"
[HKCU\Software\Classes\gsmfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"HLS_Samplerate" = "22050"
[HKCU\Software\Classes\wpdfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\Windows.IsoFile\shell]
"(Default)" = "open"
[HKCU\Software\Classes\m4vfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\divxfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\.nef]
"(Default)" = "neffile"
[HKCU\Software\Classes\pngfile\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKCU\Software\Classes\voxfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKCU\Software\Classes\.wp]
"(Default)" = "wpfile"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"WindowsMedia_VideoQuality" = "50"
[HKCU\Software\Classes\divxfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\mpegfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\mp4file\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\m4afile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\dctfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"EditOutput_ResizeType" = "0"
[HKCU\Software\Classes\mp4file\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\jpegfile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind PhotoStage %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Software]
"Installer" = "%Program Files% (x86)\NCH Software\Eyeline\eyelinesetup_v2.01.exe"
[HKCU\Software\Classes\xvidfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"EditOutput_ChangeFramerate" = "0"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\WebServer]
"PublicEnabled" = "0"
[HKCU\Software\Classes\.spj]
"(Default)" = "spjfile"
[HKCU\Software\Classes\.rar]
"(Default)" = "rarfile"
[HKCU\Software\Classes\xvidfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\jpegfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\CABFolder\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\mp3file\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\meofile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Meo %L"
[HKCU\Software\Classes\.divx]
"(Default)" = "divxfile"
[HKCU\Software\Classes\aiffile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\m4vfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\aiffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\flacfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\wavfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.avi]
"(Default)" = "avifile"
[HKCU\Software\Classes\mp4file\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\Windows.IsoFile\shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\7zfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\tar.gzfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\mpeg2file\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\aufile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"EditOutput_Framerate" = "30.000000"
[HKCU\Software\Classes\giffile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Pixillion %L"
[HKCU\Software\Classes\ds2file\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Scribe %L"
[HKCU\Software\Classes\vobfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"EditOutput_Framerate" = "30.000000"
"FLV_VideoCodec" = "28"
[HKCU\Software\Classes\mohfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind IMS %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"EditOutput_Height" = "360"
[HKCU\Software\Classes\dssfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\.mpdp]
"(Default)" = "mpdpfile"
[HKCU\Software\Classes\mpdpfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"EditOutput_Width" = "480"
[HKCU\Software\Classes\.mpeg]
"(Default)" = "mpegfile"
[HKCU\Software\Classes\rtffile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\rtffile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Doxillion %L"
[HKCU\Software\Classes\mpegfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"EditOutput_ResizeKeepRatio" = "0"
[HKCU\Software\Classes\.ds2]
"(Default)" = "ds2file"
[HKCU\Software\Classes\tar.gzfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\TIFImage.Document\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKCU\Software\Classes\xvidfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"FLV_CRF" = "280"
[HKCU\Software\Classes\aiffile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"EditOutput_Resize" = "0"
[HKCU\Software\Classes\.ivr]
"(Default)" = "ivrfile"
[HKCU\Software\Classes\docxfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\divxfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\wavfile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\wmafile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.xvid]
"(Default)" = "xvidfile"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"FLV_MaximumBitrate" = "128"
"EditOutput_ResizeType" = "0"
[HKCU\Software\Classes\.asf]
"(Default)" = "asffile"
[HKCU\Software\Classes\gzfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\m4vfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\movfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\odtfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Doxillion %L"
[HKCU\Software\Classes\gsmfile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\meofile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\voxfile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\CABFolder\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\divxfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Settings]
"currentVersion" = "2.01"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"HLS_AudioCodec" = "86018"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"EditOutput_ResizeType" = "0"
[HKCU\Software\Classes\wpfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\aacfile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\rarfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\docxfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\wpdfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"DisplayName" = "Eyeline Video Surveillance System"
[HKCU\Software\Classes\vobfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\oggfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\docxfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Doxillion %L"
[HKCU\Software\Classes\mpgfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\vocfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\mp4file\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\jpegfile\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKCU\Software\Classes\m4vfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\neffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\voxfile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"InstallLocation" = "%Program Files% (x86)\NCH Software\Eyeline"
[HKCU\Software\Classes\TIFImage.Document\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\flacfile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\.M4A]
"(Default)" = "m4afile"
[HKCU\Software\Classes\vpjfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\rarfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\dssfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\.vox]
"(Default)" = "voxfile"
[HKCU\Software\Classes\mpegfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\.7z]
"(Default)" = "7zfile"
[HKCU\Software\Classes\FirefoxHTML\shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\.moh]
"(Default)" = "mohfile"
[HKCU\Software\Classes\ds2file\shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\avifile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Prism %L"
[HKCU\Software\Classes\odtfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\.tar.gz]
"(Default)" = "tar.gzfile"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"URLUpdateInfo" = "www.nchsoftware.com/surveillance/index.html"
[HKCU\Software\Classes\AcroExch.Document\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\neffile\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKCU\Software\Classes\gzfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\.mpeg2]
"(Default)" = "mpeg2file"
[HKCU\Software\Classes\.vpj]
"(Default)" = "vpjfile"
[HKCU\Software\Classes\mp3file\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"Publisher" = "NCH Software"
[HKCU\Software\Classes\.FLAC]
"(Default)" = "flacfile"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"EditOutput_ResizeKeepRatio" = "0"
[HKCU\Software\Classes\mpeg2file\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\asffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.voc]
"(Default)" = "vocfile"
[HKCU\Software\Classes\spjfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\Windows.IsoFile\shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\mpdpfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind MixPad %L"
[HKCU\Software\Classes\m4afile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"WindowsMedia_SoundCodecIndex" = "0"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Settings]
"InstallDate" = "1423812287"
[HKCU\Software\Classes\aiffile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKCU\Software\Classes\avifile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\.AIFF]
"(Default)" = "aifffile"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"FLV_CRF" = "280"
[HKCU\Software\Classes\mohfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\aifffile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKCU\Software\Classes\meofile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\aifffile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"EditOutput_Width" = "768"
[HKLM\SOFTWARE\Wow6432Node\Google\GCAPITemp]
"test" = "testö"
[HKCU\Software\Classes\wmafile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\giffile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\Windows.IsoFile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind ExpressBurn %L"
[HKCU\Software\Classes\vobfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"WindowsMedia_SoundFormatIndex" = "0"
[HKCU\Software\Classes\7zfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\.gsm]
"(Default)" = "gsmfile"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\WebServer]
"PreviousServerPort" = "85"
[HKCU\Software\Classes\ivrfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\rtffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\ds2file]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\7zfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"FLV_AudioBitrate" = "32"
[HKCU\Software\Classes\neffile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind PhotoStage %L"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Classes\ds2file\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"HLS_VideoCodec" = "28"
[HKCU\Software\Classes\pngfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"EditOutput_Width" = "768"
[HKCU\Software\Classes\AcroExch.Document\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Pixillion %L"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Classes\wmafile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\.dct]
"(Default)" = "dctfile"
[HKCU\Software\Classes\.WMA]
"(Default)" = "wmafile"
[HKCU\Software\Classes\tarfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKCU\Software\Classes\.AU]
"(Default)" = "aufile"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"DisplayIcon" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"FLV_MaximumBitrate" = "2048"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Settings]
"InstallerPath" = "%Program Files% (x86)\NCH Software\Eyeline"
[HKCU\Software\Classes\mpgfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"UninstallString" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -uninstall"
[HKCU\Software\Classes\.doc]
"(Default)" = "docfile"
[HKCU\Software\Classes\.wpd]
"(Default)" = "wpdfile"
[HKCU\Software\Classes\aacfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\spjfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"FLV_AverageBitrate" = "1024"
[HKCU\Software\Classes\dssfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Scribe %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Settings]
"InstallDateFirst" = "1423812287"
[HKCU\Software\Classes\aufile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\vpjfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\asffile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\flacfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\avifile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"WindowsMedia_Format" = "0"
[HKCU\Software\Classes\docfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\vobfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\aifffile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\aiffile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\wmafile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"Version" = "2.01"
[HKCU\Software\Classes\pngfile\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKCU\Software\Classes\mpgfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\oggfile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\mp3file\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\Paint.Picture\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\wmafile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKCU\Software\Classes\movfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\aifffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\m4vfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"EditOutput_Resize" = "0"
[HKCU\Software\Classes\giffile\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKCU\Software\Classes\voxfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"EditOutput_Height" = "576"
[HKCU\Software\Classes\ivrfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\BroadBand]
"EditOutput_ChangeFramerate" = "0"
[HKCU\Software\Classes\movfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\wavfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind WavePad %L"
[HKCU\Software\Classes\.mpg]
"(Default)" = "mpgfile"
[HKCU\Software\Classes\mpeg2file\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\tarfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\mpegfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\voxfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\.vob]
"(Default)" = "vobfile"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\HLSBroadBand]
"EditOutput_Framerate" = "15.000000"
[HKCU\Software\Classes\ivrfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind IVM %L"
[HKCU\Software\Classes\ds2file\shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\mp3file\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\vocfile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\tarfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\aacfile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\dctfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Scribe %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Service]
"STARTTYPE" = "2"
[HKCU\Software\Classes\spjfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind PhotoStage %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"DisplayVersion" = "2.01"
[HKCU\Software\Classes\rarfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\mp4file\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\xvidfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
[HKCU\Software\Classes\Windows.IsoFile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\movfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\wpfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\DialUp]
"FLV_AverageBitrate" = "64"
[HKCU\Software\Classes\wpfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Doxillion %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline]
"URLInfoAbout" = "www.nchsoftware.com/surveillance/support.html"
[HKCU\Software\Classes\.AIF]
"(Default)" = "aiffile"
[HKCU\Software\Classes\aufile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind Switch %L"
[HKCU\Software\Classes\vpjfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -extfind VideoPad %L"
To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Eyeline" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -logon"
The Worm deletes the following registry key(s):
[HKLM\SOFTWARE\Wow6432Node\Google\GCAPITemp]
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Software]
"_InstalledBy"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\Google\GCAPITemp]
"test"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Software]
"InstalledBy"
"ShowSurvey"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Software]
"_ShowSurvey"
"_ShowSurveyNow"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Software]
"ShowSurveyNow"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process regsvr32.exe:3852 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID]
"(Default)" = "ProtectorExe.ProtectorHost.1"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"(Default)" = "ProtectorHost Class"
[HKCR\protector_dll.ProtectorBho\CurVer]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\protector_dll.ProtectorLib\CurVer]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}]
"(Default)" = "protector_dll"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"(Default)" = "ProtectorLib Class"
[HKCR\protector_dll.ProtectorBho.1\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorLib"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorBho"
[HKCR\protector_dll.ProtectorBho.1]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\protector_dll.ProtectorLib\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\protector_dll.ProtectorLib.1\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll"
[HKCR\protector_dll.ProtectorLib]
"(Default)" = "ProtectorLib Class"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"Depend" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID]
"(Default)" = "ProtectorExe.ProtectorHost"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\protector_dll.ProtectorLib.1]
"(Default)" = "ProtectorLib Class"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\protector_dll.ProtectorBho]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\AppID\protector_dll.DLL]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\protector_dll.ProtectorBho\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll"
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3452 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"Policy" = "3"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayVersion" = "7.5.5111.1712"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"ToastOfferTime" = "0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
"(Default)" = "Google Toolbar Helper"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Publisher" = "Google Inc."
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"SystemPatchLevel" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"GTB7.5" = ""
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\GoogleUpdate]
"InstallTimestamp" = "1423812315"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.5111.1712_5" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:5"
"cmd_7.5.5111.1712_4" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:4"
"cmd_7.5.5111.1712_7" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:7"
"cmd_7.5.5111.1712_6" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:6"
"cmd_7.5.5111.1712_1" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:1"
"cmd_7.5.5111.1712_0" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:0"
"cmd_7.5.5111.1712_3" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:3"
"cmd_7.5.5111.1712_2" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:2"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = "00"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"InstallType" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.5111.1712_9" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:9"
"cmd_7.5.5111.1712_8" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:8"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetDefaultSearch" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"AllowInteractions" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayName" = "Google Toolbar for Internet Explorer"
[HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"(Default)" = "Google Toolbar"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"EnableUsageStats" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"Policy" = "3"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"UninstallString" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /uninstall"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppName" = "GoogleToolbarUser_64.exe"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ButtonPageRank" = "0"
"{14C626CA-ACAB-46e5-8A99-53C9E11CCCA0}_enabled" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"InstallTime" = "1423812315"
[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"AuthorizedLUAApp" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayIcon" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"Policy" = "3"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar]
"test" = "41"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppName" = "GoogleToolbarUser_32.exe"
[HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetPageRank" = "2"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\GoogleUpdate]
"InstallResult" = "pi"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"RbbsBreak" = "1"
[HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"EulaAccepted" = "1"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Enable Browser Extensions" = "yes"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"Policy" = "3"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Compatibility Flags" = "1024"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\Used]
"GoogleUpdaterService.exe" = "1"
"SearchWithGoogleUpdate.exe" = "1"
"GoogleToolbarManager.exe" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = "00"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"brand" = "NCHD"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppName" = "GoogleToolbarUser_32.exe"
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll"
[HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll"
[HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
"(Default)" = "Google Toolbar Helper"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"BrowseByName" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"PrimaryInstallDone" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Compatibility Flags" = "1024"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetHomePage" = "2"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"GTB7.5" = ""
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"UsageStatsEnabled" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"DisableBrowseByName" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"MinorVersion" = "5"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"Name" = "Google Toolbar"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Installations]
"1423812337" = "v=7.5.5111.1712&tbbrand=NCHD&i=0"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"ID" = "304A78B0488F53F23D4AC1A1BD355D4D69BF4FuXHNH"
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"InstallLocation" = "%Program Files% (x86)\Google\Google Toolbar\"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"NoModify" = "1"
"MajorVersion" = "7"
"NoRepair" = "1"
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"(Default)" = "Google Toolbar"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppName" = "GoogleToolbarUser_64.exe"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"brand" = "NCHD"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll"
The Worm deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\Programmable]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum]
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
[HKCU\Software\Classes\Local Settings\MuiCache\2B]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\Programmable]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}\Enum]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum]
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"UseIe64"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Vendor"
[HKCU\Software\Google\Google Toolbar\4.0]
"Update"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"RefreshIE"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"lang"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"WelcomePage"
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3972 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\NonManifest\C:\ProgramData\Google\Custom Buttons]
"toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\Used]
"GoogleToolbarDynamic_mui_en.dll" = "1"
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3960 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\Used]
"GoogleToolbarManager.exe" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"pv" = "7.5.5111.1712"
The process GoogleToolbarNotifier.exe:3840 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\ProtectorExe.ProtectorHost.1\CLSID]
"(Default)" = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}]
"(Default)" = "IProtectorLib7"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}]
"(Default)" = "IProtector11"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}]
"(Default)" = "IProtector2"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}]
"(Default)" = "IProtector8"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}]
"(Default)" = "IProtector6"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}]
"(Default)" = "IProtectorHost2"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}]
"(Default)" = "IProtectorLib"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}]
"(Default)" = "IProtector3"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"Version" = "1a.0"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0]
"(Default)" = "protector_dllLib"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}]
"(Default)" = "protector_dll"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}]
"(Default)" = "IProtector9"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]
"(Default)" = "ProtectorExe"
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}]
"(Default)" = "IProtectorLib8"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}]
"(Default)" = "IProtectorLib8"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppPath" = "%Program Files% (x86)\Google\GoogleToolbarNotifier"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}]
"(Default)" = "IProtectorLib7"
[HKCR\protector_dll.ProtectorLib.1]
"(Default)" = "ProtectorLib Class"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}]
"(Default)" = "IProtector4"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"Depend" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"(Default)" = "ProtectorLib Class"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"Version" = "1a.0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppName" = "GoogleToolbarNotifier.exe"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}]
"(Default)" = "IProtector5"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}]
"(Default)" = "IProtectorLib5"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"(Default)" = "ProtectorHost Class"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}]
"(Default)" = "IProtectorHost"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}]
"(Default)" = "IProtector10"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorBho"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}]
"(Default)" = "IProtector10"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID]
"(Default)" = "ProtectorExe.ProtectorHost.1"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"Version" = "1a.0"
[HKCR\protector_dll.ProtectorLib\CurVer]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}]
"(Default)" = "IProtector2"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}]
"(Default)" = "IProtector5"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"Version" = "1a.0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppPath" = "%Program Files% (x86)\Google\GoogleToolbarNotifier"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}]
"(Default)" = "IProtectorHost"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}]
"(Default)" = "IProtector3"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\AppID\ProtectorExe.EXE]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\protector_dll.Protector.1\CLSID]
"(Default)" = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}"
[HKCR\ProtectorExe.ProtectorHost\CLSID]
"(Default)" = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
[HKCR\protector_dll.ProtectorBho]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\AppID\protector_dll.DLL]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}]
"(Default)" = "IProtectorLib2"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\ProgID]
"(Default)" = "protector_dll.Protector.1"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}]
"(Default)" = "IProtectorLib6"
[HKCR\protector_dll.Protector\CLSID]
"(Default)" = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID]
"(Default)" = "ProtectorExe.ProtectorHost"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}]
"(Default)" = "IProtector7"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\ProtectorExe.ProtectorHost]
"(Default)" = "ProtectorHost Class"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}]
"(Default)" = "IProtector4"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\protector_dll.ProtectorBho.1\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\HELPDIR]
"(Default)" = ""
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\protector_dll.ProtectorBho.1]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}]
"(Default)" = "IProtectorLib3"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorLib"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}]
"(Default)" = "IProtector11"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}]
"(Default)" = "IProtector12"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\FLAGS]
"(Default)" = "0"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\VersionIndependentProgID]
"(Default)" = "protector_dll.Protector"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\protector_dll.ProtectorLib.1\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}]
"(Default)" = "IProtectorLib3"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}]
"(Default)" = "IProtector"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}]
"(Default)" = "IProtector6"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"Version" = "1a.0"
[HKCR\ProtectorExe.ProtectorHost.1]
"(Default)" = "ProtectorHost Class"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\protector_dll.Protector\CurVer]
"(Default)" = "protector_dll.Protector.1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppName" = "GoogleToolbarNotifier.exe"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"Version" = "1a.0"
[HKCR\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]
"RunAs" = "Interactive User"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}]
"(Default)" = "IProtectorLib5"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"Policy" = "3"
[HKCR\protector_dll.ProtectorBho\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKCR\protector_dll.ProtectorBho\CurVer]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\ProtectorExe.ProtectorHost\CurVer]
"(Default)" = "ProtectorExe.ProtectorHost.1"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\0\win32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"Policy" = "3"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}]
"(Default)" = "IProtector12"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}]
"(Default)" = "IProtectorHost2"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"Version" = "1a.0"
[HKCR\protector_dll.Protector.1]
"(Default)" = "Protector Class"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\protector_dll.Protector]
"(Default)" = "Protector Class"
[HKCR\protector_dll.ProtectorLib\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}]
"(Default)" = "IProtector8"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}]
"(Default)" = "IProtector"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}]
"(Default)" = "IProtector9"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]
"(Default)" = "Protector Class"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}]
"(Default)" = "IProtectorLib4"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}]
"(Default)" = "IProtector7"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}]
"(Default)" = "IProtectorLib"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}]
"(Default)" = "IProtectorLib4"
[HKCR\protector_dll.ProtectorLib]
"(Default)" = "ProtectorLib Class"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}]
"(Default)" = "IProtectorLib6"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}]
"(Default)" = "IProtectorLib2"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"Version" = "1a.0"
The process GoogleToolbarNotifier.exe:3880 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"HideUI_Throttled" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"EnableConsoleTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDecision" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"DetectChange_DS" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Google\GoogleToolbarNotifier]
"KeepDS" = "688508711"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDecisionReason" = "1"
[HKCU\Software\Google\GoogleToolbarNotifier]
"FirstRun" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDecision" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"Icon_Click" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"UserAllowChange_DS" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"EnableFileTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadNetworkName" = "Network"
[HKCU\Software\Google\GoogleToolbarNotifier]
"UpdateURL" = "http://clients1.google.com/tools/swg2/update"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDecisionTime" = "5A 13 E1 44 5E 47 D0 01"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Google\GoogleToolbarNotifier]
"lds" = "http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ShowUI_TrayIcon" = "0"
[HKCU\Software\Google\Google Toolbar\4.0]
"UpdateResult" = "98"
[HKCU\Software\Google\GoogleToolbarNotifier]
"DefaultLanguage" = "en"
"TS" = "1423812337"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Google\GoogleToolbarNotifier]
"AppPath" = "%Program Files% (x86)\Google\GoogleToolbarNotifier"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDecisionReason" = "1"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ShowUI_Popup" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier]
"InstalledVersion" = "5.7.9012.1008"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"LastReportTime" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"scShowTrayIcon" = "ffffffff"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDecisionTime" = "5A 13 E1 44 5E 47 D0 01"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"MaxFileSize" = "1048576"
[HKCU\Software\Google\GoogleToolbarNotifier]
"UsageStat" = "1"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ModifyUI_UserIntent" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"FileTracingMask" = "4294901760"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"Bubble_Click" = "0"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Extc" = "1"
[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"scKeepDS" = "2909cf27"
[HKCU\Software\Google\GoogleToolbarNotifier]
"Version" = "5.7.9012.1008"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
[HKCU\Software\Google\GoogleToolbarNotifier]
"WantProductRestart"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Google\GoogleToolbarNotifier]
"ts"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Google\GoogleToolbarNotifier]
"DSPSuspended"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDetectedUrl"
[HKCU\Software\Google\GoogleToolbarNotifier]
"SuspendedDS"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
The process GoogleUpdaterService.exe:3860 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Common\Google Updater\apps\swg]
"auto" = "0"
The process GoogleUpdaterService.exe:3820 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}]
"(Default)" = "ISilentUpdater"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\HELPDIR]
"(Default)" = ""
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}]
"(Default)" = "IUpdaterScheduler"
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\AppID\GoogleUpdaterService.exe]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\GUSchedulerCtl.UpdaterScheduler]
"(Default)" = "Google Updater Scheduler class"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID]
"(Default)" = "GUServiceCtl.SilentUpdater.1"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]
"(Default)" = "Google Updater Scheduler class"
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"Version" = "1.0"
[HKCR\GUServiceCtl.SilentUpdater]
"(Default)" = "Google Silent Updater class"
[HKCR\GUServiceCtl.SilentUpdater\CLSID]
"(Default)" = "{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]
"(Default)" = "Google Silent Updater class"
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\GUSchedulerCtl.UpdaterScheduler.1\CLSID]
"(Default)" = "{B53B7061-6584-46AA-A033-D610EB10BD9B}"
[HKCR\GUServiceCtl.SilentUpdater\CurVer]
"(Default)" = "GUServiceCtl.SilentUpdater.1"
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"LocalService" = "gusvc"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}]
"(Default)" = "IUpdaterScheduler"
[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"(Default)" = "gusvc"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0]
"(Default)" = "Google Updater Service 1.0 Type Library"
[HKCR\GUServiceCtl.SilentUpdater.1\CLSID]
"(Default)" = "{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\VersionIndependentProgID]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"
[HKCR\GUServiceCtl.SilentUpdater.1]
"(Default)" = "Google Silent Updater class"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\ProgID]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler.1"
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\VersionIndependentProgID]
"(Default)" = "GUServiceCtl.SilentUpdater"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}]
"(Default)" = "ISilentUpdater"
[HKCR\GUSchedulerCtl.UpdaterScheduler\CLSID]
"(Default)" = "{B53B7061-6584-46AA-A033-D610EB10BD9B}"
[HKCR\GUSchedulerCtl.UpdaterScheduler.1]
"(Default)" = "Google Updater Scheduler class"
[HKCR\GUSchedulerCtl.UpdaterScheduler\CurVer]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler.1"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
The Worm deletes the following value(s) in system registry:
[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"LocalService"
The process eyeline.exe:2824 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
"AutoDetect" = "1"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
The process eyeline.exe:108 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Registration]
"RD" = "1423812290"
"Name" = ""
"LR" = "1423812306"
[HKCU\Software\NCH Software\Eyeline\Settings]
"LogWindowFontSize" = "13"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Settings]
"TestAdmin" = "1"
[HKCU\Software\Microsoft\ActiveMovie\devenum]
"Version" = "7"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Software]
"SVar" = "LLIBBuybmp2on"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Settings]
"TestAdmin"
The process eyeline.exe:2100 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\NCH Software\Components\GoogleToolbar]
"State" = "attempted"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Software]
"Toolbar" = "cnm-installed,gac,google"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Components\GoogleToolbar]
"State" = "attempted"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process eyeline.exe:2176 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Eyeline\Scheduler]
"SevenDays" = "1"
The process eyeline.exe:1900 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
"AutoDetect" = "1"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
The process %original file name%.exe:1632 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process x264enc6.exe:1676 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\NCH Swift Sound\Components\x264enc6]
"Path" = "%Program Files% (x86)\NCH Software\Components\x264enc6\x264enc6.exe"
[HKCU\Software\NCH Software\Components\x264enc6]
"Path" = "%Program Files% (x86)\NCH Software\Components\x264enc6\x264enc6.exe"
[HKLM\SOFTWARE\Wow6432Node\NCH Swift Sound\Components\x264enc6]
"Version" = "1.00"
[HKCU\Software\NCH Software\Components\x264enc6]
"Version" = "1.00"
[HKLM\SOFTWARE\Wow6432Node\NCH Swift Sound\Components\x264enc6]
"Path" = "%Program Files% (x86)\NCH Software\Components\x264enc6\x264enc6.exe"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Components\x264enc6]
"Path" = "%Program Files% (x86)\NCH Software\Components\x264enc6\x264enc6.exe"
"Version" = "1.00"
[HKCU\Software\NCH Swift Sound\Components\x264enc6]
"Version" = "1.00"
The process SearchWithGoogleUpdate_C993F490EED40C1B.exe:3832 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\GoogleToolbarNotifier]
"Version" = "5.7.9012.1008"
"ID" = "9da6939a80964d4ea5db1fc2eaad4422"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\PUPautoinsaller_v1.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\, , \??\%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008,"
[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"ust" = "100"
[HKLM\SOFTWARE\Wow6432Node\Google\GoogleToolbarNotifier\Clients]
"ietb" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\GoogleToolbarNotifier]
"brand" = "NCHD"
The Worm deletes the following registry key(s):
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Dropped PE files
| MD5 | File path |
|---|---|
| 5d4bc124faae6730ac002cdb67bf1a1c | c:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe |
| 1223e7efa6dda842c37985a62f10001f | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleCld_187F9D811452062B.dll |
| 6fffd47eb8cc3a6ca44619f16a7d0ae6 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8E471B27054D20F5.dll |
| 96af87c526ec7a8f32dc3f1f2a63a4a7 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_F8ED9B719A89F8EF.dll |
| d2d2a0e0ecd8a2ea750d6be34337d00d | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_0A4439FF67F61065.dll |
| 4c401fcc6d0c95e1a5d989e403e18f2f | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe |
| e8b7fd67da14a7be57a5cb80e3139e60 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe |
| 211f96eb417ff837a70f5130e63a1a45 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe |
| 81590207a8efab40bafe743d8073eb9b | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_365102BD7F6C8091.dll |
| 30c83447379d5955e992bd43be8d115e | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_54BD4059920ABC8A.dll |
| 1f2afab903c0d48480561f3bbd4539c2 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe |
| 4beaf576cb43358c4db9f45ac7c09cdb | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe |
| 4b78e9ae06f7c310e30ee2fa5b7ebc3c | c:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe |
| e8b7fd67da14a7be57a5cb80e3139e60 | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe |
| 211f96eb417ff837a70f5130e63a1a45 | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe |
| 81590207a8efab40bafe743d8073eb9b | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll |
| 30c83447379d5955e992bd43be8d115e | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll |
| 13d401e46ad0c5a8442fc57fadbf5751 | c:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll |
| aeb43d2a8158fb535f48f440cc266953 | c:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll |
| d3088606c810a355eae9b9056c9b5392 | c:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll |
| 5d61be7db55b026a5d61a3eed09d0ead | c:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe |
| 5a6381e0afb4e0b9fd318c1c76efe9dc | c:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe |
| 5a6381e0afb4e0b9fd318c1c76efe9dc | c:\Program Files (x86)\Google\Update\Install\{240D2921-958E-4DFC-A1AE-1CB4B1E42CE2}\googletoolbarinstaller_en_signed.exe |
| 1b9343a7532e5cd49606ff2fe310975e | c:\Program Files (x86)\NCH Software\Components\ffmpeg16\avcodec-54.nch.dll |
| ff7bd12b284507cf15d759897a3aaeaa | c:\Program Files (x86)\NCH Software\Components\ffmpeg16\avdevice-54.nch.dll |
| 1e30e14c5cd1e8eb9c8245018fec6b12 | c:\Program Files (x86)\NCH Software\Components\ffmpeg16\avfilter-3.nch.dll |
| 75ca93b442b8a83394daa6d562cdf122 | c:\Program Files (x86)\NCH Software\Components\ffmpeg16\avformat-54.nch.dll |
| 3c4b3297161ab2a485ffe41b5fa0ff9d | c:\Program Files (x86)\NCH Software\Components\ffmpeg16\avutil-52.nch.dll |
| 183aeebe9dce253e5a1fab352996908e | c:\Program Files (x86)\NCH Software\Components\ffmpeg16\swresample-0.nch.dll |
| b877ca44d0a54ad53acff90503a94671 | c:\Program Files (x86)\NCH Software\Components\ffmpeg16\swscale-2.nch.dll |
| df279701fde8111a0965ff152503da6d | c:\Program Files (x86)\NCH Software\Components\x264enc6\x264enc6.exe |
| 3d8bf44310e5cf627175b37308e302aa | c:\Program Files (x86)\NCH Software\Eyeline\eyeline.exe |
| a19583e799643cec2502dbdad8c96cc6 | c:\Program Files (x86)\NCH Software\Eyeline\x264enc6.exe |
| dd481c837b6303531af365d95637692f | c:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll |
| 3d8bf44310e5cf627175b37308e302aa | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
GoogleUpdate.exe:1996
GoogleUpdate.exe:1960
GoogleUpdate.exe:3008
GoogleUpdate.exe:4028
GoogleUpdate.exe:1808
ffmpeg16.exe:3088
NCH_GoogleToolbar.exe:860
googletoolbarinstaller_en_signed.exe:3328
GoogleUpdaterService_B33FC4DD36A473C6.exe:3800
GoogleUpdateSetup_latest.exe:1228
nchsetup.exe:1656
nchsetup.exe:264
regsvr32.exe:3852
GoogleToolbarManager_8CA8B41417E66DEB.exe:3452
GoogleToolbarManager_8CA8B41417E66DEB.exe:3972
GoogleToolbarManager_8CA8B41417E66DEB.exe:3960
GoogleToolbarNotifier.exe:3840
GoogleToolbarNotifier.exe:3880
GoogleUpdaterService.exe:3860
GoogleUpdaterService.exe:3820
eyeline.exe:2824
eyeline.exe:108
eyeline.exe:2100
eyeline.exe:2176
eyeline.exe:1900
%original file name%.exe:1632
x264enc6.exe:1676
SearchWithGoogleUpdate_C993F490EED40C1B.exe:3832 - Delete the original Worm file.
- Delete or disinfect the following files created/modified by the Worm:
%Program Files% (x86)\Google\Update\Install\{240D2921-958E-4DFC-A1AE-1CB4B1E42CE2}\googletoolbarinstaller_en_signed.exe (38734 bytes)
%Program Files% (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe (38249 bytes)
C:\Windows\Temp\gui3D8D.tmp (15 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_en.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdate.dll (835 bytes)
C:\Windows\Temp\250D.tmp (2 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\swscale-2.nch.dll (6720 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\swresample-0.nch.dll (2712 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avcodec-54.nch.dll (85319 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avformat-54.nch.dll (17751 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avdevice-54.nch.dll (22 bytes)
C:\Windows\Temp\25FB.tmp (6 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avfilter-3.nch.dll (8368 bytes)
C:\Windows\Temp\260D.tmp (33 bytes)
C:\Windows\Temp\25FC.tmp (146 bytes)
%Program Files% (x86)\NCH Software\Components\ffmpeg16\avutil-52.nch.dll (4232 bytes)
C:\Windows\Temp\258C.tmp (82 bytes)
C:\Windows\Temp\257C.tmp (439 bytes)
C:\Windows\Temp\25EB.tmp (88 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsjFC88.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleUpdateSetup_latest.exe (25250 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe (620 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar.7.5.5111.1712.manifest.xml (36 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_0A4439FF67F61065.dll (2 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe (50 bytes)
C:\Windows\System32\config\SOFTWARE (77691 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_F8ED9B719A89F8EF.dll (489 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8E471B27054D20F5.dll (149 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_365102BD7F6C8091.dll (390 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe (801 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleCld_187F9D811452062B.dll (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller2.log (43974 bytes)
C:\$Directory (288 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe (50 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_54BD4059920ABC8A.dll (514 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe (1480 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe (390 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (72244 bytes)
%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (390 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_el.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_vi.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_hi.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_da.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_uk.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_nl.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ko.dll (23 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_zh-CN.dll (21 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sw.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_mr.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_pt-PT.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_it.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_pt-BR.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_es-419.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ja.dll (24 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdateHelper.msi (25 bytes)
%Program Files% (x86)\GUM1E4.tmp\npGoogleUpdate3.dll (838 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_fr.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ml.dll (31 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_fil.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sl.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_en-GB.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdate.exe (234 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ar.dll (26 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ms.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_th.dll (27 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_bn.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_hu.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_is.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdateSetup.exe (5441 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleCrashHandler64.exe (550 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_fi.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_hr.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\psmachine.dll (159 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ca.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ur.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleCrashHandler.exe (212 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sr.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_de.dll (31 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_iw.dll (26 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sv.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_lt.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_zh-TW.dll (21 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_tr.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_te.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_pl.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_kn.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_am.dll (25 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ru.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_id.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_gu.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_cs.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_bg.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\psuser.dll (159 bytes)
%Program Files% (x86)\GUT1F5.tmp (4 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_sk.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_fa.dll (27 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_es.dll (31 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_no.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ro.dll (29 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_et.dll (28 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_lv.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\goopdateres_ta.dll (30 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files% (x86)\GUM1E4.tmp\GoogleUpdateBroker.exe (59 bytes)
%Program Files% (x86)\NCH Software\Eyeline\x264enc6.exe (483 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\ajax.js (2 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\table.js (388 bytes)
C:\Users\"%CurrentUserName%"\Favorites\NCH Software Download Site.lnk (312 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video Capture Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\greybg.gif (275 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe (11567 bytes)
%Program Files% (x86)\NCH Software\Eyeline\eyelinesetup_v2.01.exe (7547 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Slideshow Creator Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\upsort.gif (123 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\nchplayer.swf (1444 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyeline Video Surveillance System.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\downsort.gif (123 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\print.css (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk (1 bytes)
C:\Users\Public\Desktop\Eyeline Video Surveillance System.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\s.css (196 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\darkblue.gif (257 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video Streaming Server.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Email Template.txt (208 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video File Format Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\Video Tape to DVD Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk (1 bytes)
C:\Users\Public\Desktop\NCH Suite.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Eyeline\Web\favicon.ico (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs\VideoPad Video Editor.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk (1 bytes)
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (348 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (1281 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (673 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (41641 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelper_signed.msi (28 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe (2321 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp (125 bytes)
C:\ProgramData\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML (12 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (1 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (151 bytes)
C:\Windows\Temp\Eyeline-980-1\ffmpeg16.exe (39 bytes)
C:\ProgramData\NCH Software\Eyeline\Logs\2015-02-13 Eyeline Video Surveillance System Log.txt (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_eyeline_rl_adm (8 bytes)
%Program Files% (x86)\NCH Software\Components\NCHToolbars\google\NCH_GoogleToolbar.exe (382879 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.dat (10160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.cab (616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.cab (497 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.exe (25694 bytes)
%Program Files% (x86)\NCH Software\Components\x264enc6\x264enc6.exe (20838 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\x264enc6_.cab (468 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll (49 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (79 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url (212 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Eyeline" = "%Program Files% (x86)\NCH Software\Eyeline\eyeline.exe -logon" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: NCH Software
Product Name: Eyeline
Product Version: 2.01
Legal Copyright: NCH Software
Legal Trademarks:
Original Filename: Eyeline.exe
Internal Name: Eyeline
File Version: 2.01
File Description: Eyeline Video Surveillance System
Comments:
Language: English (United States)
Company Name: NCH SoftwareProduct Name: EyelineProduct Version: 2.01Legal Copyright: NCH SoftwareLegal Trademarks: Original Filename: Eyeline.exeInternal Name: EyelineFile Version: 2.01File Description: Eyeline Video Surveillance SystemComments: Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 1419 | 1536 | 3.84912 | 5f46758ca161da709771972c616169d3 |
| .rdata | 8192 | 2234 | 2560 | 2.67878 | 192d315f8f462441fcdb186344694d5e |
| .data | 12288 | 4 | 512 | 0.042395 | 14016a81a0c54d41cd5f1547a9d48cd9 |
| .rsrc | 16384 | 1122156 | 1122304 | 5.54437 | 7106dea73b9176223d88bd2cf10b1b24 |
| .reloc | 1138688 | 292 | 512 | 1.40481 | 2d179c9aa107d7bddda7367b54a8f8e3 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://audiochannel.net/versions/components/tb_google_row.dat | 184.106.55.21 |
| hxxp://audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe | 184.106.55.21 |
| hxxp://audiochannel.net/components/ffmpeg16.exe | 184.106.55.21 |
| hxxp://tools.l.google.com/dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECkSxwyaK4o+9vYHRmLWi40= | |
| hxxp://tools.l.google.com/tools/swg2/update?type=c&as=swg&os=win&osv=6.1.7601&hl=en&ie=10.0.9200.16521&ds=0&pds=0&su=0&hpi=-1&brand=NCHD&pa=9&cl=1&tbv=&id=9da6939a80964d4ea5db1fc2eaad4422eb587e9423&from=&to=5.7.9012.1008 | |
| hxxp://tools.l.google.com/tools/pso/ping?as=tbin&gu=pi&mode=3&sin=1&ein=0&version=7.5.5111.1712&brand=NCHD&hl=en&tbiv=7.5.5111.1712&time=1423812338&fitime=1423812338&browser=9.10.9200.16521&osver=6.1&ossp=1.0&osarch=64&ext=EXE&id=304A78B0488F53F23D4AC1A1BD355D4D69BF4FuXHNH | |
| hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
| hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl | |
| hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl | |
| hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6cfb37d68de1b4d0 | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
| hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEGpWCCD6PprY5UEXNLHUCtU= | |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.43.139.27 |
| hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 88.221.133.16 |
| hxxp://dl.google.com/dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe | 173.194.113.194 |
| hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= | 23.43.139.27 |
| hxxp://www.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe | 66.39.83.117 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.43.139.27 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.43.139.27 |
| hxxp://www.audiochannel.net/versions/components/tb_google_row.dat | 66.39.83.117 |
| hxxp://crl.verisign.com/pca3.crl | 23.43.133.163 |
| hxxp://clients1.google.com/tools/pso/ping?as=tbin&gu=pi&mode=3&sin=1&ein=0&version=7.5.5111.1712&brand=NCHD&hl=en&tbiv=7.5.5111.1712&time=1423812338&fitime=1423812338&browser=9.10.9200.16521&osver=6.1&ossp=1.0&osarch=64&ext=EXE&id=304A78B0488F53F23D4AC1A1BD355D4D69BF4FuXHNH | 173.194.113.192 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | 23.43.139.27 |
| hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 88.221.133.16 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECkSxwyaK4o+9vYHRmLWi40= | 23.43.139.27 |
| hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 88.221.133.16 |
| hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEGpWCCD6PprY5UEXNLHUCtU= | 23.43.139.27 |
| hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 88.221.133.16 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?52afbcbf40078ee8 | 88.221.132.231 |
| hxxp://clients1.google.com/tools/swg2/update?type=c&as=swg&os=win&osv=6.1.7601&hl=en&ie=10.0.9200.16521&ds=0&pds=0&su=0&hpi=-1&brand=NCHD&pa=9&cl=1&tbv=&id=9da6939a80964d4ea5db1fc2eaad4422eb587e9423&from=&to=5.7.9012.1008 | 173.194.113.192 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6cfb37d68de1b4d0 | 88.221.132.231 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | 23.43.139.27 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | 23.43.139.27 |
| tools.google.com | 173.194.113.194 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=451880, public, no-transform, must-revalidate
Last-Modified: Wed, 11 Feb 2015 12:54:51 GMT
Expires: Wed, 18 Feb 2015 12:54:51 GMT
Date: Fri, 13 Feb 2015 07:25:29 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..20150211125451Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..R...%V.......K3.....20150211125451Z....20150218125451Z0...*.H................8..{....7..Q.S*.yPd.n.b....a...!..b...mLw.t...w)...%Y.q........$..G.w.2..y.....B.K..#.F..x`...V...hf?;9.&'..l.q..J.*WD.p..K....a.N..d.&..O...9.....^......,..C.e.I....P.........7.%P.....BD"...ik.......nS..*g........z......j.yA.S..e|0E..U...RjO.p..3....ZU....0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 30.."0...*.H.............0...............2&..PL...,..2....:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve..#...5.N.v.Q
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECkSxwyaK4o+9vYHRmLWi40= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=372587, public, no-transform, must-revalidate
Last-Modified: Tue, 10 Feb 2015 14:54:13 GMT
Expires: Tue, 17 Feb 2015 14:54:13 GMT
Date: Fri, 13 Feb 2015 07:25:35 GMT
Connection: keep-alive
0..........0..... .....0......0...0......u\..3Oo?U...H.....O!..20150210145413Z0s0q0I0... ...................F....0.yV......{&.K......&.......).... .>...Fb.......20150210145413Z....20150217145413Z0...*.H.................Q...p.H?9....F^....Z..,.w....[F.6.....<...u..}7.6.{.,.b.t.9...I......!.Td.P.n.P....EV.6..u..|.W.o......M.:.&F..O...2U. .{mq.?.=._..X.6D#m-=.2#M.}.v&0n...&.al.....D....H!Mt'.#..I?.....(P.s..Y.ysx.....0Duh7.W.............H..C..S....P.K.z....).%&.....@q......0...0...0........../...nj0...}..i..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...141204000000Z..150304235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........4.4...........o....?..f.........I.!.b.L...L..U.........rM.,.....=..cR4d.~*..k..x......=.WT.<.A2n1.qZyM.M..Q_...8....9....d.... ...'.........h..Z..I...(.b.jK..DO.ra..gb..j..A.(....mrzU.w.......Bv...l.:s..L....y.....u..n.)W......Y!....Q...,.i|.....:.Mu..DD1.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24600...*.H..............pjd....VpE.6.tO..@.....7.=.. ...........hi.......>....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=413752, public, no-transform, must-revalidate
Last-Modified: Wed, 11 Feb 2015 02:24:43 GMT
Expires: Wed, 18 Feb 2015 02:24:43 GMT
Date: Fri, 13 Feb 2015 07:28:51 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20150211022443Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20150211022443Z....20150218022443Z0...*.H.............<..|~!....'s.bW....e4x...VTE.L.....m.v.4-...2:,7.2oY../....~.L......Ty.P<...*kV........0.0...X......<....XWn0=2;~%./..s...bw.............."..uD...b.V.f..v...a...@9.V..H....%.....M.3.<.6...)..g%.Q..B).[..=G_..K.@..g......L"..A.U...p. X.OXh.R.4.... ,N..........#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://www.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?6cfb37d68de1b4d0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT
If-None-Match: "0b96c77303ecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 23 Jan 2015 02:29:11 GMT
Accept-Ranges: bytes
ETag: "803565fb436d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 57591
Date: Fri, 13 Feb 2015 07:26:06 GMT
Connection: keep-alive
MSCF............,...................I.................6Fm. .authroot.stl......8..CK...<T...g.v!M.d..f.%d..}K..5......dM*K..J.,%K"...!..=.k..........{=/....{g.~...............'....6..N....w......(.$.>.7...........'.....`.bx....^..$.'.^.K.C......<b=J..u....@.....2..e....pr.....usXq.d.i.jF$.4.........KI.Q........A2m:..E.P|...(.^p..=G|.....m...... .6...H.e.....X'...%$r.Y.(..)........|...;...V^r.VM.._*X.I. ..4.....*.....Y..`.0w.u...c.i.[..-...x..<.8.<.p..,..y.[v.Yn`......!.s...4e......B...$.,..........w.Pd.)....,..#.%..h...8...`.A...8.i(.!.$/.=.....i.\X.H......"...a...k...y6....F.._?\*.&..3.AJo.!..`....9....=.p.u..u....f.f....w...?..S..I.;.....5._...F.f..G?$......."..kq.y'.6tJ.e%..G.n.....z<.pX"....1..g."........V:.H.-...!}LM..t..-.y.j&...n{..-.]H. .....A.O.Xg..B...#.f.-..V@.g..8.....Ov...ET..*.....T...}o._./S..h@$.....!.@.D....c...A1..#.:?."....1..v.....&G...?O1x6"5.@..$.U...n.J...w.Y.{..........E.N.&...&.rC..W.....M.........,.e.....&eI(/eSO.B..K...R. K...s.@9....Jv.....(..Y./;-..M5.0.H2.y....:...........a.U....%.S.).^....1.B..a..=...q...X .B....F.../..../.Z...'..t....C....,.^...N=..t%N|IC.#.)6...q.E.J.i.E.>....".L........>...Vy.7.jxx......G........._q.1^..H&.4Z......^.E.K 9.Xg...qO.6%>..T....;n..s.'u.-...=.........p..p.Rn.........=.......F........d. d.AR.0U..........9b...=N..#....c.Icz......u.0............Y.q..b.wYE.......R...s..W....r].....hT....k.g..[...s.....X..`=zb.>..../..=........J.N.h...(}.5.7. .;..=F..F...'.?..2...3...=...B..`....{...f.`Kb..@..`Z.0!^8.t..<l.j..lI.P.q.>k
<<< skipped >>>
HEAD /dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: dl.google.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 5030744
Content-Type: application/x-msdos-program
Etag: "416d3"
Expires: Fri, 13 Feb 2015 23:25:10 PST
Last-Modified: Tue, 25 Mar 2014 23:15:00 GMT
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Fri, 13 Feb 2015 07:25:10 GMT
Alternate-Protocol: 80:quic,p=0.08
....
GET /dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 25 Mar 2014 23:15:00 GMT
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: dl.google.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 5030744
Content-Type: application/x-msdos-program
Etag: "416d3"
Expires: Fri, 13 Feb 2015 23:25:10 PST
Last-Modified: Tue, 25 Mar 2014 23:15:00 GMT
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Fri, 13 Feb 2015 07:25:10 GMT
Alternate-Protocol: 80:quic,p=0.08
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R.&.3eu.3eu.3eu...u.3eu...u:3eu...u.3eu.3du.2eu...u.3eu...u.3eu.3eu.3eu...u.3euRich.3eu........................PE..L....F.S.................z..........9u............@...................................L...@.................................|...H.....................L.X............................................................................................text.............K.....PEC2*O......`....rsrc.................K............. ....reloc................L.............@...................................................................................................................................................................................................................................................................................................................................................................................................................................7%..l....7%.......{...@.k.i..Y.. ....O}...X..Q>!L........f.l.Hs..s...5.*.O..{0=L...L..j2}.\b.....s?P.........n......}M...^.......7..........5..).SF.f6..:.#.0...@|y.a-h......5>b......Jb6......u?l.q..Iu..fI$M.ex..A..5.3.)......k..u..~....y...U:..[.B..cHD.X...Yn...c............@..........2.F....q.."%.'..E.........).t.............{%...m.n............y.}.s.......a(...".....9.f...#."..l/....M..aA.3M.....B.k'.......]..z..w.8.B..2..S.z..l_....7=..3I[.l(.V.I.......!.K."c...`..5.7......w. .........3A...`.~.....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=531961, public, no-transform, must-revalidate
Last-Modified: Thu, 12 Feb 2015 11:12:42 GMT
Expires: Thu, 19 Feb 2015 11:12:42 GMT
Date: Fri, 13 Feb 2015 07:28:44 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....20150212111242Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20150212111242Z....20150219111242Z0...*.H.............C....W.........c..4.`...h...{DL!...ky..=........>........:GM....E....|..C...^...'...w..$......m.s..d.....b.1U<s...;.s$B..he..5_..b..'5t..^..?.(,m9 J......9.g...63n.W...c]#....;Z.....C....v9!..w)...S%....r..j.i....1.A.Et.r...)T...i....R......L. L..,....a.Q}....0...0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0..........'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._...... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,t>....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=547677, public, no-transform, must-revalidate
Last-Modified: Thu, 12 Feb 2015 15:32:45 GMT
Expires: Thu, 19 Feb 2015 15:32:45 GMT
Date: Fri, 13 Feb 2015 07:28:44 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20150212153245Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20150212153245Z....20150219153245Z0...*.H.............G>.B.......r(uA...o.t...q.V*!q...OG.. ..Q).y0S....;....v.,...{..X.2...D...sK.....$.....qT.<......N.hv....=1G..`....~.{.^W.:...j..a_.;...l..4.......j...P>....U".NF. .U#.3]jJ........XT`.U\.x.8...<Y?..E.71G...p:Z!.rP..nO.l.d.a.el...*.....v#..:;..w.t....gU.......#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://www.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710
<<< skipped >>>
GET /components/ffmpeg16.exe HTTP/1.0
Host: audiochannel.net
HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/octet-stream
Date: Fri, 13 Feb 2015 07:24:55 GMT
Accept-Ranges: bytes
Connection: close
Set-Cookie: X-Mapping-mhbgahjm=61D5573BADF5C6D1F5CA851543EB599B; path=/
Last-Modified: Tue, 22 Jul 2014 02:28:02 GMT
Content-Length: 2936832
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.Q..o?E.o?E.o?E.`bE.o?E.o>E.o?E,.ME.o?E,.CE.o?E,.GE.o?ERich.o?E........PE..L......S......................,......"............@...........................,.................................................d....0....,..........................................................................................................rdata..............................@..@.data........ ....... ..............@....rsrc.....,..0....,..0..............@..@.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1503
content-transfer-encoding: binary
Cache-Control: max-age=562059, public, no-transform, must-revalidate
Last-Modified: Thu, 12 Feb 2015 19:32:48 GMT
Expires: Thu, 19 Feb 2015 19:32:48 GMT
Date: Fri, 13 Feb 2015 07:28:53 GMT
Connection: keep-alive
0..........0..... .....0......0...0......&Km...."....}....,.c..20150212193248Z0s0q0I0... ........0..k....&..p..^.X.....{[E....z.1..j..F.WHP..G.Mxs..../.p./.^....20150212193248Z....20150219193248Z0...*.H.............>.K.p...5.~`"....bN.B....ho.o..9......?C.....6..u;..Mm.F .t.....j.S4..F.F...&C....qgPJk.B..i.......E|.K..i@3.7.D2C6g...s1z..7.... ...Q...G05...g@.8.;/..~.KxyU......&Z..Z.=.Fx0...T(sF..g.kQ.s..9*...FO.....`.l:.......v....i.&..%.M..T..LO&....H..6?.U.b...[......0...0...0............I...*....^n...0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thawte, Inc. - For authorized use only1.0...U....thawte Primary Root CA0...141202000000Z..151216235959Z0_1.0...U....US1.0...U....thawte, Inc.1907..U...0thawte Primary Root OCSP Responder Certificate 30.."0...*.H.............0.........x...F83..,.D.,2D.;JGc.|_.k.....B.7.....G}.M.s.....S.i.Uu.h.Aq..v...4:l..U.......T7l...~vl...r....{*..........V.o..8|.B..^.a.. ...z....x..s...\[Y....<....'> ..YC..7.zVk.$...o3..kao]c...>C./bPX.......I..Oc.....NN......g.....,/..]......qN.....V!<.3.)...y#.........i0g0...U.%..0... .......0... .....0......0...U.......0.0...U...........0!..U....0...0.1.0...U....TGV-B-2770...*.H................lt..\..z. ..N.f.!.S5d?J.&....r...D........L.`.s.p...HC.L.8f... .........GA7......P..Z.%.../............z.n.6~I...].).....W...W\|.uya..:...^...hW..7.Z.uc.'....:.xL...HS.....>.........5......%....3S....h........U....o.C.\.t.....G.._.C0(l.E9..6UTxg.gF ..;.....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEGpWCCD6PprY5UEXNLHUCtU= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=423457, public, no-transform, must-revalidate
Last-Modified: Wed, 11 Feb 2015 05:04:32 GMT
Expires: Wed, 18 Feb 2015 05:04:32 GMT
Date: Fri, 13 Feb 2015 07:28:53 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0...............w/.|`....a...20150211050432Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q..jV. .>...A.4........20150211050432Z....20150218050432Z0...*.H.............N.r.....wP/......i.5.....4....C%[@.....('......N..G0B....b....tS...._..W..n..q..5.}=A...=>w.......c.,.<.E.}.....lh]M...C.M..".d..H.x.....6....{v.8Rjo.&...is-.(...&..8.....G.O^..5b!{............q......l...}......(.D..9.qM...84.....~.......J.C.}R..6}...H..e.....0...0...0..y.......x..wW.M..@5....80...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G20...141210000000Z..150310235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code Signing CA - G2 OCSP Responder0.."0...*.H.............0..........P.....].8?e...8.0.. ...-.uP.3....pQ......mi..wVt.......<....{d.?..9..z%.?..}.N`.V.........I.X...E#...*.f...X.;...75......%...n.%..#..T.<.....fEQ.\\.f.{M.H...M..u...9~..C....B.o..........dc...V...
GET /tools/pso/ping?as=tbin&gu=pi&mode=3&sin=1&ein=0&version=7.5.5111.1712&brand=NCHD&hl=en&tbiv=7.5.5111.1712&time=1423812338&fitime=1423812338&browser=9.10.9200.16521&osver=6.1&ossp=1.0&osarch=64&ext=EXE&id=304A78B0488F53F23D4AC1A1BD355D4D69BF4FuXHNH HTTP/1.1
User-Agent: Google Toolbar installer
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 2
Date: Fri, 13 Feb 2015 07:25:38 GMT
Expires: Fri, 13 Feb 2015 07:25:38 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.08
ok..
GET /components/toolbars/NCH_GoogleToolbar.exe HTTP/1.0
Host: VVV.audiochannel.net
HTTP/1.1 200 OK
Date: Fri, 13 Feb 2015 07:24:49 GMT
Server: Apache/2.2.29
Last-Modified: Fri, 17 May 2013 06:15:28 GMT
ETag: "befd0-4dce3e8c8c000"
Accept-Ranges: bytes
Content-Length: 782288
Connection: close
Content-Type: application/octet-stream
X-Pad: avoid browser bug
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#yd.B.7.B.7.B.7..z7.B.7..l7.B.7.B.7.B.7.:.7.B.7...7.B.7.:.7.B.7Rich.B.7........................PE..L...?..I.................h...@...B...4............@.................................z................................................................................................................................................................text....g.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......G..H.P.u..u..u...|.@..K...SV.5..G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h.2G.W....@..u.W...u....E.P.u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ.U.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=547682, public, no-transform, must-revalidate
Last-Modified: Thu, 12 Feb 2015 15:32:45 GMT
Expires: Thu, 19 Feb 2015 15:32:45 GMT
Date: Fri, 13 Feb 2015 07:28:47 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20150212153245Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......l$.%t...............20150212153245Z....20150219153245Z0...*.H.............)oq........S..x...o.8.|.Ls..g'...K...X.....c..:.M0.a.?......*..:........e/N..v.F......J.0...a.#.2..#,g.&;>.O.e...N..!L.v..[...i...D.....d....g4|.4G.ZI.r.........r...8.>bm... .fn..U.~.B..v../....x..i.7.50.G.Q,B.rae....I....j..`H.th....%..N.3B#{..c.=.m.........#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com
HTTP/1.1 200 OK
Server: Apache
ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"
Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT
Date: Fri, 13 Feb 2015 07:28:45 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..141210000000Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ....>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r../=l..?...9..V0..@Tk......fn?....0.A.HTTP/1.1 200 OK..Server: Apache..ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT..Date: Fri, 13 Feb 2015 07:28:45 GMT..Content-Length: 933..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..141210000000Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.
<<< skipped >>>
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 05 May 2014 05:04:34 GMT
If-None-Match: "87fbb3811f68cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT
Accept-Ranges: bytes
ETag: "9a9a44d511bd01:0"
Server: Microsoft-IIS/8.0
VTag: 79181643600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 550
Cache-Control: max-age=900
Date: Fri, 13 Feb 2015 07:26:05 GMT
Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......10... .....7......150318222600Z0...*.H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q>.ln...z..L.......5.5s@d.q.('..e...Y..Bo..q..........I....'....i>..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az......@..l....
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:51 GMT
If-None-Match: "96bfbfb1d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Wed, 07 Jan 2015 06:02:43 GMT
Accept-Ranges: bytes
ETag: "88c4768d3f2ad01:0"
Server: Microsoft-IIS/8.5
VTag: 791607156900000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 813
Cache-Control: max-age=900
Date: Fri, 13 Feb 2015 07:26:05 GMT
Connection: keep-alive
0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....microsoft1-0 ..U...$Microsoft Root Certificate Authority..150106214825Z..150407100825Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..%..*..S.Y..0... .....7.......0...U......(0... .....7......150406215825Z0...*.H..............vQ..r..L.Q.N..=#.......V;..r../\.m..<.."...F/U....(:.....xm.....P.e.F..BE8......=...G....6t:...?...L..B.v..p.M........z..Q.%J.6..I.......8...U. .g..=T=K....L..$w...^....y~..-a.'...*s#N.o..Qs.$h..:duV'~....8.6..w..b3.... .~)...|.I.y".>R.nJq.ws...3.....f}.E)\......EB.d\.2.....h...lMjT.7..lj.'lj.b....".L.Os6{.s...@....f.|7z.. ......>..Q...(......._....UM.EN.@.K\]#..Y.*.......T. .C.....A'..5FW.ETDvX..tE.....g5.....&..&.....x.^H;...../7..'9.t.I&<[.HX.j....Qw......}...qy3..q`<.....LB.9w|....;..Qw..a ..=.C.:.........
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 07 May 2014 05:04:02 GMT
If-None-Match: "a413fc3b169cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT
Accept-Ranges: bytes
ETag: "d2e35dc7e31cd01:0"
Server: Microsoft-IIS/8.5
VTag: 79125357800000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 561
Cache-Control: max-age=900
Date: Fri, 13 Feb 2015 07:26:05 GMT
Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Windows Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p............<.J0... .....7.......0...U......30... .....7......150320224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c.{.m@Q.M.p...g.^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo...._...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.].....uki~......
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 01 Jul 2014 05:04:34 GMT
If-None-Match: "924558f3e994cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Wed, 28 Jan 2015 06:05:55 GMT
Accept-Ranges: bytes
ETag: "75565c7ac03ad01:0"
Server: Microsoft-IIS/8.5
VTag: 279732615200000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Fri, 13 Feb 2015 07:26:05 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..150127173215Z..150428055215Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......Y0... .....7......150427174215Z0...*.H......................YIw.. ..(..y..O.G].B.."?.@...[1.}.X...]...e.J....pP.I....!6...%.D.k...>c.|R.?.i..yt.z..B.........b....n..m5...0....2..I!)v....z....y.#pXz.DO.....mF...e.'e...@.%...6./.bPZ...=....bp..j....lo....4........T9j...S.7Q.@.W..@.. ...M....z....Q...{u. .W..HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Wed, 28 Jan 2015 06:05:55 GMT..Accept-Ranges: bytes..ETag: "75565c7ac03ad01:0"..Server: Microsoft-IIS/8.5..VTag: 279732615200000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 554..Cache-Control: max-age=900..Date: Fri, 13 Feb 2015 07:26:05 GMT..Connection: keep-alive..0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..150127173215Z..150428055215Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......Y0... .....7......150427174215Z0...*.H......................YIw.. ..(..y..O.G].B.."?.@...[1.}.X...]...e.J....pP.I....!6...%.D.k...>c.|R.?.i..yt.z..B.........b....n..m5...0....2..I!)v....z....y.#pXz.DO.....mF...e.'e...@.%...6./.bPZ...=....bp..j....lo....4........T9j...S.7Q.@.W..
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?52afbcbf40078ee8 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 05 Dec 2013 22:47:50 GMT
If-None-Match: "0af536cf2ce1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
Accept-Ranges: bytes
ETag: "0b2464b1797cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6408
Date: Fri, 13 Feb 2015 07:25:24 GMT
Connection: keep-alive
MSCF............,...................O.......'#.........D.z .disallowedcert.stl....2..'#CK...8T...g........g.k..".....mlI."d..m...P$"....e.J........z.....\..........9g.9....~.........Q.Q......Q..DL.8.C.PS.K0.!P.0........#.DY.8.....V.....$.C....a.0...........`......;.S.....0#...m... ..`0...?.!vR?.....d....`......_@..}....$...i..OR'..$....K..'Z....o.g..*.Vc.....[nY e./.EJ...B.Y.......Ag......!....9......u..!..1Yy.......r...Ss^@...M.Dtl\....i.k....3...B.Z.:.p.N....*......x,...ah/..].[....GB..T..$A....SY..t.E5R..R...9!....*.*68V....1... ...Q{...".Op@L.2M...1;xd{.C.u?..e.U.=f.nx.........y.G..0.......\L .'.^....$......N=..m...UjrZs...J.I.C....;......q_..e......?.T..2..bw....E.L.{...S...~.<.........-.Q..|.l. .1..6r....[}!J..,...naPk.U.... ..{@LH..W....>.Sq...8.5.,.z..0.jL.S..........]...yW_...Y.1..h.7...9{.....I......g.Y.,1...i8n.6..........4.]...........=........^..n.K7...c.g).Z. .0..$7.ys.p...B.5.].f...|(3!.|..P...j..^..j....#(...@...As..*.O..i..u....9..S.Y.n..HXW...F ..i...:.......!.] r......D..*ld.b.>>:Pp.....5:1 o=..5.'..4.......hO....{.V.rx..V...%.}..u...6Wv-..".iV.b..B0.Q..,...E.Dy...x..5....?Z.$L..1.....4...=.....g!....%..:..c..j..v~....._R.6.......;.#.Y*p..J.4.#'..Vo...g^K...J....._.^..u...)....&/.....q....o......4.....S...,q.....p.8IIe.....d|.3{)...M.0.X...4.."..P.......Hk.... ]!.!... ..#.x..<..X.........'.E(<b[.......#.. ....XiLl|..=.....&P.@H.J.oo...a...x B....l.....@.P......!8..@...q2..;.......mm....>~............j%..>.X.,V...J...C ....*..Z.8- RKGW...0./Z.__..)7g_'{.......pr......;.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1697
content-transfer-encoding: binary
Cache-Control: max-age=390954, public, no-transform, must-revalidate
Last-Modified: Tue, 10 Feb 2015 20:04:39 GMT
Expires: Tue, 17 Feb 2015 20:04:39 GMT
Date: Fri, 13 Feb 2015 07:28:45 GMT
Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder..20150210200439Z0s0q0I0... ........?.@..w.........Y.!......Q...==d6|h.[x....7..`..........cV.!.....20150210200439Z....20150217200439Z0...*.H...............U.#..&1x1.......n...tJ...-..`.-d...X.......\._......[]n\].;....n..}b..Y...b1.q....".2.<.../..:....\..... ..?...Y. .EF.e....Y!T#SLa.......&....I.t..v...Cy'uGK...g......-.........G>}q......1....p...pxP,.l.e^f5..i)xoE....]....t..?.....~..Su......D.,...\........0...0...0..{.........[..I|.....Zm..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f..;]s!.\"v...|....].@.....K7m2...N......-S.I......5n...G7. ..W....n..*..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... .......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo......E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|........
<<< skipped >>>
GET /versions/components/tb_google_row.dat HTTP/1.0
Host: VVV.audiochannel.net
HTTP/1.1 404 Not Found
Date: Fri, 13 Feb 2015 07:24:48 GMT
Server: Apache/2.2.29
Content-Length: 235
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /versions/components/tb_google_row.dat was not found on this server.</p>.</body></html>.HTTP/1.1 404 Not Found..Date: Fri, 13 Feb 2015 07:24:48 GMT..Server: Apache/2.2.29..Content-Length: 235..Connection: close..Content-Type: text/html; charset=iso-8859-1..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /versions/components/tb_google_row.dat was not found on this server.</p>.</body></html>...
GET /tools/swg2/update?type=c&as=swg&os=win&osv=6.1.7601&hl=en&ie=10.0.9200.16521&ds=0&pds=0&su=0&hpi=-1&brand=NCHD&pa=9&cl=1&tbv=&id=9da6939a80964d4ea5db1fc2eaad4422eb587e9423&from=&to=5.7.9012.1008 HTTP/1.1
Accept: */*
User-Agent: SearchWithGoogle
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: text/plain
Transfer-Encoding: chunked
Date: Fri, 13 Feb 2015 07:25:37 GMT
Expires: Fri, 13 Feb 2015 07:25:37 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.08
16..rlz: 1R______enUA627..0..
Map
The Worm connects to the servers at the folowing location(s):
Strings from Dumps
eyeline.exe_108:
.rdata
.rdata
@.data
@.data
.rsrc
.rsrc
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
mscoree.dll
mscoree.dll
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
UxTheme.dll
UxTheme.dll
dwmapi.dll
dwmapi.dll
Authorization: Basic %s
Authorization: Basic %s
/videostream.cgi
/videostream.cgi
GET %s HTTP/1.0
GET %s HTTP/1.0
Host: %s
Host: %s
User-Agent: %S
User-Agent: %S
HTTP/
HTTP/
hXXp://%s%s
hXXp://%s%s
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Server: Rex/10.0.0.3802
Server: Rex/10.0.0.3802
v 2.01 © NCH Software VVV.nchsoftware.com v 2.01 © NCH Software VVV.nchsoftware.comapplication/vnd.apple.mpegURL
application/vnd.apple.mpegURL
%s%s%s
%s%s%s
software=Eyeline&version=2.01&report=UINSTALL&text=%s-%s&language=en&platform=Win&extra1=%d%s
software=Eyeline&version=2.01&report=UINSTALL&text=%s-%s&language=en&platform=Win&extra1=%d%s
hXXp://%s/components/%s
hXXp://%s/components/%s
user32.dll
user32.dll
hXXp://VVV.audiochannel.net/versions/components/%s.txt
hXXp://VVV.audiochannel.net/versions/components/%s.txt
%s%d%d%d
%s%d%d%d
kernel32.dll
kernel32.dll
hXXp://cgi.nch.com.au/cgi-bin/regcheck.exe?cmd=v&id=%d&magic=%d&magicb=%d
hXXp://cgi.nch.com.au/cgi-bin/regcheck.exe?cmd=v&id=%d&magic=%d&magicb=%d
tb_%s_us.dat
tb_%s_us.dat
tb_%s_uk.dat
tb_%s_uk.dat
tb_%s_row.dat
tb_%s_row.dat
hXXp://VVV.audiochannel.net/versions/components/%s
hXXp://VVV.audiochannel.net/versions/components/%s
hXXp://VVV.nch.com.au/components/toolbars/NCH_Chrome.exe
hXXp://VVV.nch.com.au/components/toolbars/NCH_Chrome.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_Chrome.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_Chrome.exe
hXXp://VVV.nch.com.au/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.nch.com.au/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.audiochannel.net/versions/eyeline.txt
hXXp://VVV.audiochannel.net/versions/eyeline.txt
comctl32.dll
comctl32.dll
TaskDialogIndirect
TaskDialogIndirect
software=Eyeline&version=2.01&report=COMMENT&text=COMMENT-%s&language=en&platform=Win
software=Eyeline&version=2.01&report=COMMENT&text=COMMENT-%s&language=en&platform=Win
%s, %.2d %s 20%.2d %.2d:%.2d:%.2d %s%.2d%.2d
%s, %.2d %s 20%.2d %.2d:%.2d:%.2d %s%.2d%.2d
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
X-Mailer: Eyeline VVV.nch.com.au/software
X-Mailer: Eyeline VVV.nch.com.au/software
gc0p4Jq0M2Yt08jU534c%d
gc0p4Jq0M2Yt08jU534c%d
Content-Type: multipart/mixed; boundary=%s
Content-Type: multipart/mixed; boundary=%s
Content-Type: %s; name="%s"
Content-Type: %s; name="%s"
Content-Disposition: attachment; filename="%s"
Content-Disposition: attachment; filename="%s"
--%s--
--%s--
AUTH LOGIN
AUTH LOGIN
RCPT TO:
RCPT TO:
USER %s
USER %s
PASS %s
PASS %s
%s %s
%s %s
STOR %s
STOR %s
MFMT dddddd %s
MFMT dddddd %s
MLST %s
MLST %s
MLSD %s
MLSD %s
LIST %s
LIST %s
SIZE %s
SIZE %s
folder %s
folder %s
http=
http=
%s/%s
%s/%s
POST %s HTTP/1.0
POST %s HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Content-Length: %d
Content-Length: %d
HTTP/1.
HTTP/1.
c:\SourceCode\llib\include\../net/ssl.cpp
c:\SourceCode\llib\include\../net/ssl.cpp
hXXp://cgi.nch.com.au/cgi-bin/pingme.exe?port=%d
hXXp://cgi.nch.com.au/cgi-bin/pingme.exe?port=%d
hXXp://cgi.nch.com.au/cgi-bin/pingme.exe
hXXp://cgi.nch.com.au/cgi-bin/pingme.exe
urn:schemas-upnp-org:service:%s
urn:schemas-upnp-org:service:%s
M-SEARCH * HTTP/1.1
M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
HOST: 239.255.255.250:1900
239.255.255.250
239.255.255.250
%s%s>
%s%s>
POST %s HTTP/1.1
POST %s HTTP/1.1
CONTENT-LENGTH: %d
CONTENT-LENGTH: %d
SOAPACTION: "urn:schemas-upnp-org:service:%s#%s"
SOAPACTION: "urn:schemas-upnp-org:service:%s#%s"
%d%s%d%s1Eyeline Video Surveillance System %s Redirection0
%d%s%d%s1Eyeline Video Surveillance System %s Redirection0
AddPortMapping
AddPortMapping
User-Agent: %s
User-Agent: %s
%dx%d
%dx%d
function LAddEventListener(obj, evName, handler){if (!obj.addEventListener) obj.addEventListener = function(evtName, hand) { this.attachEvent('on' evtName, hand); };
function LAddEventListener(obj, evName, handler){if (!obj.addEventListener) obj.addEventListener = function(evtName, hand) { this.attachEvent('on' evtName, hand); };
if (evName.substring(0, 2) == 'on') evName = evName.substring(2);
if (evName.substring(0, 2) == 'on') evName = evName.substring(2);
if (typeof handler == 'string') {obj.addEventListener(evName, function () { eval(handler); }, false);} else {obj.addEventListener(evName, function (e){if (!e) e = window.event;handler(e);}, false);}}
if (typeof handler == 'string') {obj.addEventListener(evName, function () { eval(handler); }, false);} else {obj.addEventListener(evName, function (e){if (!e) e = window.event;handler(e);}, false);}}
window.location = '%s';
window.location = '%s';
document.cookie = '%s=%s; path=/%s';
document.cookie = '%s=%s; path=/%s';
Your password has been changed.Click here to return.
Your password has been changed.Click here to return.
Your password has been reset and sent to your email address.Click here to log on when you receive your password.
Your password has been reset and sent to your email address.Click here to log on when you receive your password.
function CmSubmit() {window.onbeforeunload = null;DisableSubmits(true);SimpleAjaxCall('%s', GetParams('dialogform') 'submit=' document.pressed, HandleAjaxJSReturn, function() { DisableSubmits(false); }, function() { DisableSubmits(false); }, 1200000);return false;}
function CmSubmit() {window.onbeforeunload = null;DisableSubmits(true);SimpleAjaxCall('%s', GetParams('dialogform') 'submit=' document.pressed, HandleAjaxJSReturn, function() { DisableSubmits(false); }, function() { DisableSubmits(false); }, 1200000);return false;}
function DisableSubmits(bDisable) {submits = document.getElementsByName('submit');for (i = 0; i
function DisableSubmits(bDisable) {submits = document.getElementsByName('submit');for (i = 0; i
| |||||
d:d:d.d
d:d:d.d
-:-:-.=
-:-:-.=
%s:%s
%s:%s
Failed to process the HTTP headers
Failed to process the HTTP headers
Invalid HTTP response
Invalid HTTP response
Server returned an error %d %S
Server returned an error %d %S
| %s | Image Stream |
| %s | Image Stream |
| %s | jpg | ||
| %s | jpg |
| Search Recordings | |||
| %s | |||
| %s | |||
| Search Recordings | |||
| %s | |||
| %s | |||
00:00:00
00:00:00
23:59:59
23:59:59
%s%s| Recordings | Operations |
| Recordings | Operations |
Sorry, your browser does not support HTML5 video tag.
Sorry, your browser does not support HTML5 video tag.
var c = %d;
var c = %d;
if (navigator.appVersion.indexOf("Mac") != -1) {
if (navigator.appVersion.indexOf("Mac") != -1) {
document.img.src = "stream.jpg?camera=%d";
document.img.src = "stream.jpg?camera=%d";
return;}pl.onload=display;pl.src = "frame.jpg?camera=%d&id=" c;
return;}pl.onload=display;pl.src = "frame.jpg?camera=%d&id=" c;
document.img.src = pl.src;
document.img.src = pl.src;
setTimeout('updatelink()', %d);
setTimeout('updatelink()', %d);
pl.onload=display;onLoad=StartScreen();
pl.onload=display;onLoad=StartScreen();
Eyeline Video Surveillance System Live %d
Eyeline Video Surveillance System Live %d
hasFlash = Boolean(new ActiveXObject('ShockwaveFlash.ShockwaveFlash'));
hasFlash = Boolean(new ActiveXObject('ShockwaveFlash.ShockwaveFlash'));
hasFlash = ('undefined' != typeof navigator.mimeTypes['application/x-shockwave-flash']);
hasFlash = ('undefined' != typeof navigator.mimeTypes['application/x-shockwave-flash']);
if (!hasFlash) window.location.replace("hXXp://%s/%s?camera=%d")
if (!hasFlash) window.location.replace("hXXp://%s/%s?camera=%d")
%s:%d
%s:%d
hXXp://%s/nchplayer.swf?host=%s&scope=Eyeline&streamName=live&bandwidth=%d&src=%d&autostart=true
hXXp://%s/nchplayer.swf?host=%s&scope=Eyeline&streamName=live&bandwidth=%d&src=%d&autostart=true
%s
%s
hXXp://%s/stream.asx?camera=%d
hXXp://%s/stream.asx?camera=%d
%s%sClick here to go to hXXp://VVV.nch.com.au
Click here to go to hXXp://VVV.nch.com.au
Pragma%d
Pragma%d
Content-Type: application/vnd.ms.wms-hdr.asfv1
Content-Type: application/vnd.ms.wms-hdr.asfv1
Eyeline Video Surveillance System Live %s
Eyeline Video Surveillance System Live %s
if (!document.createElement('video').canPlayType('application/vnd.apple.mpegURL')) {
if (!document.createElement('video').canPlayType('application/vnd.apple.mpegURL')) {
window.location.replace("hXXp://%s/stream.html?camera=%d")
window.location.replace("hXXp://%s/stream.html?camera=%d")
Sorry, your browser does not support Live Streaming.
Sorry, your browser does not support Live Streaming.
%s\%s\%d\%d.m3u8
%s\%s\%d\%d.m3u8
Enter your password. If you have forgotten what it is, please click Forgot your password.
Enter your password. If you have forgotten what it is, please click Forgot your password.
help/login.html
help/login.html
>
>
This is the resolution of the output video. Only certain pre-defined values are permitted.
This is the resolution of the output video. Only certain pre-defined values are permitted.
Windows Media Video 9
Windows Media Video 9
Windows Media Video 8
Windows Media Video 8
Windows Media Video 7
Windows Media Video 7
32 bit support
32 bit support
WebCam JPEG
WebCam JPEG
Application.GC
Application.GC
Application.Shutdown
Application.Shutdown
Application.Resource.LowMemory
Application.Resource.LowMemory
Application.Script.Warning
Application.Script.Warning
Application.Script.Error
Application.Script.Error
NetStream.Data.Start
NetStream.Data.Start
NetStream.Unpause.Notify
NetStream.Unpause.Notify
NetStream.Pause.Notify
NetStream.Pause.Notify
NetStream.Seek.Failed
NetStream.Seek.Failed
NetStream.Seek.Notify
NetStream.Seek.Notify
NetStream.Play.Complete
NetStream.Play.Complete
NetStream.Play.Switch
NetStream.Play.Switch
NetStream.Play.UnpublishNotify
NetStream.Play.UnpublishNotify
NetStream.Play.PublishNotify
NetStream.Play.PublishNotify
NetStream.Play.Reset
NetStream.Play.Reset
NetStream.Play.Stop
NetStream.Play.Stop
NetStream.Play.StreamNotFound
NetStream.Play.StreamNotFound
NetStream.Play.Start
NetStream.Play.Start
NetStream.Play.InsufficientBW
NetStream.Play.InsufficientBW
NetStream.Record.Failed
NetStream.Record.Failed
NetStream.Record.Stop
NetStream.Record.Stop
NetStream.Record.NoAccess
NetStream.Record.NoAccess
NetStream.Record.Start
NetStream.Record.Start
NetStream.Unpublish.Success
NetStream.Unpublish.Success
NetStream.Failed
NetStream.Failed
NetStream.Publish.BadName
NetStream.Publish.BadName
NetStream.Publish.Start
NetStream.Publish.Start
NetStream.Clear.Failed
NetStream.Clear.Failed
NetStream.Clear.Success
NetStream.Clear.Success
NetStream.InvalidArg
NetStream.InvalidArg
NetConnection.Connect.InvalidApp
NetConnection.Connect.InvalidApp
NetConnection.Connect.Success
NetConnection.Connect.Success
NetConnection.Connect.Rejected
NetConnection.Connect.Rejected
NetConnection.Connect.Failed
NetConnection.Connect.Failed
NetConnection.Connect.Closed
NetConnection.Connect.Closed
NetConnection.Connect.AppShutdown
NetConnection.Connect.AppShutdown
NetConnection.Call.BadVersion
NetConnection.Call.BadVersion
NetConnection.Call.Failed
NetConnection.Call.Failed
@device:sw:{860BB310-5D01-11D0-BD3B-00A0C911CE86}\{00CADAC6-7EA1-418B-8DDD-DF8510030101}
@device:sw:{860BB310-5D01-11D0-BD3B-00A0C911CE86}\{00CADAC6-7EA1-418B-8DDD-DF8510030101}
Speex ACM Codec xiph.org
Speex ACM Codec xiph.org
(unverified) For the Record - hXXp://VVV.fortherecord.com
(unverified) For the Record - hXXp://VVV.fortherecord.com
Aureal Semiconductor RAW SPORT
Aureal Semiconductor RAW SPORT
Windows Media Audio Lossless V9
Windows Media Audio Lossless V9
Windows Media Audio Professional V9
Windows Media Audio Professional V9
Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio
Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio
Windows Media Audio V1 / DivX audio (WMA)
Windows Media Audio V1 / DivX audio (WMA)
Sipro Lab Telecom ACELP.KELVIN
Sipro Lab Telecom ACELP.KELVIN
Sipro Lab Telecom ACELP.net
Sipro Lab Telecom ACELP.net
Microsoft Windows Media, RT Voice
Microsoft Windows Media, RT Voice
Compaq Computer VSELP (codec for Windows CE 2.0 devices)
Compaq Computer VSELP (codec for Windows CE 2.0 devices)
Classic FTP Software
Classic FTP Software
tar.gz
tar.gz
hXXp://VVV.nchsoftware.com/goldenvideos/
hXXp://VVV.nchsoftware.com/goldenvideos/
hXXp://VVV.nchsoftware.com/broadcam/
hXXp://VVV.nchsoftware.com/broadcam/
hXXp://VVV.nch.com.au/soundtap/
hXXp://VVV.nch.com.au/soundtap/
hXXp://VVV.nch.com.au/recordpad/
hXXp://VVV.nch.com.au/recordpad/
hXXp://VVV.nch.com.au/golden/
hXXp://VVV.nch.com.au/golden/
hXXp://VVV.nch.com.au/talk/
hXXp://VVV.nch.com.au/talk/
hXXp://VVV.nch.com.au/rip/
hXXp://VVV.nch.com.au/rip/
hXXp://VVV.nchsoftware.com/invoice/
hXXp://VVV.nchsoftware.com/invoice/
hXXp://VVV.nchsoftware.com/accounting/
hXXp://VVV.nchsoftware.com/accounting/
hXXp://VVV.nch.com.au/express/
hXXp://VVV.nch.com.au/express/
hXXp://VVV.nchsoftware.com/capture/
hXXp://VVV.nchsoftware.com/capture/
hXXp://VVV.nchsoftware.com/classic/
hXXp://VVV.nchsoftware.com/classic/
Classic FTP
Classic FTP
hXXp://VVV.nchsoftware.com/zip/
hXXp://VVV.nchsoftware.com/zip/
hXXp://VVV.nchsoftware.com/documentconvert/
hXXp://VVV.nchsoftware.com/documentconvert/
hXXp://VVV.nchsoftware.com/imageconverter/
hXXp://VVV.nchsoftware.com/imageconverter/
hXXp://VVV.nchsoftware.com/prism/
hXXp://VVV.nchsoftware.com/prism/
hXXp://VVV.nch.com.au/switch/
hXXp://VVV.nch.com.au/switch/
hXXp://VVV.nchsoftware.com/slideshow/
hXXp://VVV.nchsoftware.com/slideshow/
hXXp://VVV.nch.com.au/wavepad/
hXXp://VVV.nch.com.au/wavepad/
hXXp://VVV.nchsoftware.com/videopad/
hXXp://VVV.nchsoftware.com/videopad/
hXXp://VVV.nch.com.au/scribe/
hXXp://VVV.nch.com.au/scribe/
hXXp://VVV.nch.com.au/mixpad/
hXXp://VVV.nch.com.au/mixpad/
hXXp://VVV.nchsoftware.com/encrypt/
hXXp://VVV.nchsoftware.com/encrypt/
hXXp://VVV.nch.com.au/ivm/
hXXp://VVV.nch.com.au/ivm/
hXXp://VVV.nch.com.au/ims/
hXXp://VVV.nch.com.au/ims/
hXXp://VVV.nch.com.au/burn/
hXXp://VVV.nch.com.au/burn/
Portable Anymap
Portable Anymap
Portable Network Graphics
Portable Network Graphics
Joint Photographic Experts Group
Joint Photographic Experts Group
.wbmp
.wbmp
.tiff
.tiff
.jpeg
.jpeg
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
FTP file transfers
FTP file transfers
Upload your website using ftp
Upload your website using ftp
Manage stock, procurements and reporting
Manage stock, procurements and reporting
Track and Report Income and Expenditures
Track and Report Income and Expenditures
Zulu Disc Jockey Software
Zulu Disc Jockey Software
Clean and optimize your Windows registry by removing the old and damaged data that is bogging down your computer performance.
Clean and optimize your Windows registry by removing the old and damaged data that is bogging down your computer performance.
Voxal is a real time voice changing program. Change your voice live through speakers, in softphone calls, or any application or game that uses a microphone.
Voxal is a real time voice changing program. Change your voice live through speakers, in softphone calls, or any application or game that uses a microphone.
twelvekeys
twelvekeys
TwelveKeys Music Transcription
TwelveKeys Music Transcription
Universal audio converting software supports all popular audio formats including mp3, wma, wav, midi, m4a, and more. Use it to convert and compress sound files.
Universal audio converting software supports all popular audio formats including mp3, wma, wav, midi, m4a, and more. Use it to convert and compress sound files.
Orion finds and recovers deleted files on hard drives, external and portable drives. Or use the drive scrubber to ensure deleted files can't be recovered.
Orion finds and recovers deleted files on hard drives, external and portable drives. Or use the drive scrubber to ensure deleted files can't be recovered.
Key Blaze Typing Tutor Software
Key Blaze Typing Tutor Software
A powerful FTP client that integrates with Windows Explorer for manual or automatic file uploading, or sync/mirror files and folders via FTP.
A powerful FTP client that integrates with Windows Explorer for manual or automatic file uploading, or sync/mirror files and folders via FTP.
Fling FTP Sync Software Client
Fling FTP Sync Software Client
Easy to use file backup software to automatically back up critical data to CD, DVD, Blu-ray or a remote FTP server. Don't take chances with your valuable data.
Easy to use file backup software to automatically back up critical data to CD, DVD, Blu-ray or a remote FTP server. Don't take chances with your valuable data.
Use this text expansion software to create keyboard shortcuts that will expand to an entire word, sentence, paragraph or document. A useful time saving tool.
Use this text expansion software to create keyboard shortcuts that will expand to an entire word, sentence, paragraph or document. A useful time saving tool.
Digital dictation software to record and send dictation for transcription directly from your computer, or dock and send dictation from a portable device.
Digital dictation software to record and send dictation for transcription directly from your computer, or dock and send dictation from a portable device.
Professional accounting software to manage and report business income and expenses, sales, invoices and payments. Great for small and medium-sized companies.
Professional accounting software to manage and report business income and expenses, sales, invoices and payments. Great for small and medium-sized companies.
Easy to use video recording software lets you capture and record video from a webcam, your computer screen, an external video device or online streaming video.
Easy to use video recording software lets you capture and record video from a webcam, your computer screen, an external video device or online streaming video.
Easy and reliable FTP client software. View, edit, upload, download, delete and otherwise manage files on a remote server, website or network.
Easy and reliable FTP client software. View, edit, upload, download, delete and otherwise manage files on a remote server, website or network.
Classic FTP - FTP Client Software
Classic FTP - FTP Client Software
Use your PC to broadcast live or recorded video from a webcam, computer screen or video input device. Video streams will play in all popular web browsers.
Use your PC to broadcast live or recorded video from a webcam, computer screen or video input device. Video streams will play in all popular web browsers.
Debut is a reliable video recording program for capturing video with a webcam or video input, and is a screen recorder to record almost anything on your screen.
Debut is a reliable video recording program for capturing video with a webcam or video input, and is a screen recorder to record almost anything on your screen.
Prism is a program for Windows that lets you convert video files from one format to another.
Prism is a program for Windows that lets you convert video files from one format to another.
InstallReport
InstallReport
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=eyeline&source=softwaretrial
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=eyeline&source=softwaretrial
mhXXp://VVV.nchsoftware.com
mhXXp://VVV.nchsoftware.com
A full list of our products can be found at the below website. You may find another product that is more suitable for your needs.
A full list of our products can be found at the below website. You may find another product that is more suitable for your needs.
/InternetRepo/nch_com_au/components/x264enc6.exe
/InternetRepo/nch_com_au/components/x264enc6.exe
nchplayer.swf
nchplayer.swf
favicon.ico
favicon.ico
greybg.gif
greybg.gif
darkblue.gif
darkblue.gif
downsort.gif
downsort.gif
upsort.gif
upsort.gif
table.js
table.js
ajax.js
ajax.js
s.css
s.css
print.css
print.css
software\microsoft\windows\currentversion\app paths\%s
software\microsoft\windows\currentversion\app paths\%s
Eyeline-%d-%d
Eyeline-%d-%d
eyeline.exe
eyeline.exe
%d:%d:%d
%d:%d:%d
%d-%d-%d
%d-%d-%d
Global\%s
Global\%s
Software\Classes\%s
Software\Classes\%s
*.dat
*.dat
hXXp://VVV.nch.com.au/upgrade/index.html?software=eyeline&upgradeid=%d&upgradekey=%s
hXXp://VVV.nch.com.au/upgrade/index.html?software=eyeline&upgradeid=%d&upgradekey=%s
hXXp://VVV.nch.com.au/activate/index.html?code=%s
hXXp://VVV.nch.com.au/activate/index.html?code=%s
VVV.nchsoftware.com/surveillance
VVV.nchsoftware.com/surveillance
hXXp://%s
hXXp://%s
splash.jpg
splash.jpg
%d.%d.%d.%d
%d.%d.%d.%d
%d.%d.%d.%d:%d
%d.%d.%d.%d:%d
Password
Password
Eyeline Video Surveillance System.lnk
Eyeline Video Surveillance System.lnk
NCH Software.lnk
NCH Software.lnk
NCH Suite.lnk
NCH Suite.lnk
Software\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline
Software\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline
URLInfoAbout
URLInfoAbout
URLUpdateInfo
URLUpdateInfo
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
hXXp://cgi.nch.com.au/cgi-bin/report.exe
hXXp://cgi.nch.com.au/cgi-bin/report.exe
uninst.exe
uninst.exe
Uninstall is complete. If you need to reinstall this software again you can download it from VVV.nchsoftware.com.
Uninstall is complete. If you need to reinstall this software again you can download it from VVV.nchsoftware.com.
Software\NCH Software\Components\%s
Software\NCH Software\Components\%s
\\.\pipe\%s
\\.\pipe\%s
Special discount pricing ends on the 15th of %s.
Special discount pricing ends on the 15th of %s.
Special discount pricing ends at the end of %s.
Special discount pricing ends at the end of %s.
88:88:88
88:88:88
hXXp://VVV.nch.com.au/suggestions/index.html?software=Eyeline&version=2.01%s%s
hXXp://VVV.nch.com.au/suggestions/index.html?software=Eyeline&version=2.01%s%s
hXXp://VVV.nchsoftware.com/software/newsletter.html?software=Eyeline&version=2.01%s%s
hXXp://VVV.nchsoftware.com/software/newsletter.html?software=Eyeline&version=2.01%s%s
hXXp://VVV.nchsoftware.com/software/video.html
hXXp://VVV.nchsoftware.com/software/video.html
hXXp://VVV.facebook.com/NCHSoftware
hXXp://VVV.facebook.com/NCHSoftware
hXXp://twitter.com/nchsoftware
hXXp://twitter.com/nchsoftware
hXXps://plus.google.com/ nchsoftware
hXXps://plus.google.com/ nchsoftware
hXXp://VVV.facebook.com/sharer/sharer.php?u=%s
hXXp://VVV.facebook.com/sharer/sharer.php?u=%s
hXXp://VVV.twitter.com/?status=%U%s
hXXp://VVV.twitter.com/?status=%U%s
hXXps://plusone.google.com/_/ 1/confirm?hl=en&url=%s
hXXps://plusone.google.com/_/ 1/confirm?hl=en&url=%s
hXXp://VVV.stumbleupon.com/submit?url=%s&title=NCH Software
hXXp://VVV.stumbleupon.com/submit?url=%s&title=NCH Software
hXXp://VVV.linkedin.com/shareArticle?url=%s&title=NCH Software&mini=true
hXXp://VVV.linkedin.com/shareArticle?url=%s&title=NCH Software&mini=true
%s by NCH Software%s%s
%s by NCH Software%s%s
- Licensed to %s
- Licensed to %s
Unsupported
Unsupported
%d x %d [%s], %.2lf fps, %s
%d x %d [%s], %.2lf fps, %s
%d x %d, %.2lf fps, %s
%d x %d, %.2lf fps, %s
Restarting web server
Restarting web server
Windows CE
Windows CE
LRTMPNumber == %f
LRTMPNumber == %f
LRTMPBoolean == %s
LRTMPBoolean == %s
LRTMPString == %s
LRTMPString == %s
"%s" -uninstall
"%s" -uninstall
eyelinesetup_v2.01.exe
eyelinesetup_v2.01.exe
Software\NCH Software\Eyeline\%s
Software\NCH Software\Eyeline\%s
Global\NCHSharedEvent%d
Global\NCHSharedEvent%d
-LQUIET -instby %sEyeline
-LQUIET -instby %sEyeline
-installcomponent "%s" %d
-installcomponent "%s" %d
audiochannel.net
audiochannel.net
VVV.nch.com.au
VVV.nch.com.au
An install-on-demand component could not be installed automatically. Please run it from the URL below then try again.
An install-on-demand component could not be installed automatically. Please run it from the URL below then try again.
%s=%s
%s=%s
_eyeline_rl_%s
_eyeline_rl_%s
Report Bug
Report Bug
Would you be willing to complete an NCH Software Bug Report so our programmers can try to fix this? Please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
Would you be willing to complete an NCH Software Bug Report so our programmers can try to fix this? Please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=AbTermOrHang-Win%d%d
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=AbTermOrHang-Win%d%d
Win%d%d
Win%d%d
Ukn0(Msg%dLstCmd%d)
Ukn0(Msg%dLstCmd%d)
(Cmd%d)
(Cmd%d)
%s-%s-%s-%s
%s-%s-%s-%s
dbghelp.dll
dbghelp.dll
XI: %s
XI: %s
Abnormal Execution Problem
Abnormal Execution Problem
Would you be willing to complete a NCH Software Bug Report so our programmers can try to fix this? If so, please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
Would you be willing to complete a NCH Software Bug Report so our programmers can try to fix this? If so, please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=GUI-%s
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=GUI-%s
%d-%d-%%d
%d-%d-%%d
Please check you have exited any previous running instances of Eyeline Video Surveillance System and any other programs that might be using the file "%s". Then run the installer again.
Please check you have exited any previous running instances of Eyeline Video Surveillance System and any other programs that might be using the file "%s". Then run the installer again.
Installation cannot be completed because the file "%s" cannot be written to.
Installation cannot be completed because the file "%s" cannot be written to.
Please read the following important information before continuing.
Please read the following important information before continuing.
c:\program files (x86)\
c:\program files (x86)\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s
explorer.exe
explorer.exe
Advapi32.dll
Advapi32.dll
W"%s" %s
W"%s" %s
explorer.exe "%s"
explorer.exe "%s"
hXXp://VVV.nchsoftware.com/%s.html
hXXp://VVV.nchsoftware.com/%s.html
hXXp://VVV.nch.com.au/%s.html
hXXp://VVV.nch.com.au/%s.html
hXXp://VVV.nch.com.au/kb/%d.html
hXXp://VVV.nch.com.au/kb/%d.html
.html
.html
hXXp://help.nchsoftware.com/help/en/eyeline/win/%s.html
hXXp://help.nchsoftware.com/help/en/eyeline/win/%s.html
%.4d-%.2d-%.2d Eyeline Video Surveillance System Log.txt
%.4d-%.2d-%.2d Eyeline Video Surveillance System Log.txt
TwelveKeys
TwelveKeys
twelvekeyssetup
twelvekeyssetup
KeyBlaze
KeyBlaze
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=eyeline&version=2.01%s%s%s%s%s%s%s%s&instby=%s
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=eyeline&version=2.01%s%s%s%s%s%s%s%s&instby=%s
hXXp://VVV.nchsoftware.com/software/registered.html?software=%s&appname=%s&version=2.01&base=surveillance&domain=nchsoftware%s%s%s%s%s%s%s
hXXp://VVV.nchsoftware.com/software/registered.html?software=%s&appname=%s&version=2.01&base=surveillance&domain=nchsoftware%s%s%s%s%s%s%s
ID - Key:
ID - Key:
%s-%s
%s-%s
hXXp://VVV.nch.com.au/upgrade/index.html
hXXp://VVV.nch.com.au/upgrade/index.html
%s Registration Code:
%s Registration Code:
Register %s
Register %s
Click here if you have not activated your 12-digit serial number online and have not received an ID-Key.
Click here if you have not activated your 12-digit serial number online and have not received an ID-Key.
If you have already activated your serial number online, check your email for the ID-key. Then, click here to enter your ID-Key.
If you have already activated your serial number online, check your email for the ID-key. Then, click here to enter your ID-Key.
The code that you have entered is a license serial number. You must activate your serial number online to receive the ID-Key needed to register this software.
The code that you have entered is a license serial number. You must activate your serial number online to receive the ID-Key needed to register this software.
ID-Key is required to complete the registration.
ID-Key is required to complete the registration.
Old Version Key
Old Version Key
- You are using the correct ID and key for the correct product. Only the ID and key for Eyeline Video Surveillance System will be accepted.
- You are using the correct ID and key for the correct product. Only the ID and key for Eyeline Video Surveillance System will be accepted.
support/reg
support/reg
registration.txt
registration.txt
Name: %s
Name: %s
Location: %s
Location: %s
ID - Key: %d - %s
ID - Key: %d - %s
-clear -label "Eyeline Video Surveillance System Installer" -type data "%s" "%s"
-clear -label "Eyeline Video Surveillance System Installer" -type data "%s" "%s"
Validate Key
Validate Key
Key cannot be validated. Please connect to the internet and try again.
Key cannot be validated. Please connect to the internet and try again.
Click here to go to the NCH Software website to view the latest pricing
Click here to go to the NCH Software website to view the latest pricing
2014-07-01
2014-07-01
nch.com.au
nch.com.au
nchsoftware.com
nchsoftware.com
hXXp://VVV.%s/%s
hXXp://VVV.%s/%s
%s [Recommended]
%s [Recommended]
Google Chrome, a faster way to browse the web
Google Chrome, a faster way to browse the web
Free games, themes and utilities from the Google Chrome Store
Free games, themes and utilities from the Google Chrome Store
Why people choose Chrome:
Why people choose Chrome:
Install Google Chrome as my default browser
Install Google Chrome as my default browser
Google Toolbar makes web browsing more convenient:
Google Toolbar makes web browsing more convenient:
Search from any website
Search from any website
Translate web pages instantly
Translate web pages instantly
hXXp://VVV.google.com/toolbar/ie/partnereula.html?hl=en
hXXp://VVV.google.com/toolbar/ie/partnereula.html?hl=en
hXXp://VVV.google.com/accounts/TOS?hl=en
hXXp://VVV.google.com/accounts/TOS?hl=en
hXXp://VVV.google.com/intl/en/privacy/privacy-policy.html
hXXp://VVV.google.com/intl/en/privacy/privacy-policy.html
By installing this application, you agree to the Google Chrome
By installing this application, you agree to the Google Chrome
By installing this application, you agree to the Google Chrome
By installing this application, you agree to the Google Chrome
hXXp://VVV.google.com/chrome/intl/en/eula_text.html
hXXp://VVV.google.com/chrome/intl/en/eula_text.html
hXXp://VVV.google.com/chrome/intl/en/privacy.html
hXXp://VVV.google.com/chrome/intl/en/privacy.html
reject-chrome
reject-chrome
Automatic download of the install-on-demand component "%s" failed.
Automatic download of the install-on-demand component "%s" failed.
The website will now be opened where you can download it manually.
The website will now be opened where you can download it manually.
Open Website
Open Website
-installrelated %x -toolbar %x
-installrelated %x -toolbar %x
NCH Software\Eyeline%s
NCH Software\Eyeline%s
Eyeline%s
Eyeline%s
%sT%s
%sT%s
Click to install and run %s
Click to install and run %s
Click to run %s
Click to run %s
Eyeline Video Surveillance System cannot launch the program required to perform the selected task. Please go to nch.com.au/software to download it and try again.
Eyeline Video Surveillance System cannot launch the program required to perform the selected task. Please go to nch.com.au/software to download it and try again.
hXXp://VVV.nchsoftware.com/software/index.html
hXXp://VVV.nchsoftware.com/software/index.html
hXXp://VVV.nchsoftware.com/software/newsletter.html%s%s
hXXp://VVV.nchsoftware.com/software/newsletter.html%s%s
hXXps://secure.nch.com.au/cgi-bin/register.exe%s%s
hXXps://secure.nch.com.au/cgi-bin/register.exe%s%s
hXXp://cgi.nch.com.au/cgi-bin/search.exe?q=%s&site=VVV.nch.com.au%s%s
hXXp://cgi.nch.com.au/cgi-bin/search.exe?q=%s&site=VVV.nch.com.au%s%s
Click to visit our website
Click to visit our website
File does not exist: %s
File does not exist: %s
Not enough memory available to load %s
Not enough memory available to load %s
Cannot open xml file: %s
Cannot open xml file: %s
(EOF) Element should be terminated with %s>. Check you have terminated your element properly.
(EOF) Element should be terminated with %s>. Check you have terminated your element properly.
Tag does not have a closing '>'
Tag does not have a closing '>'
Misplaced %s> which does not match a .
Misplaced %s> which does not match a .
Element should be terminated with %s>, was with %s. Check you have terminated your element properly.
Element should be terminated with %s>, was with %s. Check you have terminated your element properly.
Ln %d, Col %d: %s
Ln %d, Col %d: %s
%s\shell\open\command
%s\shell\open\command
http\shell\open\command
http\shell\open\command
iexplore.exe
iexplore.exe
iexplorer.exe
iexplorer.exe
firefox.exe
firefox.exe
chrome.exe
chrome.exe
Installing Google Chrome
Installing Google Chrome
The Google Chrome installer could not be downloaded.
The Google Chrome installer could not be downloaded.
ChromeRequiresLaunch
ChromeRequiresLaunch
ChromeEyeline
ChromeEyeline
software\Google\No Chrome Offer Until
software\Google\No Chrome Offer Until
NCH_Chrome.exe
NCH_Chrome.exe
Sorry, Chrome was not installed because of some problems encountered during the installation process.
Sorry, Chrome was not installed because of some problems encountered during the installation process.
cnm-%X
cnm-%X
Chrome
Chrome
NCH_GoogleToolbar.exe
NCH_GoogleToolbar.exe
gnm-%X
gnm-%X
chrome-google
chrome-google
chrome
chrome
Install Google Chrome - Free
Install Google Chrome - Free
Get Chrome to View Help Files
Get Chrome to View Help Files
We recommend Google Chrome as the preferred viewer for our help pages.
We recommend Google Chrome as the preferred viewer for our help pages.
Google Chrome is free and fast.
Google Chrome is free and fast.
"%s" -logon
"%s" -logon
-setautorun %s
-setautorun %s
"%s" -service
"%s" -service
-setaccount "%s" "%s"
-setaccount "%s" "%s"
\\.\pipe\EyelineService
\\.\pipe\EyelineService
Please enter the new account password here.
Please enter the new account password here.
Services cannot be run as an account without a password.
Services cannot be run as an account without a password.
Please use an user account that has a password or add a password to the user account if you would like to use it to run the service.
Please use an user account that has a password or add a password to the user account if you would like to use it to run the service.
Unable to set the service account. Check user name or password. The user name can be in the form Domain\Account if a Domain is required. You must be running this program as Administrator.
Unable to set the service account. Check user name or password. The user name can be in the form Domain\Account if a Domain is required. You must be running this program as Administrator.
%%.ß
%%.ß
%s%sshmf%ii.bin.tmp
%s%sshmf%ii.bin.tmp
Loading %s
Loading %s
The file format is not supported.
The file format is not supported.
Saving %s
Saving %s
Certain parts of this software fall under the Little CMS License:
Certain parts of this software fall under the Little CMS License:
Portions of this software are Copyright (c) 1998-2011 Marti Maria Saguer.
Portions of this software are Copyright (c) 1998-2011 Marti Maria Saguer.
Certain parts of this software fall under the LibJPEG License:
Certain parts of this software fall under the LibJPEG License:
Technical Support Page
Technical Support Page
Send Bug Report
Send Bug Report
About %s
About %s
This version 2.01 of Eyeline Video Surveillance System will only work on Windows 8.1 or earlier. A newer version is available for download on VVV.nchsoftware.com.
This version 2.01 of Eyeline Video Surveillance System will only work on Windows 8.1 or earlier. A newer version is available for download on VVV.nchsoftware.com.
%s%*c
%s%*c
Software\NCH Software\%s
Software\NCH Software\%s
Software\NCH Swift Sound\%s
Software\NCH Swift Sound\%s
Quick Install-on-Demand %s
Quick Install-on-Demand %s
-extsuite %s
-extsuite %s
-extfind %s
-extfind %s
Software\Classes\.%s
Software\Classes\.%s
software\microsoft\windows\currentversion\explorer\fileexts\.%s\userchoice
software\microsoft\windows\currentversion\explorer\fileexts\.%s\userchoice
%sfile
%sfile
%s\shell
%s\shell
%s\shell\open
%s\shell\open
"%s" -extfind %s "%%L"
"%s" -extfind %s "%%L"
%s\DefaultIcon
%s\DefaultIcon
%SystemRoot%\system32\shell32.dll,19
%SystemRoot%\system32\shell32.dll,19
Software\Classes\%s\Shell\%s\command
Software\Classes\%s\Shell\%s\command
Software\Classes\%s\Shell\%s
Software\Classes\%s\Shell\%s
Software\Classes\%s\Shell
Software\Classes\%s\Shell
hXXp://VVV.nchsoftware.com/index.html
hXXp://VVV.nchsoftware.com/index.html
An install-on-demand tool (%s) is required for this operation.
An install-on-demand tool (%s) is required for this operation.
hXXp://VVV.nch.com.au/kb/10271.html
hXXp://VVV.nch.com.au/kb/10271.html
Run %s
Run %s
NCH Software\%s\%s.exe
NCH Software\%s\%s.exe
NCH Swift Sound\%s\%s.exe
NCH Swift Sound\%s\%s.exe
%s "%s"
%s "%s"
Software\Classes\%s\shell\open\command
Software\Classes\%s\shell\open\command
Software\Classes\%s\shell
Software\Classes\%s\shell
Software\Classes\%s\shell\open
Software\Classes\%s\shell\open
Software\Classes\%s\DefaultIcon
Software\Classes\%s\DefaultIcon
%s%s%s%s
%s%s%s%s
Report a Problem
Report a Problem
Click here if you would like to report a problem with Eyeline Video Surveillance System.
Click here if you would like to report a problem with Eyeline Video Surveillance System.
If you find any problems with this release please let us know by reporting them.
If you find any problems with this release please let us know by reporting them.
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=Service-%s
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=Service-%s
%s Home Page
%s Home Page
%s v 2.01
%s v 2.01
Distributed by %s
Distributed by %s
Licensed User: %s
Licensed User: %s
Col%d
Col%d
Using SMTP is recommended to avoid email being junked.
Using SMTP is recommended to avoid email being junked.
e.g., mail.myisp.net
e.g., mail.myisp.net
e.g., myemail@myco.com
e.g., myemail@myco.com
If you choose SMTP you must enter a valid reply-to address. Enter your email address.
If you choose SMTP you must enter a valid reply-to address. Enter your email address.
If you choose SMTP you must enter an SMTP mail host. Call your ISP if you don't know what your SMTP mail host is.
If you choose SMTP you must enter an SMTP mail host. Call your ISP if you don't know what your SMTP mail host is.
If your SMTP server requires authentication, you must enter a SMTP username to connect to your server.
If your SMTP server requires authentication, you must enter a SMTP username to connect to your server.
Password Required
Password Required
If your SMTP server requires authentication, you must enter a valid SMTP password to connect to your server.
If your SMTP server requires authentication, you must enter a valid SMTP password to connect to your server.
Unable to connect to mail server "%s" when sending an email to "%s".
Unable to connect to mail server "%s" when sending an email to "%s".
Unable to connect to either mail server "%s" or the mail server at "%s".
Unable to connect to either mail server "%s" or the mail server at "%s".
Unable to connect to mail server "%s".
Unable to connect to mail server "%s".
Mail host server error (HELO not accepted, error code 504) for destination email %s - usually this means the email address is not valid.
Mail host server error (HELO not accepted, error code 504) for destination email %s - usually this means the email address is not valid.
Mail host server error (HELO not accepted): %d emailto: %s
Mail host server error (HELO not accepted): %d emailto: %s
Email authentication username or password not accepted
Email authentication username or password not accepted
Eyeline@%s
Eyeline@%s
Mail host server error (MAIL FROM not accepted). Please check your Email Settings.%s - (%d - %s)
Mail host server error (MAIL FROM not accepted). Please check your Email Settings.%s - (%d - %s)
Error while trying to send email. Email address may be wrong or your SMTP server may require a username or password. Please check address again and see Email Settings.
Error while trying to send email. Email address may be wrong or your SMTP server may require a username or password. Please check address again and see Email Settings.
The recipient's email server does not allow email to be received in this manner. Please use an SMTP account for sending email to this address. emailto: %s mailhost: %s
The recipient's email server does not allow email to be received in this manner. Please use an SMTP account for sending email to this address. emailto: %s mailhost: %s
The recipient's email server rejected this email because of an unspecified reason. Try using an SMTP account for sending email to this address.
The recipient's email server rejected this email because of an unspecified reason. Try using an SMTP account for sending email to this address.
Mail host server error (data terminator not accepted) emailto: %s mailhost: %s error: %d
Mail host server error (data terminator not accepted) emailto: %s mailhost: %s error: %d
Checking SMTP Settings
Checking SMTP Settings
Mail host server error (HELO not accepted): %d
Mail host server error (HELO not accepted): %d
Mail host server error (MAIL FROM not accepted). Please check your Email Settings. (%d)
Mail host server error (MAIL FROM not accepted). Please check your Email Settings. (%d)
Email address may be wrong or your SMTP server may require a username or password.
Email address may be wrong or your SMTP server may require a username or password.
Sending Email: %s
Sending Email: %s
This FTP server does not support the required protected mode data transfers for SSL connections.
This FTP server does not support the required protected mode data transfers for SSL connections.
%s: %2.0f%%
%s: %2.0f%%
%s/microsoft/windows mail/local folders/%s
%s/microsoft/windows mail/local folders/%s
SMTP_Server
SMTP_Server
SMTP_Email_Address
SMTP_Email_Address
00000001
00000001
Software\Microsoft\Internet Account Manager\Accounts\%s
Software\Microsoft\Internet Account Manager\Accounts\%s
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%s
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%s
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
%s\%s\d
%s\%s\d
%s\Thunderbird
%s\Thunderbird
%s\profiles.ini
%s\profiles.ini
%s\%s\prefs.js
%s\%s\prefs.js
mail.accountmanager.defaultaccount
mail.accountmanager.defaultaccount
mail.account.%s.identities
mail.account.%s.identities
mail.identity.%s.useremail
mail.identity.%s.useremail
mail.smtp.defaultserver
mail.smtp.defaultserver
mail.smtpserver.%s.hostname
mail.smtpserver.%s.hostname
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Eudora.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Eudora.exe
deudora.ini
deudora.ini
eudora.ini
eudora.ini
%s\Qualcomm\Eudora\eudora.ini
%s\Qualcomm\Eudora\eudora.ini
SMTPServer
SMTPServer
Windows Mail
Windows Mail
Mozilla Thunderbird
Mozilla Thunderbird
.127.0.0.1
.127.0.0.1
LTCPListener
LTCPListener
HNetCfg.HNetShare.1
HNetCfg.HNetShare.1
-firewall %s %d "%s"
-firewall %s %d "%s"
libeay32.dll
libeay32.dll
ssleay32.dll
ssleay32.dll
%s [%s]
%s [%s]
Eyeline Video Surveillance System TCP/IP Port
Eyeline Video Surveillance System TCP/IP Port
Connection test failed. Please check your firewall settings that it is not blocking TCP/IP port %d.
Connection test failed. Please check your firewall settings that it is not blocking TCP/IP port %d.
uPNP Router Control Port
uPNP Router Control Port
Connection test failed. Please check router's firewall is not blocking TCP/IP port %d and your computer firewall is not blocking port %d.
Connection test failed. Please check router's firewall is not blocking TCP/IP port %d and your computer firewall is not blocking port %d.
Router uPNP Disabled. Please log into your router and add TCP/IP port forwarding from public port %d to %s port %d or enable uPNP and try again.
Router uPNP Disabled. Please log into your router and add TCP/IP port forwarding from public port %d to %s port %d or enable uPNP and try again.
Router configuration required. Please log into your router and add TCP/IP port forwarding from public port %d to %s port %d.
Router configuration required. Please log into your router and add TCP/IP port forwarding from public port %d to %s port %d.
%d Hz, %d Bits, %s
%d Hz, %d Bits, %s
Windows Media Audio V1
Windows Media Audio V1
Windows Media Audio V2
Windows Media Audio V2
ACELP.net
ACELP.net
%d:%.2d:%.2d
%d:%.2d:%.2d
%d:%.2d:%.2d.%.3d
%d:%.2d:%.2d.%.3d
wmvcore.dll
wmvcore.dll
hXXp://VVV.altoedge.com/usbcapture/video.html
hXXp://VVV.altoedge.com/usbcapture/video.html
hXXp://VVV.altoedge.com/usbcapture/webcams.html
hXXp://VVV.altoedge.com/usbcapture/webcams.html
NCHScreenCapture %d %d %d %d %lf %d %d %d %d %d %d %d
NCHScreenCapture %d %d %d %d %lf %d %d %d %d %d %d %d
NCHIPCamrCapture&url=%s
NCHIPCamrCapture&url=%s
&user=%s
&user=%s
&password=%s
&password=%s
Can't understand response: %s
Can't understand response: %s
Server had an issue %d: %s
Server had an issue %d: %s
Server didn't gave an image but a web page instead.
Server didn't gave an image but a web page instead.
Server is displaying a format that can not be understood. %s
Server is displaying a format that can not be understood. %s
Web server stop responding.
Web server stop responding.
Web server gave a frame that couldn't be decoded.
Web server gave a frame that couldn't be decoded.
Couldn't read from the web server
Couldn't read from the web server
.dvr-ms
.dvr-ms
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffdshow video encoder
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffdshow video encoder
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
Ping: value1 == %d, value2 == %d, value3 == %d, value4 == %d
Ping: value1 == %d, value2 == %d, value3 == %d, value4 == %d
Stream Name is %d
Stream Name is %d
ChunkSize: nSize == %d
ChunkSize: nSize == %d
Audio ts: %d
Audio ts: %d
StreamBytesRead: nBytesRead == %d
StreamBytesRead: nBytesRead == %d
ServerBW: nBandwidth == %d
ServerBW: nBandwidth == %d
ClientBW: nBandwidth == %d, nValue2 == %d
ClientBW: nBandwidth == %d, nValue2 == %d
%s.%s
%s.%s
%s = %s
%s = %s
ConnectionParams: %s
ConnectionParams: %s
Size of data = %d
Size of data = %d
Video ts: %d
Video ts: %d
Attemption frameType is KEYFRAME
Attemption frameType is KEYFRAME
Size of data = %d
Size of data = %d
Failed to %s (stream ID: %d)
Failed to %s (stream ID: %d)
Error while invoking %s (stream ID: %d)
Error while invoking %s (stream ID: %d)
tcUrl
tcUrl
No scope " %s " on this server.
No scope " %s " on this server.
Application at " %s " is currently shutting down.
Application at " %s " is currently shutting down.
Call of Service: = %s
Call of Service: = %s
Method: = %s
Method: = %s
Num Params: %s
Num Params: %s
Pending Call of Service: = %s
Pending Call of Service: = %s
Result == %s
Result == %s
Playing and resetting %s.
Playing and resetting %s.
Started playing %s.
Started playing %s.
Stopped playing %s.
Stopped playing %s.
Seeking %d (stream ID: %d).
Seeking %d (stream ID: %d).
The stream doesn't support seeking.
The stream doesn't support seeking.
Everyday %s
Everyday %s
%s, %s
%s, %s
%s (day after)
%s (day after)
%s (same day)
%s (same day)
Scheduled_recording_%s
Scheduled_recording_%s
The recording "%s" is too long. It must be less than 10 hours long.
The recording "%s" is too long. It must be less than 10 hours long.
This recording has start or end time that overlaps recording "%s".
This recording has start or end time that overlaps recording "%s".
The scheduled recording time is longer than the maximum allowed recording time (Options -> Record -> Limit maximum recording time). The recording will be stopped after %s duration. Do you want to proceed?
The scheduled recording time is longer than the maximum allowed recording time (Options -> Record -> Limit maximum recording time). The recording will be stopped after %s duration. Do you want to proceed?
%u:%.2u:%.2u.%.3u
%u:%.2u:%.2u.%.3u
%u:%.2u:%.2u
%u:%.2u:%.2u
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\DV Video Encoder
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\DV Video Encoder
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffds
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffds
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m261
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m261
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m263
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m263
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\fps1
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\fps1
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yv12
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yv12
%s (i420)
%s (i420)
%s (iyuv)
%s (iyuv)
Wrong video bitrate specified, must be from %d to %d
Wrong video bitrate specified, must be from %d to %d
%d Hz, %lu kbps, %s
%d Hz, %lu kbps, %s
%d Hz, %s
%d Hz, %s
%d x %d
%d x %d
Wrong video bitrate specified, must be from 24 to %d
Wrong video bitrate specified, must be from 24 to %d
WindowsMedia_Format
WindowsMedia_Format
WindowsMedia_VideoCodec
WindowsMedia_VideoCodec
WindowsMedia_VideoBitrate
WindowsMedia_VideoBitrate
WindowsMedia_SoundCodecIndex
WindowsMedia_SoundCodecIndex
WindowsMedia_SoundFormatIndex
WindowsMedia_SoundFormatIndex
WindowsMedia_VideoQuality
WindowsMedia_VideoQuality
WindowsMedia_LiveSource
WindowsMedia_LiveSource
msvfw32.dll
msvfw32.dll
hXXp://ffmpeg.org
hXXp://ffmpeg.org
avutil-52.nch.dll
avutil-52.nch.dll
swscale-2.nch.dll
swscale-2.nch.dll
avcodec-54.nch.dll
avcodec-54.nch.dll
avformat-54.nch.dll
avformat-54.nch.dll
swresample-0.nch.dll
swresample-0.nch.dll
S.wpp
S.wpp
%d_%d.ts
%d_%d.ts
%d.m3u8
%d.m3u8
#EXT-X-TARGETDURATION:%d
#EXT-X-TARGETDURATION:%d
#EXT-X-MEDIA-SEQUENCE:%d
#EXT-X-MEDIA-SEQUENCE:%d
#EXTINF:%d,
#EXTINF:%d,
v.clpi
v.clpi
"%s" - -
"%s" - -
"%s" -s %d -d -w -
"%s" -s %d -d -w -
FAAD2 AAC/HE-AAC/HE-AACv2/DRM decoder (c) Nero AG, VVV.nero.com
FAAD2 AAC/HE-AAC/HE-AACv2/DRM decoder (c) Nero AG, VVV.nero.com
"%s" -o raw
"%s" -o raw
Copyright (C) 2000-2002 Michel Lespinasse
Copyright (C) 2000-2002 Michel Lespinasse
Copyright (C) 1999-2000 Aaron Holtzman
Copyright (C) 1999-2000 Aaron Holtzman
License terms for this component can be found at: hXXp://VVV.opensource.org/licenses/lgpl-license.php
License terms for this component can be found at: hXXp://VVV.opensource.org/licenses/lgpl-license.php
"%s" %s - -
"%s" %s - -
"%s" -C %d -R %d -b %d
"%s" -C %d -R %d -b %d
"%s" -r
"%s" -r
-b %d --cbr --nores --nchvideo - -
-b %d --cbr --nores --nchvideo - -
Ã% = Current Day
Ã% = Current Day
%SS% = Current Second
%SS% = Current Second
ddraw.dll
ddraw.dll
%s: %s
%s: %s
PublicPort
PublicPort
Eyeline Server: %s (over the Internet)
Eyeline Server: %s (over the Internet)
Eyeline Server: %s (on the local network)
Eyeline Server: %s (on the local network)
Email: %s
Email: %s
Password: %s
Password: %s
help/password.html
help/password.html
Change Password
Change Password
changepasswordchanged
changepasswordchanged
Old Password:
Old Password:
New Password:
New Password:
Reenter New Password:
Reenter New Password:
The reentered new password does not match the first entry of the new password.
The reentered new password does not match the first entry of the new password.
Invalid password. Please try again.
Invalid password. Please try again.
>Reset Password
>Reset Password
lostpasswordsent
lostpasswordsent
Please enter your email address. Your password will be reset and sent to you by email.
Please enter your email address. Your password will be reset and sent to you by email.
changepassword
changepassword
lostpassword
lostpassword
%H %H %H %H
id=%d
id=%d
document.pressed=this.value
document.pressed=this.value
Â
Â
%H
%H
%H
%H
%H
%H
%H
%H
LWebletConnectionThread::ThreadFunction ProcessRecvBytes (post data) FAILED: sending %d bytes failed after %d seconds
LWebletConnectionThread::ThreadFunction ProcessRecvBytes (post data) FAILED: sending %d bytes failed after %d seconds
Port
Port
will not operate correctly because JavaScript is not enabled. Please consult your web browser's help for instructions on how to enable JavaScript.
will not operate correctly because JavaScript is not enabled. Please consult your web browser's help for instructions on how to enable JavaScript.
Login
Login
Login
Login
Password:
Password:
Forgot your password?
Forgot your password?
Login failed. Please check you have the right password.
Login failed. Please check you have the right password.
logon?onok=%U%?%s
logon?onok=%U%?%s
%HÂ Â
%HÂ Â
Many web browsers do not allow http or https access to port %u.
Many web browsers do not allow http or https access to port %u.
Reserved Port Number
Reserved Port Number
Test connection to port %u succeeded
Test connection to port %u succeeded
Test connection to port %u failed
Test connection to port %u failed
Passwords do not match
Passwords do not match
You must enter a password
You must enter a password
webaccess
webaccess
The current configuration has not been tested. Please click on the Run Web Routing and Test Wizard button to run the test.
The current configuration has not been tested. Please click on the Run Web Routing and Test Wizard button to run the test.
%s%s%d
%s%s%d
.sess
.sess
*.sess
*.sess
Webserver cannot bind to TCP/IP port.
Webserver cannot bind to TCP/IP port.
Some other program may be using port %d.
Some other program may be using port %d.
Decoding %s image
Decoding %s image
Encoding %s image
Encoding %s image
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_eyeline_rl_adm
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_eyeline_rl_adm
C:\ProgramData\NCH Software\Eyeline\Logs
C:\ProgramData\NCH Software\Eyeline\Logs
09:25:06
09:25:06
C:\ProgramData\NCH Software\Eyeline\Logs\2015-02-13 Eyeline Video Surveillance System Log.txt
C:\ProgramData\NCH Software\Eyeline\Logs\2015-02-13 Eyeline Video Surveillance System Log.txt
Use SMTP to send email directly to the mail server
Use SMTP to send email directly to the mail server
SMTP mail host:
SMTP mail host:
Send directly to other side (work as own SMTP server)
Send directly to other side (work as own SMTP server)
A full list of our products can be found at our below website. This may help you to find another product that is more suitable for your needs.
A full list of our products can be found at our below website. This may help you to find another product that is more suitable for your needs.
Constrain Proportions
Constrain Proportions
&ID - Key:
&ID - Key:
Press Key
Press Key
Press a key or a key combination.
Press a key or a key combination.
FTP Connection Test Results
FTP Connection Test Results
You must have a webcam or a video input device to see live video on your computer.
You must have a webcam or a video input device to see live video on your computer.
If you have a webcam or a USB video capture device, please check it is plugged in now and press Try Again.
If you have a webcam or a USB video capture device, please check it is plugged in now and press Try Again.
If you don't have a webcam or a video capture device, they are available online:
If you don't have a webcam or a video capture device, they are available online:
See recommended webcams
See recommended webcams
WebM Encoding Settings
WebM Encoding Settings
Two Pass Encoding
Two Pass Encoding
Windows Media Encoding Settings
Windows Media Encoding Settings
Local Port:
Local Port:
Public Port:
Public Port:
Webcam
Webcam
Web Access
Web Access
Run Web Routing and Test Wizard
Run Web Routing and Test Wizard
Login Account
Login Account
Confirm Password:
Confirm Password:
Back up recordings via FTP
Back up recordings via FTP
FTP Server:
FTP Server:
Password:
Password:
Run external exe
Run external exe
Eyeline.exe
Eyeline.exe
eyeline.exe_1900:
.rdata
.rdata
@.data
@.data
.rsrc
.rsrc
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
mscoree.dll
mscoree.dll
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
UxTheme.dll
UxTheme.dll
dwmapi.dll
dwmapi.dll
Authorization: Basic %s
Authorization: Basic %s
/videostream.cgi
/videostream.cgi
GET %s HTTP/1.0
GET %s HTTP/1.0
Host: %s
Host: %s
User-Agent: %S
User-Agent: %S
HTTP/
HTTP/
hXXp://%s%s
hXXp://%s%s
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Server: Rex/10.0.0.3802
Server: Rex/10.0.0.3802
v 2.01 © NCH Software VVV.nchsoftware.com v 2.01 © NCH Software VVV.nchsoftware.comapplication/vnd.apple.mpegURL
application/vnd.apple.mpegURL
%s%s%s
%s%s%s
software=Eyeline&version=2.01&report=UINSTALL&text=%s-%s&language=en&platform=Win&extra1=%d%s
software=Eyeline&version=2.01&report=UINSTALL&text=%s-%s&language=en&platform=Win&extra1=%d%s
hXXp://%s/components/%s
hXXp://%s/components/%s
user32.dll
user32.dll
hXXp://VVV.audiochannel.net/versions/components/%s.txt
hXXp://VVV.audiochannel.net/versions/components/%s.txt
%s%d%d%d
%s%d%d%d
kernel32.dll
kernel32.dll
hXXp://cgi.nch.com.au/cgi-bin/regcheck.exe?cmd=v&id=%d&magic=%d&magicb=%d
hXXp://cgi.nch.com.au/cgi-bin/regcheck.exe?cmd=v&id=%d&magic=%d&magicb=%d
tb_%s_us.dat
tb_%s_us.dat
tb_%s_uk.dat
tb_%s_uk.dat
tb_%s_row.dat
tb_%s_row.dat
hXXp://VVV.audiochannel.net/versions/components/%s
hXXp://VVV.audiochannel.net/versions/components/%s
hXXp://VVV.nch.com.au/components/toolbars/NCH_Chrome.exe
hXXp://VVV.nch.com.au/components/toolbars/NCH_Chrome.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_Chrome.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_Chrome.exe
hXXp://VVV.nch.com.au/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.nch.com.au/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.audiochannel.net/versions/eyeline.txt
hXXp://VVV.audiochannel.net/versions/eyeline.txt
comctl32.dll
comctl32.dll
TaskDialogIndirect
TaskDialogIndirect
software=Eyeline&version=2.01&report=COMMENT&text=COMMENT-%s&language=en&platform=Win
software=Eyeline&version=2.01&report=COMMENT&text=COMMENT-%s&language=en&platform=Win
%s, %.2d %s 20%.2d %.2d:%.2d:%.2d %s%.2d%.2d
%s, %.2d %s 20%.2d %.2d:%.2d:%.2d %s%.2d%.2d
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
X-Mailer: Eyeline VVV.nch.com.au/software
X-Mailer: Eyeline VVV.nch.com.au/software
gc0p4Jq0M2Yt08jU534c%d
gc0p4Jq0M2Yt08jU534c%d
Content-Type: multipart/mixed; boundary=%s
Content-Type: multipart/mixed; boundary=%s
Content-Type: %s; name="%s"
Content-Type: %s; name="%s"
Content-Disposition: attachment; filename="%s"
Content-Disposition: attachment; filename="%s"
--%s--
--%s--
AUTH LOGIN
AUTH LOGIN
RCPT TO:
RCPT TO:
USER %s
USER %s
PASS %s
PASS %s
%s %s
%s %s
STOR %s
STOR %s
MFMT dddddd %s
MFMT dddddd %s
MLST %s
MLST %s
MLSD %s
MLSD %s
LIST %s
LIST %s
SIZE %s
SIZE %s
folder %s
folder %s
http=
http=
%s/%s
%s/%s
POST %s HTTP/1.0
POST %s HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Content-Length: %d
Content-Length: %d
HTTP/1.
HTTP/1.
c:\SourceCode\llib\include\../net/ssl.cpp
c:\SourceCode\llib\include\../net/ssl.cpp
hXXp://cgi.nch.com.au/cgi-bin/pingme.exe?port=%d
hXXp://cgi.nch.com.au/cgi-bin/pingme.exe?port=%d
hXXp://cgi.nch.com.au/cgi-bin/pingme.exe
hXXp://cgi.nch.com.au/cgi-bin/pingme.exe
urn:schemas-upnp-org:service:%s
urn:schemas-upnp-org:service:%s
M-SEARCH * HTTP/1.1
M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
HOST: 239.255.255.250:1900
239.255.255.250
239.255.255.250
%s%s>
%s%s>
POST %s HTTP/1.1
POST %s HTTP/1.1
CONTENT-LENGTH: %d
CONTENT-LENGTH: %d
SOAPACTION: "urn:schemas-upnp-org:service:%s#%s"
SOAPACTION: "urn:schemas-upnp-org:service:%s#%s"
%d%s%d%s1Eyeline Video Surveillance System %s Redirection0
%d%s%d%s1Eyeline Video Surveillance System %s Redirection0
AddPortMapping
AddPortMapping
User-Agent: %s
User-Agent: %s
%dx%d
%dx%d
function LAddEventListener(obj, evName, handler){if (!obj.addEventListener) obj.addEventListener = function(evtName, hand) { this.attachEvent('on' evtName, hand); };
function LAddEventListener(obj, evName, handler){if (!obj.addEventListener) obj.addEventListener = function(evtName, hand) { this.attachEvent('on' evtName, hand); };
if (evName.substring(0, 2) == 'on') evName = evName.substring(2);
if (evName.substring(0, 2) == 'on') evName = evName.substring(2);
if (typeof handler == 'string') {obj.addEventListener(evName, function () { eval(handler); }, false);} else {obj.addEventListener(evName, function (e){if (!e) e = window.event;handler(e);}, false);}}
if (typeof handler == 'string') {obj.addEventListener(evName, function () { eval(handler); }, false);} else {obj.addEventListener(evName, function (e){if (!e) e = window.event;handler(e);}, false);}}
window.location = '%s';
window.location = '%s';
document.cookie = '%s=%s; path=/%s';
document.cookie = '%s=%s; path=/%s';
Your password has been changed.Click here to return.
Your password has been changed.Click here to return.
Your password has been reset and sent to your email address.Click here to log on when you receive your password.
Your password has been reset and sent to your email address.Click here to log on when you receive your password.
function CmSubmit() {window.onbeforeunload = null;DisableSubmits(true);SimpleAjaxCall('%s', GetParams('dialogform') 'submit=' document.pressed, HandleAjaxJSReturn, function() { DisableSubmits(false); }, function() { DisableSubmits(false); }, 1200000);return false;}
function CmSubmit() {window.onbeforeunload = null;DisableSubmits(true);SimpleAjaxCall('%s', GetParams('dialogform') 'submit=' document.pressed, HandleAjaxJSReturn, function() { DisableSubmits(false); }, function() { DisableSubmits(false); }, 1200000);return false;}
function DisableSubmits(bDisable) {submits = document.getElementsByName('submit');for (i = 0; i
function DisableSubmits(bDisable) {submits = document.getElementsByName('submit');for (i = 0; i
| |||||
d:d:d.d
d:d:d.d
-:-:-.=
-:-:-.=
%s:%s
%s:%s
Failed to process the HTTP headers
Failed to process the HTTP headers
Invalid HTTP response
Invalid HTTP response
Server returned an error %d %S
Server returned an error %d %S
| %s | Image Stream |
| %s | Image Stream |
| %s | jpg | ||
| %s | jpg |
| Search Recordings | |||
| %s | |||
| %s | |||
| Search Recordings | |||
| %s | |||
| %s | |||
00:00:00
00:00:00
23:59:59
23:59:59
%s%s| Recordings | Operations |
| Recordings | Operations |
Sorry, your browser does not support HTML5 video tag.
Sorry, your browser does not support HTML5 video tag.
var c = %d;
var c = %d;
if (navigator.appVersion.indexOf("Mac") != -1) {
if (navigator.appVersion.indexOf("Mac") != -1) {
document.img.src = "stream.jpg?camera=%d";
document.img.src = "stream.jpg?camera=%d";
return;}pl.onload=display;pl.src = "frame.jpg?camera=%d&id=" c;
return;}pl.onload=display;pl.src = "frame.jpg?camera=%d&id=" c;
document.img.src = pl.src;
document.img.src = pl.src;
setTimeout('updatelink()', %d);
setTimeout('updatelink()', %d);
pl.onload=display;onLoad=StartScreen();
pl.onload=display;onLoad=StartScreen();
Eyeline Video Surveillance System Live %d
Eyeline Video Surveillance System Live %d
hasFlash = Boolean(new ActiveXObject('ShockwaveFlash.ShockwaveFlash'));
hasFlash = Boolean(new ActiveXObject('ShockwaveFlash.ShockwaveFlash'));
hasFlash = ('undefined' != typeof navigator.mimeTypes['application/x-shockwave-flash']);
hasFlash = ('undefined' != typeof navigator.mimeTypes['application/x-shockwave-flash']);
if (!hasFlash) window.location.replace("hXXp://%s/%s?camera=%d")
if (!hasFlash) window.location.replace("hXXp://%s/%s?camera=%d")
%s:%d
%s:%d
hXXp://%s/nchplayer.swf?host=%s&scope=Eyeline&streamName=live&bandwidth=%d&src=%d&autostart=true
hXXp://%s/nchplayer.swf?host=%s&scope=Eyeline&streamName=live&bandwidth=%d&src=%d&autostart=true
%s
%s
hXXp://%s/stream.asx?camera=%d
hXXp://%s/stream.asx?camera=%d
%s%sClick here to go to hXXp://VVV.nch.com.au
Click here to go to hXXp://VVV.nch.com.au
Pragma%d
Pragma%d
Content-Type: application/vnd.ms.wms-hdr.asfv1
Content-Type: application/vnd.ms.wms-hdr.asfv1
Eyeline Video Surveillance System Live %s
Eyeline Video Surveillance System Live %s
if (!document.createElement('video').canPlayType('application/vnd.apple.mpegURL')) {
if (!document.createElement('video').canPlayType('application/vnd.apple.mpegURL')) {
window.location.replace("hXXp://%s/stream.html?camera=%d")
window.location.replace("hXXp://%s/stream.html?camera=%d")
Sorry, your browser does not support Live Streaming.
Sorry, your browser does not support Live Streaming.
%s\%s\%d\%d.m3u8
%s\%s\%d\%d.m3u8
Enter your password. If you have forgotten what it is, please click Forgot your password.
Enter your password. If you have forgotten what it is, please click Forgot your password.
help/login.html
help/login.html
>
>
This is the resolution of the output video. Only certain pre-defined values are permitted.
This is the resolution of the output video. Only certain pre-defined values are permitted.
Windows Media Video 9
Windows Media Video 9
Windows Media Video 8
Windows Media Video 8
Windows Media Video 7
Windows Media Video 7
32 bit support
32 bit support
WebCam JPEG
WebCam JPEG
Application.GC
Application.GC
Application.Shutdown
Application.Shutdown
Application.Resource.LowMemory
Application.Resource.LowMemory
Application.Script.Warning
Application.Script.Warning
Application.Script.Error
Application.Script.Error
NetStream.Data.Start
NetStream.Data.Start
NetStream.Unpause.Notify
NetStream.Unpause.Notify
NetStream.Pause.Notify
NetStream.Pause.Notify
NetStream.Seek.Failed
NetStream.Seek.Failed
NetStream.Seek.Notify
NetStream.Seek.Notify
NetStream.Play.Complete
NetStream.Play.Complete
NetStream.Play.Switch
NetStream.Play.Switch
NetStream.Play.UnpublishNotify
NetStream.Play.UnpublishNotify
NetStream.Play.PublishNotify
NetStream.Play.PublishNotify
NetStream.Play.Reset
NetStream.Play.Reset
NetStream.Play.Stop
NetStream.Play.Stop
NetStream.Play.StreamNotFound
NetStream.Play.StreamNotFound
NetStream.Play.Start
NetStream.Play.Start
NetStream.Play.InsufficientBW
NetStream.Play.InsufficientBW
NetStream.Record.Failed
NetStream.Record.Failed
NetStream.Record.Stop
NetStream.Record.Stop
NetStream.Record.NoAccess
NetStream.Record.NoAccess
NetStream.Record.Start
NetStream.Record.Start
NetStream.Unpublish.Success
NetStream.Unpublish.Success
NetStream.Failed
NetStream.Failed
NetStream.Publish.BadName
NetStream.Publish.BadName
NetStream.Publish.Start
NetStream.Publish.Start
NetStream.Clear.Failed
NetStream.Clear.Failed
NetStream.Clear.Success
NetStream.Clear.Success
NetStream.InvalidArg
NetStream.InvalidArg
NetConnection.Connect.InvalidApp
NetConnection.Connect.InvalidApp
NetConnection.Connect.Success
NetConnection.Connect.Success
NetConnection.Connect.Rejected
NetConnection.Connect.Rejected
NetConnection.Connect.Failed
NetConnection.Connect.Failed
NetConnection.Connect.Closed
NetConnection.Connect.Closed
NetConnection.Connect.AppShutdown
NetConnection.Connect.AppShutdown
NetConnection.Call.BadVersion
NetConnection.Call.BadVersion
NetConnection.Call.Failed
NetConnection.Call.Failed
@device:sw:{860BB310-5D01-11D0-BD3B-00A0C911CE86}\{00CADAC6-7EA1-418B-8DDD-DF8510030101}
@device:sw:{860BB310-5D01-11D0-BD3B-00A0C911CE86}\{00CADAC6-7EA1-418B-8DDD-DF8510030101}
Speex ACM Codec xiph.org
Speex ACM Codec xiph.org
(unverified) For the Record - hXXp://VVV.fortherecord.com
(unverified) For the Record - hXXp://VVV.fortherecord.com
Aureal Semiconductor RAW SPORT
Aureal Semiconductor RAW SPORT
Windows Media Audio Lossless V9
Windows Media Audio Lossless V9
Windows Media Audio Professional V9
Windows Media Audio Professional V9
Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio
Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio
Windows Media Audio V1 / DivX audio (WMA)
Windows Media Audio V1 / DivX audio (WMA)
Sipro Lab Telecom ACELP.KELVIN
Sipro Lab Telecom ACELP.KELVIN
Sipro Lab Telecom ACELP.net
Sipro Lab Telecom ACELP.net
Microsoft Windows Media, RT Voice
Microsoft Windows Media, RT Voice
Compaq Computer VSELP (codec for Windows CE 2.0 devices)
Compaq Computer VSELP (codec for Windows CE 2.0 devices)
Classic FTP Software
Classic FTP Software
tar.gz
tar.gz
hXXp://VVV.nchsoftware.com/goldenvideos/
hXXp://VVV.nchsoftware.com/goldenvideos/
hXXp://VVV.nchsoftware.com/broadcam/
hXXp://VVV.nchsoftware.com/broadcam/
hXXp://VVV.nch.com.au/soundtap/
hXXp://VVV.nch.com.au/soundtap/
hXXp://VVV.nch.com.au/recordpad/
hXXp://VVV.nch.com.au/recordpad/
hXXp://VVV.nch.com.au/golden/
hXXp://VVV.nch.com.au/golden/
hXXp://VVV.nch.com.au/talk/
hXXp://VVV.nch.com.au/talk/
hXXp://VVV.nch.com.au/rip/
hXXp://VVV.nch.com.au/rip/
hXXp://VVV.nchsoftware.com/invoice/
hXXp://VVV.nchsoftware.com/invoice/
hXXp://VVV.nchsoftware.com/accounting/
hXXp://VVV.nchsoftware.com/accounting/
hXXp://VVV.nch.com.au/express/
hXXp://VVV.nch.com.au/express/
hXXp://VVV.nchsoftware.com/capture/
hXXp://VVV.nchsoftware.com/capture/
hXXp://VVV.nchsoftware.com/classic/
hXXp://VVV.nchsoftware.com/classic/
Classic FTP
Classic FTP
hXXp://VVV.nchsoftware.com/zip/
hXXp://VVV.nchsoftware.com/zip/
hXXp://VVV.nchsoftware.com/documentconvert/
hXXp://VVV.nchsoftware.com/documentconvert/
hXXp://VVV.nchsoftware.com/imageconverter/
hXXp://VVV.nchsoftware.com/imageconverter/
hXXp://VVV.nchsoftware.com/prism/
hXXp://VVV.nchsoftware.com/prism/
hXXp://VVV.nch.com.au/switch/
hXXp://VVV.nch.com.au/switch/
hXXp://VVV.nchsoftware.com/slideshow/
hXXp://VVV.nchsoftware.com/slideshow/
hXXp://VVV.nch.com.au/wavepad/
hXXp://VVV.nch.com.au/wavepad/
hXXp://VVV.nchsoftware.com/videopad/
hXXp://VVV.nchsoftware.com/videopad/
hXXp://VVV.nch.com.au/scribe/
hXXp://VVV.nch.com.au/scribe/
hXXp://VVV.nch.com.au/mixpad/
hXXp://VVV.nch.com.au/mixpad/
hXXp://VVV.nchsoftware.com/encrypt/
hXXp://VVV.nchsoftware.com/encrypt/
hXXp://VVV.nch.com.au/ivm/
hXXp://VVV.nch.com.au/ivm/
hXXp://VVV.nch.com.au/ims/
hXXp://VVV.nch.com.au/ims/
hXXp://VVV.nch.com.au/burn/
hXXp://VVV.nch.com.au/burn/
Portable Anymap
Portable Anymap
Portable Network Graphics
Portable Network Graphics
Joint Photographic Experts Group
Joint Photographic Experts Group
.wbmp
.wbmp
.tiff
.tiff
.jpeg
.jpeg
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
FTP file transfers
FTP file transfers
Upload your website using ftp
Upload your website using ftp
Manage stock, procurements and reporting
Manage stock, procurements and reporting
Track and Report Income and Expenditures
Track and Report Income and Expenditures
Zulu Disc Jockey Software
Zulu Disc Jockey Software
Clean and optimize your Windows registry by removing the old and damaged data that is bogging down your computer performance.
Clean and optimize your Windows registry by removing the old and damaged data that is bogging down your computer performance.
Voxal is a real time voice changing program. Change your voice live through speakers, in softphone calls, or any application or game that uses a microphone.
Voxal is a real time voice changing program. Change your voice live through speakers, in softphone calls, or any application or game that uses a microphone.
twelvekeys
twelvekeys
TwelveKeys Music Transcription
TwelveKeys Music Transcription
Universal audio converting software supports all popular audio formats including mp3, wma, wav, midi, m4a, and more. Use it to convert and compress sound files.
Universal audio converting software supports all popular audio formats including mp3, wma, wav, midi, m4a, and more. Use it to convert and compress sound files.
Orion finds and recovers deleted files on hard drives, external and portable drives. Or use the drive scrubber to ensure deleted files can't be recovered.
Orion finds and recovers deleted files on hard drives, external and portable drives. Or use the drive scrubber to ensure deleted files can't be recovered.
Key Blaze Typing Tutor Software
Key Blaze Typing Tutor Software
A powerful FTP client that integrates with Windows Explorer for manual or automatic file uploading, or sync/mirror files and folders via FTP.
A powerful FTP client that integrates with Windows Explorer for manual or automatic file uploading, or sync/mirror files and folders via FTP.
Fling FTP Sync Software Client
Fling FTP Sync Software Client
Easy to use file backup software to automatically back up critical data to CD, DVD, Blu-ray or a remote FTP server. Don't take chances with your valuable data.
Easy to use file backup software to automatically back up critical data to CD, DVD, Blu-ray or a remote FTP server. Don't take chances with your valuable data.
Use this text expansion software to create keyboard shortcuts that will expand to an entire word, sentence, paragraph or document. A useful time saving tool.
Use this text expansion software to create keyboard shortcuts that will expand to an entire word, sentence, paragraph or document. A useful time saving tool.
Digital dictation software to record and send dictation for transcription directly from your computer, or dock and send dictation from a portable device.
Digital dictation software to record and send dictation for transcription directly from your computer, or dock and send dictation from a portable device.
Professional accounting software to manage and report business income and expenses, sales, invoices and payments. Great for small and medium-sized companies.
Professional accounting software to manage and report business income and expenses, sales, invoices and payments. Great for small and medium-sized companies.
Easy to use video recording software lets you capture and record video from a webcam, your computer screen, an external video device or online streaming video.
Easy to use video recording software lets you capture and record video from a webcam, your computer screen, an external video device or online streaming video.
Easy and reliable FTP client software. View, edit, upload, download, delete and otherwise manage files on a remote server, website or network.
Easy and reliable FTP client software. View, edit, upload, download, delete and otherwise manage files on a remote server, website or network.
Classic FTP - FTP Client Software
Classic FTP - FTP Client Software
Use your PC to broadcast live or recorded video from a webcam, computer screen or video input device. Video streams will play in all popular web browsers.
Use your PC to broadcast live or recorded video from a webcam, computer screen or video input device. Video streams will play in all popular web browsers.
Debut is a reliable video recording program for capturing video with a webcam or video input, and is a screen recorder to record almost anything on your screen.
Debut is a reliable video recording program for capturing video with a webcam or video input, and is a screen recorder to record almost anything on your screen.
Prism is a program for Windows that lets you convert video files from one format to another.
Prism is a program for Windows that lets you convert video files from one format to another.
InstallReport
InstallReport
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=eyeline&source=softwaretrial
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=eyeline&source=softwaretrial
mhXXp://VVV.nchsoftware.com
mhXXp://VVV.nchsoftware.com
A full list of our products can be found at the below website. You may find another product that is more suitable for your needs.
A full list of our products can be found at the below website. You may find another product that is more suitable for your needs.
/InternetRepo/nch_com_au/components/x264enc6.exe
/InternetRepo/nch_com_au/components/x264enc6.exe
nchplayer.swf
nchplayer.swf
favicon.ico
favicon.ico
greybg.gif
greybg.gif
darkblue.gif
darkblue.gif
downsort.gif
downsort.gif
upsort.gif
upsort.gif
table.js
table.js
ajax.js
ajax.js
s.css
s.css
print.css
print.css
software\microsoft\windows\currentversion\app paths\%s
software\microsoft\windows\currentversion\app paths\%s
Eyeline-%d-%d
Eyeline-%d-%d
eyeline.exe
eyeline.exe
%d:%d:%d
%d:%d:%d
%d-%d-%d
%d-%d-%d
Global\%s
Global\%s
Software\Classes\%s
Software\Classes\%s
*.dat
*.dat
hXXp://VVV.nch.com.au/upgrade/index.html?software=eyeline&upgradeid=%d&upgradekey=%s
hXXp://VVV.nch.com.au/upgrade/index.html?software=eyeline&upgradeid=%d&upgradekey=%s
hXXp://VVV.nch.com.au/activate/index.html?code=%s
hXXp://VVV.nch.com.au/activate/index.html?code=%s
VVV.nchsoftware.com/surveillance
VVV.nchsoftware.com/surveillance
hXXp://%s
hXXp://%s
splash.jpg
splash.jpg
%d.%d.%d.%d
%d.%d.%d.%d
%d.%d.%d.%d:%d
%d.%d.%d.%d:%d
Password
Password
Eyeline Video Surveillance System.lnk
Eyeline Video Surveillance System.lnk
NCH Software.lnk
NCH Software.lnk
NCH Suite.lnk
NCH Suite.lnk
Software\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline
Software\Microsoft\Windows\CurrentVersion\Uninstall\Eyeline
URLInfoAbout
URLInfoAbout
URLUpdateInfo
URLUpdateInfo
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
hXXp://cgi.nch.com.au/cgi-bin/report.exe
hXXp://cgi.nch.com.au/cgi-bin/report.exe
uninst.exe
uninst.exe
Uninstall is complete. If you need to reinstall this software again you can download it from VVV.nchsoftware.com.
Uninstall is complete. If you need to reinstall this software again you can download it from VVV.nchsoftware.com.
Software\NCH Software\Components\%s
Software\NCH Software\Components\%s
\\.\pipe\%s
\\.\pipe\%s
Special discount pricing ends on the 15th of %s.
Special discount pricing ends on the 15th of %s.
Special discount pricing ends at the end of %s.
Special discount pricing ends at the end of %s.
88:88:88
88:88:88
hXXp://VVV.nch.com.au/suggestions/index.html?software=Eyeline&version=2.01%s%s
hXXp://VVV.nch.com.au/suggestions/index.html?software=Eyeline&version=2.01%s%s
hXXp://VVV.nchsoftware.com/software/newsletter.html?software=Eyeline&version=2.01%s%s
hXXp://VVV.nchsoftware.com/software/newsletter.html?software=Eyeline&version=2.01%s%s
hXXp://VVV.nchsoftware.com/software/video.html
hXXp://VVV.nchsoftware.com/software/video.html
hXXp://VVV.facebook.com/NCHSoftware
hXXp://VVV.facebook.com/NCHSoftware
hXXp://twitter.com/nchsoftware
hXXp://twitter.com/nchsoftware
hXXps://plus.google.com/ nchsoftware
hXXps://plus.google.com/ nchsoftware
hXXp://VVV.facebook.com/sharer/sharer.php?u=%s
hXXp://VVV.facebook.com/sharer/sharer.php?u=%s
hXXp://VVV.twitter.com/?status=%U%s
hXXp://VVV.twitter.com/?status=%U%s
hXXps://plusone.google.com/_/ 1/confirm?hl=en&url=%s
hXXps://plusone.google.com/_/ 1/confirm?hl=en&url=%s
hXXp://VVV.stumbleupon.com/submit?url=%s&title=NCH Software
hXXp://VVV.stumbleupon.com/submit?url=%s&title=NCH Software
hXXp://VVV.linkedin.com/shareArticle?url=%s&title=NCH Software&mini=true
hXXp://VVV.linkedin.com/shareArticle?url=%s&title=NCH Software&mini=true
%s by NCH Software%s%s
%s by NCH Software%s%s
- Licensed to %s
- Licensed to %s
Unsupported
Unsupported
%d x %d [%s], %.2lf fps, %s
%d x %d [%s], %.2lf fps, %s
%d x %d, %.2lf fps, %s
%d x %d, %.2lf fps, %s
Restarting web server
Restarting web server
Windows CE
Windows CE
LRTMPNumber == %f
LRTMPNumber == %f
LRTMPBoolean == %s
LRTMPBoolean == %s
LRTMPString == %s
LRTMPString == %s
"%s" -uninstall
"%s" -uninstall
eyelinesetup_v2.01.exe
eyelinesetup_v2.01.exe
Software\NCH Software\Eyeline\%s
Software\NCH Software\Eyeline\%s
Global\NCHSharedEvent%d
Global\NCHSharedEvent%d
-LQUIET -instby %sEyeline
-LQUIET -instby %sEyeline
-installcomponent "%s" %d
-installcomponent "%s" %d
audiochannel.net
audiochannel.net
VVV.nch.com.au
VVV.nch.com.au
An install-on-demand component could not be installed automatically. Please run it from the URL below then try again.
An install-on-demand component could not be installed automatically. Please run it from the URL below then try again.
%s=%s
%s=%s
_eyeline_rl_%s
_eyeline_rl_%s
Report Bug
Report Bug
Would you be willing to complete an NCH Software Bug Report so our programmers can try to fix this? Please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
Would you be willing to complete an NCH Software Bug Report so our programmers can try to fix this? Please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=AbTermOrHang-Win%d%d
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=AbTermOrHang-Win%d%d
Win%d%d
Win%d%d
Ukn0(Msg%dLstCmd%d)
Ukn0(Msg%dLstCmd%d)
(Cmd%d)
(Cmd%d)
%s-%s-%s-%s
%s-%s-%s-%s
dbghelp.dll
dbghelp.dll
XI: %s
XI: %s
Abnormal Execution Problem
Abnormal Execution Problem
Would you be willing to complete a NCH Software Bug Report so our programmers can try to fix this? If so, please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
Would you be willing to complete a NCH Software Bug Report so our programmers can try to fix this? If so, please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=GUI-%s
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=GUI-%s
%d-%d-%%d
%d-%d-%%d
Please check you have exited any previous running instances of Eyeline Video Surveillance System and any other programs that might be using the file "%s". Then run the installer again.
Please check you have exited any previous running instances of Eyeline Video Surveillance System and any other programs that might be using the file "%s". Then run the installer again.
Installation cannot be completed because the file "%s" cannot be written to.
Installation cannot be completed because the file "%s" cannot be written to.
Please read the following important information before continuing.
Please read the following important information before continuing.
c:\program files (x86)\
c:\program files (x86)\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s
explorer.exe
explorer.exe
Advapi32.dll
Advapi32.dll
W"%s" %s
W"%s" %s
explorer.exe "%s"
explorer.exe "%s"
hXXp://VVV.nchsoftware.com/%s.html
hXXp://VVV.nchsoftware.com/%s.html
hXXp://VVV.nch.com.au/%s.html
hXXp://VVV.nch.com.au/%s.html
hXXp://VVV.nch.com.au/kb/%d.html
hXXp://VVV.nch.com.au/kb/%d.html
.html
.html
hXXp://help.nchsoftware.com/help/en/eyeline/win/%s.html
hXXp://help.nchsoftware.com/help/en/eyeline/win/%s.html
%.4d-%.2d-%.2d Eyeline Video Surveillance System Log.txt
%.4d-%.2d-%.2d Eyeline Video Surveillance System Log.txt
TwelveKeys
TwelveKeys
twelvekeyssetup
twelvekeyssetup
KeyBlaze
KeyBlaze
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=eyeline&version=2.01%s%s%s%s%s%s%s%s&instby=%s
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=eyeline&version=2.01%s%s%s%s%s%s%s%s&instby=%s
hXXp://VVV.nchsoftware.com/software/registered.html?software=%s&appname=%s&version=2.01&base=surveillance&domain=nchsoftware%s%s%s%s%s%s%s
hXXp://VVV.nchsoftware.com/software/registered.html?software=%s&appname=%s&version=2.01&base=surveillance&domain=nchsoftware%s%s%s%s%s%s%s
ID - Key:
ID - Key:
%s-%s
%s-%s
hXXp://VVV.nch.com.au/upgrade/index.html
hXXp://VVV.nch.com.au/upgrade/index.html
%s Registration Code:
%s Registration Code:
Register %s
Register %s
Click here if you have not activated your 12-digit serial number online and have not received an ID-Key.
Click here if you have not activated your 12-digit serial number online and have not received an ID-Key.
If you have already activated your serial number online, check your email for the ID-key. Then, click here to enter your ID-Key.
If you have already activated your serial number online, check your email for the ID-key. Then, click here to enter your ID-Key.
The code that you have entered is a license serial number. You must activate your serial number online to receive the ID-Key needed to register this software.
The code that you have entered is a license serial number. You must activate your serial number online to receive the ID-Key needed to register this software.
ID-Key is required to complete the registration.
ID-Key is required to complete the registration.
Old Version Key
Old Version Key
- You are using the correct ID and key for the correct product. Only the ID and key for Eyeline Video Surveillance System will be accepted.
- You are using the correct ID and key for the correct product. Only the ID and key for Eyeline Video Surveillance System will be accepted.
support/reg
support/reg
registration.txt
registration.txt
Name: %s
Name: %s
Location: %s
Location: %s
ID - Key: %d - %s
ID - Key: %d - %s
-clear -label "Eyeline Video Surveillance System Installer" -type data "%s" "%s"
-clear -label "Eyeline Video Surveillance System Installer" -type data "%s" "%s"
Validate Key
Validate Key
Key cannot be validated. Please connect to the internet and try again.
Key cannot be validated. Please connect to the internet and try again.
Click here to go to the NCH Software website to view the latest pricing
Click here to go to the NCH Software website to view the latest pricing
2014-07-01
2014-07-01
nch.com.au
nch.com.au
nchsoftware.com
nchsoftware.com
hXXp://VVV.%s/%s
hXXp://VVV.%s/%s
%s [Recommended]
%s [Recommended]
Google Chrome, a faster way to browse the web
Google Chrome, a faster way to browse the web
Free games, themes and utilities from the Google Chrome Store
Free games, themes and utilities from the Google Chrome Store
Why people choose Chrome:
Why people choose Chrome:
Install Google Chrome as my default browser
Install Google Chrome as my default browser
Google Toolbar makes web browsing more convenient:
Google Toolbar makes web browsing more convenient:
Search from any website
Search from any website
Translate web pages instantly
Translate web pages instantly
hXXp://VVV.google.com/toolbar/ie/partnereula.html?hl=en
hXXp://VVV.google.com/toolbar/ie/partnereula.html?hl=en
hXXp://VVV.google.com/accounts/TOS?hl=en
hXXp://VVV.google.com/accounts/TOS?hl=en
hXXp://VVV.google.com/intl/en/privacy/privacy-policy.html
hXXp://VVV.google.com/intl/en/privacy/privacy-policy.html
By installing this application, you agree to the Google Chrome
By installing this application, you agree to the Google Chrome
By installing this application, you agree to the Google Chrome
By installing this application, you agree to the Google Chrome
hXXp://VVV.google.com/chrome/intl/en/eula_text.html
hXXp://VVV.google.com/chrome/intl/en/eula_text.html
hXXp://VVV.google.com/chrome/intl/en/privacy.html
hXXp://VVV.google.com/chrome/intl/en/privacy.html
reject-chrome
reject-chrome
Automatic download of the install-on-demand component "%s" failed.
Automatic download of the install-on-demand component "%s" failed.
The website will now be opened where you can download it manually.
The website will now be opened where you can download it manually.
Open Website
Open Website
-installrelated %x -toolbar %x
-installrelated %x -toolbar %x
NCH Software\Eyeline%s
NCH Software\Eyeline%s
Eyeline%s
Eyeline%s
%sT%s
%sT%s
Click to install and run %s
Click to install and run %s
Click to run %s
Click to run %s
Eyeline Video Surveillance System cannot launch the program required to perform the selected task. Please go to nch.com.au/software to download it and try again.
Eyeline Video Surveillance System cannot launch the program required to perform the selected task. Please go to nch.com.au/software to download it and try again.
hXXp://VVV.nchsoftware.com/software/index.html
hXXp://VVV.nchsoftware.com/software/index.html
hXXp://VVV.nchsoftware.com/software/newsletter.html%s%s
hXXp://VVV.nchsoftware.com/software/newsletter.html%s%s
hXXps://secure.nch.com.au/cgi-bin/register.exe%s%s
hXXps://secure.nch.com.au/cgi-bin/register.exe%s%s
hXXp://cgi.nch.com.au/cgi-bin/search.exe?q=%s&site=VVV.nch.com.au%s%s
hXXp://cgi.nch.com.au/cgi-bin/search.exe?q=%s&site=VVV.nch.com.au%s%s
Click to visit our website
Click to visit our website
File does not exist: %s
File does not exist: %s
Not enough memory available to load %s
Not enough memory available to load %s
Cannot open xml file: %s
Cannot open xml file: %s
(EOF) Element should be terminated with %s>. Check you have terminated your element properly.
(EOF) Element should be terminated with %s>. Check you have terminated your element properly.
Tag does not have a closing '>'
Tag does not have a closing '>'
Misplaced %s> which does not match a .
Misplaced %s> which does not match a .
Element should be terminated with %s>, was with %s. Check you have terminated your element properly.
Element should be terminated with %s>, was with %s. Check you have terminated your element properly.
Ln %d, Col %d: %s
Ln %d, Col %d: %s
%s\shell\open\command
%s\shell\open\command
http\shell\open\command
http\shell\open\command
iexplore.exe
iexplore.exe
iexplorer.exe
iexplorer.exe
firefox.exe
firefox.exe
chrome.exe
chrome.exe
Installing Google Chrome
Installing Google Chrome
The Google Chrome installer could not be downloaded.
The Google Chrome installer could not be downloaded.
ChromeRequiresLaunch
ChromeRequiresLaunch
ChromeEyeline
ChromeEyeline
software\Google\No Chrome Offer Until
software\Google\No Chrome Offer Until
NCH_Chrome.exe
NCH_Chrome.exe
Sorry, Chrome was not installed because of some problems encountered during the installation process.
Sorry, Chrome was not installed because of some problems encountered during the installation process.
cnm-%X
cnm-%X
Chrome
Chrome
NCH_GoogleToolbar.exe
NCH_GoogleToolbar.exe
gnm-%X
gnm-%X
chrome-google
chrome-google
chrome
chrome
Install Google Chrome - Free
Install Google Chrome - Free
Get Chrome to View Help Files
Get Chrome to View Help Files
We recommend Google Chrome as the preferred viewer for our help pages.
We recommend Google Chrome as the preferred viewer for our help pages.
Google Chrome is free and fast.
Google Chrome is free and fast.
"%s" -logon
"%s" -logon
-setautorun %s
-setautorun %s
"%s" -service
"%s" -service
-setaccount "%s" "%s"
-setaccount "%s" "%s"
\\.\pipe\EyelineService
\\.\pipe\EyelineService
Please enter the new account password here.
Please enter the new account password here.
Services cannot be run as an account without a password.
Services cannot be run as an account without a password.
Please use an user account that has a password or add a password to the user account if you would like to use it to run the service.
Please use an user account that has a password or add a password to the user account if you would like to use it to run the service.
Unable to set the service account. Check user name or password. The user name can be in the form Domain\Account if a Domain is required. You must be running this program as Administrator.
Unable to set the service account. Check user name or password. The user name can be in the form Domain\Account if a Domain is required. You must be running this program as Administrator.
%%.ß
%%.ß
%s%sshmf%ii.bin.tmp
%s%sshmf%ii.bin.tmp
Loading %s
Loading %s
The file format is not supported.
The file format is not supported.
Saving %s
Saving %s
Certain parts of this software fall under the Little CMS License:
Certain parts of this software fall under the Little CMS License:
Portions of this software are Copyright (c) 1998-2011 Marti Maria Saguer.
Portions of this software are Copyright (c) 1998-2011 Marti Maria Saguer.
Certain parts of this software fall under the LibJPEG License:
Certain parts of this software fall under the LibJPEG License:
Technical Support Page
Technical Support Page
Send Bug Report
Send Bug Report
About %s
About %s
This version 2.01 of Eyeline Video Surveillance System will only work on Windows 8.1 or earlier. A newer version is available for download on VVV.nchsoftware.com.
This version 2.01 of Eyeline Video Surveillance System will only work on Windows 8.1 or earlier. A newer version is available for download on VVV.nchsoftware.com.
%s%*c
%s%*c
Software\NCH Software\%s
Software\NCH Software\%s
Software\NCH Swift Sound\%s
Software\NCH Swift Sound\%s
Quick Install-on-Demand %s
Quick Install-on-Demand %s
-extsuite %s
-extsuite %s
-extfind %s
-extfind %s
Software\Classes\.%s
Software\Classes\.%s
software\microsoft\windows\currentversion\explorer\fileexts\.%s\userchoice
software\microsoft\windows\currentversion\explorer\fileexts\.%s\userchoice
%sfile
%sfile
%s\shell
%s\shell
%s\shell\open
%s\shell\open
"%s" -extfind %s "%%L"
"%s" -extfind %s "%%L"
%s\DefaultIcon
%s\DefaultIcon
%SystemRoot%\system32\shell32.dll,19
%SystemRoot%\system32\shell32.dll,19
Software\Classes\%s\Shell\%s\command
Software\Classes\%s\Shell\%s\command
Software\Classes\%s\Shell\%s
Software\Classes\%s\Shell\%s
Software\Classes\%s\Shell
Software\Classes\%s\Shell
hXXp://VVV.nchsoftware.com/index.html
hXXp://VVV.nchsoftware.com/index.html
An install-on-demand tool (%s) is required for this operation.
An install-on-demand tool (%s) is required for this operation.
hXXp://VVV.nch.com.au/kb/10271.html
hXXp://VVV.nch.com.au/kb/10271.html
Run %s
Run %s
NCH Software\%s\%s.exe
NCH Software\%s\%s.exe
NCH Swift Sound\%s\%s.exe
NCH Swift Sound\%s\%s.exe
%s "%s"
%s "%s"
Software\Classes\%s\shell\open\command
Software\Classes\%s\shell\open\command
Software\Classes\%s\shell
Software\Classes\%s\shell
Software\Classes\%s\shell\open
Software\Classes\%s\shell\open
Software\Classes\%s\DefaultIcon
Software\Classes\%s\DefaultIcon
%s%s%s%s
%s%s%s%s
Report a Problem
Report a Problem
Click here if you would like to report a problem with Eyeline Video Surveillance System.
Click here if you would like to report a problem with Eyeline Video Surveillance System.
If you find any problems with this release please let us know by reporting them.
If you find any problems with this release please let us know by reporting them.
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=Service-%s
hXXp://VVV.nch.com.au/software/bug.html?software=Eyeline&version=2.01&xi=Service-%s
%s Home Page
%s Home Page
%s v 2.01
%s v 2.01
Distributed by %s
Distributed by %s
Licensed User: %s
Licensed User: %s
Col%d
Col%d
Using SMTP is recommended to avoid email being junked.
Using SMTP is recommended to avoid email being junked.
e.g., mail.myisp.net
e.g., mail.myisp.net
e.g., myemail@myco.com
e.g., myemail@myco.com
If you choose SMTP you must enter a valid reply-to address. Enter your email address.
If you choose SMTP you must enter a valid reply-to address. Enter your email address.
If you choose SMTP you must enter an SMTP mail host. Call your ISP if you don't know what your SMTP mail host is.
If you choose SMTP you must enter an SMTP mail host. Call your ISP if you don't know what your SMTP mail host is.
If your SMTP server requires authentication, you must enter a SMTP username to connect to your server.
If your SMTP server requires authentication, you must enter a SMTP username to connect to your server.
Password Required
Password Required
If your SMTP server requires authentication, you must enter a valid SMTP password to connect to your server.
If your SMTP server requires authentication, you must enter a valid SMTP password to connect to your server.
Unable to connect to mail server "%s" when sending an email to "%s".
Unable to connect to mail server "%s" when sending an email to "%s".
Unable to connect to either mail server "%s" or the mail server at "%s".
Unable to connect to either mail server "%s" or the mail server at "%s".
Unable to connect to mail server "%s".
Unable to connect to mail server "%s".
Mail host server error (HELO not accepted, error code 504) for destination email %s - usually this means the email address is not valid.
Mail host server error (HELO not accepted, error code 504) for destination email %s - usually this means the email address is not valid.
Mail host server error (HELO not accepted): %d emailto: %s
Mail host server error (HELO not accepted): %d emailto: %s
Email authentication username or password not accepted
Email authentication username or password not accepted
Eyeline@%s
Eyeline@%s
Mail host server error (MAIL FROM not accepted). Please check your Email Settings.%s - (%d - %s)
Mail host server error (MAIL FROM not accepted). Please check your Email Settings.%s - (%d - %s)
Error while trying to send email. Email address may be wrong or your SMTP server may require a username or password. Please check address again and see Email Settings.
Error while trying to send email. Email address may be wrong or your SMTP server may require a username or password. Please check address again and see Email Settings.
The recipient's email server does not allow email to be received in this manner. Please use an SMTP account for sending email to this address. emailto: %s mailhost: %s
The recipient's email server does not allow email to be received in this manner. Please use an SMTP account for sending email to this address. emailto: %s mailhost: %s
The recipient's email server rejected this email because of an unspecified reason. Try using an SMTP account for sending email to this address.
The recipient's email server rejected this email because of an unspecified reason. Try using an SMTP account for sending email to this address.
Mail host server error (data terminator not accepted) emailto: %s mailhost: %s error: %d
Mail host server error (data terminator not accepted) emailto: %s mailhost: %s error: %d
Checking SMTP Settings
Checking SMTP Settings
Mail host server error (HELO not accepted): %d
Mail host server error (HELO not accepted): %d
Mail host server error (MAIL FROM not accepted). Please check your Email Settings. (%d)
Mail host server error (MAIL FROM not accepted). Please check your Email Settings. (%d)
Email address may be wrong or your SMTP server may require a username or password.
Email address may be wrong or your SMTP server may require a username or password.
Sending Email: %s
Sending Email: %s
This FTP server does not support the required protected mode data transfers for SSL connections.
This FTP server does not support the required protected mode data transfers for SSL connections.
%s: %2.0f%%
%s: %2.0f%%
%s/microsoft/windows mail/local folders/%s
%s/microsoft/windows mail/local folders/%s
SMTP_Server
SMTP_Server
SMTP_Email_Address
SMTP_Email_Address
00000001
00000001
Software\Microsoft\Internet Account Manager\Accounts\%s
Software\Microsoft\Internet Account Manager\Accounts\%s
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%s
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%s
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
%s\%s\d
%s\%s\d
%s\Thunderbird
%s\Thunderbird
%s\profiles.ini
%s\profiles.ini
%s\%s\prefs.js
%s\%s\prefs.js
mail.accountmanager.defaultaccount
mail.accountmanager.defaultaccount
mail.account.%s.identities
mail.account.%s.identities
mail.identity.%s.useremail
mail.identity.%s.useremail
mail.smtp.defaultserver
mail.smtp.defaultserver
mail.smtpserver.%s.hostname
mail.smtpserver.%s.hostname
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Eudora.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Eudora.exe
deudora.ini
deudora.ini
eudora.ini
eudora.ini
%s\Qualcomm\Eudora\eudora.ini
%s\Qualcomm\Eudora\eudora.ini
SMTPServer
SMTPServer
Windows Mail
Windows Mail
Mozilla Thunderbird
Mozilla Thunderbird
.127.0.0.1
.127.0.0.1
LTCPListener
LTCPListener
HNetCfg.HNetShare.1
HNetCfg.HNetShare.1
-firewall %s %d "%s"
-firewall %s %d "%s"
libeay32.dll
libeay32.dll
ssleay32.dll
ssleay32.dll
%s [%s]
%s [%s]
Eyeline Video Surveillance System TCP/IP Port
Eyeline Video Surveillance System TCP/IP Port
Connection test failed. Please check your firewall settings that it is not blocking TCP/IP port %d.
Connection test failed. Please check your firewall settings that it is not blocking TCP/IP port %d.
uPNP Router Control Port
uPNP Router Control Port
Connection test failed. Please check router's firewall is not blocking TCP/IP port %d and your computer firewall is not blocking port %d.
Connection test failed. Please check router's firewall is not blocking TCP/IP port %d and your computer firewall is not blocking port %d.
Router uPNP Disabled. Please log into your router and add TCP/IP port forwarding from public port %d to %s port %d or enable uPNP and try again.
Router uPNP Disabled. Please log into your router and add TCP/IP port forwarding from public port %d to %s port %d or enable uPNP and try again.
Router configuration required. Please log into your router and add TCP/IP port forwarding from public port %d to %s port %d.
Router configuration required. Please log into your router and add TCP/IP port forwarding from public port %d to %s port %d.
%d Hz, %d Bits, %s
%d Hz, %d Bits, %s
Windows Media Audio V1
Windows Media Audio V1
Windows Media Audio V2
Windows Media Audio V2
ACELP.net
ACELP.net
%d:%.2d:%.2d
%d:%.2d:%.2d
%d:%.2d:%.2d.%.3d
%d:%.2d:%.2d.%.3d
wmvcore.dll
wmvcore.dll
hXXp://VVV.altoedge.com/usbcapture/video.html
hXXp://VVV.altoedge.com/usbcapture/video.html
hXXp://VVV.altoedge.com/usbcapture/webcams.html
hXXp://VVV.altoedge.com/usbcapture/webcams.html
NCHScreenCapture %d %d %d %d %lf %d %d %d %d %d %d %d
NCHScreenCapture %d %d %d %d %lf %d %d %d %d %d %d %d
NCHIPCamrCapture&url=%s
NCHIPCamrCapture&url=%s
&user=%s
&user=%s
&password=%s
&password=%s
Can't understand response: %s
Can't understand response: %s
Server had an issue %d: %s
Server had an issue %d: %s
Server didn't gave an image but a web page instead.
Server didn't gave an image but a web page instead.
Server is displaying a format that can not be understood. %s
Server is displaying a format that can not be understood. %s
Web server stop responding.
Web server stop responding.
Web server gave a frame that couldn't be decoded.
Web server gave a frame that couldn't be decoded.
Couldn't read from the web server
Couldn't read from the web server
.dvr-ms
.dvr-ms
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffdshow video encoder
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffdshow video encoder
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
Ping: value1 == %d, value2 == %d, value3 == %d, value4 == %d
Ping: value1 == %d, value2 == %d, value3 == %d, value4 == %d
Stream Name is %d
Stream Name is %d
ChunkSize: nSize == %d
ChunkSize: nSize == %d
Audio ts: %d
Audio ts: %d
StreamBytesRead: nBytesRead == %d
StreamBytesRead: nBytesRead == %d
ServerBW: nBandwidth == %d
ServerBW: nBandwidth == %d
ClientBW: nBandwidth == %d, nValue2 == %d
ClientBW: nBandwidth == %d, nValue2 == %d
%s.%s
%s.%s
%s = %s
%s = %s
ConnectionParams: %s
ConnectionParams: %s
Size of data = %d
Size of data = %d
Video ts: %d
Video ts: %d
Attemption frameType is KEYFRAME
Attemption frameType is KEYFRAME
Size of data = %d
Size of data = %d
Failed to %s (stream ID: %d)
Failed to %s (stream ID: %d)
Error while invoking %s (stream ID: %d)
Error while invoking %s (stream ID: %d)
tcUrl
tcUrl
No scope " %s " on this server.
No scope " %s " on this server.
Application at " %s " is currently shutting down.
Application at " %s " is currently shutting down.
Call of Service: = %s
Call of Service: = %s
Method: = %s
Method: = %s
Num Params: %s
Num Params: %s
Pending Call of Service: = %s
Pending Call of Service: = %s
Result == %s
Result == %s
Playing and resetting %s.
Playing and resetting %s.
Started playing %s.
Started playing %s.
Stopped playing %s.
Stopped playing %s.
Seeking %d (stream ID: %d).
Seeking %d (stream ID: %d).
The stream doesn't support seeking.
The stream doesn't support seeking.
Everyday %s
Everyday %s
%s, %s
%s, %s
%s (day after)
%s (day after)
%s (same day)
%s (same day)
Scheduled_recording_%s
Scheduled_recording_%s
The recording "%s" is too long. It must be less than 10 hours long.
The recording "%s" is too long. It must be less than 10 hours long.
This recording has start or end time that overlaps recording "%s".
This recording has start or end time that overlaps recording "%s".
The scheduled recording time is longer than the maximum allowed recording time (Options -> Record -> Limit maximum recording time). The recording will be stopped after %s duration. Do you want to proceed?
The scheduled recording time is longer than the maximum allowed recording time (Options -> Record -> Limit maximum recording time). The recording will be stopped after %s duration. Do you want to proceed?
%u:%.2u:%.2u.%.3u
%u:%.2u:%.2u.%.3u
%u:%.2u:%.2u
%u:%.2u:%.2u
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\DV Video Encoder
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\DV Video Encoder
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffds
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffds
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m261
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m261
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m263
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\m263
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\fps1
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\fps1
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yv12
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yv12
%s (i420)
%s (i420)
%s (iyuv)
%s (iyuv)
Wrong video bitrate specified, must be from %d to %d
Wrong video bitrate specified, must be from %d to %d
%d Hz, %lu kbps, %s
%d Hz, %lu kbps, %s
%d Hz, %s
%d Hz, %s
%d x %d
%d x %d
Wrong video bitrate specified, must be from 24 to %d
Wrong video bitrate specified, must be from 24 to %d
WindowsMedia_Format
WindowsMedia_Format
WindowsMedia_VideoCodec
WindowsMedia_VideoCodec
WindowsMedia_VideoBitrate
WindowsMedia_VideoBitrate
WindowsMedia_SoundCodecIndex
WindowsMedia_SoundCodecIndex
WindowsMedia_SoundFormatIndex
WindowsMedia_SoundFormatIndex
WindowsMedia_VideoQuality
WindowsMedia_VideoQuality
WindowsMedia_LiveSource
WindowsMedia_LiveSource
msvfw32.dll
msvfw32.dll
hXXp://ffmpeg.org
hXXp://ffmpeg.org
avutil-52.nch.dll
avutil-52.nch.dll
swscale-2.nch.dll
swscale-2.nch.dll
avcodec-54.nch.dll
avcodec-54.nch.dll
avformat-54.nch.dll
avformat-54.nch.dll
swresample-0.nch.dll
swresample-0.nch.dll
S.wpp
S.wpp
%d_%d.ts
%d_%d.ts
%d.m3u8
%d.m3u8
#EXT-X-TARGETDURATION:%d
#EXT-X-TARGETDURATION:%d
#EXT-X-MEDIA-SEQUENCE:%d
#EXT-X-MEDIA-SEQUENCE:%d
#EXTINF:%d,
#EXTINF:%d,
v.clpi
v.clpi
"%s" - -
"%s" - -
"%s" -s %d -d -w -
"%s" -s %d -d -w -
FAAD2 AAC/HE-AAC/HE-AACv2/DRM decoder (c) Nero AG, VVV.nero.com
FAAD2 AAC/HE-AAC/HE-AACv2/DRM decoder (c) Nero AG, VVV.nero.com
"%s" -o raw
"%s" -o raw
Copyright (C) 2000-2002 Michel Lespinasse
Copyright (C) 2000-2002 Michel Lespinasse
Copyright (C) 1999-2000 Aaron Holtzman
Copyright (C) 1999-2000 Aaron Holtzman
License terms for this component can be found at: hXXp://VVV.opensource.org/licenses/lgpl-license.php
License terms for this component can be found at: hXXp://VVV.opensource.org/licenses/lgpl-license.php
"%s" %s - -
"%s" %s - -
"%s" -C %d -R %d -b %d
"%s" -C %d -R %d -b %d
"%s" -r
"%s" -r
-b %d --cbr --nores --nchvideo - -
-b %d --cbr --nores --nchvideo - -
Ã% = Current Day
Ã% = Current Day
%SS% = Current Second
%SS% = Current Second
ddraw.dll
ddraw.dll
%s: %s
%s: %s
PublicPort
PublicPort
Eyeline Server: %s (over the Internet)
Eyeline Server: %s (over the Internet)
Eyeline Server: %s (on the local network)
Eyeline Server: %s (on the local network)
Email: %s
Email: %s
Password: %s
Password: %s
help/password.html
help/password.html
Change Password
Change Password
changepasswordchanged
changepasswordchanged
Old Password:
Old Password:
New Password:
New Password:
Reenter New Password:
Reenter New Password:
The reentered new password does not match the first entry of the new password.
The reentered new password does not match the first entry of the new password.
Invalid password. Please try again.
Invalid password. Please try again.
>Reset Password
>Reset Password
lostpasswordsent
lostpasswordsent
Please enter your email address. Your password will be reset and sent to you by email.
Please enter your email address. Your password will be reset and sent to you by email.
changepassword
changepassword
lostpassword
lostpassword
%H %H %H %H
id=%d
id=%d
document.pressed=this.value
document.pressed=this.value
Â
Â
%H
%H
%H
%H
%H
%H
%H
%H
LWebletConnectionThread::ThreadFunction ProcessRecvBytes (post data) FAILED: sending %d bytes failed after %d seconds
LWebletConnectionThread::ThreadFunction ProcessRecvBytes (post data) FAILED: sending %d bytes failed after %d seconds
Port
Port
will not operate correctly because JavaScript is not enabled. Please consult your web browser's help for instructions on how to enable JavaScript.
will not operate correctly because JavaScript is not enabled. Please consult your web browser's help for instructions on how to enable JavaScript.
Login
Login
Login
Login
Password:
Password:
Forgot your password?
Forgot your password?
Login failed. Please check you have the right password.
Login failed. Please check you have the right password.
logon?onok=%U%?%s
logon?onok=%U%?%s
%HÂ Â
%HÂ Â
Many web browsers do not allow http or https access to port %u.
Many web browsers do not allow http or https access to port %u.
Reserved Port Number
Reserved Port Number
Test connection to port %u succeeded
Test connection to port %u succeeded
Test connection to port %u failed
Test connection to port %u failed
Passwords do not match
Passwords do not match
You must enter a password
You must enter a password
webaccess
webaccess
The current configuration has not been tested. Please click on the Run Web Routing and Test Wizard button to run the test.
The current configuration has not been tested. Please click on the Run Web Routing and Test Wizard button to run the test.
%s%s%d
%s%s%d
.sess
.sess
*.sess
*.sess
Webserver cannot bind to TCP/IP port.
Webserver cannot bind to TCP/IP port.
Some other program may be using port %d.
Some other program may be using port %d.
Decoding %s image
Decoding %s image
Encoding %s image
Encoding %s image
C:\ProgramData\NCH Software\Eyeline\Logs
C:\ProgramData\NCH Software\Eyeline\Logs
Use SMTP to send email directly to the mail server
Use SMTP to send email directly to the mail server
SMTP mail host:
SMTP mail host:
Send directly to other side (work as own SMTP server)
Send directly to other side (work as own SMTP server)
A full list of our products can be found at our below website. This may help you to find another product that is more suitable for your needs.
A full list of our products can be found at our below website. This may help you to find another product that is more suitable for your needs.
Constrain Proportions
Constrain Proportions
&ID - Key:
&ID - Key:
Press Key
Press Key
Press a key or a key combination.
Press a key or a key combination.
FTP Connection Test Results
FTP Connection Test Results
You must have a webcam or a video input device to see live video on your computer.
You must have a webcam or a video input device to see live video on your computer.
If you have a webcam or a USB video capture device, please check it is plugged in now and press Try Again.
If you have a webcam or a USB video capture device, please check it is plugged in now and press Try Again.
If you don't have a webcam or a video capture device, they are available online:
If you don't have a webcam or a video capture device, they are available online:
See recommended webcams
See recommended webcams
WebM Encoding Settings
WebM Encoding Settings
Two Pass Encoding
Two Pass Encoding
Windows Media Encoding Settings
Windows Media Encoding Settings
Local Port:
Local Port:
Public Port:
Public Port:
Webcam
Webcam
Web Access
Web Access
Run Web Routing and Test Wizard
Run Web Routing and Test Wizard
Login Account
Login Account
Confirm Password:
Confirm Password:
Back up recordings via FTP
Back up recordings via FTP
FTP Server:
FTP Server:
Password:
Password:
Run external exe
Run external exe
Eyeline.exe
Eyeline.exe