not-a-virus:AdWare.Win32.InstallMonster.deih (Kaspersky), Trojan.Win32.Swrort.3.FD, SearchProtectToolbar_pcap.YR, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)Behaviour: Trojan, Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 3907bf25615ce1ef05776e60ace1d573
SHA1: 93efe8f0db577aeb4154ed13f4bacc7867525f67
SHA256: 7fc43d54d6a62a11b5cd68481f16ebefb069ae5eb129c41851f94fa693bb4b77
SSDeep: 49152:LMwKBmF54Fm3uTeLMBW1wZvMxPcOe5HFG:LM9 5Km3RwZEiOe5c
Size: 2066560 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: TODO:
Created at: 2014-10-04 11:01:24
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
4955191497:2004
%original file name%.exe:212
9441843:1576
3792243404:736
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process 4955191497:2004 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp\inetc.dll (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp\SPtool.dll (180359 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp\SPtool.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp (0 bytes)
The process %original file name%.exe:212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\9441843 (12288 bytes)
The process 9441843:1576 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1342[1].jpg (14588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5239662869.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (8931 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9726225931.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4075397870.html (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4955191497 (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3792243404 (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\LRg1n8XGLt9Ry2RE_img1[1].txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\spidentifierimpl[1].exe (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\wajam_validate[1].exe (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\LRg1n8XGLt9Ry2RE_img3[1].txt (5 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040820140409\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040820140409 (0 bytes)
Registry activity
The process 4955191497:2004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 71 E6 FA 05 25 CB 99 6E 74 F2 CA 06 26 E4 AB"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process 9441843:1576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014120120141202]
"CacheRepair" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014120120141202]
"CacheLimit" = "8192"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014120120141202]
"CacheOptions" = "11"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F A4 C1 F9 76 8E 5E 72 DA F9 40 34 46 1B CA 59"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014120120141202]
"CachePrefix" = ":2014120120141202:"
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014120120141202\"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040820140409]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process 3792243404:736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 91 93 B5 A4 AB 23 0C B0 4F E5 62 AA 5B 17 DC"
Dropped PE files
MD5 | File path |
---|---|
46f5c497f96e733176b010ff0ee56de3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\3792243404 |
484003524ef2000db83cb16ced0a48a1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\4955191497 |
484003524ef2000db83cb16ced0a48a1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\spidentifierimpl[1].exe |
46f5c497f96e733176b010ff0ee56de3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\wajam_validate[1].exe |
06cd61177479373c67080121874a59a3 | c:\WINDOWS\system32\9441843 |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
4955191497:2004
%original file name%.exe:212
9441843:1576
3792243404:736 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp\inetc.dll (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoE.tmp\SPtool.dll (180359 bytes)
%System%\9441843 (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1342[1].jpg (14588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\5239662869.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (8931 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\9726225931.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4075397870.html (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4955191497 (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3792243404 (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\LRg1n8XGLt9Ry2RE_img1[1].txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\spidentifierimpl[1].exe (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\wajam_validate[1].exe (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\LRg1n8XGLt9Ry2RE_img3[1].txt (5 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name: TODO:
Company Name: TODO:
Product Name: TODO:
Product Version: 1.0.0.1
Legal Copyright: Copyright (C) 2014
Legal Trademarks:
Original Filename: Installer.exe
Internal Name: Installer.exe
File Version: 1.0.0.1
File Description: Chrome_Update
Comments:
Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 18546 | 18944 | 4.46337 | 6976a177384215ca66beadd109b2dcb6 |
.rdata | 24576 | 8580 | 8704 | 3.2841 | 5ee2ea242a3240691c5dfc55646e91f0 |
.data | 36864 | 6624 | 3072 | 1.70361 | b6a79f14fefb47b6c6252d40da7bd57e |
.rsrc | 45056 | 2020832 | 2020864 | 5.40615 | be63bca43ba95a4681ee23f1f0647e74 |
.reloc | 2068480 | 6934 | 7168 | 1.44673 | aff9c41e8b91a4e51f535f7819547dc6 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 155
33dd9e01c04f8e6944618ce62fcfb52f
82ce451d2ee102a8b02b63e31e057bb4
ecfb1946b04fa899bbe7801f20a27244
a99738bfcacfc4b448d965f93150ae01
24faada48ca3681e9779d6511f1d5c3f
1f768172a7905f24e480c06486fb1e40
40aef0889a5d6c6b3f27ea70306196bb
6c7bb51d0eb3177bde6383b443422546
ddaab6bcdd001ec85459c09224f067fb
11c1934b84b95ad6f1410774664a323c
92f9f5b7b9680ef9c0a0a39cdf4faec4
5e044ea4d4987f305bffe119ea101b6b
ecf5c7faeec7261e55c4f664f399070f
d0631a8e4101b818e6aa2a740d32b038
c1a7f412c919831047bb16fd406e24d5
09666fcbc01441b6dc1bf95a04eb6ad8
bfed1cde80bf41add86cdc74812ae056
1b826096e6eb0842411ca5be24c392b6
a6999748219a0e52165350288bad86a2
693ddb4242bdfd9bae565d359fd5f6fe
f04961d0182afd941b343628a8e43ebf
8cbbce1a57898ac773a4bbc214ab2d1e
3beb8e513982876c96c0e94933e45650
b9448dbc36e54c6750b68f75eb135423
a04b186c6fc133b20ffc515980db0d4e
aadb67ee79c442d969b0dbaf95c170b6
Network Activity
URLs
URL | IP |
---|---|
hxxp://jazz-1846647836.us-east-1.elb.amazonaws.com/ | |
hxxp://www.wajam.com/download/wajam_validate.exe | |
hxxp://www.wajam.com/install/valid?v=1&unique_id=73BC443E0D84581F26BA104A6BCFF8AE | |
hxxp://8.36.40.62/common/gate/installer_gate_client.php?download_id=9441843&mode=getcombo&offers=1081|1129|1146|1043|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1113|1190|1191|1060|1203|1204|1205|1207|1172|1209|1174|1210|1038|1219|1212|1086|1032|1122|1056|1217|1127|1119|1222|1195|1196|1197|1198|1206|1187|1224|1225|1226|1227|1228|1229|1231|1233|1230|1220 | |
hxxp://8.36.40.62/common/gate/report.php?download_id=9441843&mode=6&combo_id=9999&os_name=Windows XP&os_add=Service Pack3&os_build=2600&proj_id=1342&offer_id=0&templateid=40 | |
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.10.1/jquery.min.js | |
hxxp://8.36.40.62/common/installer_logos/1342.jpg | |
hxxp://8.36.40.62/common/interface/images/LRg1n8XGLt9Ry2RE_img1 | |
hxxp://8.36.40.62/common/interface/images/LRg1n8XGLt9Ry2RE_img3 | |
hxxp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img3 | |
hxxp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img1 | |
hxxp://installmetrix.com/common/installer_logos/1342.jpg | |
hxxp://installmetrix.com/common/gate/report.php?download_id=9441843&mode=6&combo_id=9999&os_name=Windows XP&os_add=Service Pack3&os_build=2600&proj_id=1342&offer_id=0&templateid=40 | |
hxxp://installmetrix.com/common/gate/installer_gate_client.php?download_id=9441843&mode=getcombo&offers=1081|1129|1146|1043|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1113|1190|1191|1060|1203|1204|1205|1207|1172|1209|1174|1210|1038|1219|1212|1086|1032|1122|1056|1217|1127|1119|1222|1195|1196|1197|1198|1206|1187|1224|1225|1226|1227|1228|1229|1231|1233|1230|1220 | |
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js | |
hxxp://sp-installer.conduit-data.com/ |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /common/installer_logos/1342.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installmetrix.com
Connection: Keep-Alive
Cookie: PHPSESSID=fe73c9c2378c9abb4d9d534f98ffab51
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 04:53:17 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "13d30-53e11a02-e9c9d91914d4549d"
Last-Modified: Tue, 05 Aug 2014 17:53:06 GMT
Content-Type: image/jpeg
Content-Length: 81200
Cache-Control: public, max-age=604800
Expires: Mon, 08 Dec 2014 04:53:17 GMT
.PNG........IHDR.............?..B....iCCPICC Profile..x..T.k.A..6n..".Zk..x."IY.hE.6..bk....E.d3I.n6..&......*.E......z.d/J.ZE(..(b..-..nL.....~..7.}ov...r.4......R..il|Bj......A4%U..N$.A.s.{..z..[V.{.w.w........@.G..*...q.Y...<..).t.......9Nyx... =.Y"|@5-..M.S.%.@.H8..qR>.......inf....O......b..N......~N..>.!....?F......?.a.....=..5..`.....5.._.M'.Tq.......V.J.p.8.da.sZHO.Ln....}&....wVQ.y..g....E...0.......HP.E.a..P@.<.14.r?#....{2u$j.tbD.A{6.=.Q..<.("q.C....A.*..O.y..\..V........;..........sM^|..v.WG..yz....?.W.1..5..s...-_...)....U..K.uZ17..l.;=......s...7V..g.jH......U.O^...g..c.)1&v..!.......K...`m.....).m..$.``.../]?[x.F...Q....T....*d4...o...........(./l....mSq...e.ns.....}..nk.~8..X<...R5. ...v.z..).....9R.,.....bR.P.CRR.%.eK...Ub.v....n..9B...Je........R...R.~N.....o...E.x......pHYs............... .IDATx.....]Gu/<3...{U....%[. .2.$.<.C.@....y.@..E...@.....|!@...DBL1.....eK.%[........~.....k.9GW......Ymf......{k.....4..@.3-..K......Z..M..".#..E......$u"....H.K.I.\:....!.1&. .t.......\^...t.uX..b...1d.u....,.K:.o. q......:kG....%.l.1X..N....].7..xU...9.....O..."..#..gp.G...... .K.<..!..>....E......iK1..*C.%......S....Z).1.0.o....e.........l.P!>JS.`..5.YB.....@8..L.....|B..%!r.|d....>....f...bD/. .....V.e.eV.G.SF..Y.C..&d.zJ.6.a......y.,HhHN@.g..T.B..a........c..,..... ..i..2........yCZ......2.uX2...0r.8....]......... ......`..\d....4.E.'..t...tB..%e...g..x..-..."........r.wiC.V7....p.W.....J\(.Zu.t...../eV..k.H.TF....!*?....|".Z...HY..|%.[..K..Y^.......p.........-...B
<<< skipped >>>
GET /download/wajam_validate.exe HTTP/1.1
User-Agent: 9441843
Host: VVV.wajam.com
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 04:53:12 GMT
Server: Apache/2.4.10 (Ubuntu)
Last-Modified: Fri, 17 Oct 2014 15:23:20 GMT
ETag: "2c00-5059ff1eb9386"
Accept-Ranges: bytes
Content-Length: 11264
Connection: close
Content-Type: application/x-msdos-program
Set-Cookie: APPSESSID=w46|VHv0O|VHv0O; path=/; domain=.wajam.com
Cache-control: private
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z~..;...;...;..D'...;../$...;../$...;../$...;..D3M..;...;...;../$...;../$...;..Rich.;..........PE..L...A..R.................0.......`.......p........@.................................................................................................................................................................................................UPX0.....`..............................UPX1.....0...p...&..................@...UPX2.................*..............@..............................................................................................................................................................................................................................................................................................................................................................................................................3.09.UPX!......X,)rA..u..."......&..b....U...E..@...M...U..._B..#Eg......A...........vT2.].?...%"....E.!..M.........?..k..n......}........j!...}w..Y.H.../.J....M..w.{..;s.LB......~.}.A.}..tq...B..@~..{k..@. fi.....w..{..U..P..Q M.L......Q.{<v...>.}..n?.X....*.. M.....R.{.u5P1.n...J..@..w.e......}.@|.>ns..f.Q)....&a.Z.R.7z.1....`..P.=/.k..*.Q.....3..`....Xa...t,aP...u.o..-MM...j@:.R.E.P]s..>.M..d.F..U..;|..E........onY.. ...}7X.3........3..B........I.......L.p......6.#....#...............x.j."B.a...4.X...!fu....'#U....?.....2<...
<<< skipped >>>
GET /ajax/libs/jquery/1.10.1/jquery.min.js HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Mon, 03 Jun 2013 01:27:22 GMT
Date: Wed, 26 Nov 2014 15:58:38 GMT
Expires: Thu, 26 Nov 2015 15:58:38 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 32862
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 392078
Alternate-Protocol: 80:quic,p=0.02
.............{...0.{....U.sD.N...3.u.4i....&-E..HPB....j.....Yf.B......Mk..`.3g...>..........'..x49...ep.d<.\.......|...*.3q.u..A._..7...<M.e....NO....w.2.6.n.........&.F.h........l.u.......8.D!.Y.m.|}T.\..4_r......n.g.(edn^.1=K...S....X......B...#..JnG.<.J..\nw......{/6p.d........Q.............&{].......\...F...H.....Q.......T.T.F..^.....d1.g........WC.../...n..t..(....7..K.L......../^.<.}:^....#(...a..c......O..Y0.w.x\....'..A..T..r_..7........./.O.'g5.~A.-Dx.?/.....y.E..a-.n.|.`..B..q.......: .E.................U.z.wX.8.....*vq...2..]..'<%..Sr).C.N6....F.......x.........q...,*c...7.\p.G.h.zq...MRVq..u..y.....BH...|.M.*.........*.........-?..h...@p..~.c...:n<....}.,.*|... O.&..@.....\$...U\E. *.{yF.)....(...(V.*.*.nO.P..h[.U.....a....R.b-...o..s..5lY...............'^I[.&Oml.xx.H...e.b....0..Y..l.8...N&.N...Ogs......"|5.o.%,..$u=H....q..1..:..hf>...h.{......3>?3...X..5..Q...l....e..".`.7qq..X..l....z..7......,_.oa..l....=WX.:.Fb0...~T.e........u.%.w.........g.t.(...K=...<Y.3u.gx.....>..d........_..q~y.......D~|..(.. .7.=.%...T@.S.I..xY.DP7......q~........q..\...u......LW.....ac>.`V..........W.W[..K.h0.W..7...iQDw>..[\..z....cQ.T,tv....h..)5..............Vr....p|.........x./.....\.|....c%].l@9.......k.5.kQ5.^..j/b@.a/....;...|/h..F..%..M.H..y...%p.D.{..:c.._...H......ME..N..:TA.....H.........3..:.L...OK......gv&....Y6.5.g.E8_@....MO.s..-....Df...........lup..J.u......P..(...~..W.[Z.....0|.C1....X.....v...HDC....2rz.`..5pl)l..}.g{)..)bB."..8.,A)ao/e..l. {../.A;..u.q.A].%...
<<< skipped >>>
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: sp-installer.conduit-data.com
Content-Length: 225
Connection: Keep-Alive
Cache-Control: no-cache
{"event_type":"SPidentifier", "environment":"", "machine_ID":"XBCH99S2MORNV BFTUNCQDORF4GOQHAH O2SAU9AQYIBBSAVNOX00IKATVZ0NLXRAOGOZEEWD3TW93FKX3FRHW", "result": "success", "failure_reason": "clean_machine", "SP_version": ""}
HTTP/1.1 202 Accepted
Date: Mon, 01 Dec 2014 04:53:10 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
GET /common/interface/images/LRg1n8XGLt9Ry2RE_img3 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installmetrix.com
Connection: Keep-Alive
Cookie: PHPSESSID=fe73c9c2378c9abb4d9d534f98ffab51
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 04:53:17 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "1765-52fd2f63-260ec70baae20673"
Last-Modified: Thu, 13 Feb 2014 20:47:31 GMT
Content-Type: text/plain
Content-Length: 5989
.PNG........IHDR.............8,U.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /install/valid?v=1&unique_id=73BC443E0D84581F26BA104A6BCFF8AE HTTP/1.1
Host: VVV.wajam.com
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 04:53:13 GMT
Server: Apache/2.4.10 (Ubuntu)
Set-Cookie: PHPSESSID=pluddrev881kbnhvsoqot5e9r2; path=/; domain=.wajam.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: _wau=14174095937226331; expires=Tue, 01-Dec-2015 04:53:13 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Set-Cookie: _wal=1417409593; expires=Tue, 01-Dec-2015 04:53:13 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Set-Cookie: not_logged_unique_id=73BC443E0D84581F26BA104A6BCFF8AE; expires=Tue, 01-Dec-2015 04:53:13 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Set-Cookie: _waab=16,24,56,48,60,28,75,9,37,82; expires=Tue, 01-Dec-2015 04:53:13 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Content-Length: 1
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w2|VHv0P|VHv0P; path=/; domain=.wajam.com
0..
GET /common/gate/installer_gate_client.php?download_id=9441843&mode=getcombo&offers=1081|1129|1146|1043|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1113|1190|1191|1060|1203|1204|1205|1207|1172|1209|1174|1210|1038|1219|1212|1086|1032|1122|1056|1217|1127|1119|1222|1195|1196|1197|1198|1206|1187|1224|1225|1226|1227|1228|1229|1231|1233|1230|1220 HTTP/1.1
User-Agent: 9441843
Host: installmetrix.com
HTTP/1.1 302 Found
Date: Mon, 01 Dec 2014 04:53:14 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Location: hXXp://beta.installmetrix.com:5000/getcombo?download_id=9441843&mode=getcombo&offers=1081|1129|1146|1043|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1113|1190|1191|1060|1203|1204|1205|1207|1172|1209|1174|1210|1038|1219|1212|1086|1032|1122|1056|1217|1127|1119|1222|1195|1196|1197|1198|1206|1187|1224|1225|1226|1227|1228|1229|1231|1233|1230|1220
Content-Type: text/html
Content-Length: 1148
<!DOCTYPE html>.<html style="height:100%">.<head><title> 302 Found..</title></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1>.<h2 style="margin-top:20px;font-size: 30px;">Found..</h2>.<p>The document has been temporarily moved to <A HREF="%s">here</A>.</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">.<br>Proudly powered by <a style="color:#fff;" href="hXXp://VVV.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>.....
<<< skipped >>>
GET /common/gate/report.php?download_id=9441843&mode=6&combo_id=9999&os_name=Windows XP&os_add=Service Pack3&os_build=2600&proj_id=1342&offer_id=0&templateid=40 HTTP/1.1
User-Agent: 9441843
Host: installmetrix.com
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 04:53:16 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.4.31
Set-Cookie: PHPSESSID=fe73c9c2378c9abb4d9d534f98ffab51; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 0
GET /common/interface/images/LRg1n8XGLt9Ry2RE_img1 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installmetrix.com
Connection: Keep-Alive
Cookie: PHPSESSID=fe73c9c2378c9abb4d9d534f98ffab51
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 04:53:17 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "de2-52fd2880-b3fb5a4c2d641939"
Last-Modified: Thu, 13 Feb 2014 20:18:08 GMT
Content-Type: text/plain
Content-Length: 3554
.PNG........IHDR...f...!..... .......pHYs................MiCCPPhotoshop ICC profile..x..SwX...>..e.VB....l.."#....Y....a...@....V....HU....H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0..>.3.o..~..@...z..q.@......qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N....l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A..............a.D@.$.<.B........A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R...J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6..l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
9441843_1576:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
u(SSSSSh
u(SSSSSh
PSSSSSSh
PSSSSSSh
f;T$.uBf
f;T$.uBf
QSShx'V
QSShx'V
tFHt:Ht.Ht"Hu`
tFHt:Ht.Ht"Hu`
j%XtL9E
j%XtL9E
t'SShl
t'SShl
SSSSh
SSSSh
tWSShW
tWSShW
tl9_ tgSSh
tl9_ tgSSh
u$SShe
u$SShe
FTCP
FTCP
u.Ph
u.Ph
tAHt.HHt
tAHt.HHt
FtPW
FtPW
SSh@B
SSh@B
s%j.Zf
s%j.Zf
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
CCmdTarget
CCmdTarget
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
CNotSupportedException
CNotSupportedException
CHttpFile
CHttpFile
RegDeleteKeyExW
RegDeleteKeyExW
TaskDialogIndirect
TaskDialogIndirect
CMDITabProxyWnd
CMDITabProxyWnd
CMDIChildWndEx
CMDIChildWndEx
CMDIFrameWndEx
CMDIFrameWndEx
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
CMDIClientAreaWnd
CMDIClientAreaWnd
CMFCToolBarsKeyboardPropertyPage
CMFCToolBarsKeyboardPropertyPage
GetProcessWindowStation
GetProcessWindowStation
operator
operator
hXXp://installmetrix.com/common/gate/report.php?download_id=%s&mode=%d&combo_id=%d&os_name=%s&os_add=%s&os_build=%s&proj_id=%s&offer_id=%s&templateid=%s
hXXp://installmetrix.com/common/gate/report.php?download_id=%s&mode=%d&combo_id=%d&os_name=%s&os_add=%s&os_build=%s&proj_id=%s&offer_id=%s&templateid=%s
first url
first url
Windows 8
Windows 8
Windows Server 2012
Windows Server 2012
Windows 7
Windows 7
Windows Server 2008 R2
Windows Server 2008 R2
Windows Vista
Windows Vista
Windows Server 2008
Windows Server 2008
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003
Windows XP
Windows XP
Windows 2000
Windows 2000
WebStroller=I
WebStroller=I
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
CreateDialogIndirectParamW
CreateDialogIndirectParamW
GetKeyState
GetKeyState
SetWindowsHookExW
SetWindowsHookExW
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyNameTextW
GetKeyNameTextW
MapVirtualKeyW
MapVirtualKeyW
GetAsyncKeyState
GetAsyncKeyState
GetKeyboardLayout
GetKeyboardLayout
GetKeyboardState
GetKeyboardState
MapVirtualKeyExW
MapVirtualKeyExW
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
COMDLG32.dll
COMDLG32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
UrlUnescapeW
UrlUnescapeW
SHLWAPI.dll
SHLWAPI.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
oledlg.dll
oledlg.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
OLEACC.dll
OLEACC.dll
InternetCrackUrlW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
HttpQueryInfoW
HttpQueryInfoW
InternetOpenUrlW
InternetOpenUrlW
WININET.dll
WININET.dll
IMM32.dll
IMM32.dll
WINMM.dll
WINMM.dll
.?AVCCmdUI@@
.?AVCCmdUI@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.?AVCHttpFile@@
.?AVCHttpFile@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCToolBarCmdUI@@
.?AVCMDITabProxyWnd@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
.?AVCMFCCmdUsageCount@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÃ
zcÃ
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.PAVCException@@
.PAVCException@@
.?AVCWebGrab@@
.?AVCWebGrab@@
.?AVCWebGrabSession@@
.?AVCWebGrabSession@@
.PAVCInternetException@@
.PAVCInternetException@@
.PAVCFileException@@
.PAVCFileException@@
.?AVCWebPage@@
.?AVCWebPage@@
"-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
"-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img1);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img1);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img3);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img3);
if(document.getElementById("opt_checkbox1") != null)
if(document.getElementById("opt_checkbox1") != null)
document.getElementById("opt_checkbox1").disabled = true;
document.getElementById("opt_checkbox1").disabled = true;
document.getElementById("opt_checkbox1").checked = true;
document.getElementById("opt_checkbox1").checked = true;
if(document.getElementById("opt_checkbox2") != null)
if(document.getElementById("opt_checkbox2") != null)
document.getElementById("opt_checkbox2").disabled = true;
document.getElementById("opt_checkbox2").disabled = true;
document.getElementById("opt_checkbox2").checked = true;
document.getElementById("opt_checkbox2").checked = true;
if(document.getElementById("opt_checkbox3") != null)
if(document.getElementById("opt_checkbox3") != null)
document.getElementById("opt_checkbox3").disabled = true;
document.getElementById("opt_checkbox3").disabled = true;
document.getElementById("opt_checkbox3").checked = true;
document.getElementById("opt_checkbox3").checked = true;
if(document.getElementById("opt_checkbox4") != null)
if(document.getElementById("opt_checkbox4") != null)
document.getElementById("opt_checkbox4").disabled = true;
document.getElementById("opt_checkbox4").disabled = true;
document.getElementById("opt_checkbox4").checked = true;
document.getElementById("opt_checkbox4").checked = true;
if(document.getElementById("opt_checkbox5") != null)
if(document.getElementById("opt_checkbox5") != null)
document.getElementById("opt_checkbox5").disabled = true;
document.getElementById("opt_checkbox5").disabled = true;
document.getElementById("opt_checkbox5").checked = true;
document.getElementById("opt_checkbox5").checked = true;
if(document.getElementById("checkbox_div") != null)
if(document.getElementById("checkbox_div") != null)
document.getElementById("checkbox_div").style.display = "none";
document.getElementById("checkbox_div").style.display = "none";
document.getElementById("opt_checkbox1").disabled = false;
document.getElementById("opt_checkbox1").disabled = false;
document.getElementById("opt_checkbox2").disabled = false;
document.getElementById("opt_checkbox2").disabled = false;
document.getElementById("opt_checkbox3").disabled = false;
document.getElementById("opt_checkbox3").disabled = false;
document.getElementById("opt_checkbox4").disabled = false;
document.getElementById("opt_checkbox4").disabled = false;
document.getElementById("opt_checkbox5").disabled = false;
document.getElementById("opt_checkbox5").disabled = false;
document.getElementById("checkbox_div").style.display = "block";
document.getElementById("checkbox_div").style.display = "block";
Software Updater
Software Updater
By clicking "Next", I agree to the Terms of Use and Privacy Policy.
By clicking "Next", I agree to the Terms of Use and Privacy Policy.
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img5);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img5);
div.progress {
div.progress {
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img9);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img9);
div.progressIndicator {
div.progressIndicator {
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img10);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img10);
div.progressVal {
div.progressVal {
.hidden {
.hidden {
position: absolute !important;
position: absolute !important;
.focus {
.focus {
background-color: #eee !important;
background-color: #eee !important;
g_progress1.setValue("pb1",val);
g_progress1.setValue("pb1",val);
g_progress2.setValue("pb2",val);
g_progress2.setValue("pb2",val);
$(document).ready(function() {
$(document).ready(function() {
this.valMax = max;
this.valMax = max;
this.showVal = showVal;
this.showVal = showVal;
this.divWidth = 0;
this.divWidth = 0;
this.width = this.$container.width();
this.width = this.$container.width();
this.left = Math.round(this.$container.offset().left);
this.left = Math.round(this.$container.offset().left);
this.top = Math.round(this.$container.offset().top);
this.top = Math.round(this.$container.offset().top);
this.$container.append('
');this.$container.append('
');$('#' container_id '_progDiv').css('width', '0%');
$('#' container_id '_progDiv').css('width', '0%');
this.$container.append('
');this.$container.append('
');$('#' container_id '_progVal').html('0%');
$('#' container_id '_progVal').html('0%');
if (this.showVal == false) {
if (this.showVal == false) {
$('#' container_id '_progVal').addClass('hidden').attr('aria-hidden', 'true');
$('#' container_id '_progVal').addClass('hidden').attr('aria-hidden', 'true');
progressbar.prototype.setValue = function(container_id,val) {
progressbar.prototype.setValue = function(container_id,val) {
var percent = val * 100 / this.valMax;
var percent = val * 100 / this.valMax;
this.$container.attr('aria-valuenow', Math.round(percent));
this.$container.attr('aria-valuenow', Math.round(percent));
$('#' container_id '_progDiv').css('width', percent '%'); //Math.round(percent) '%');
$('#' container_id '_progDiv').css('width', percent '%'); //Math.round(percent) '%');
$('#' container_id '_progVal').html(this.$container.attr('aria-valuenow') '%');
$('#' container_id '_progVal').html(this.$container.attr('aria-valuenow') '%');
progressbar.prototype.getProgress = function() {
progressbar.prototype.getProgress = function() {
return this.$container.attr('aria-valuenow');
return this.$container.attr('aria-valuenow');
progressbar.prototype.positionHandle = function($handle, val) {
progressbar.prototype.positionHandle = function($handle, val) {
var handleHeight = $handle.outerHeight(); // the total height of the handle
var handleHeight = $handle.outerHeight(); // the total height of the handle
var handleWidth = $handle.outerWidth(); // the total width of the handle
var handleWidth = $handle.outerWidth(); // the total width of the handle
valPos = ((val - this.min) / (this.max - this.min)) * this.width this.left;
valPos = ((val - this.min) / (this.max - this.min)) * this.width this.left;
xPos = Math.round(valPos - (handleWidth / 2));
xPos = Math.round(valPos - (handleWidth / 2));
yPos = Math.round(this.top (this.height / 2) - (handleHeight / 2));
yPos = Math.round(this.top (this.height / 2) - (handleHeight / 2));
$handle.css('top', yPos 'px');
$handle.css('top', yPos 'px');
$handle.css('left', xPos 'px');
$handle.css('left', xPos 'px');
$handle.attr('aria-valuenow', val);
$handle.attr('aria-valuenow', val);
if (/1$/.test($handle.attr('id')) == true) {
if (/1$/.test($handle.attr('id')) == true) {
this.val1 = val;
this.val1 = val;
this.val2 = val;
this.val2 = val;
if (this.showVals == true) {
if (this.showVals == true) {
this.updateValBox($handle, Math.round(valPos));
this.updateValBox($handle, Math.round(valPos));
progressbar.prototype.updateValBox = function() {
progressbar.prototype.updateValBox = function() {
var $valBox = $('#' $handle.attr('id') '_val');
var $valBox = $('#' $handle.attr('id') '_val');
var boxWidth = $valBox.outerWidth();
var boxWidth = $valBox.outerWidth();
yPos = $handle.css('top');
yPos = $handle.css('top');
xPos = Math.round(valPos - (boxWidth / 2)) 'px';
xPos = Math.round(valPos - (boxWidth / 2)) 'px';
$valBox.css('top', yPos);
$valBox.css('top', yPos);
$valBox.css('left', xPos);
$valBox.css('left', xPos);
$valBox.text($handle.attr('aria-valuenow'));
$valBox.text($handle.attr('aria-valuenow'));
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img7);
background:url(hXXp://installmetrix.com/common/interface/images/LRg1n8XGLt9Ry2RE_img7);
9441843
9441843
C:\WINDO
C:\WINDO
CCC.jjj
CCC.jjj
SSShzzz
SSShzzz
var x = document.cookie;
var x = document.cookie;
1 2$2(2,2
1 2$2(2,2
4L4]4w4
4L4]4w4
040:0`0}0
040:0`0}0
>&>,>"?9?
>&>,>"?9?
01
01
11?1^1
11?1^1
!171!2-2~2
!171!2-2~2
=.=;=$>4>
=.=;=$>4>
8„8S8b8p8
8„8S8b8p8
8Â8v8
8Â8v8
5,626;6~6
5,626;6~6
515
515
4 4$4(4,4
4 4$4(4,4
> >$>(>,>0>4>8>
> >$>(>,>0>4>8>
6 6$6(6,6064686
6 6$6(6,6064686
2 2$2(2,20242\2`2|2
2 2$2(2,20242\2`2|2
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
: :$:(:,:0:
: :$:(:,:0:
? ?(?0?`?
? ?(?0?`?
;$;,;8;\;|;
;$;,;8;\;|;
7 7$7(7,7074787
7 7$7(7,7074787
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
KERNEL32.DLL
KERNEL32.DLL
%s%s.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
lX-X-x-XX-XXXXXX
Advapi32.dll
Advapi32.dll
res://%s/%s
res://%s/%s
res://%s/%d
res://%s/%d
Acomctl32.dll
Acomctl32.dll
Acomdlg32.dll
Acomdlg32.dll
Ashell32.dll
Ashell32.dll
accKeyboardShortcut
accKeyboardShortcut
wuser32.dll
wuser32.dll
hhctrl.ocx
hhctrl.ocx
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
Afx:%p:%x
commctrl_DragListMsg
commctrl_DragListMsg
Bf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
Bf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
hXXp://
hXXp://
@WININET.DLL
@WININET.DLL
SHELL32.DLL
SHELL32.DLL
lXXxXXXXXXXX
lXXxXXXXXXXX
dwmapi.dll
dwmapi.dll
UxTheme.dll
UxTheme.dll
eShell32.dll
eShell32.dll
%s:%x:%x:%x:%x
%s:%x:%x:%x:%x
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
kernel32.dll
kernel32.dll
Af:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
Af:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
mfcm100u.dll
mfcm100u.dll
%sMFCToolBar-%d%x
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBar-%d
%sMFCToolBarParameters
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
TOOLBAR_RESETKEYBAORD
&%d %s
&%d %s
Df:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
Df:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
COMCTL32.DLL
COMCTL32.DLL
USER32.DLL
USER32.DLL
KeyboardManager
KeyboardManager
MSG_CHECKEMPTYMINIFRAME
MSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
%sDockingManager-%d
MFCLink_UrlPrefix
MFCLink_UrlPrefix
MFCLink_Url
MFCLink_Url
%sPane-%d%x
%sPane-%d%x
%sPane-%d
%sPane-%d
%sBasePane-%d%x
%sBasePane-%d%x
%sBasePane-%d
%sBasePane-%d
windows
windows
ShowCmd
ShowCmd
K%c%d%c%s
K%c%d%c%s
%sMDIClientArea-%d
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
HHex={X,X,X}
HHex={X,X,X}
C%sMFCOutlookBar-%d%x
C%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
%sDockablePaneAdapter-%d
Of:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
Of:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
ENABLE_KEYS
ENABLE_KEYS
KEYS_MENU
KEYS_MENU
KEYS
KEYS
ORICHED20.DLL
ORICHED20.DLL
RGB(%d, %d, %d)
RGB(%d, %d, %d)
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
%sMFCTasksPane-%d
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
Software\Microsoft\NET Framework Setup\NDP\v2.0.50727
Software\Microsoft\NET Framework Setup\NDP\v2.0.50727
Software\Microsoft\NET Framework Setup\NDP\v1.1.4322
Software\Microsoft\NET Framework Setup\NDP\v1.1.4322
Software\Microsoft\.NETFramework\Policy\v1.0
Software\Microsoft\.NETFramework\Policy\v1.0
%s %s
%s %s
hXXp://%s
hXXp://%s
Downloading %s...
Downloading %s...
Installing %s...
Installing %s...
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=prechecking
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=prechecking
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=getcombo&offers=%s
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=getcombo&offers=%s
%s is being installed
%s is being installed
H:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
H:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
%s (%s:%d)
%s (%s:%d)
.html
.html
chrome
chrome
firefox
firefox
opera
opera
%USERPROFILE%
%USERPROFILE%
amitest.txt
amitest.txt
/s /t /i ElectroLyrics /u hXXp://VVV.amoninst.com/index.php
/s /t /i ElectroLyrics /u hXXp://VVV.amoninst.com/index.php
I/s /t /i WebStroller
I/s /t /i WebStroller
hXXp://sp-storage.conduit-services.com/spidentifier/1.0.2.0/spidentifierimpl.exe
hXXp://sp-storage.conduit-services.com/spidentifier/1.0.2.0/spidentifierimpl.exe
hXXps://sp-storage.spccinta.com/spidentifier/spidentifierstub/SPIdentifier.exe
hXXps://sp-storage.spccinta.com/spidentifier/spidentifierstub/SPIdentifier.exe
hXXp://val.costmin.info
hXXp://val.costmin.info
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Test|Result|1;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Test|Result|1;
hXXp://VVV.wajam.com/download/wajam_validate.exe
hXXp://VVV.wajam.com/download/wajam_validate.exe
Webstroller - Amonetize
Webstroller - Amonetize
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
%s = %s
%s = %s
Read %d bytes (%0.1f Kb/s)
Read %d bytes (%0.1f Kb/s)
Read %d bytes
Read %d bytes
Resolving name for %s
Resolving name for %s
Resolved name for %s
Resolved name for %s
Unknown status: %d
Unknown status: %d
%System%\9441843
%System%\9441843
hXXp://totalnethits.biz/apps/softwareupdater.exe
hXXp://totalnethits.biz/apps/softwareupdater.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\4075397870.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\4075397870.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\5239662869.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\5239662869.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\9726225931.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\9726225931.html
hXXp://myfreedl.com/thankyou/index3.php
hXXp://myfreedl.com/thankyou/index3.php
Please read the following important information and terms before continuing:
Please read the following important information and terms before continuing:
s Settings/Options tab. Learn more
s Settings/Options tab. Learn more
If you elect to change your browser settings via Search Protect, your settings preferences will be applied to Chrome
If you elect to change your browser settings via Search Protect, your settings preferences will be applied to Chrome
, Firefox
, Firefox
If you elect to change your browser settings via your web browser, Search Protect will be disabled for that setting, therefore its ability to prevent third-party software from changing your settings will be halted.
If you elect to change your browser settings via your web browser, Search Protect will be disabled for that setting, therefore its ability to prevent third-party software from changing your settings will be halted.
In Chrome, browser settings can be changed via the Chrome menu or wrench icon. In Firefox, settings can be changed via the Firefox button or Tools menu. In Internet Explorer, settings can be changed via the gear icon or Tools menu. For all three browsers, new tab setting can be restored by opening a new tab and clicking
In Chrome, browser settings can be changed via the Chrome menu or wrench icon. In Firefox, settings can be changed via the Firefox button or Tools menu. In Internet Explorer, settings can be changed via the gear icon or Tools menu. For all three browsers, new tab setting can be restored by opening a new tab and clicking
You can uninstall Search Protect at any time by using the standard uninstall process that is available as part of your operating system. In Microsoft Windows
You can uninstall Search Protect at any time by using the standard uninstall process that is available as part of your operating system. In Microsoft Windows
Additional information for some versions of Search Protect is available on our help page.
Additional information for some versions of Search Protect is available on our help page.
, and Chrome
, and Chrome
home page and search settings. Learn more
home page and search settings. Learn more
hXXps://sp-storage.spccinta.com/sp-downloader.exe
hXXps://sp-storage.spccinta.com/sp-downloader.exe
After installing Couponarific, you may receive coupon, shopping comparison, banner, in-text and new tab advertisements as you browse the web that are identified as Couponarific advertisements.
After installing Couponarific, you may receive coupon, shopping comparison, banner, in-text and new tab advertisements as you browse the web that are identified as Couponarific advertisements.
Couponarific is FREE because advertisers pay to have their offers delivered to you. Couponarific is SAFE because it does not collect information that personally identifies you. Instead, it communicates several times each day with its servers to check for new offers, the placement of offers, the web pages you view, the advertisements that appear on these pages, the ads you click on, and other information about your computer and web usage. Couponarific also sends an update when you install and uninstall Couponarific, and it checks periodically for software updates to install. To see your choices for sharing information and more details about Couponarific, see the Privacy Policy and Terms of Use. Uninstall Instructions are here. These documents are also available on Couponarific.com
Couponarific is FREE because advertisers pay to have their offers delivered to you. Couponarific is SAFE because it does not collect information that personally identifies you. Instead, it communicates several times each day with its servers to check for new offers, the placement of offers, the web pages you view, the advertisements that appear on these pages, the ads you click on, and other information about your computer and web usage. Couponarific also sends an update when you install and uninstall Couponarific, and it checks periodically for software updates to install. To see your choices for sharing information and more details about Couponarific, see the Privacy Policy and Terms of Use. Uninstall Instructions are here. These documents are also available on Couponarific.com
hXXp://d2baov6ticicd8.cloudfront.net/im/us.exe
hXXp://d2baov6ticicd8.cloudfront.net/im/us.exe
HKEY_LOCAL_MACHINE\Software\Couponarific;
HKEY_LOCAL_MACHINE\Software\Couponarific;
Rockettab adds a useful dock at the top of popular websites, which provides related search
Rockettab adds a useful dock at the top of popular websites, which provides related search
results and ads which are not affiliated with the underlying websites. Please review all of the
results and ads which are not affiliated with the underlying websites. Please review all of the
hXXp://d2xrc29r3pc49q.cloudfront.net/release/rt-installer.exe
hXXp://d2xrc29r3pc49q.cloudfront.net/release/rt-installer.exe
HKEY_CURRENT_USER\Software\Search Extensions;
HKEY_CURRENT_USER\Software\Search Extensions;
You acknowledge and agree that by clicking on the "I AGREE" button (or similar buttons or links as may be designated by DESKTOP DOCK to show your acceptance of this Agreement and/or your agreement to download and install the Desktop Dock), you expressly acknowledge and agree to be bound by, the Terms of Service and Privacy Policy applicable to the DESKTOP DOCK Website and the content, services and features provided on or through the Desktop Dock, and any new versions or updates thereof. Both the Terms of Service and Privacy Policy can be accessed through the DESKTOP DOCK Website. For the Terms of Service, see hXXp://VVV.desktopdock.net/TOS . For the Privacy Policy, seehXXp://VVV.desktopdock.net/Privacy .
You acknowledge and agree that by clicking on the "I AGREE" button (or similar buttons or links as may be designated by DESKTOP DOCK to show your acceptance of this Agreement and/or your agreement to download and install the Desktop Dock), you expressly acknowledge and agree to be bound by, the Terms of Service and Privacy Policy applicable to the DESKTOP DOCK Website and the content, services and features provided on or through the Desktop Dock, and any new versions or updates thereof. Both the Terms of Service and Privacy Policy can be accessed through the DESKTOP DOCK Website. For the Terms of Service, see hXXp://VVV.desktopdock.net/TOS . For the Privacy Policy, seehXXp://VVV.desktopdock.net/Privacy .
Desktop Dock is ad-supported software and displays advertisements during your web browsing experience. By clicking "Next Step", you agree to the Desktop Dock EULA and Privacy Policy and consent to install Desktop Dock. The software can be removed any time via the Add/Remove Programs Utility.
Desktop Dock is ad-supported software and displays advertisements during your web browsing experience. By clicking "Next Step", you agree to the Desktop Dock EULA and Privacy Policy and consent to install Desktop Dock. The software can be removed any time via the Add/Remove Programs Utility.
hXXp://ogdelivery.com/DesktopDock/Setup.exe
hXXp://ogdelivery.com/DesktopDock/Setup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopDock;HKEY_CURRENT_USER\Software\DesktopDock;
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopDock;HKEY_CURRENT_USER\Software\DesktopDock;
Consumer Input (softpublisher)
Consumer Input (softpublisher)
Download the software to join the Consumer Input Research Panel, provided by Compete, and register to receive $5 or more in gift cards for each survey you successfully complete!
Download the software to join the Consumer Input Research Panel, provided by Compete, and register to receive $5 or more in gift cards for each survey you successfully complete!
Online activities: This includes the search terms you enter and the results of such searches, the videos you view, the products you shop for online, information you enter into forms, the materials you download or upload, the advertisements you see, information and content on web pages you visit or with which you interact and may include personal, financial and health information.
Online activities: This includes the search terms you enter and the results of such searches, the videos you view, the products you shop for online, information you enter into forms, the materials you download or upload, the advertisements you see, information and content on web pages you visit or with which you interact and may include personal, financial and health information.
Information on secure pages: This includes information and content from protected or secure pages that you access, such as online accounts or the content of complete and incomplete consumer transactions when you are checking out through a website
Information on secure pages: This includes information and content from protected or secure pages that you access, such as online accounts or the content of complete and incomplete consumer transactions when you are checking out through a website
s shopping cart, even if the website makes this information unreadable to others.
s shopping cart, even if the website makes this information unreadable to others.
System information: This includes information about the computer and browser that you are running on, including the IP address of the computer, how the software is operating, and which other applications are installed or running.
System information: This includes information about the computer and browser that you are running on, including the IP address of the computer, how the software is operating, and which other applications are installed or running.
Filtering of certain personally identifiable or sensitive information - Compete has established certain procedural and technical privacy rules designed to try to avoid the use of certain types of personally identifiable and sensitive information that can be identified by those processes, such as credit card numbers, social security numbers, email addresses and email content from most web-based email accounts. Despite our efforts, certain personally identifiable or sensitive information might get through the privacy rules and procedures. However, we do not knowingly use any inadvertently retained personally identifiable or sensitive information in our services.
Filtering of certain personally identifiable or sensitive information - Compete has established certain procedural and technical privacy rules designed to try to avoid the use of certain types of personally identifiable and sensitive information that can be identified by those processes, such as credit card numbers, social security numbers, email addresses and email content from most web-based email accounts. Despite our efforts, certain personally identifiable or sensitive information might get through the privacy rules and procedures. However, we do not knowingly use any inadvertently retained personally identifiable or sensitive information in our services.
If you participate in any other research panels or programs run by us (whether directly or indirectly, and regardless of device and applicable policy for each such other program), by joining this program you agree that we may use any information we have about you to match the data collected through this program with the data collected through such other panels and programs (including data collected in the past), and use the combined
If you participate in any other research panels or programs run by us (whether directly or indirectly, and regardless of device and applicable policy for each such other program), by joining this program you agree that we may use any information we have about you to match the data collected through this program with the data collected through such other panels and programs (including data collected in the past), and use the combined
data pursuant to the most restrictive applicable privacy policy. If you are upgrading the Software from an older version, re-joining this research program, or otherwise accepting the latest version of this Policy, you agree that after doing so, your data previously collected by Compete under your prior participation in the program may be used as described in this Policy. You may always uninstall the Software by following the instructions provided here. You may always uninstall the Software by following the removal instructions provided here hXXps://VVV.consumerinput.com/removal/.
data pursuant to the most restrictive applicable privacy policy. If you are upgrading the Software from an older version, re-joining this research program, or otherwise accepting the latest version of this Policy, you agree that after doing so, your data previously collected by Compete under your prior participation in the program may be used as described in this Policy. You may always uninstall the Software by following the instructions provided here. You may always uninstall the Software by following the removal instructions provided here hXXps://VVV.consumerinput.com/removal/.
By clicking "Next" you are agreeing to the Consumer Input End User License Agreement and Privacy Policy and consent to install Consumer Input and automatically enable it on your Firefox, Internet Explorer and Chrome browsers. You may always uninstall the Software by following the removal instructions provided here.
By clicking "Next" you are agreeing to the Consumer Input End User License Agreement and Privacy Policy and consent to install Consumer Input and automatically enable it on your Firefox, Internet Explorer and Chrome browsers. You may always uninstall the Software by following the removal instructions provided here.
hXXps://securehost-2.com/offers/InstallMetrix_ConsumerInput_new.exe
hXXps://securehost-2.com/offers/InstallMetrix_ConsumerInput_new.exe
HKEY_CURRENT_USER\Software\ConsumerInput;
HKEY_CURRENT_USER\Software\ConsumerInput;
hXXp://dl.softservers.net/111001500/OptimizerPro.exe
hXXp://dl.softservers.net/111001500/OptimizerPro.exe
HKEY_CURRENT_USER\Software\Optimizer Pro|BuyNowURL;
HKEY_CURRENT_USER\Software\Optimizer Pro|BuyNowURL;
NOTICE TO USER:Â THE TERMS BELOW ARE A BINDING AGREEMENT. BY CLICKING "I ACCEPT" BELOW OR BY DOWNLOADING, INSTALLING OR ACTIVATING OR USING THIS SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS LICENSE AGREEMENT, THAT YOU UNDERSTAND IT, AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT, PROMPTLY EXIT THIS PAGE WITHOUT DOWNLOADING, INSTALLING OR ACTIVATING THE SOFTWARE. YOU UNDERSTAND THAT YOU WILL BE INSTALLING CERTAIN SOFTWARE ON YOUR COMPUTER SYSTEM, AND YOU EXPRESSLY CONSENT TO SUCH INSTALLATION ON YOUR COMPUTER.
NOTICE TO USER:Â THE TERMS BELOW ARE A BINDING AGREEMENT. BY CLICKING "I ACCEPT" BELOW OR BY DOWNLOADING, INSTALLING OR ACTIVATING OR USING THIS SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS LICENSE AGREEMENT, THAT YOU UNDERSTAND IT, AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT, PROMPTLY EXIT THIS PAGE WITHOUT DOWNLOADING, INSTALLING OR ACTIVATING THE SOFTWARE. YOU UNDERSTAND THAT YOU WILL BE INSTALLING CERTAIN SOFTWARE ON YOUR COMPUTER SYSTEM, AND YOU EXPRESSLY CONSENT TO SUCH INSTALLATION ON YOUR COMPUTER.
username and password (or other login information) are secure. Your Device and all Data on such Device is at risk if you let someone use your account inappropriately. You should not reveal your password to other users. Licensor will not ask you to reveal your password. If you forget your password, you can request to have a new password sent to your registered e-mail address. You agree to immediately notify Licensor of any unauthorized use of your VuuPC
username and password (or other login information) are secure. Your Device and all Data on such Device is at risk if you let someone use your account inappropriately. You should not reveal your password to other users. Licensor will not ask you to reveal your password. If you forget your password, you can request to have a new password sent to your registered e-mail address. You agree to immediately notify Licensor of any unauthorized use of your VuuPC
account or password. Licensor will not be liable for any losses or damage arising from unauthorized use of your account or password, and you agree to indemnify and hold Licensor harmless for any improper or illegal use of your account.
account or password. Licensor will not be liable for any losses or damage arising from unauthorized use of your account or password, and you agree to indemnify and hold Licensor harmless for any improper or illegal use of your account.
hXXps://s3.amazonaws.com/cf_vopackage/SysInfo/VOPackage.exe
hXXps://s3.amazonaws.com/cf_vopackage/SysInfo/VOPackage.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage;
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage;
1.0.0.1
1.0.0.1
InstallerManager.exe
InstallerManager.exe
All Files (*.*)
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]
%s [Recovered]