Trojan.GenericKD.2781107_a12b063dee

Susp_Dropper (Kaspersky), Trojan.GenericKD.2781107 (AdAware), Backdoor.Win32.Farfli.FD, Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.IEDummy.FD, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Backdoor

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

d:d

d:d

.PAVCMemoryException@@

.PAVCMemoryException@@

Error downloading file: %u

Error downloading file: %u

Error writing the destination file: %d-%u

Error writing the destination file: %d-%u

Could not create HTTP connection

Could not create HTTP connection

Could not HTTP file: %u

Could not HTTP file: %u

Could not open HTTP file: %s

Could not open HTTP file: %s

.PAVCException@@

.PAVCException@@

PTF://

PTF://

hXXps://

hXXps://

jsproxy.dll

jsproxy.dll

DetectAutoProxyUrl

DetectAutoProxyUrl

wininet.dll

wininet.dll

.tiff

.tiff

.jpeg

.jpeg

.wbmp

.wbmp

End tag not completed for element %s

End tag not completed for element %s

End tag does not correspond to %s

End tag does not correspond to %s

Expecting end tag of element %s

Expecting end tag of element %s

End tag of %s element not found

End tag of %s element not found

UxTheme.dll

UxTheme.dll

*.gif

*.gif

*.pcd

*.pcd

*.psd

*.psd

*.emf

*.emf

*.apm

*.apm

*.wmf

*.wmf

*.tif

*.tif

*.tga

*.tga

*.png

*.png

*.pcx

*.pcx

*.jpg

*.jpg

*.bmp

*.bmp

.PAVCObject@@

.PAVCObject@@

.PAVCThreadException@@

.PAVCThreadException@@

local this="%s";

local this="%s";

%s -> %s -> %s

%s -> %s -> %s

local this="%s";local e_Key=%d;local e_Modifiers = {};e_Modifiers.ctrl=%s;e_Modifiers.alt=%s;e_Modifiers.shift=%s

local this="%s";local e_Key=%d;local e_Modifiers = {};e_Modifiers.ctrl=%s;e_Modifiers.alt=%s;e_Modifiers.shift=%s

local e_NodeIndex="%s";local this="%s";

local e_NodeIndex="%s";local this="%s";

local e_Key=%d;local e_Modifiers = {};e_Modifiers.ctrl=%s;e_Modifiers.alt=%s;e_Modifiers.shift=%s;local this="%s";

local e_Key=%d;local e_Modifiers = {};e_Modifiers.ctrl=%s;e_Modifiers.alt=%s;e_Modifiers.shift=%s;local this="%s";

local e_NodeIndex="%s";local e_Expanded=%s;local this="%s";

local e_NodeIndex="%s";local e_Expanded=%s;local this="%s";

local e_NodeIndex="%s";local e_Checked=%s;local this="%s";

local e_NodeIndex="%s";local e_Checked=%s;local this="%s";

local e_NodeIndex="%s";local e_NewText="%s";local e_OldText ="%s";local this="%s";

local e_NodeIndex="%s";local e_NewText="%s";local e_OldText ="%s";local this="%s";

%s%s1

%s%s1

number e_Key, table e_Modifiers

number e_Key, table e_Modifiers

local this="%s";local e_Index = %d; local e_FilePath = "%s"

local this="%s";local e_Index = %d; local e_FilePath = "%s"

%s -> %s ->

%s -> %s ->

CAutoPlayWebObject

CAutoPlayWebObject

.?AVCAutoPlayWebObject@@

.?AVCAutoPlayWebObject@@

hXXp://VVV.indigorose.com

hXXp://VVV.indigorose.com

string e_URL

string e_URL

.?AVCWebBrowser2@@

.?AVCWebBrowser2@@

WebWindow

WebWindow

local e_Key=%d;local e_Modifiers = {};e_Modifiers.ctrl=%s;e_Modifiers.alt=%s;e_Modifiers.shift=%s;local this="%s"

local e_Key=%d;local e_Modifiers = {};e_Modifiers.ctrl=%s;e_Modifiers.alt=%s;e_Modifiers.shift=%s;local this="%s"

local e_Selection=%d;local this="%s"

local e_Selection=%d;local this="%s"

%s;local this="%s"

%s;local this="%s"

local e_Min=%d;local e_Max = %d;local e_Link = "%s";local this="%s"

local e_Min=%d;local e_Max = %d;local e_Link = "%s";local this="%s"

local e_Min=%d;local e_Max = %d;local this="%s"

local e_Min=%d;local e_Max = %d;local this="%s"

local e_Key=%d;local e_Modifiers = {};e_Modifiers.ctrl=%s;e_Modifiers.alt=%s;e_Modifiers.shift=%s

local e_Key=%d;local e_Modifiers = {};e_Modifiers.ctrl=%s;e_Modifiers.alt=%s;e_Modifiers.shift=%s

Proxy-Authorization: Basic %s

Proxy-Authorization: Basic %s

KERNEL32.DLL

KERNEL32.DLL

PSAPI.DLL

PSAPI.DLL

WS2_32.DLL

WS2_32.DLL

windows

windows

CWebBrowser2

CWebBrowser2

MakeKeywordIndex

MakeKeywordIndex

SearchKeywords

SearchKeywords

__NOREPORT__

__NOREPORT__

Keywords

Keywords

TRACE: LastError = %d ("%s")

TRACE: LastError = %d ("%s")

PasswordInput

PasswordInput

All Files (*.*)|*.*|

All Files (*.*)|*.*|

Page.Jump("

Page.Jump("

.PAVCResourceException@@

.PAVCResourceException@@

MSG_MOVING

MSG_MOVING

MSG_COPYING

MSG_COPYING

MSG_FROM_CAP

MSG_FROM_CAP

MSG_TO_CAP

MSG_TO_CAP

MSG_DELETING

MSG_DELETING

MSG_SEARCHING

MSG_SEARCHING

OpenURL

OpenURL

\StringFileInfo\xx\SpecialBuild

\StringFileInfo\xx\SpecialBuild

\StringFileInfo\xx\OriginalFilename

\StringFileInfo\xx\OriginalFilename

\StringFileInfo\xx\Comments

\StringFileInfo\xx\Comments

\StringFileInfo\xx\LegalTrademarks

\StringFileInfo\xx\LegalTrademarks

\StringFileInfo\xx\LegalCopyright

\StringFileInfo\xx\LegalCopyright

\StringFileInfo\xx\ProductName

\StringFileInfo\xx\ProductName

\StringFileInfo\xx\InternalName

\StringFileInfo\xx\InternalName

\StringFileInfo\xx\FileDescription

\StringFileInfo\xx\FileDescription

\StringFileInfo\xx\CompanyName

\StringFileInfo\xx\CompanyName

ErrorMsg

ErrorMsg

%Y-%m-%dT%H:%M:%S

%Y-%m-%dT%H:%M:%S

%A, %B %d, %Y

%A, %B %d, %Y

MSG_NOTICE

MSG_NOTICE

MSG_INSTALL_DO_YOU_WANT_OVERWRITE

MSG_INSTALL_DO_YOU_WANT_OVERWRITE

MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG

MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG

MSG_INSTALL_FILE_OLDER_MSG

MSG_INSTALL_FILE_OLDER_MSG

MSG_INSTALLING

MSG_INSTALLING

RunMsiexec

RunMsiexec

\msi.dll

\msi.dll

msi.dll

msi.dll

Software\Microsoft\Windows\CurrentVersion\Installer

Software\Microsoft\Windows\CurrentVersion\Installer

\msiexec.exe

\msiexec.exe

Page.Jump does not work during a Page Preview

Page.Jump does not work during a Page Preview

Page.Navigate does not work during a Page Preview

Page.Navigate does not work during a Page Preview

AutoDetectURL

AutoDetectURL

AlwaysShowSelection

AlwaysShowSelection

GetKeyNames

GetKeyNames

DoesKeyExist

DoesKeyExist

DeleteKey

DeleteKey

CreateKey

CreateKey

keycode

keycode

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Software\Microsoft\Windows\CurrentVersion

Software\Microsoft\Windows\CurrentVersion

MSG_SIZE_GIGABYTES

MSG_SIZE_GIGABYTES

MSG_SIZE_MEGABYTES

MSG_SIZE_MEGABYTES

MSG_SIZE_KILOBYTES

MSG_SIZE_KILOBYTES

MSG_SIZE_BYTES

MSG_SIZE_BYTES

IsKeyDown

IsKeyDown

%s-%s-%s

%s-%s-%s

%s/%s/%s

%s/%s/%s

%d:%s:%s AM

%d:%s:%s AM

%d:%s:%s PM

%d:%s:%s PM

%s:%s:%s

%s:%s:%s

Windows Server 2003

Windows Server 2003

xxxxxx

xxxxxx

Software\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows NT\CurrentVersion

MSG_ERROR

MSG_ERROR

MSG_REBOOT_FAILED

MSG_REBOOT_FAILED

LoadURL

LoadURL

GetURL

GetURL

GetHTTPErrorInfo

GetHTTPErrorInfo

PPassword

PPassword

Password

Password

%s %s %s %s (%0.2f %s)

%s %s %s %s (%0.2f %s)

%0.1f %s/%0.1f %s

%0.1f %s/%0.1f %s

%u %s/%u %s

%u %s/%u %s

MSG_KB_PER_SEC

MSG_KB_PER_SEC

MSG_ESTIMATED_TIME_LEFT

MSG_ESTIMATED_TIME_LEFT

MSG_FROM

MSG_FROM

MSG_SAVING

MSG_SAVING

MSG_DOWNLOADING

MSG_DOWNLOADING

WININET.DLL

WININET.DLL

MSG_QUERYING_INTERNET

MSG_QUERYING_INTERNET

MSG_READING

MSG_READING

%s/%s

%s/%s

%s (0x%2x)

%s (0x%2x)

Cannot play back the video stream: format 'RPZA' is not supported.

Cannot play back the video stream: format 'RPZA' is not supported.

Some of the streams in this movie are in an unsupported format.

Some of the streams in this movie are in an unsupported format.

Use of this filter is restricted by a software key. The application must unlock the filter.

Use of this filter is restricted by a software key. The application must unlock the filter.

Frame stepping is not supported.

Frame stepping is not supported.

This operation is not permitted in the current domain.

This operation is not permitted in the current domain.

This user operation is inhibited by DVD content at this time.

This user operation is inhibited by DVD content at this time.

No video port hardware is available, or the hardware is not responding.

No video port hardware is available, or the hardware is not responding.

The video port connection negotiation process has failed.

The video port connection negotiation process has failed.

Pins cannot connect because they don't support the same transport.

Pins cannot connect because they don't support the same transport.

Cannot play back the file: the format is not supported.

Cannot play back the file: the format is not supported.

Cannot play back the video stream: the video format is not supported.

Cannot play back the video stream: the video format is not supported.

Cannot play back the audio stream: the audio format is not supported.

Cannot play back the audio stream: the audio format is not supported.

Cannot play back the audio stream: no audio hardware is available, or the hardware is not supported.

Cannot play back the audio stream: no audio hardware is available, or the hardware is not supported.

The operation could not be performed because the filter is in the wrong state

The operation could not be performed because the filter is in the wrong state

The operation could not be performed because the filter is not running.

The operation could not be performed because the filter is not running.

The operation could not be performed because the filter is not paused.

The operation could not be performed because the filter is not paused.

The operation could not be performed because the filter is not stopped.

The operation could not be performed because the filter is not stopped.

No matching color key is available.

No matching color key is available.

Setting a palette would conflict with the color key already set.

Setting a palette would conflict with the color key already set.

Setting a color key would conflict with the palette already set.

Setting a color key would conflict with the palette already set.

Current pin connection is not using the IMemInputPin transport.

Current pin connection is not using the IMemInputPin transport.

Current pin connection is not using the IOverlay transport.

Current pin connection is not using the IOverlay transport.

No color key has been set.

No color key has been set.

The operation cannot be performed because the pins are not connected.

The operation cannot be performed because the pins are not connected.

One of the specified pins supports no media types.

One of the specified pins supports no media types.

At least one of the pins involved in the operation is already connected.

At least one of the pins involved in the operation is already connected.

This operation cannot be performed because the filter is active.

This operation cannot be performed because the filter is active.

font%d.dat

font%d.dat

Advapi32.dll

Advapi32.dll

MSG_REDIRECTING

MSG_REDIRECTING

MSG_STATUS_REQUEST_COMPLETE

MSG_STATUS_REQUEST_COMPLETE

MSG_STATUS_HANDLE_CLOSING

MSG_STATUS_HANDLE_CLOSING

MSG_STATUS_HANDLE_CREATED

MSG_STATUS_HANDLE_CREATED

MSG_CONNECTION_CLOSED

MSG_CONNECTION_CLOSED

MSG_CLOSING_CONNECTION

MSG_CLOSING_CONNECTION

MSG_CONNECTED_TO_SERVER

MSG_CONNECTED_TO_SERVER

MSG_CONNECTING_TO_SERVER

MSG_CONNECTING_TO_SERVER

MSG_HOST_NAME_RESOLVED

MSG_HOST_NAME_RESOLVED

MSG_RESOLVING_HOST_NAME

MSG_RESOLVING_HOST_NAME

%s, Line %d: %s

%s, Line %d: %s

[%d]: %s

[%d]: %s

*** LOCATION: %s

*** LOCATION: %s

local e_WindowWidth = %d; local e_WindowHeight = %d; local e_PageWidth = %d; local e_PageHeight = %d; local e_Type = %d;local this="%s";

local e_WindowWidth = %d; local e_WindowHeight = %d; local e_PageWidth = %d; local e_PageHeight = %d; local e_Type = %d;local this="%s";

%s -> %s

%s -> %s

local e_WindowWidth = %d; local e_WindowHeight = %d; local e_PageWidth = %d; local e_PageHeight = %d; local e_Type = %d;

local e_WindowWidth = %d; local e_WindowHeight = %d; local e_PageWidth = %d; local e_PageHeight = %d; local e_Type = %d;

Project -> %s

Project -> %s

local e_ID = %d;%s;local this="%s"

local e_ID = %d;%s;local this="%s"

local e_ID = %d;%s

local e_ID = %d;%s

local e_ItemInfo = {}; e_ItemInfo.Text="%s";e_ItemInfo.ID=%d; e_ItemInfo.Checked=%s;e_ItemInfo.Enabled=%s

local e_ItemInfo = {}; e_ItemInfo.Text="%s";e_ItemInfo.ID=%d; e_ItemInfo.Checked=%s;e_ItemInfo.Enabled=%s

0.0.0.0

0.0.0.0

%s >= %s

%s >= %s

__IR_TEMP_DETECT_VER = %s();

__IR_TEMP_DETECT_VER = %s();

RICHED32.DLL

RICHED32.DLL

RICHED20.DLL

RICHED20.DLL

comctl32.dll

comctl32.dll

Failed to initialize sound system: %s

Failed to initialize sound system: %s

{19813504-68A4-EFEC-925D-B3CD087B8175}

{19813504-68A4-EFEC-925D-B3CD087B8175}

_proj.dat

_proj.dat

Recording not supported on this device

Recording not supported on this device

An invalid parameter was passed to this function

An invalid parameter was passed to this function

The version number of this file format is not supported

The version number of this file format is not supported

Error setting cooperative level for hardware.

Error setting cooperative level for hardware.

Soundcard does not support the features needed for this soundsystem (16bit stereo output)

Soundcard does not support the features needed for this soundsystem (16bit stereo output)

and can not be run with the commercial version's runtime executable.

and can not be run with the commercial version's runtime executable.

Detection script: %s

Detection script: %s

_detect.dat

_detect.dat

MissingAXHelpURL

MissingAXHelpURL

?;%s\AutoPlay\Scripts\?;%s\AutoPlay\Scripts\?.lua;%s\?.lua;%s\?;

?;%s\AutoPlay\Scripts\?;%s\AutoPlay\Scripts\?.lua;%s\?.lua;%s\?;

Failed to load plugin: %s (#%d)

Failed to load plugin: %s (#%d)

Debug.ShowWindow(true);

Debug.ShowWindow(true);

Debug.SetTraceMode(true);

Debug.SetTraceMode(true);

%s\menu1.dah

%s\menu1.dah

local e_X = %d; local e_Y = %d;local this="%s";

local e_X = %d; local e_Y = %d;local this="%s";

local e_Type = %d; local e_X = %d; local e_Y = %d;local this="%s";

local e_Type = %d; local e_X = %d; local e_Y = %d;local this="%s";

local e_Type = %d; local e_X = %d; local e_Y = %d; local this="%s";

local e_Type = %d; local e_X = %d; local e_Y = %d; local this="%s";

local this="%s";local e_FSCommand="%s";local e_FSArgs="%s";

local this="%s";local e_FSCommand="%s";local e_FSArgs="%s";

local this="%s";local e_URL="%s";

local this="%s";local e_URL="%s";

local this="%s";local e_Channel=%d;local e_State="%s"

local this="%s";local e_Channel=%d;local e_State="%s"

local e_Type = %d; local e_X = %d; local e_Y = %d;local this="%s"

local e_Type = %d; local e_X = %d; local e_Y = %d;local this="%s"

local e_Type = %d; local e_X = %d; local e_Y = %d

local e_Type = %d; local e_X = %d; local e_Y = %d

Created with AutoPlay Media Studio 7.0 Trial - hXXp://VVV.indigorose.com

Created with AutoPlay Media Studio 7.0 Trial - hXXp://VVV.indigorose.com

%Program Files%

%Program Files%

C:\Temp

C:\Temp

_WindowsFolder

_WindowsFolder

IS 3.0.58.3

IS 3.0.58.3

DIBToHBITMAP error: GetLastError = %d

DIBToHBITMAP error: GetLastError = %d

SetWinMetaFileBits failed GetLastError = %d

SetWinMetaFileBits failed GetLastError = %d

read %d. layersLen %d

read %d. layersLen %d

ISLib PNG Error : %s

ISLib PNG Error : %s

1.2.8

1.2.8

Reading PCD sub-image #%d (%d x %d)

Reading PCD sub-image #%d (%d x %d)

ISLib JPG Error : %s

ISLib JPG Error : %s

ISLib JPG marker # %d, len: %d

ISLib JPG marker # %d, len: %d

ISLib JPG comment : %s

ISLib JPG comment : %s

Found bad IPTC data resource (len exceeds block end). ID=%d

Found bad IPTC data resource (len exceeds block end). ID=%d

NULL row buffer for row %ld, pass %d

NULL row buffer for row %ld, pass %d

libpng error: %s

libpng error: %s

libpng error: %s, offset=%d

libpng error: %s, offset=%d

libpng error no. %s: %s

libpng error no. %s: %s

libpng warning: %s

libpng warning: %s

libpng warning no. %s: %s

libpng warning no. %s: %s

iTXt chunk not supported.

iTXt chunk not supported.

GeoKeyDirectory

GeoKeyDirectory

%s: Cannot modify tag "%s" while writing

%s: Cannot modify tag "%s" while writing

%s: Unknown %stag %u

%s: Unknown %stag %u

%s: Bad value %f for "%s"

%s: Bad value %f for "%s"

%s: Invalid %stag "%s" (not supported by codec)

%s: Invalid %stag "%s" (not supported by codec)

%s: Bad field type %d for "%s"

%s: Bad field type %d for "%s"

%s: Pass by value is not implemented.

%s: Pass by value is not implemented.

%s: Failed to allocate space for list of custom values

%s: Failed to allocate space for list of custom values

%s: Bad value %ld for "%s"

%s: Bad value %ld for "%s"

%s: Bad value %d for "%s"

%s: Bad value %d for "%s"

%s: Sorry, cannot nest SubIFDs

%s: Sorry, cannot nest SubIFDs

Nonstandard tile length %d, convert file

Nonstandard tile length %d, convert file

Nonstandard tile width %d, convert file

Nonstandard tile width %d, convert file

Bad value %ld for "%s" tag ignored

Bad value %ld for "%s" tag ignored

%s: Invalid InkNames value; expecting %d names, found %d

%s: Invalid InkNames value; expecting %d names, found %d

%s: Error fetching directory count

%s: Error fetching directory count

%s: Error fetching directory link

%s: Error fetching directory link

Sorry, can not handle images with %d-bit samples

Sorry, can not handle images with %d-bit samples

Sorry, LogL data must have %s=%d

Sorry, LogL data must have %s=%d

Sorry, can not handle LogLuv images with %s=%d

Sorry, can not handle LogLuv images with %s=%d

Sorry, LogLuv data must have %s=%d or %d

Sorry, LogLuv data must have %s=%d or %d

Sorry, can not handle image with %s=%d

Sorry, can not handle image with %s=%d

Sorry, can not handle YCbCr images with %s=%d

Sorry, can not handle YCbCr images with %s=%d

Sorry, can not handle contiguous data with %s=%d, and %s=%d

Sorry, can not handle contiguous data with %s=%d, and %s=%d

Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d

Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d

Sorry, can not handle RGB image with %s=%d

Sorry, can not handle RGB image with %s=%d

Sorry, can not handle separated image with %s=%d

Sorry, can not handle separated image with %s=%d

Missing needed %s tag

Missing needed %s tag

%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu

%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu

%s: Read error at scanline %lu; got %lu bytes, expected %lu

%s: Read error at scanline %lu; got %lu bytes, expected %lu

%s: Seek error at scanline %lu, strip %lu

%s: Seek error at scanline %lu, strip %lu

%s: Data buffer too small to hold strip %lu

%s: Data buffer too small to hold strip %lu

%s: Read error on strip %lu; got %lu bytes, expected %lu

%s: Read error on strip %lu; got %lu bytes, expected %lu

%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu

%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu

%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu

%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu

%s: Seek error at row %ld, col %ld, tile %ld

%s: Seek error at row %ld, col %ld, tile %ld

%s: Data buffer too small to hold tile %ld

%s: Data buffer too small to hold tile %ld

%s: No space for data buffer at scanline %ld

%s: No space for data buffer at scanline %ld

Integer overflow in %s

Integer overflow in %s

"%s": Bad mode

"%s": Bad mode

Not a TIFF file, bad version number %d (0x%x)

Not a TIFF file, bad version number %d (0x%x)

This is a BigTIFF file. This format not supported

This is a BigTIFF file. This format not supported

Not a TIFF file, bad magic number %d (0x%x)

Not a TIFF file, bad magic number %d (0x%x)

%s: Out of memory (TIFF structure)

%s: Out of memory (TIFF structure)

Corrupt JPEG data: found marker 0xx instead of RST%d

Corrupt JPEG data: found marker 0xx instead of RST%d

Warning: unknown JFIF revision number %d.d

Warning: unknown JFIF revision number %d.d

Corrupt JPEG data: %u extraneous bytes before marker 0xx

Corrupt JPEG data: %u extraneous bytes before marker 0xx

Inconsistent progression sequence for component %d coefficient %d

Inconsistent progression sequence for component %d coefficient %d

Unknown Adobe color transform code %d

Unknown Adobe color transform code %d

Obtained XMS handle %u

Obtained XMS handle %u

Freed XMS handle %u

Freed XMS handle %u

Unrecognized component IDs %d %d %d, assuming YCbCr

Unrecognized component IDs %d %d %d, assuming YCbCr

JFIF extension marker: RGB thumbnail image, length %u

JFIF extension marker: RGB thumbnail image, length %u

JFIF extension marker: palette thumbnail image, length %u

JFIF extension marker: palette thumbnail image, length %u

JFIF extension marker: JPEG-compressed thumbnail image, length %u

JFIF extension marker: JPEG-compressed thumbnail image, length %u

Opened temporary file %s

Opened temporary file %s

Closed temporary file %s

Closed temporary file %s

Ss=%d, Se=%d, Ah=%d, Al=%d

Ss=%d, Se=%d, Ah=%d, Al=%d

Component %d: dc=%d ac=%d

Component %d: dc=%d ac=%d

Start Of Scan: %d components

Start Of Scan: %d components

Component %d: %dhx%dv q=%d

Component %d: %dhx%dv q=%d

Start Of Frame 0xx: width=%u, height=%u, components=%d

Start Of Frame 0xx: width=%u, height=%u, components=%d

Smoothing not supported with nonstandard sampling ratios

Smoothing not supported with nonstandard sampling ratios

RST%d

RST%d

At marker 0xx, recovery action %d

At marker 0xx, recovery action %d

Selected %d colors for quantization

Selected %d colors for quantization

Quantizing to %d colors

Quantizing to %d colors

Quantizing to %d = %d*%d*%d colors

Quantizing to %d = %d*%d*%d colors

%4u %4u %4u %4u %4u %4u %4u %4u

%4u %4u %4u %4u %4u %4u %4u %4u

Unexpected marker 0xx

Unexpected marker 0xx

Miscellaneous marker 0xx, length %u

Miscellaneous marker 0xx, length %u

with %d x %d thumbnail image

with %d x %d thumbnail image

JFIF extension marker: type 0xx, length %u

JFIF extension marker: type 0xx, length %u

Warning: thumbnail image size does not match data length %u

Warning: thumbnail image size does not match data length %u

JFIF APP0 marker: version %d.d, density %dx%d %d

JFIF APP0 marker: version %d.d, density %dx%d %d

= = = = = = = =

= = = = = = = =

Obtained EMS handle %u

Obtained EMS handle %u

Freed EMS handle %u

Freed EMS handle %u

Define Restart Interval %u

Define Restart Interval %u

Define Quantization Table %d precision %d

Define Quantization Table %d precision %d

Define Huffman Table 0xx

Define Huffman Table 0xx

Define Arithmetic Table 0xx: 0xx

Define Arithmetic Table 0xx: 0xx

Unknown APP14 marker (not Adobe), length %u

Unknown APP14 marker (not Adobe), length %u

Unknown APP0 marker (not JFIF), length %u

Unknown APP0 marker (not JFIF), length %u

Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d

Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d

Unsupported marker type 0xx

Unsupported marker type 0xx

Failed to create temporary file %s

Failed to create temporary file %s

Unsupported JPEG process: SOF type 0xx

Unsupported JPEG process: SOF type 0xx

Cannot quantize to more than %d colors

Cannot quantize to more than %d colors

Cannot quantize to fewer than %d colors

Cannot quantize to fewer than %d colors

Cannot quantize more than %d color components

Cannot quantize more than %d color components

Insufficient memory (case %d)

Insufficient memory (case %d)

Not a JPEG file: starts with 0xx 0xx

Not a JPEG file: starts with 0xx 0xx

Quantization table 0xx was not defined

Quantization table 0xx was not defined

Huffman table 0xx was not defined

Huffman table 0xx was not defined

Backing store not supported

Backing store not supported

Cannot transcode due to multiple use of quantization table %d

Cannot transcode due to multiple use of quantization table %d

Maximum supported image dimension is %u pixels

Maximum supported image dimension is %u pixels

Empty JPEG image (DNL not supported)

Empty JPEG image (DNL not supported)

Bogus DQT index %d

Bogus DQT index %d

Bogus DHT index %d

Bogus DHT index %d

Bogus DAC value 0x%x

Bogus DAC value 0x%x

Bogus DAC index %d

Bogus DAC index %d

Unsupported color conversion request

Unsupported color conversion request

Too many color components: %d, max %d

Too many color components: %d, max %d

Buffer passed to JPEG library is too small

Buffer passed to JPEG library is too small

JPEG parameter struct mismatch: library thinks size is %u, caller expects %u

JPEG parameter struct mismatch: library thinks size is %u, caller expects %u

Improper call to JPEG library in state %d

Improper call to JPEG library in state %d

Invalid scan script at entry %d

Invalid scan script at entry %d

Invalid progressive parameters at scan script entry %d

Invalid progressive parameters at scan script entry %d

Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d

Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d

Unsupported JPEG data precision %d

Unsupported JPEG data precision %d

Invalid memory pool code %d

Invalid memory pool code %d

Wrong JPEG library version: library is %d, caller expects %d

Wrong JPEG library version: library is %d, caller expects %d

IDCT output block size %d not supported

IDCT output block size %d not supported

Invalid component ID %d in SOS

Invalid component ID %d in SOS

Bogus message code %d

Bogus message code %d

%s: Write error at scanline %lu

%s: Write error at scanline %lu

%s: Seek error at scanline %lu

%s: Seek error at scanline %lu

"%s": Information lost writing value (%g) as (unsigned) RATIONAL

"%s": Information lost writing value (%g) as (unsigned) RATIONAL

Error writing data for field "%s"

Error writing data for field "%s"

%s: Error writing SubIFD directory link

%s: Error writing SubIFD directory link

ExifInteroperabilityOffset

ExifInteroperabilityOffset

InteroperabilityIndex

InteroperabilityIndex

InteroperabilityVersion

InteroperabilityVersion

Unknown zTXt compression type %d

Unknown zTXt compression type %d

Incomplete compressed datastream in %s chunk

Incomplete compressed datastream in %s chunk

Data error in compressed datastream in %s chunk

Data error in compressed datastream in %s chunk

Buffer error in compressed datastream in %s chunk

Buffer error in compressed datastream in %s chunk

gamma = (%d/100000)

gamma = (%d/100000)

gx=%f, gy=%f, bx=%f, by=%f

gx=%f, gy=%f, bx=%f, by=%f

wx=%f, wy=%f, rx=%f, ry=%f

wx=%f, wy=%f, rx=%f, ry=%f

incorrect gamma=(%d/100000)

incorrect gamma=(%d/100000)

Internal error, unknown tag 0x%x

Internal error, unknown tag 0x%x

Tag %d

Tag %d

Compression scheme %u %s encoding is not implemented

Compression scheme %u %s encoding is not implemented

%s %s encoding is not implemented

%s %s encoding is not implemented

Compression scheme %u %s decoding is not implemented

Compression scheme %u %s decoding is not implemented

%s %s decoding is not implemented

%s %s decoding is not implemented

Compression algorithm does not support random access

Compression algorithm does not support random access

%s: cannot handle zero strip size

%s: cannot handle zero strip size

%s: cannot handle zero tile size

%s: cannot handle zero tile size

%s: cannot handle zero scanline size

%s: cannot handle zero scanline size

%s: Bogus "%s" field, ignoring and calculating from imagelength

%s: Bogus "%s" field, ignoring and calculating from imagelength

%s: TIFF directory is missing required "%s" field, calculating from imagelength

%s: TIFF directory is missing required "%s" field, calculating from imagelength

%s: cannot handle zero number of %s

%s: cannot handle zero number of %s

%s: wrong data type %d for "%s"; tag ignored

%s: wrong data type %d for "%s"; tag ignored

%s: unknown field with tag %d (0x%x) encountered

%s: unknown field with tag %d (0x%x) encountered

%s: invalid TIFF directory; tags are not sorted in ascending order

%s: invalid TIFF directory; tags are not sorted in ascending order

%s: Can not read TIFF directory

%s: Can not read TIFF directory

%s: Can not read TIFF directory count

%s: Can not read TIFF directory count

%s: Seek error accessing TIFF directory

%s: Seek error accessing TIFF directory

%s: Failed to allocate space for IFD list

%s: Failed to allocate space for IFD list

No space %s

No space %s

%s: Cannot determine size of unknown tag type %d

%s: Cannot determine size of unknown tag type %d

%s: TIFF directory is missing required "%s" field

%s: TIFF directory is missing required "%s" field

incorrect count for field "%s" (%lu, expecting %lu); tag trimmed

incorrect count for field "%s" (%lu, expecting %lu); tag trimmed

incorrect count for field "%s" (%lu, expecting %lu); tag ignored

incorrect count for field "%s" (%lu, expecting %lu); tag ignored

Error fetching data for field "%s"

Error fetching data for field "%s"

%s: Rational with zero denominator (num = %lu)

%s: Rational with zero denominator (num = %lu)

Cannot handle different per-sample values for field "%s"

Cannot handle different per-sample values for field "%s"

cannot read TIFF_ANY type %d for field "%s"

cannot read TIFF_ANY type %d for field "%s"

%ld%c

%ld%c

%s compression support is not configured

%s compression support is not configured

?%s: No space for LogLuv state block

?%s: No space for LogLuv state block

Inappropriate photometric interpretation %d for SGILog compression; %s

Inappropriate photometric interpretation %d for SGILog compression; %s

LogL16Decode: Not enough data at row %d (short %d pixels)

LogL16Decode: Not enough data at row %d (short %d pixels)

LogLuvDecode24: Not enough data at row %d (short %d pixels)

LogLuvDecode24: Not enough data at row %d (short %d pixels)

LogLuvDecode32: Not enough data at row %d (short %d pixels)

LogLuvDecode32: Not enough data at row %d (short %d pixels)

%s: No space for SGILog translation buffer

%s: No space for SGILog translation buffer

No support for converting user data format to LogL

No support for converting user data format to LogL

No support for converting user data format to LogLuv

No support for converting user data format to LogLuv

SGILog compression supported only for %s, or raw data

SGILog compression supported only for %s, or raw data

Unknown data format %d for LogLuv compression

Unknown data format %d for LogLuv compression

Unknown encoding %d for LogLuv compression

Unknown encoding %d for LogLuv compression

PixarLog compression can't handle bits depth/data format combination (depth: %d)

PixarLog compression can't handle bits depth/data format combination (depth: %d)

%d bit input not supported in PixarLog

%d bit input not supported in PixarLog

PixarLogDecode: unsupported bits/sample: %d

PixarLogDecode: unsupported bits/sample: %d

%s: zlib error: %s

%s: zlib error: %s

%s: Not enough data at scanline %d (short %d bytes)

%s: Not enough data at scanline %d (short %d bytes)

%s: Decoding error at scanline %d, %s

%s: Decoding error at scanline %d, %s

PixarLog compression can't handle %d bit linear encodings

PixarLog compression can't handle %d bit linear encodings

%s: Encoder error: %s

%s: Encoder error: %s

%s: No space for state block

%s: No space for state block

%s: Bad code word at scanline %d (x %lu)

%s: Bad code word at scanline %d (x %lu)

%s: %s at scanline %d (got %lu, expected %lu)

%s: %s at scanline %d (got %lu, expected %lu)

%s: Premature EOF at scanline %d (x %lu)

%s: Premature EOF at scanline %d (x %lu)

%s: No space for Group 3/4 reference line

%s: No space for Group 3/4 reference line

%s: Uncompressed data (not supported) at scanline %d (x %lu)

%s: Uncompressed data (not supported) at scanline %d (x %lu)

Fax SubAddress: %s

Fax SubAddress: %s

(%u = 0x%x)

(%u = 0x%x)

%suncompressed data

%suncompressed data

%sEOL padding

%sEOL padding

%s2-d encoding

%s2-d encoding

%s compression not supported

%s compression not supported

Tiled Wang image not supported in libtiff

Tiled Wang image not supported in libtiff

Does not support lossless Huffman coding

Does not support lossless Huffman coding

Decompressor will try reading with sampling %d,%d.

Decompressor will try reading with sampling %d,%d.

Improper JPEG sampling factors %d,%d

Improper JPEG sampling factors %d,%d

Apparently should be %d,%d.

Apparently should be %d,%d.

Improper JPEG strip/tile size, expected %dx%d, got %dx%d

Improper JPEG strip/tile size, expected %dx%d, got %dx%d

RowsPerStrip must be multiple of %d for JPEG

RowsPerStrip must be multiple of %d for JPEG

JPEG tile width must be multiple of %d

JPEG tile width must be multiple of %d

JPEG tile height must be multiple of %d

JPEG tile height must be multiple of %d

BitsPerSample %d not allowed for JPEG

BitsPerSample %d not allowed for JPEG

PhotometricInterpretation %d not allowed for JPEG

PhotometricInterpretation %d not allowed for JPEG

ThunderDecode: %s data at scanline %ld (%lu != %lu)

ThunderDecode: %s data at scanline %ld (%lu != %lu)

PackBitsDecode: discarding %d bytes to avoid buffer overrun

PackBitsDecode: discarding %d bytes to avoid buffer overrun

LZWDecode: Corrupted LZW table at scanline %d

LZWDecode: Corrupted LZW table at scanline %d

LZWDecode: Not enough data at scanline %d (short %d bytes)

LZWDecode: Not enough data at scanline %d (short %d bytes)

LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d

LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d

LZWDecode: Strip %d not terminated with EOI code

LZWDecode: Strip %d not terminated with EOI code

LZWDecode: Bogus encoding, loop in the code table; scanline %d

LZWDecode: Bogus encoding, loop in the code table; scanline %d

LZWDecodeCompat: Corrupted LZW table at scanline %d

LZWDecodeCompat: Corrupted LZW table at scanline %d

LZWDecodeCompat: Not enough data at scanline %d (short %d bytes)

LZWDecodeCompat: Not enough data at scanline %d (short %d bytes)

LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d

LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d

DumpModeDecode: Not enough data for scanline %d

DumpModeDecode: Not enough data for scanline %d

Horizontal differencing "Predictor" not supported with %d-bit samples

Horizontal differencing "Predictor" not supported with %d-bit samples

"Predictor" value %d not supported

"Predictor" value %d not supported

%u (0x%x)

%u (0x%x)

Lua 5.0.2

Lua 5.0.2

bad argument #%d to `%s' (%s)

bad argument #%d to `%s' (%s)

calling `%s' on bad self (%s)

calling `%s' on bad self (%s)

%s expected, got %s

%s expected, got %s

%s:%d:

%s:%d:

stack overflow (%s)

stack overflow (%s)

cannot read %s: %s

cannot read %s: %s

attempt to %s a %s value

attempt to %s a %s value

attempt to %s %s `%s' (a %s value)

attempt to %s %s `%s' (a %s value)

attempt to compare %s with %s

attempt to compare %s with %s

attempt to compare two %s values

attempt to compare two %s values

%s:%d: %s

%s:%d: %s

system error %d

system error %d

file (%s)

file (%s)

`popen' not supported

`popen' not supported

field `%s' missing in date table

field `%s' missing in date table

^$* ?.([%-

^$* ?.([%-

missing `[' after `%%f' in pattern

missing `[' after `%%f' in pattern

no function environment for tail call at level %d

no function environment for tail call at level %d

could not load package `%s' from path `%s'

could not load package `%s' from path `%s'

error loading package `%s' (%s)

error loading package `%s' (%s)

?;?.lua

?;?.lua

`__pow' (`^' operator) is not a function

`__pow' (`^' operator) is not a function

invalid key for `next'

invalid key for `next'

too many %s (limit=%d)

too many %s (limit=%d)

%s:%d: %s near `%s'

%s:%d: %s near `%s'

char(%d)

char(%d)

`%s' expected (to close `%s' at line %d)

`%s' expected (to close `%s' at line %d)

`%s' expected

`%s' expected

bad code in %s

bad code in %s

unexpected end of file in %s

unexpected end of file in %s

bad integer in %s

bad integer in %s

bad nupvalues in %s: read %d; expected %d

bad nupvalues in %s: read %d; expected %d

bad constant type (%d) in %s

bad constant type (%d) in %s

unknown number format in %s

unknown number format in %s

%s too old: read version %d.%d; expected at least %d.%d

%s too old: read version %d.%d; expected at least %d.%d

%s too new: read version %d.%d; expected at most %d.%d

%s too new: read version %d.%d; expected at most %d.%d

bad signature in %s

bad signature in %s

virtual machine mismatch in %s: size of %s is %d but read %d

virtual machine mismatch in %s: size of %s is %d but read %d

C:\Dev\fmodsrc375win\src\fsound_stream.c

C:\Dev\fmodsrc375win\src\fsound_stream.c

http:\\

http:\\

C:\Dev\fmodsrc375win\src\fsound.c

C:\Dev\fmodsrc375win\src\fsound.c

C:\Dev\fmodsrc375win\src\fsound_tag.c

C:\Dev\fmodsrc375win\src\fsound_tag.c

C:\Dev\fmodsrc375win\src\system_memory.c

C:\Dev\fmodsrc375win\src\system_memory.c

C:\Dev\fmodsrc375win\src\fsound_dsp.c

C:\Dev\fmodsrc375win\src\fsound_dsp.c

C:\Dev\fmodsrc375win\src\system_thread.c

C:\Dev\fmodsrc375win\src\system_thread.c

C:\Dev\fmodsrc375win\src\system_file.c

C:\Dev\fmodsrc375win\src\system_file.c

The DLLs/EXEs of ASPI don't version check

The DLLs/EXEs of ASPI don't version check

No resources available to execute cmd

No resources available to execute cmd

ASPI for windows failed init

ASPI for windows failed init

Unsupported Windows mode

Unsupported Windows mode

ASPI manager doesn't support Windows

ASPI manager doesn't support Windows

C:\Dev\fmodsrc375win\win\src\fsound_cdda.c

C:\Dev\fmodsrc375win\win\src\fsound_cdda.c

\\.\%c:

\\.\%c:

ERROR: %c: already open

ERROR: %c: already open

ERROR: Couldn't access CD/DVD device at %c:

ERROR: Couldn't access CD/DVD device at %c:

ERROR: %s

ERROR: %s

ERROR: Failed to initialise ASPI (%s)

ERROR: Failed to initialise ASPI (%s)

wmvcore.dll

wmvcore.dll

C:\Dev\fmodsrc375win\win\src\format_asf.cpp

C:\Dev\fmodsrc375win\win\src\format_asf.cpp

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\vorbisfile.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\vorbisfile.c

C:\Dev\fmodsrc375win\win\src\format_dshow.c

C:\Dev\fmodsrc375win\win\src\format_dshow.c

C:\Dev\fmodsrc375win\src\fsound_sample.c

C:\Dev\fmodsrc375win\src\fsound_sample.c

C:\Dev\fmodsrc375win\src\format_mpeg.c

C:\Dev\fmodsrc375win\src\format_mpeg.c

C:\Dev\fmodsrc375win\src\format_oggvorbis.c

C:\Dev\fmodsrc375win\src\format_oggvorbis.c

C:\Dev\fmodsrc375win\src\format_wav.c

C:\Dev\fmodsrc375win\src\format_wav.c

C:\Dev\fmodsrc375win\src\format_fsb.c

C:\Dev\fmodsrc375win\src\format_fsb.c

C:\Dev\fmodsrc375win\src\format_oggvorbis_net.c

C:\Dev\fmodsrc375win\src\format_oggvorbis_net.c

C:\Dev\fmodsrc375win\src\format_mpeg_net.c

C:\Dev\fmodsrc375win\src\format_mpeg_net.c

StreamUrl='

StreamUrl='

HTTP/1.1

HTTP/1.1

HTTP/1.0

HTTP/1.0

C:\Dev\fmodsrc375win\src\fsound_stream_net.c

C:\Dev\fmodsrc375win\src\fsound_stream_net.c

ice-url

ice-url

ice-url:

ice-url:

icy-url

icy-url

icy-url:

icy-url:

Authorization: Basic %s

Authorization: Basic %s

Host: %s

Host: %s

GET %s HTTP/1.1

GET %s HTTP/1.1

C:\Dev\fmodsrc375win\src\sound_software.c

C:\Dev\fmodsrc375win\src\sound_software.c

C:\Dev\fmodsrc375win\win\src\output_winmm.c

C:\Dev\fmodsrc375win\win\src\output_winmm.c

ddraw.dll

ddraw.dll

\d3d9.dll

\d3d9.dll

dsound3d.dll

dsound3d.dll

dsound.dll

dsound.dll

%s: Left = ASIO CH %d Right = ASIO CH %d

%s: Left = ASIO CH %d Right = ASIO CH %d

C:\Dev\fmodsrc375win\win\src\output_asio.cpp

C:\Dev\fmodsrc375win\win\src\output_asio.cpp

C:\Dev\fmodsrc375win\win\src\fsound_systemmixer_win32.c

C:\Dev\fmodsrc375win\win\src\fsound_systemmixer_win32.c

Software\Microsoft\Windows\CurrentVersion\Multimedia\MIDIMap

Software\Microsoft\Windows\CurrentVersion\Multimedia\MIDIMap

C:\Dev\fmodsrc375win\win\src\music_formatmidi.c

C:\Dev\fmodsrc375win\win\src\music_formatmidi.c

C:\Dev\fmodsrc375win\src\fsound_dsp_fft.c

C:\Dev\fmodsrc375win\src\fsound_dsp_fft.c

C:\Dev\fmodsrc375win\ogg_vorbis\ogg\src\framing.c

C:\Dev\fmodsrc375win\ogg_vorbis\ogg\src\framing.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\info.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\info.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\block.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\block.c

C:\Dev\fmodsrc375win\src\format_it.c

C:\Dev\fmodsrc375win\src\format_it.c

C:\Dev\fmodsrc375win\src\system_net.c

C:\Dev\fmodsrc375win\src\system_net.c

C:\Dev\fmodsrc375win\src\music_formatmod.c

C:\Dev\fmodsrc375win\src\music_formatmod.c

C:\Dev\fmodsrc375win\src\music_formatit.c

C:\Dev\fmodsrc375win\src\music_formatit.c

C:\Dev\fmodsrc375win\src\music_formatxm.c

C:\Dev\fmodsrc375win\src\music_formatxm.c

C:\Dev\fmodsrc375win\src\music_formats3m.c

C:\Dev\fmodsrc375win\src\music_formats3m.c

C:\Dev\fmodsrc375win\src\music_formatfsb.c

C:\Dev\fmodsrc375win\src\music_formatfsb.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\psy.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\psy.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\sharedbook.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\sharedbook.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\codebook.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\codebook.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\mdct.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\mdct.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\envelope.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\envelope.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\mapping0.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\mapping0.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\res0.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\res0.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\floor1.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\floor1.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\floor0.c

C:\Dev\fmodsrc375win\ogg_vorbis\vorbis\lib\floor0.c

%s %s

%s %s

%s %s (%s)

%s %s (%s)

u/u/u u:u

u/u/u u:u

%s %lx

%s %lx

%s %d %s

%s %d %s

All Files|*.*||

All Files|*.*||

dzprog32 /%c /u /T=%s

dzprog32 /%c /u /T=%s

Version: 4.00.04 - %s %s

Version: 4.00.04 - %s %s

%s [Memory]

%s [Memory]

%s [Tested]

%s [Tested]

%s [Extracted]

%s [Extracted]

--- DynaZIP UnZIP Log - %s ---

--- DynaZIP UnZIP Log - %s ---

\DUNZLOG.TXT

\DUNZLOG.TXT

%s exists and is Read Only, do you want to overwrite it?

%s exists and is Read Only, do you want to overwrite it?

Decryption key not provided, or too long

Decryption key not provided, or too long

UNZIPCMDSTRUCT Size is incorrect.

UNZIPCMDSTRUCT Size is incorrect.

\DYNAZIP.LOG

\DYNAZIP.LOG

decryptFlag: %d

decryptFlag: %d

returnCount: %d

returnCount: %d

noDirectoryItemsFlag: %d

noDirectoryItemsFlag: %d

recurseFlag: %d

recurseFlag: %d

noDirectoryNamesFlag: %d

noDirectoryNamesFlag: %d

testFlag: %d

testFlag: %d

quietFlag: %d

quietFlag: %d

overWriteFlag: %d

overWriteFlag: %d

updateFlag: %d

updateFlag: %d

freshenFlag: %d

freshenFlag: %d

index: %d

index: %d

Function: %d

Function: %d

--- DynaZIP UnZIP Diagnostic Log - %s ---

--- DynaZIP UnZIP Diagnostic Log - %s ---

returnCount: %d

returnCount: %d

File to Memory: %s

File to Memory: %s

Testing: %s

Testing: %s

Extracting: %s

Extracting: %s

Item %d of %d

Item %d of %d

%s is encrypted, and you have not provided the correct code. Go to next item (if any)?

%s is encrypted, and you have not provided the correct code. Go to next item (if any)?

%s exists, do you want to overwrite it?

%s exists, do you want to overwrite it?

User skipped this operation

User skipped this operation

User cancelled this operation

User cancelled this operation

Bad or missing decryption key

Bad or missing decryption key

Application cancelled operation

Application cancelled operation

Multi-disk archive, not supported

Multi-disk archive, not supported

Target Media is NON-Removable and can not be used for a Multi-Volume operation.

Target Media is NON-Removable and can not be used for a Multi-Volume operation.

Please insert Disk Volume %d of %d.

Please insert Disk Volume %d of %d.

Please insert Disk Volume %d.

Please insert Disk Volume %d.

PKBACK# d

PKBACK# d

dzprog32.exe /%c /z /T=%s

dzprog32.exe /%c /z /T=%s

:;,= "[]|

:;,= "[]|

-.Z:.zip:.zoo:.arc:.lzh:.arj

-.Z:.zip:.zoo:.arc:.lzh:.arj

PKBACK# .d

PKBACK# .d

%s [Deleted]

%s [Deleted]

%s [Added]

%s [Added]

--- DynaZIP ZIP Log - %s ---

--- DynaZIP ZIP Log - %s ---

\DZIPLOG.TXT

\DZIPLOG.TXT

Wiping Drive %c:...

Wiping Drive %c:...

Formatting Cylinder %d

Formatting Cylinder %d

Formatting Drive %c:...

Formatting Drive %c:...

zip error: STORE not supported for pipes or devices

zip error: STORE not supported for pipes or devices

local extra (%d bytes) != central extra (%d bytes):

local extra (%d bytes) != central extra (%d bytes):

has %d bytes of extra data:

has %d bytes of extra data:

unknown internal attributes = 0xx:

unknown internal attributes = 0xx:

starts on disk %u:

starts on disk %u:

unknown compression method %u:

unknown compression method %u:

undefined bits used in flags = 0xx:

undefined bits used in flags = 0xx:

local flags = 0xx, central = 0xx:

local flags = 0xx, central = 0xx:

needs unzip %d.%d on system type %d:

needs unzip %d.%d on system type %d:

made by version %d.%d on system type %d:

made by version %d.%d on system type %d:

Could not complete operation

Could not complete operation

Operation interrupted by application

Operation interrupted by application

encryptFlag: %d

encryptFlag: %d

dontCompressTheseSuffixesFlag: %d

dontCompressTheseSuffixesFlag: %d

includeSysHiddenFlag: %d

includeSysHiddenFlag: %d

noDirectoryEntriesFlag: %d

noDirectoryEntriesFlag: %d

excludeFollowingFlag: %d

excludeFollowingFlag: %d

includeOnlyFollowingFlag: %d

includeOnlyFollowingFlag: %d

oldAsLatestFlag: %d

oldAsLatestFlag: %d

afterDateFlag: %d

afterDateFlag: %d

addCommentFlag: %d

addCommentFlag: %d

convertLFtoCRLFFlag: %d

convertLFtoCRLFFlag: %d

growExistingFlag: %d

growExistingFlag: %d

deleteOriginalFlag: %d

deleteOriginalFlag: %d

includeVolumeFlag: %d

includeVolumeFlag: %d

fixHarderFlag: %d

fixHarderFlag: %d

fixFlag: %d

fixFlag: %d

pathForTempFlag: %d

pathForTempFlag: %d

compFactor: %d

compFactor: %d

dosifyFlag: %d

dosifyFlag: %d

Function: %d

Function: %d

--- DynaZIP ZIP Diagnostic Log - %s ---

--- DynaZIP ZIP Diagnostic Log - %s ---

was getting encryption password

was getting encryption password

encryption not supported

encryption not supported

\\.\vwin32

\\.\vwin32

.?AVCCmdUI@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCUserException@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.PAVCArchiveException@@

.PAVCArchiveException@@

.?AVCHttpConnection@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.?AVCHttpFile@@

.PAVCOleException@@

.PAVCOleException@@

.PAVCOleDispatchException@@

.PAVCOleDispatchException@@

zcÁ

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe

333333334

333333334

.nM(aL8

.nM(aL8

(H7.www

(H7.www

.bXXXA

.bXXXA

|.%rW{{{{{{{{{{{~/%se

|.%rW{{{{{{{{{{{~/%se

{.vv.

{.vv.

W.öd

W.öd

version="7.1.1000.0"

version="7.1.1000.0"

name="autorun.exe"/>

name="autorun.exe"/>

name="Microsoft.Windows.Common-Controls"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

publicKeyToken="6595b64144ccf1df"

eDRMHeader.SubscriptionContentID

eDRMHeader.SubscriptionContentID

DRMHeader.ContentDistributor

DRMHeader.ContentDistributor

DRMHeader.SECURITYVERSION

DRMHeader.SECURITYVERSION

DRMHeader.CID

DRMHeader.CID

DRMHeader.LAINFO

DRMHeader.LAINFO

DRMHeader.KID

DRMHeader.KID

LicenseStateData.Transfer.NONSDMI

LicenseStateData.Transfer.NONSDMI

LicenseStateData.Transfer.SDMI

LicenseStateData.Transfer.SDMI

LicenseStateData.Print.redbook

LicenseStateData.Print.redbook

LicenseStateData.Play

LicenseStateData.Play

ActionAllowed.Backup

ActionAllowed.Backup

ActionAllowed.Transfer.NONSDMI

ActionAllowed.Transfer.NONSDMI

ActionAllowed.Transfer.SDMI

ActionAllowed.Transfer.SDMI

ActionAllowed.Print.redbook

ActionAllowed.Print.redbook

ActionAllowed.Play

ActionAllowed.Play

BaseLAURL

BaseLAURL

Transfer.NONSDMI

Transfer.NONSDMI

Transfer.SDMI

Transfer.SDMI

Print.redbook

Print.redbook

CopyrightURL

CopyrightURL

BannerImageURL

BannerImageURL

WM/AlbumCoverURL

WM/AlbumCoverURL

WM/PromotionURL

WM/PromotionURL

To see what data this error report contains,

To see what data this error report contains,

We have created an error report which will help us to improve this product. We will treat this report as confidential and anonymous. No personal data will be transmitted other than what you provide to us.

We have created an error report which will help us to improve this product. We will treat this report as confidential and anonymous. No personal data will be transmitted other than what you provide to us.

Jump target not found2The operating system is out of memory or resources!The specified file was not found.!The specified path was not found.AThe .exe file is invalid (non-Win32 .exe or error in .exe image).9The operating system denied access to the specified file.3The file name association is incomplete or invalid._The DDE transaction could not be completed because other DDE transactions were being processed.

Jump target not found2The operating system is out of memory or resources!The specified file was not found.!The specified path was not found.AThe .exe file is invalid (non-Win32 .exe or error in .exe image).9The operating system denied access to the specified file.3The file name association is incomplete or invalid._The DDE transaction could not be completed because other DDE transactions were being processed.

The DDE transaction failed.IThe DDE transaction could not be completed because the request timed out.1The specified dynamic-link library was not found.FThere is no application associated with the given file name extension.6There was not enough memory to complete the operation.

The DDE transaction failed.IThe DDE transaction could not be completed because the request timed out.1The specified dynamic-link library was not found.FThere is no application associated with the given file name extension.6There was not enough memory to complete the operation.

Unidentified execution error.=Could not find the startup page specified in Project|Settings

Unidentified execution error.=Could not find the startup page specified in Project|Settings

Page does not exist:#The specified object was not found.EThe action could not be performed because the content file is closed.:The Video Object's state was incompatible with the action.2The "SeekTime" value is to large for Video Object.6The "SeekTime" value cannot be less than negative one.

Page does not exist:#The specified object was not found.EThe action could not be performed because the content file is closed.:The Video Object's state was incompatible with the action.2The "SeekTime" value is to large for Video Object.6The "SeekTime" value cannot be less than negative one.

%d arguments required.

%d arguments required.

Argument %d must be of type %s.

Argument %d must be of type %s.

Confirm Abort2Are you sure that you want to abort the operation?

Confirm Abort2Are you sure that you want to abort the operation?

Replace%Select the entire document

Replace%Select the entire document

All Files (*.*)

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Page %u

Page %u

Pages %u-%u

Pages %u-%u

Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||

Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

#Unable to load mail system support.

#Unable to load mail system support.

Access to %1 was denied..An invalid file handle was associated with %1.

Access to %1 was denied..An invalid file handle was associated with %1.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

7.1.1000.0

7.1.1000.0

2007 Indigo Rose Corporation (VVV.indigorose.com)

2007 Indigo Rose Corporation (VVV.indigorose.com)

ams70_runtime.exe

ams70_runtime.exe

svchost.exe_716:

.text

.text

`.data

`.data

.rsrc

.rsrc

ADVAPI32.dll

ADVAPI32.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

RPCRT4.dll

RPCRT4.dll

NETAPI32.dll

NETAPI32.dll

ole32.dll

ole32.dll

ntdll.dll

ntdll.dll

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

GetProcessHeap

GetProcessHeap

NtOpenKey

NtOpenKey

svchost.pdb

svchost.pdb

\PIPE\

\PIPE\

Software\Microsoft\Windows NT\CurrentVersion\Svchost

Software\Microsoft\Windows NT\CurrentVersion\Svchost

\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\

\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\

5.1.2600.5512 (xpsp.080413-2111)

5.1.2600.5512 (xpsp.080413-2111)

svchost.exe

svchost.exe

Windows

Windows

Operating System

Operating System

5.1.2600.5512

5.1.2600.5512

svchost.exe_716_rwx_00C80000_00016000:

`.rsrc

`.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

Portions Copyright (c) 1999,2003 Avenger by NhT

Kernel32.dll

Kernel32.dll

ntdll.dll

ntdll.dll

kernel32.dll

kernel32.dll

789:;

789:;

user32.dll

user32.dll

urlmon.dll

urlmon.dll

wininet.dll

wininet.dll

advapi32.dll

advapi32.dll

Shell32.dll

Shell32.dll

shell32.dll

shell32.dll

shlwapi.dll

shlwapi.dll

KWindows

KWindows

UnitKeylogger

UnitKeylogger

GetWindowsDirectoryW

GetWindowsDirectoryW

GetProcessHeap

GetProcessHeap

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyExW

RegCreateKeyExW

RegCreateKeyW

RegCreateKeyW

RegCloseKey

RegCloseKey

FindExecutableW

FindExecutableW

ShellExecuteW

ShellExecuteW

SHDeleteKeyW

SHDeleteKeyW

URLDownloadToFileW

URLDownloadToFileW

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExW

SetWindowsHookExW

MapVirtualKeyW

MapVirtualKeyW

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

GetKeyboardState

GetKeyboardState

FtpPutFileW

FtpPutFileW

FtpSetCurrentDirectoryW

FtpSetCurrentDirectoryW

DeleteUrlCacheEntryW

DeleteUrlCacheEntryW

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

DURLDnV

DURLDnV

KERNEL32.DLL

KERNEL32.DLL

oleaut32.dll

oleaut32.dll

PSAPI.dll

PSAPI.dll

x.html

x.html

explorer.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\RunOnce

Software\Microsoft\Windows\CurrentVersion\RunOnce

Software\Microsoft\Windows NT\CurrentVersion\Windows

Software\Microsoft\Windows NT\CurrentVersion\Windows

explorer.exe

explorer.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

[Execute]

[Execute]

KeyDelBackspace

KeyDelBackspace

XtremeKeylogger

XtremeKeylogger

hXXp://

hXXp://

.functions

.functions

ÞFAULTBROWSER%

ÞFAULTBROWSER%

\Microsoft\Windows\

\Microsoft\Windows\

svchost.exe

svchost.exe

flashplayerupdate.sytes.net

flashplayerupdate.sytes.net

mcigm.exe

mcigm.exe

write.exe

write.exe

fil{J5D61A3M-KFBD-7F2K-GLU1-K7S5MBIBK0T8}

fil{J5D61A3M-KFBD-7F2K-GLU1-K7S5MBIBK0T8}

PTF.ftpserver.com

PTF.ftpserver.com

ftpuser

ftpuser

ftppass

ftppass

%System%\MXPMX\mcigm.exe

%System%\MXPMX\mcigm.exe

%System%\MXPMX\

%System%\MXPMX\

%Documents and Settings%\%current user%\Application Data\Microsoft\Windows\H5JCKLMWAV.cfg

%Documents and Settings%\%current user%\Application Data\Microsoft\Windows\H5JCKLMWAV.cfg

Software\Microsoft\Active Setup\Installed Components\{J5D61A3M-KFBD-7F2K-GLU1-K7S5MBIBK0T8}

Software\Microsoft\Active Setup\Installed Components\{J5D61A3M-KFBD-7F2K-GLU1-K7S5MBIBK0T8}

write.exe_496:

.text

.text

`.data

`.data

.rsrc

.rsrc

SHELL32.dll

SHELL32.dll

KERNEL32.dll

KERNEL32.dll

msvcrt.dll

msvcrt.dll

wordpad.exe

wordpad.exe

write.pdb

write.pdb

ShellExecuteA

ShellExecuteA

_acmdln

_acmdln

Windows Write

Windows Write

5.1.2600.0 (xpclient.010817-1148)

5.1.2600.0 (xpclient.010817-1148)

Windows

Windows

Operating System

Operating System

5.1.2600.0

5.1.2600.0

write.exe_496_rwx_00C80000_00016000:

`.rsrc

`.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

Portions Copyright (c) 1999,2003 Avenger by NhT

Kernel32.dll

Kernel32.dll

ntdll.dll

ntdll.dll

kernel32.dll

kernel32.dll

789:;

789:;

user32.dll

user32.dll

urlmon.dll

urlmon.dll

wininet.dll

wininet.dll

advapi32.dll

advapi32.dll

Shell32.dll

Shell32.dll

shell32.dll

shell32.dll

shlwapi.dll

shlwapi.dll

KWindows

KWindows

UnitKeylogger

UnitKeylogger

GetWindowsDirectoryW

GetWindowsDirectoryW

GetProcessHeap

GetProcessHeap

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyExW

RegCreateKeyExW

RegCreateKeyW

RegCreateKeyW

RegCloseKey

RegCloseKey

FindExecutableW

FindExecutableW

ShellExecuteW

ShellExecuteW

SHDeleteKeyW

SHDeleteKeyW

URLDownloadToFileW

URLDownloadToFileW

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExW

SetWindowsHookExW

MapVirtualKeyW

MapVirtualKeyW

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

GetKeyboardState

GetKeyboardState

FtpPutFileW

FtpPutFileW

FtpSetCurrentDirectoryW

FtpSetCurrentDirectoryW

DeleteUrlCacheEntryW

DeleteUrlCacheEntryW

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

DURLDnV

DURLDnV

KERNEL32.DLL

KERNEL32.DLL

oleaut32.dll

oleaut32.dll

PSAPI.dll

PSAPI.dll

x.html

x.html

explorer.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\RunOnce

Software\Microsoft\Windows\CurrentVersion\RunOnce

Software\Microsoft\Windows NT\CurrentVersion\Windows

Software\Microsoft\Windows NT\CurrentVersion\Windows

explorer.exe

explorer.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

[Execute]

[Execute]

KeyDelBackspace

KeyDelBackspace

XtremeKeylogger

XtremeKeylogger

hXXp://

hXXp://

.functions

.functions

ÞFAULTBROWSER%

ÞFAULTBROWSER%

\Microsoft\Windows\

\Microsoft\Windows\

svchost.exe

svchost.exe

flashplayerupdate.sytes.net

flashplayerupdate.sytes.net

mcigm.exe

mcigm.exe

write.exe

write.exe

fil{J5D61A3M-KFBD-7F2K-GLU1-K7S5MBIBK0T8}

fil{J5D61A3M-KFBD-7F2K-GLU1-K7S5MBIBK0T8}

PTF.ftpserver.com

PTF.ftpserver.com

ftpuser

ftpuser

ftppass

ftppass

%System%\MXPMX\mcigm.exe

%System%\MXPMX\mcigm.exe

%System%\MXPMX\

%System%\MXPMX\

%Documents and Settings%\%current user%\Application Data\Microsoft\Windows\H5JCKLMWAV.cfg

%Documents and Settings%\%current user%\Application Data\Microsoft\Windows\H5JCKLMWAV.cfg

Software\Microsoft\Active Setup\Installed Components\{J5D61A3M-KFBD-7F2K-GLU1-K7S5MBIBK0T8}

Software\Microsoft\Active Setup\Installed Components\{J5D61A3M-KFBD-7F2K-GLU1-K7S5MBIBK0T8}

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\cefal.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\cefal.exe

svchost.exe_268:

.text

.text

`.data

`.data

.rsrc

.rsrc

ADVAPI32.dll

ADVAPI32.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

RPCRT4.dll

RPCRT4.dll

NETAPI32.dll

NETAPI32.dll

ole32.dll

ole32.dll

ntdll.dll

ntdll.dll

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

GetProcessHeap

GetProcessHeap

NtOpenKey

NtOpenKey

svchost.pdb

svchost.pdb

\PIPE\

\PIPE\

Software\Microsoft\Windows NT\CurrentVersion\Svchost

Software\Microsoft\Windows NT\CurrentVersion\Svchost

\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\

\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\

5.1.2600.5512 (xpsp.080413-2111)

5.1.2600.5512 (xpsp.080413-2111)

svchost.exe

svchost.exe

Windows

Windows

Operating System

Operating System

5.1.2600.5512

5.1.2600.5512

svchost.exe_268_rwx_00C80000_00016000:

`.rsrc

`.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

Portions Copyright (c) 1999,2003 Avenger by NhT

Kernel32.dll

Kernel32.dll

ntdll.dll

ntdll.dll

kernel32.dll

kernel32.dll

789:;

789:;

user32.dll

user32.dll

urlmon.dll

urlmon.dll

wininet.dll

wininet.dll

advapi32.dll

advapi32.dll

Shell32.dll

Shell32.dll

shell32.dll

shell32.dll

shlwapi.dll

shlwapi.dll

KWindows

KWindows

UnitKeylogger

UnitKeylogger

GetWindowsDirectoryW

GetWindowsDirectoryW

GetProcessHeap

GetProcessHeap

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyExW

RegCreateKeyExW

RegCreateKeyW

RegCreateKeyW

RegCloseKey

RegCloseKey

FindExecutableW

FindExecutableW

ShellExecuteW

ShellExecuteW

SHDeleteKeyW

SHDeleteKeyW

URLDownloadToFileW

URLDownloadToFileW

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExW

SetWindowsHookExW

MapVirtualKeyW

MapVirtualKeyW

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

GetKeyboardState

GetKeyboardState

FtpPutFileW

FtpPutFileW

FtpSetCurrentDirectoryW

FtpSetCurrentDirectoryW

DeleteUrlCacheEntryW

DeleteUrlCacheEntryW

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

4DURLDr

4DURLDr

KERNEL32.DLL

KERNEL32.DLL

oleaut32.dll

oleaut32.dll

PSAPI.dll

PSAPI.dll

x.html

x.html

explorer.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\RunOnce

Software\Microsoft\Windows\CurrentVersion\RunOnce

Software\Microsoft\Windows NT\CurrentVersion\Windows

Software\Microsoft\Windows NT\CurrentVersion\Windows

explorer.exe

explorer.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

[Execute]

[Execute]

KeyDelBackspace

KeyDelBackspace

XtremeKeylogger

XtremeKeylogger

hXXp://

hXXp://

.functions

.functions

ÞFAULTBROWSER%

ÞFAULTBROWSER%

\Microsoft\Windows\

\Microsoft\Windows\

svchost.exe

svchost.exe

flashplayerupdate.sytes.net

flashplayerupdate.sytes.net

C:\User

C:\User

mncxd.exe

mncxd.exe

igfxsrvc.exe

igfxsrvc.exe

{7EVAL775-6E0K-4C23-21G5-M0Q18MWC7472}

{7EVAL775-6E0K-4C23-21G5-M0Q18MWC7472}

PTF.ftpserver.com

PTF.ftpserver.com

ftpuser

ftpuser

ftppass

ftppass

%System%\MCMP\mncxd.exe

%System%\MCMP\mncxd.exe

%System%\MCMP\

%System%\MCMP\

%Documents and Settings%\%current user%\Application Data\Microsoft\Windows\H7R4X9Y.cfg

%Documents and Settings%\%current user%\Application Data\Microsoft\Windows\H7R4X9Y.cfg

Software\Microsoft\Active Setup\Installed Components\{7EVAL775-6E0K-4C23-21G5-M0Q18MWC7472}

Software\Microsoft\Active Setup\Installed Components\{7EVAL775-6E0K-4C23-21G5-M0Q18MWC7472}

iexplore.exe_1860:

%?9-*09,*19}*09

%?9-*09,*19}*09

.text

.text

`.data

`.data

.rsrc

.rsrc

msvcrt.dll

msvcrt.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

USER32.dll

USER32.dll

SHLWAPI.dll

SHLWAPI.dll

SHDOCVW.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

IE-X-X

rsabase.dll

rsabase.dll

System\CurrentControlSet\Control\Windows

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

dw15 -x -s %u

watson.microsoft.com

watson.microsoft.com

IEWatsonURL

IEWatsonURL

%s -h %u

%s -h %u

iedw.exe

iedw.exe

Iexplore.XPExceptionFilter

Iexplore.XPExceptionFilter

jscript.DLL

jscript.DLL

mshtml.dll

mshtml.dll

mlang.dll

mlang.dll

urlmon.dll

urlmon.dll

wininet.dll

wininet.dll

shdocvw.DLL

shdocvw.DLL

browseui.DLL

browseui.DLL

comctl32.DLL

comctl32.DLL

IEXPLORE.EXE

IEXPLORE.EXE

iexplore.pdb

iexplore.pdb

ADVAPI32.dll

ADVAPI32.dll

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

IExplorer.EXE

IExplorer.EXE

IIIIIB(II<.fg>

IIIIIB(II<.fg>

7?_____ZZSSH%

7?_____ZZSSH%

)z.UUUUUUUU

)z.UUUUUUUU

,....Qym

,....Qym

````2```

````2```

{.QLQIIIKGKGKGKGKGKG

{.QLQIIIKGKGKGKGKGKG

;33;33;0

;33;33;0

8888880

8888880

8887080

8887080

browseui.dll

browseui.dll

shdocvw.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

6.00.2900.5512 (xpsp.080413-2105)

Windows

Windows

Operating System

Operating System

6.00.2900.5512

6.00.2900.5512

iexplore.exe_1860_rwx_00C80000_00016000:

`.rsrc

`.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

Portions Copyright (c) 1999,2003 Avenger by NhT

Kernel32.dll

Kernel32.dll

ntdll.dll

ntdll.dll

kernel32.dll

kernel32.dll

789:;

789:;

user32.dll

user32.dll

urlmon.dll

urlmon.dll

wininet.dll

wininet.dll

advapi32.dll

advapi32.dll

Shell32.dll

Shell32.dll

shell32.dll

shell32.dll

shlwapi.dll

shlwapi.dll

KWindows

KWindows

UnitKeylogger

UnitKeylogger

GetWindowsDirectoryW

GetWindowsDirectoryW

GetProcessHeap

GetProcessHeap

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyExW

RegCreateKeyExW

RegCreateKeyW

RegCreateKeyW

RegCloseKey

RegCloseKey

FindExecutableW

FindExecutableW

ShellExecuteW

ShellExecuteW

SHDeleteKeyW

SHDeleteKeyW

URLDownloadToFileW

URLDownloadToFileW

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExW

SetWindowsHookExW

MapVirtualKeyW

MapVirtualKeyW

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

GetKeyboardState

GetKeyboardState

FtpPutFileW

FtpPutFileW

FtpSetCurrentDirectoryW

FtpSetCurrentDirectoryW

DeleteUrlCacheEntryW

DeleteUrlCacheEntryW

.idata

.idata

.rdata

.rdata

P.reloc

P.reloc

P.rsrc

P.rsrc

4DURLDr

4DURLDr

KERNEL32.DLL

KERNEL32.DLL

oleaut32.dll

oleaut32.dll

PSAPI.dll

PSAPI.dll

x.html

x.html

explorer.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\RunOnce

Software\Microsoft\Windows\CurrentVersion\RunOnce

Software\Microsoft\Windows NT\CurrentVersion\Windows

Software\Microsoft\Windows NT\CurrentVersion\Windows

explorer.exe

explorer.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

[Execute]

[Execute]

KeyDelBackspace

KeyDelBackspace

XtremeKeylogger

XtremeKeylogger

hXXp://

hXXp://

.functions

.functions

ÞFAULTBROWSER%

ÞFAULTBROWSER%

\Microsoft\Windows\

\Microsoft\Windows\

svchost.exe

svchost.exe

flashplayerupdate.sytes.net

flashplayerupdate.sytes.net

C:\User

C:\User

mncxd.exe

mncxd.exe

igfxsrvc.exe

igfxsrvc.exe

{7EVAL775-6E0K-4C23-21G5-M0Q18MWC7472}

{7EVAL775-6E0K-4C23-21G5-M0Q18MWC7472}

PTF.ftpserver.com

PTF.ftpserver.com

ftpuser

ftpuser

ftppass

ftppass

%System%\MCMP\mncxd.exe

%System%\MCMP\mncxd.exe

%System%\MCMP\

%System%\MCMP\

%Documents and Settings%\%current user%\Application Data\Microsoft\Windows\H7R4X9Y.cfg

%Documents and Settings%\%current user%\Application Data\Microsoft\Windows\H7R4X9Y.cfg

Software\Microsoft\Active Setup\Installed Components\{7EVAL775-6E0K-4C23-21G5-M0Q18MWC7472}

Software\Microsoft\Active Setup\Installed Components\{7EVAL775-6E0K-4C23-21G5-M0Q18MWC7472}

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\bis.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\bis.exe