Virus.Win32.Sality_bd5600ddf7

Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, SearchProtectToolbar.YR, GenericInjector.YR, GenericAutorunWorm.YR (Lavasoft MAS)Behaviour: Worm, Virus, WormAutorun

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

ddddddZ

ddddddZ

ddddddZ

ddddddZ

%d.%d.%d.%d

%d.%d.%d.%d

<unsupported></unsupported>

<unsupported></unsupported>

IP Address:%d.%d.%d.%d

IP Address:%d.%d.%d.%d

URI:%s

URI:%s

DNS:%s

DNS:%s

email:%s

email:%s

EdiPartyName:<unsupported></unsupported>

EdiPartyName:<unsupported></unsupported>

X400Name:<unsupported></unsupported>

X400Name:<unsupported></unsupported>

othername:<unsupported></unsupported>

othername:<unsupported></unsupported>

%d.%d.%d.%d/%d.%d.%d.%d

%d.%d.%d.%d/%d.%d.%d.%d

X509_CERT_PAIR

X509_CERT_PAIR

X509_CERT_AUX

X509_CERT_AUX

X.509 part of OpenSSL 1.0.0e 6 Sep 2011

X.509 part of OpenSSL 1.0.0e 6 Sep 2011

x%s

x%s

%s - d:d:d%.*s %d%s

%s - d:d:d%.*s %d%s

.\crypto\dh\dh_key.c

.\crypto\dh\dh_key.c

keylen <= sizeof key

keylen <= sizeof key

EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)

EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)

3ECDSA part of OpenSSL 1.0.0e 6 Sep 2011

3ECDSA part of OpenSSL 1.0.0e 6 Sep 2011

'() ,-./:=?

'() ,-./:=?

%lu:%s:%s:%d:%s

%lu:%s:%s:%d:%s

Verifying - %s

Verifying - %s

Basis Type: %s

Basis Type: %s

Field Type: %s

Field Type: %s

ASN1 OID: %s

ASN1 OID: %s

%s %s%lu (%s0x%lx)

%s %s%lu (%s0x%lx)

%*sPolicy Text: %s

%*sPolicy Text: %s

%*scrlUrl:

%*scrlUrl:

EXTENDED_KEY_USAGE

EXTENDED_KEY_USAGE

%*sZone: %s, User:

%*sZone: %s, User:

.\crypto\x509v3\v3_akey.c

.\crypto\x509v3\v3_akey.c

d.usernotice

d.usernotice

d.cpsuri

d.cpsuri

CERTIFICATEPOLICIES

CERTIFICATEPOLICIES

%*sExplicit Text: %s

%*sExplicit Text: %s

%*sNumber%s:

%*sNumber%s:

%*sOrganization: %s

%*sOrganization: %s

%*sCPS: %s

%*sCPS: %s

PKEY_USAGE_PERIOD

PKEY_USAGE_PERIOD

keyCertSign

keyCertSign

Certificate Sign

Certificate Sign

keyAgreement

keyAgreement

Key Agreement

Key Agreement

keyEncipherment

keyEncipherment

Key Encipherment

Key Encipherment

.\crypto\x509v3\v3_skey.c

.\crypto\x509v3\v3_skey.c

CONF part of OpenSSL 1.0.0e 6 Sep 2011

CONF part of OpenSSL 1.0.0e 6 Sep 2011

PROXY_CERT_INFO_EXTENSION

PROXY_CERT_INFO_EXTENSION

hexkey

hexkey

rsa_keygen_pubexp

rsa_keygen_pubexp

rsa_keygen_bits

rsa_keygen_bits

keylength

keylength

keyfunc

keyfunc

len>=0 && len<=(int)sizeof(ctx->key)

len>=0 && len<=(int)sizeof(ctx->key)

j <= (int)sizeof(ctx->key)

j <= (int)sizeof(ctx->key)

.\crypto\pkcs12\p12_key.c

.\crypto\pkcs12\p12_key.c

d.receiptList

d.receiptList

d.allOrFirstTier

d.allOrFirstTier

d.compressedData

d.compressedData

d.authenticatedData

d.authenticatedData

d.encryptedData

d.encryptedData

d.digestedData

d.digestedData

d.envelopedData

d.envelopedData

d.signedData

d.signedData

d.ori

d.ori

d.pwri

d.pwri

d.kekri

d.kekri

d.kari

d.kari

d.ktri

d.ktri

CMS_PasswordRecipientInfo

CMS_PasswordRecipientInfo

keyDerivationAlgorithm

keyDerivationAlgorithm

keyIdentifier

keyIdentifier

CMS_KeyAgreeRecipientInfo

CMS_KeyAgreeRecipientInfo

recipientEncryptedKeys

recipientEncryptedKeys

CMS_OriginatorIdentifierOrKey

CMS_OriginatorIdentifierOrKey

d.originatorKey

d.originatorKey

CMS_OriginatorPublicKey

CMS_OriginatorPublicKey

CMS_RecipientEncryptedKey

CMS_RecipientEncryptedKey

CMS_KeyAgreeRecipientIdentifier

CMS_KeyAgreeRecipientIdentifier

d.rKeyId

d.rKeyId

CMS_RecipientKeyIdentifier

CMS_RecipientKeyIdentifier

CMS_OtherKeyAttribute

CMS_OtherKeyAttribute

keyAttr

keyAttr

keyAttrId

keyAttrId

CMS_KeyTransRecipientInfo

CMS_KeyTransRecipientInfo

encryptedKey

encryptedKey

keyEncryptionAlgorithm

keyEncryptionAlgorithm

certificates

certificates

d.crl

d.crl

d.subjectKeyIdentifier

d.subjectKeyIdentifier

d.issuerAndSerialNumber

d.issuerAndSerialNumber

CMS_CertificateChoices

CMS_CertificateChoices

d.v2AttrCert

d.v2AttrCert

d.v1AttrCert

d.v1AttrCert

d.extendedCertificate

d.extendedCertificate

d.certificate

d.certificate

CMS_OtherCertificateFormat

CMS_OtherCertificateFormat

otherCert

otherCert

otherCertFormat

otherCertFormat

crlUrl

crlUrl

certStatus

certStatus

certId

certId

OCSP_CERTSTATUS

OCSP_CERTSTATUS

value.unknown

value.unknown

value.revoked

value.revoked

value.good

value.good

value.byKey

value.byKey

value.byName

value.byName

reqCert

reqCert

OCSP_CERTID

OCSP_CERTID

issuerKeyHash

issuerKeyHash

CONF_def part of OpenSSL 1.0.0e 6 Sep 2011

CONF_def part of OpenSSL 1.0.0e 6 Sep 2011

[[%s]]

[[%s]]

[%s] %s=%s

[%s] %s=%s

ECDH part of OpenSSL 1.0.0e 6 Sep 2011

ECDH part of OpenSSL 1.0.0e 6 Sep 2011

value.bag

value.bag

value.safes

value.safes

value.shkeybag

value.shkeybag

value.keybag

value.keybag

value.sdsicert

value.sdsicert

value.x509cert

value.x509cert

value.other

value.other

%s.dll

%s.dll

inflate 1.1.3 Copyright 1995-1998 Mark Adler

inflate 1.1.3 Copyright 1995-1998 Mark Adler

P%d_T%d_Dld_ld_ld_Tld_ld_ld

P%d_T%d_Dld_ld_ld_Tld_ld_ld

Main.cpp

Main.cpp

09:15:37

09:15:37

FileHandler.cpp

FileHandler.cpp

Logger\Log4cxxWrapper.cpp

Logger\Log4cxxWrapper.cpp

WM_DDE_EXECUTE

WM_DDE_EXECUTE

WM_KEYLAST

WM_KEYLAST

WM_SYSKEYUP

WM_SYSKEYUP

WM_SYSKEYDOWN

WM_SYSKEYDOWN

WM_KEYUP

WM_KEYUP

WM_KEYDOWN

WM_KEYDOWN

WM_VKEYTOITEM

WM_VKEYTOITEM

WM_CTLCOLORMSGBOX

WM_CTLCOLORMSGBOX

\StringFileInfo\xx\%s

\StringFileInfo\xx\%s

%d/%d/%d d:d:d

%d/%d/%d d:d:d

Module %d

Module %d

Image Base: 0xx Image Size: 0xx

Image Base: 0xx Image Size: 0xx

Checksum: 0xx Time Stamp: 0xx

Checksum: 0xx Time Stamp: 0xx

File Size: %-10d File Time: %s

File Size: %-10d File Time: %s

Company: %s

Company: %s

Product: %s

Product: %s

FileDesc: %s

FileDesc: %s

FileVer: %d.%d.%d.%d

FileVer: %d.%d.%d.%d

ProdVer: %d.%d.%d.%d

ProdVer: %d.%d.%d.%d

kernel32.dll

kernel32.dll

Windows Vista

Windows Vista

Windows Server 2008

Windows Server 2008

Windows 7

Windows 7

Windows Server 2008 R2

Windows Server 2008 R2

Windows 8

Windows 8

Windows Server 2012

Windows Server 2012

Windows 9

Windows 9

Windows Server 9

Windows Server 9

Web Server Edition

Web Server Edition

Windows Server 2003 R2

Windows Server 2003 R2

Windows Storage Server 2003

Windows Storage Server 2003

Windows Home Server

Windows Home Server

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition

Windows Server 2003

Windows Server 2003

Web Edition

Web Edition

Windows XP

Windows XP

Windows 2000

Windows 2000

(build %d)

(build %d)

This sample does not support this version of Windows.

This sample does not support this version of Windows.

Error occurred at %s.

Error occurred at %s.

Operating system: %s

Operating system: %s

Operating system: Could not Determine

Operating system: Could not Determine

%d processor(s), type %d.

%d processor(s), type %d.

%d%% memory in use.

%d%% memory in use.

%d MBytes physical memory.

%d MBytes physical memory.

%d MBytes physical memory free.

%d MBytes physical memory free.

%d MBytes paging file.

%d MBytes paging file.

%d MBytes paging file free.

%d MBytes paging file free.

%d MBytes user address space.

%d MBytes user address space.

%d MBytes user address space free.

%d MBytes user address space free.

a Float Denormal Operand

a Float Denormal Operand

a Float Invalid Operation

a Float Invalid Operation

0xx:

0xx:

EDI: 0xx ESI: 0xx EAX: 0xx

EDI: 0xx ESI: 0xx EAX: 0xx

EBX: 0xx ECX: 0xx EDX: 0xx

EBX: 0xx ECX: 0xx EDX: 0xx

EIP: 0xx EBP: 0xx SegCs: 0xx

EIP: 0xx EBP: 0xx SegCs: 0xx

EFlags: 0xx ESP: 0xx SegSs: 0xx

EFlags: 0xx ESP: 0xx SegSs: 0xx

%s\CRASH_REPORT_%s.txt

%s\CRASH_REPORT_%s.txt

%s caused %s (0xx)

%s caused %s (0xx)

in module %s at x:x.

in module %s at x:x.

%s location x caused an access violation.

%s location x caused an access violation.

===== [end of %s] =====

===== [end of %s] =====

%s\CRASH_DUMP_%s.dmp

%s\CRASH_DUMP_%s.dmp

Exception code is 0xX

Exception code is 0xX

Crash dump file: %s

Crash dump file: %s

Crash report file :%s

Crash report file :%s

Error creating dump file, err=%d

Error creating dump file, err=%d

Utils.cpp

Utils.cpp

Utils::GetHttpHeaderData

Utils::GetHttpHeaderData

Windows Vista

Windows Vista

Windows Server 2008

Windows Server 2008

Windows 7

Windows 7

Windows Server 2008 R2

Windows Server 2008 R2

Windows 8

Windows 8

Windows Server 2012

Windows Server 2012

Windows 9

Windows 9

Windows Server 9

Windows Server 9

PingSender.cpp

PingSender.cpp

the value the Arg has been passed.

the value the Arg has been passed.

Main\CommandLineHandler.cpp

Main\CommandLineHandler.cpp

(1 , 5 , 0 , 71)

(1 , 5 , 0 , 71)

Main\SearchProtector.cpp

Main\SearchProtector.cpp

SearchProtector_::InitLoginService

SearchProtector_::InitLoginService

SearchProtector_::GetAppDataExePath

SearchProtector_::GetAppDataExePath

SelfProtector\SelfProtector.cpp

SelfProtector\SelfProtector.cpp

key path:

key path:

Settings\SettingsManager.cpp

Settings\SettingsManager.cpp

SettingsManager_::ParseKeyValueSettings

SettingsManager_::ParseKeyValueSettings

Services\ServiceManager.cpp

Services\ServiceManager.cpp

ServiceManager_::GetDefaultServiceMapUrl

ServiceManager_::GetDefaultServiceMapUrl

ServiceManager_::SetServiceMapUrl

ServiceManager_::SetServiceMapUrl

ServiceManager_::SetServiceMapUrlToSettings

ServiceManager_::SetServiceMapUrlToSettings

ServiceManager_::HttpAsyncCallBack

ServiceManager_::HttpAsyncCallBack

BrowserManager.cpp

BrowserManager.cpp

TranslationManager.cpp

TranslationManager.cpp

TranslationManager_::GetServiceUrl

TranslationManager_::GetServiceUrl

Dialogs\DialogsManager.cpp

Dialogs\DialogsManager.cpp

DialogsManager_::HandleDialogInvokeSync

DialogsManager_::HandleDialogInvokeSync

Navigation URL=

Navigation URL=

ToolbarManager.cpp

ToolbarManager.cpp

Main\FinishInstallHandler.cpp

Main\FinishInstallHandler.cpp

UninstallManager.cpp

UninstallManager.cpp

UninstallManager::RemoveSelfFromPendingFileRenameOperations

UninstallManager::RemoveSelfFromPendingFileRenameOperations

ErrorManager.cpp

ErrorManager.cpp

ErrorManager_::ReportError

ErrorManager_::ReportError

ErrorManager_::ReportErrors

ErrorManager_::ReportErrors

SearchAssetsManager.cpp

SearchAssetsManager.cpp

SearchAssetsManager_::GetCtidAssetUrl

SearchAssetsManager_::GetCtidAssetUrl

SearchAssetsManager_::GetCurrentAssetUrl

SearchAssetsManager_::GetCurrentAssetUrl

SearchAssetsManager_::SetUrlByCtidAndAsset

SearchAssetsManager_::SetUrlByCtidAndAsset

SearchAssetsManager_::GetUrlByCtidAndAsset

SearchAssetsManager_::GetUrlByCtidAndAsset

LoginManager::LoginManager

LoginManager::LoginManager

LoginManager.cpp

LoginManager.cpp

LoginManager::~LoginManager

LoginManager::~LoginManager

LoginManager::RequestService

LoginManager::RequestService

LoginManager::CreateInitialJson

LoginManager::CreateInitialJson

LoginManager::GetBrowserSpecificData

LoginManager::GetBrowserSpecificData

LoginManager::GetInstalledCompetitors

LoginManager::GetInstalledCompetitors

LoginManager::ReqestServiceByBrowser

LoginManager::ReqestServiceByBrowser

AutoUpdateManager.cpp

AutoUpdateManager.cpp

ShellExecute error

ShellExecute error

SelfProtector\FilesProtector.cpp

SelfProtector\FilesProtector.cpp

SelfProtector\ProtectorBase.cpp

SelfProtector\ProtectorBase.cpp

SelfProtector\RegistryProtector.cpp

SelfProtector\RegistryProtector.cpp

Settings\RepositoryManager.cpp

Settings\RepositoryManager.cpp

Settings\InitDataManager.cpp

Settings\InitDataManager.cpp

Settings\ServerSettingsManager.cpp

Settings\ServerSettingsManager.cpp

Services\TimerBasedServiceHandler.cpp

Services\TimerBasedServiceHandler.cpp

TimerBasedServiceHandler::HttpAsyncCallBack

TimerBasedServiceHandler::HttpAsyncCallBack

Services\ServiceHandler.cpp

Services\ServiceHandler.cpp

ServiceHandler::HttpAsyncCallBack

ServiceHandler::HttpAsyncCallBack

ServiceHandler::GetServiceUrl

ServiceHandler::GetServiceUrl

AliasManager.cpp

AliasManager.cpp

Settings\ModuleSettingsManager.cpp

Settings\ModuleSettingsManager.cpp

ModuleSettingsManager::GetAssetUrl

ModuleSettingsManager::GetAssetUrl

AssetHandlers\AssetHandler.cpp

AssetHandlers\AssetHandler.cpp

, using default url :

, using default url :

, using url as is

, using url as is

AssetHandler::UpdateUrlParams

AssetHandler::UpdateUrlParams

AssetHandler::MergeSearchUrlParameters

AssetHandler::MergeSearchUrlParameters

Usages\TakeoverUsageData.cpp

Usages\TakeoverUsageData.cpp

Usages\UsageManager.cpp

Usages\UsageManager.cpp

UsageManager_::FlushReportsQueue

UsageManager_::FlushReportsQueue

UsageManager_::EnqueueReport

UsageManager_::EnqueueReport

UsageManager_::FlushReport

UsageManager_::FlushReport

AssetHandlerClassFactory.cpp

AssetHandlerClassFactory.cpp

Settings\InitData.cpp

Settings\InitData.cpp

Dialogs\SettingsDialog.cpp

Dialogs\SettingsDialog.cpp

SettingsDialog::GetNavigationURL

SettingsDialog::GetNavigationURL

Dialogs\DialogBase.cpp

Dialogs\DialogBase.cpp

DialogBase::CompetitorURL

DialogBase::CompetitorURL

BrowserUserCtid.cpp

BrowserUserCtid.cpp

Usages\FunnelDataManager.cpp

Usages\FunnelDataManager.cpp

FunnelDataManager_::ReportFunnelData

FunnelDataManager_::ReportFunnelData

FunnelDataManager_::CreateInitialReportJson

FunnelDataManager_::CreateInitialReportJson

Usages\ProtectionUserChangedAssetUsageData.cpp

Usages\ProtectionUserChangedAssetUsageData.cpp

Usages\ProtectionUsageData.cpp

Usages\ProtectionUsageData.cpp

Usages\BrowserSpecificUsageData.cpp

Usages\BrowserSpecificUsageData.cpp

Usages\UsageData.cpp

Usages\UsageData.cpp

AssetHandlers\FFAssetHandler.cpp

AssetHandlers\FFAssetHandler.cpp

FFAssetHandler::UpdateUrlParams

FFAssetHandler::UpdateUrlParams

FFAssetHandler::GetRevertSettingsRegKeyByOS

FFAssetHandler::GetRevertSettingsRegKeyByOS

AssetHandlers\IEAssetHandler.cpp

AssetHandlers\IEAssetHandler.cpp

RegistryHandler.cpp

RegistryHandler.cpp

RegistryHandler::CreateKey

RegistryHandler::CreateKey

RegistryHandler::GetKey

RegistryHandler::GetKey

Conduit::SearchProtector::Utils::HTTPManager::AsyncThreadProc

Conduit::SearchProtector::Utils::HTTPManager::AsyncThreadProc

HTTP\HTTPManager.cpp

HTTP\HTTPManager.cpp

Conduit::SearchProtector::Utils::HTTPManager::AsyncThreadProc_

Conduit::SearchProtector::Utils::HTTPManager::AsyncThreadProc_

Conduit::SearchProtector::Utils::HTTPManager::RequestAsync

Conduit::SearchProtector::Utils::HTTPManager::RequestAsync

Conduit::SearchProtector::Utils::HTTPManager::AsyncDownloadThreadProc

Conduit::SearchProtector::Utils::HTTPManager::AsyncDownloadThreadProc

Conduit::SearchProtector::Utils::HTTPManager::AsyncDownloadThreadProc_

Conduit::SearchProtector::Utils::HTTPManager::AsyncDownloadThreadProc_

Conduit::SearchProtector::Utils::HTTPManager::DownloadFileAsync

Conduit::SearchProtector::Utils::HTTPManager::DownloadFileAsync

Conduit::SearchProtector::Utils::HTTPManager::CheckInternetConnection

Conduit::SearchProtector::Utils::HTTPManager::CheckInternetConnection

TimerWindow.cpp

TimerWindow.cpp

DataChangeNotifier.cpp

DataChangeNotifier.cpp

CompressionHandler.cpp

CompressionHandler.cpp

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Content-Disposition: form-data; name="%s"; filename="%s"

Content-Disposition: form-data; name="%s"; filename="%s"

Content-Disposition: form-data; name="%s"

Content-Disposition: form-data; name="%s"

https

https

HTTP/1.0

HTTP/1.0

http://

http://

https://

https://

Content-Length: %u

Content-Length: %u

Data\UsersProfileData.cpp

Data\UsersProfileData.cpp

BrowserModule.cpp

BrowserModule.cpp

Data\UserBrowserAsset.cpp

Data\UserBrowserAsset.cpp

ToolbarSettings.cpp

ToolbarSettings.cpp

Data\SearchAssetData.cpp

Data\SearchAssetData.cpp

Data\BrowserAsset.cpp

Data\BrowserAsset.cpp

Events\Event.cpp

Events\Event.cpp

ModuleAction.cpp

ModuleAction.cpp

WebBrowserDefs.cpp

WebBrowserDefs.cpp

WebBrowserContainer::WebBrowserContainer

WebBrowserContainer::WebBrowserContainer

WebBrowserContainer.cpp

WebBrowserContainer.cpp

WebBrowserContainer::~WebBrowserContainer

WebBrowserContainer::~WebBrowserContainer

WebBrowserContainer::Initialize

WebBrowserContainer::Initialize

WebBrowserContainer::CreateExternal

WebBrowserContainer::CreateExternal

WebBrowserContainer::Navigate

WebBrowserContainer::Navigate

Calling Navigate bsUrl=

Calling Navigate bsUrl=

Failed Navigate bsUrl=

Failed Navigate bsUrl=

WebBrowserContainer::InitContainer

WebBrowserContainer::InitContainer

WebBrowserContainer::Finalize

WebBrowserContainer::Finalize

WebBrowserContainer::SetLocation

WebBrowserContainer::SetLocation

WebBrowserContainer::SetVisible

WebBrowserContainer::SetVisible

WebBrowserContainer::AddBehaviorToBodyElement

WebBrowserContainer::AddBehaviorToBodyElement

WebBrowserContainer::GetWindowContext

WebBrowserContainer::GetWindowContext

WebBrowserContainer::OnBeforeNavigate

WebBrowserContainer::OnBeforeNavigate

WebBrowserContainer::OnDocumentComplete

WebBrowserContainer::OnDocumentComplete

WebBrowserContainer::OnNavigateComplete

WebBrowserContainer::OnNavigateComplete

WebBrowserContainer::OnNavigateError

WebBrowserContainer::OnNavigateError

WebBrowserContainer::InjectJs

WebBrowserContainer::InjectJs

WebBrowserContainer::OnFocus

WebBrowserContainer::OnFocus

WebBrowserContainer::UIActivateIO

WebBrowserContainer::UIActivateIO

WebBrowserContainer::HasFocusIO

WebBrowserContainer::HasFocusIO

WebBrowserContainer::TranslateAcceleratorIO

WebBrowserContainer::TranslateAcceleratorIO

WebBrowserContainer::OnRefresh

WebBrowserContainer::OnRefresh

WebBrowserContainer::OnSize

WebBrowserContainer::OnSize

WebBrowserContainer::FocusChange

WebBrowserContainer::FocusChange

WebBrowserContainer::SetAlphaColorKey

WebBrowserContainer::SetAlphaColorKey

WebBrowserContainer::OnRefreshComplete

WebBrowserContainer::OnRefreshComplete

WebBrowserContainer::SetDragAndDropFiles

WebBrowserContainer::SetDragAndDropFiles

, m_pWebBrowser =

, m_pWebBrowser =

WebBrowserContainer::SetMainToolbarBrowserTransparent

WebBrowserContainer::SetMainToolbarBrowserTransparent

WebBrowserContainer::InvokeSync

WebBrowserContainer::InvokeSync

WebBrowserContainer::InvokeASync

WebBrowserContainer::InvokeASync

WebBrowserContainer::SetInvokeSyncCallback

WebBrowserContainer::SetInvokeSyncCallback

n%D,3

n%D,3

WebWindow::WebWindow

WebWindow::WebWindow

WebWindow.cpp

WebWindow.cpp

WebWindow::~WebWindow

WebWindow::~WebWindow

WebWindow::WindowProc_

WebWindow::WindowProc_

WebWindow::OnKillFocus

WebWindow::OnKillFocus

WebWindow::OnSetFocus

WebWindow::OnSetFocus

WebWindow::Create

WebWindow::Create

WebWindow::Show

WebWindow::Show

WebWindow::GetWindowRect

WebWindow::GetWindowRect

WebWindow::GetClientRect

WebWindow::GetClientRect

WebWindow::SetAlphaColorKey

WebWindow::SetAlphaColorKey

WebWindow::OnEraseBackground

WebWindow::OnEraseBackground

WebBrowserDispatcher::WebBrowserDispatcher

WebBrowserDispatcher::WebBrowserDispatcher

WebBrowserDispatcher.cpp

WebBrowserDispatcher.cpp

WebBrowserDispatcher::~WebBrowserDispatcher

WebBrowserDispatcher::~WebBrowserDispatcher

WebBrowserDispatcher::InitGIT

WebBrowserDispatcher::InitGIT

WebBrowserDispatcher::GetDocumentInterface

WebBrowserDispatcher::GetDocumentInterface

WebBrowserDispatcher::GetIDsOfNames

WebBrowserDispatcher::GetIDsOfNames

WebBrowserDispatcher::Invoke

WebBrowserDispatcher::Invoke

WebBrowserDispatcher::DisconnectAllHtmlEvents

WebBrowserDispatcher::DisconnectAllHtmlEvents

WebBrowserDispatcher::ConnectEvents

WebBrowserDispatcher::ConnectEvents

WebBrowserDispatcher::DisconnectEvents

WebBrowserDispatcher::DisconnectEvents

WebBrowserDispatcher::OnDocumentComplete

WebBrowserDispatcher::OnDocumentComplete

WebBrowserDispatcher::OnBeforeNavigate

WebBrowserDispatcher::OnBeforeNavigate

WebBrowserDispatcher::OnNavigateComplete

WebBrowserDispatcher::OnNavigateComplete

WebBrowserDispatcher::OnNavigateError

WebBrowserDispatcher::OnNavigateError

WebBrowserDispatcher::OnWindowStateChanged

WebBrowserDispatcher::OnWindowStateChanged

WebBrowserDispatcher::OnDownloadComplete

WebBrowserDispatcher::OnDownloadComplete

WebBrowserDispatcher::OnDownloadBegin

WebBrowserDispatcher::OnDownloadBegin

WebBrowserDispatcher::OnWindowClosing

WebBrowserDispatcher::OnWindowClosing

WebBrowserExternal::WebBrowserExternal

WebBrowserExternal::WebBrowserExternal

WebBrowserExternal.cpp

WebBrowserExternal.cpp

WebBrowserExternal::~WebBrowserExternal

WebBrowserExternal::~WebBrowserExternal

WebBrowserExternal::Invoke

WebBrowserExternal::Invoke

WebBrowserExternal::OnApiWriteDebugString

WebBrowserExternal::OnApiWriteDebugString

WebBrowserExternal::GetTypeInfo

WebBrowserExternal::GetTypeInfo

WebBrowserExternal::GetTypeInfoCount

WebBrowserExternal::GetTypeInfoCount

WebBrowserExternal::GetDispatch

WebBrowserExternal::GetDispatch

WebBrowserExternal::GenerateFunctionsAndDISPIDs

WebBrowserExternal::GenerateFunctionsAndDISPIDs

CWebBrowserFocusWnd::CWebBrowserFocusWnd

CWebBrowserFocusWnd::CWebBrowserFocusWnd

WebBrowserFocusWnd.cpp

WebBrowserFocusWnd.cpp

CWebBrowserFocusWnd::~CWebBrowserFocusWnd

CWebBrowserFocusWnd::~CWebBrowserFocusWnd

BaseWnd.cpp

BaseWnd.cpp

D:\builds\27\Search Protector\SP-1.5.0-CI\Binaries\Win32\Release\cltmng.pdb

D:\builds\27\Search Protector\SP-1.5.0-CI\Binaries\Win32\Release\cltmng.pdb

SetProcessShutdownParameters

SetProcessShutdownParameters

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

MSVCP100.dll

MSVCP100.dll

SHLWAPI.dll

SHLWAPI.dll

VERSION.dll

VERSION.dll

PSAPI.DLL

PSAPI.DLL

MSVCR100.dll

MSVCR100.dll

_amsg_exit

_amsg_exit

_wcmdln

_wcmdln

_crt_debugger_hook

_crt_debugger_hook

dbghelp.dll

dbghelp.dll

CryptMsgGetParam

CryptMsgGetParam

CertFindCertificateInStore

CertFindCertificateInStore

CertGetNameStringW

CertGetNameStringW

CertFreeCertificateContext

CertFreeCertificateContext

CertCloseStore

CertCloseStore

CryptMsgClose

CryptMsgClose

CRYPT32.dll

CRYPT32.dll

CreateIoCompletionPort

CreateIoCompletionPort

GetProcessHeap

GetProcessHeap

GDI32.dll

GDI32.dll

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

ADVAPI32.dll

ADVAPI32.dll

ShellExecuteW

ShellExecuteW

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

UrlUnescapeW

UrlUnescapeW

InternetCrackUrlW

InternetCrackUrlW

HttpOpenRequestA

HttpOpenRequestA

HttpAddRequestHeadersA

HttpAddRequestHeadersA

HttpSendRequestW

HttpSendRequestW

HttpSendRequestA

HttpSendRequestA

HttpSendRequestExW

HttpSendRequestExW

HttpEndRequestW

HttpEndRequestW

HttpQueryInfoA

HttpQueryInfoA

WININET.dll

WININET.dll

GetProcessWindowStation

GetProcessWindowStation

RegCreateKeyExW

RegCreateKeyExW

RegNotifyChangeKeyValue

RegNotifyChangeKeyValue

RegQueryInfoKeyW

RegQueryInfoKeyW

ReportEventA

ReportEventA

COMCTL32.dll

COMCTL32.dll

.?AVwindows_file_codecvt@@

.?AVwindows_file_codecvt@@

.?AVIHttpAsyncCallback@Utils@SearchProtector@Conduit@@

.?AVIHttpAsyncCallback@Utils@SearchProtector@Conduit@@

.?AVCmdLine@TCLAP@@

.?AVCmdLine@TCLAP@@

.?AVCmdLineInterface@TCLAP@@

.?AVCmdLineInterface@TCLAP@@

.?AVCmdLineOutput@TCLAP@@

.?AVCmdLineOutput@TCLAP@@

.?AVCmdLineParseException@TCLAP@@

.?AVCmdLineParseException@TCLAP@@

.?AV?$sp_counted_impl_p@VLoginManager@@@detail@boost@@

.?AV?$sp_counted_impl_p@VLoginManager@@@detail@boost@@

.PA_W

.PA_W

.?AV?$thread_data@V?$bind_t@XV?$BindThis2@_NVDialogsManager_@@PAVIWebBrowserContainer@@PAUtagDISPPARAMS@@@@V?$list2@V?$value@PAVIWebBrowserContainer@@@_bi@boost@@V?$value@PAUtagDISPPARAMS@@@23@@_bi@boost@@@_bi@boost@@@detail@boost@@

.?AV?$thread_data@V?$bind_t@XV?$BindThis2@_NVDialogsManager_@@PAVIWebBrowserContainer@@PAUtagDISPPARAMS@@@@V?$list2@V?$value@PAVIWebBrowserContainer@@@_bi@boost@@V?$value@PAUtagDISPPARAMS@@@23@@_bi@boost@@@_bi@boost@@@detail@boost@@

.?AVLoginManager@@

.?AVLoginManager@@

.?AVWebBrowserDispatcher@@

.?AVWebBrowserDispatcher@@

.?AVWebWindow@@

.?AVWebWindow@@

.?AVIWebBrowserContainer@@

.?AVIWebBrowserContainer@@

.?AVWebBrowserContainer@@

.?AVWebBrowserContainer@@

.?AVWebBrowserExternal@@

.?AVWebBrowserExternal@@

.?AVCWebBrowserFocusWnd@@

.?AVCWebBrowserFocusWnd@@

%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\

%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\

/1::::0/

/1::::0/

.8:::;::8.

.8:::;::8.

0"8 8<<5

0"8 8<<5

>633,, ,&36>

>633,, ,&36>

ttt.ttt{mnn

ttt.ttt{mnn

ttt.ttttprp

ttt.ttttprp

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

PAD-----BEGIN PUBLIC KEY-----

PAD-----BEGIN PUBLIC KEY-----

-----END PUBLIC KEY-----

-----END PUBLIC KEY-----

5U5l6

5U5l6

8"8'8@8{8

8"8'8@8{8

;%;.;@;[;

;%;.;@;[;

8Ÿ9|9

8Ÿ9|9

6%6.6@6[6

6%6.6@6[6

4%5U5-6`6e6

4%5U5-6`6e6

9&:2:[:`:

9&:2:[:`:

8%8X8a8s8

8%8X8a8s8

9):.:4:~:

9):.:4:~:

1/2u2

1/2u2

;&<5><pre>3<4><pre>7%7X7</pre><pre>>%? ?2?\?</pre><pre>7t7D7L7[7w7|7</pre><pre>:":):0:7:</pre><pre>< <&<,<2><pre>6,6064686<6><pre>4%4S4Z4c4l4</pre><pre>8&81888~8</pre><pre>; <$<(<,<0><pre>9;<#=(=2=</pre><pre>99J9P9f9</pre><pre>4L4</pre><pre>4#41494~4</pre><pre>6 6,646<6><pre>? ?$?(?,?0?4?8?<?php@?</pre><pre>3 3$3(3,30343</pre><pre>9 9$9(9,909</pre><pre>: :$:(:,:0:</pre><pre>6 6$6(6,6064686<6</pre><pre>4,=0=4=8=</pre><pre>3 3$3(3,3034383<3</pre><pre>: :$:$;(;,;0;4;8;</pre><pre>7,787\7|7</pre><pre>Login</pre><pre>LoggerConfig.xml</pre><pre>1.5.0.71</pre><pre>SetProcessShutdownParameters ,bRet:</pre><pre>CreateIoCompletionPort, hFile=</pre><pre>Error in CreateIoCompletionPort, err</pre><pre>Exit function. uiKey=</pre><pre>uiMonitorKey=</pre><pre>MonitorDirectoryThread(): I/O Operation has been canceled, Stopped=</pre><pre>CloseHandle on hDirOPPort, GetLastError=</pre><pre>PWM_SYSKEYDOWN</pre><pre>RWM_KEYUP</pre><pre>TWM_CTLCOLORMSGBOX</pre><pre>AIDispatch error #%d</pre><pre>user32.dll</pre><pre>Blog4cxx.dll</pre><pre>Firefox</pre><pre>Chrome</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion</pre><pre>rep.dat</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion</pre><pre>Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders</pre><pre>msvcp100.dll</pre><pre>msvcr100.dll</pre><pre>yGetProccessID Failed on explorer.exe!</pre><pre>Integrity level is high while explorer.exe is not!</pre><pre>Software\Microsoft\Windows\CurrentVersion\Run</pre><pre>m_InitDataChangeQueue.size() =</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/smart_ptr/shared_ptr.hpp</pre><pre>ChromeModule.dll</pre><pre>FirefoxModule.dll</pre><pre>InternetExplorerModule.dll</pre><pre>Enter function. wkey=</pre><pre>GetSetting wkey=</pre><pre>GetSetting failed getting wkey=</pre><pre>Overwritting previous setting. key=</pre><pre>wUrl=</pre><pre>https://servicemap.conduit-services.com/sp</pre><pre>https://servicemap.qaconduit-services.com/sp</pre><pre>Exit function. wUrl=</pre><pre>Missing Export entries in DLL</pre><pre>t!pAssetChangedData</pre><pre>pAssetEvent == NULL</pre><pre>translatedKeys</pre><pre>Missing array of translated keys!</pre><pre>keyId</pre><pre>Couldn't find translation for key</pre><pre>Couldn't find default translation for key</pre><pre>Enter function. wKey=</pre><pre>Unsupported dialog position =</pre><pre>cNot enough arguments were passed</pre><pre>Finish Reason is unsupported =</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/signals2/detail/auto_buffer.hpp</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/signals2/detail/signal_template.hpp</pre><pre>_shared_state.unique()</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/signals2/detail/slot_groups.hpp</pre><pre>this_map_it != _group_map.end()</pre><pre>it != _list.end()</pre><pre>map_it != _group_map.end()</pre><pre>weakly_equivalent(map_it->first, key)</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/optional/optional.hpp</pre><pre>members_.capacity_ >= N</pre><pre>members_.capacity_ >= n</pre><pre>size_ <= members_.capacity_</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/thread/win32/thread_primitives.hpp</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/thread/win32/thread_heap_alloc.hpp</pre><pre>detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/smart_ptr/scoped_ptr.hpp</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/variant/detail/visitation_impl.hpp</pre><pre>D:\builds\27\Search Protector\SP-1.5.0-CI\Sources\3rdParty\Boost\boost_1_53_0\boost/variant/detail/forced_return.hpp</pre><pre>SPSetup.exe</pre><pre>sPendingFileRenameOperations</pre><pre>Deleted the error report from requests map =</pre><pre>tKeepCrashReports</pre><pre>CRASH*.txt</pre><pre>CRASH*.dmp</pre><pre>Maxed out retries count for error report:</pre><pre>HomePageUrl</pre><pre>SearchUrl</pre><pre>Unable to get current Asset URL for</pre><pre>Sending login for browser =</pre><pre>LoginData=</pre><pre>Not sending login for browser =</pre><pre>autoUpdateModuleUrl</pre><pre>AutoUpdateDownloadUrl</pre><pre>.Invalid URL</pre><pre>Starting download: m_wAutoUpdateURL=</pre><pre>DownloadFileAsync Error. Unable to download auto-update file, URL:</pre><pre>SPUpdater.exe</pre><pre>Key has changed!</pre><pre>Software\Mozilla\Mozilla Firefox</pre><pre>tPathToExe</pre><pre>Change in exe directory detected.</pre><pre>serviceMapUrl</pre><pre>3.6.0.0</pre><pre>3.7.0.0</pre><pre>CustomizedAssetUrl</pre><pre>Unknown server setting. key =</pre><pre>Interval hasn't passed yet for</pre><pre>data.iRefreshInterval=</pre><pre>. HTTP Code:</pre><pre>Getting service failed. URL:</pre><pre>Exit function. Failed getting Client Log service, Not reporting error on it,Avoid Poison Reverse</pre><pre>eSet key path [</pre><pre>No knowledge of current url for asset.</pre><pre>Current url:</pre><pre>KnownUrlForState</pre><pre>No last known url (Shouldn't happen). Sending Asset change event</pre><pre>CurrentUrl=</pre><pre>, Known url=</pre><pre>e wCurrentUrl=</pre><pre>!pAssetChangeEvent || !pAssetChangeEvent->NewAssetData()</pre><pre>PreviousUrl=</pre><pre>NewUrl=</pre><pre>MyKnownUrl=</pre><pre>Unable to parse CTID from new conduit search URL:</pre><pre>Not protecting firefox!</pre><pre>This lose event already executed.</pre><pre>, prev URL</pre><pre>, new URL</pre><pre>Url found as invalid</pre><pre>http://search.conduit.com/?ctid=</pre><pre>Failed to build default url :</pre><pre>No valid url to takeover with</pre><pre>Url before update:</pre><pre>m_pSearchAssetData->Url()=</pre><pre>SearchAssetManaget->GetCtidAssetUrl failed for CTID:</pre><pre>aggressiveTakeoverWindowSec</pre><pre>Enter function. wMainUrl=</pre><pre>wNewUrl=</pre><pre>wMainUrl=</pre><pre>Enter function. wSearchApiCtidUrl=</pre><pre>New url and search api urls are identical. Nothing to merge or takeover.</pre><pre>takeover_url</pre><pre>Enqueuing usage report:</pre><pre>Unable to build usage report</pre><pre>No queued usages to report</pre><pre>..\Dialogs\spsd\main.html</pre><pre>Reg Key:</pre><pre>revertedUrl</pre><pre>Url Reverted to</pre><pre>different from new url</pre><pre>d-d-d d:d:d</pre><pre>RegCloseKey failed. Name=</pre><pre>hKey is null. Error code:</pre><pre>, bKeyExist=</pre><pre>RegCloseKey failed</pre><pre>RegCreateKeyExW failed</pre><pre>yExitFunction hKey = 0x</pre><pre>RegNotifyChangeKeyValue failed</pre><pre>pHttpAsyncData == NULL</pre><pre>wUrl=</pre><pre>Exception while trying to send HTTP request</pre><pre>Exception(...) while trying to send HTTP request</pre><pre>Deleting pHttpAsyncData</pre><pre>Qsearch.conduit.com</pre><pre>search.qasite.com</pre><pre>%s%s%s</pre><pre>], Url[</pre><pre>Shell.Explorer</pre><pre>Failed reciving IWebBrowser 2 from IUnknown</pre><pre>WebWindow::Create failed</pre><pre>EnterFunction bsUrl=</pre><pre>Navigate received null Url</pre><pre>m_pWebBrowser is NULL !!!</pre><pre>Browser is busy navigation will not be execute</pre><pre>Exception: Navigate failed!!! url=</pre><pre>Stoping IWebBrowser2 ...</pre><pre>m_pWebBrowser->Stop failed. hRes=</pre><pre>get_URL failed</pre><pre>EnterFunction clrColorKey =</pre><pre>SetAlphaColorKey failed</pre><pre>SP_Web_Window</pre><pre>Failed to load user32.dll</pre><pre>m_pWebBrowser is NULL</pre><pre>Windows.External.writeDebugString</pre><pre>Windows.External.InvokePlatformAction: param 1 is not string</pre><pre>SetWindowSubclass Failed</pre><pre>TSPHOOK_MSG_NEW_WINDOW_CREATED</pre><pre>SPHOOK_MSG_USER_CHANGED_HOMEPAGE</pre><pre>SPHOOK_MSG_USER_CHANGED_SEARCH_PROVIDER</pre><pre>SPHOOK_MSG_IE_FRAME_ACTIVATED</pre><pre>SPHOOK_MSG_END_HOOK</pre><pre>SPHOOK_REGISTRY_CHANGED_MSG</pre><pre>All Files (*.*)</pre><pre>No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.</pre><pre>Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.</pre><pre>Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.</pre><pre>#Unable to load mail system support.</pre><pre>Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents</pre><pre>%s [Recovered]</pre><b>cltmng.exe_2492_rwx_011D0000_00002000:</b><pre>SHELL32.DLL</pre><pre>ShellExecuteA</pre><pre>KERNEL32.DLL</pre><pre>.rsrc</pre><pre>.text</pre><b>cltmng.exe_2492_rwx_011E0000_00001000:</b><pre>|cltmng.exeM_2492_</pre><b>Explorer.EXE_1684_rwx_00EE0000_00002000:</b><pre>SHELL32.DLL</pre><pre>ShellExecuteA</pre><pre>KERNEL32.DLL</pre><pre>.rsrc</pre><pre>.text</pre><b>Explorer.EXE_1684_rwx_00EF0000_00001000:</b><pre>|explorer.exeM_1684_</pre><b>Explorer.EXE_1684_rwx_038D0000_0108E000:</b><pre>c:\windows</pre><pre>http://202.143.159.135/images/logo.gif</pre><pre>http://bem.dk/images/logof.gif</pre><pre>http://banboon.com/images/logo.gif</pre><pre>http://bdb.com.my/logo.gif</pre><pre>http://baulaung.org/images/logo.gif</pre><pre>http://bazyar-arya.com/logo.gif</pre><pre>http://barlikinsaat.com.tr/images/logo.gif</pre><pre>http://basamakhalisi.com/logo.gif</pre><pre>%System%\drivers\hlmihn.sys</pre><pre>13714532319</pre><pre>SHELL32.DLL</pre><pre>ShellExecuteA</pre><pre>KERNEL32.DLL</pre><pre>.rsrc</pre><pre>.text</pre><pre>http://89.119.67.154/testo5/</pre><pre>http://kukutrustnet777.info/home.gif</pre><pre>http://kukutrustnet888.info/home.gif</pre><pre>http://kukutrustnet987.info/home.gif</pre><pre>KERNEL32.dll</pre><pre>USER32.dll</pre><pre>h.rdata</pre><pre>H.data</pre><pre>.reloc</pre><pre>ntoskrnl.exe</pre><pre>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)</pre><pre>Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache</pre><pre>Software\Microsoft\Windows\CurrentVersion\Internet Settings</pre><pre>Software\Microsoft\Windows\CurrentVersion</pre><pre>http://www.klkjwre9fqwieluoi.info/</pre><pre>http://kukutrustnet777888.info/</pre><pre>Software\Microsoft\Windows\CurrentVersion\policies\system</pre><pre>Software\Microsoft\Windows\ShellNoRoam\MUICache</pre><pre>%s:*:Enabled:ipsec</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced</pre><pre>GdiPlus.dll</pre><pre>http://</pre><pre>ipfltdrv.sys</pre><pre>www.microsoft.com</pre><pre>?%x=%d</pre><pre>&%x=%d</pre><pre>SYSTEM.INI</pre><pre>USER32.DLL</pre><pre>.%c%s</pre><pre>\\.\amsint32</pre><pre>NTDLL.DLL</pre><pre>autorun.inf</pre><pre>ADVAPI32.DLL</pre><pre>win%s.exe</pre><pre>%s.exe</pre><pre>WININET.DLL</pre><pre>InternetOpenUrlA</pre><pre>avast! Web Scanner</pre><pre>Avira AntiVir Premium WebGuard</pre><pre>cmdGuard</pre><pre>cmdAgent</pre><pre>Eset HTTP Server</pre><pre>ProtoPort Firewall service</pre><pre>SpIDer FS Monitor for Windows NT</pre><pre>Symantec Password Validation</pre><pre>WebrootDesktopFirewallDataService</pre><pre>WebrootFirewall</pre><pre>%d%d.tmp</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</pre><pre>%s\%s</pre><pre>%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats</pre><pre>Software\Microsoft\Windows\CurrentVersion\Ext\Stats</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</pre><pre>Explorer.exe</pre><pre>A2CMD.</pre><pre>ASHWEBSV.</pre><pre>AVGCC.AVGCHSVX.</pre><pre>DRWEB</pre><pre>DWEBLLIO</pre><pre>DWEBIO</pre><pre>FSGUIEXE.</pre><pre>MCVSSHLD.</pre><pre>NPFMSG.</pre><pre>SYMSPORT.</pre><pre>WEBSCANX.</pre><pre>.adata</pre><pre>M_%d_</pre><pre>%c%d_%d</pre><pre>?456789:;<=</pre><pre>!"#$%&'()* ,-./0123</pre><pre>GetProcessHeap</pre><pre>GetWindowsDirectoryA</pre><pre>RegEnumKeyExA</pre><pre>RegDeleteKeyA</pre><pre>RegOpenKeyExA</pre><pre>RegCreateKeyA</pre><pre>RegCloseKey</pre><pre>SHFileOperationA</pre><pre>&3&3&3&389</pre><pre>.rdata</pre><pre>.data</pre><pre>Bkrnl.exe?</pre><pre>= =$=(=,=</pre><pre>322%2`.50728)</pre><pre>.klkjw:9fqwi</pre><pre>FamXf39.sys</pre><pre>.pBTa8</pre><pre>%s:*:</pre><pre>Bg.laXV</pre><pre>&?%x=</pre><pre>GUrlA'</pre><pre>Web%w|nc</pre><pre>HTTP)</pre><pre>2GUARDCMD.</pre><pre>.ENHCDM</pre><pre>PL/KPCKwWEB</pre><pre>MM.PFW.</pre><pre>.bssf</pre><pre>J:CRT</pre><pre>ADVAPI32.dll</pre><pre>MSVCRT.dll</pre><pre>SHELL32.dll</pre><pre>WS2_32.dll</pre></div><div class="blog_tab" id="tab3"><p><strong class="font_20"><span style="font-size:medium;">Remove it with Ad-Aware</span></strong></p><ol><li>Click (<a href="http://lavasoft.com/thankyou.php?internal=true&inter=encyclopedia"><span style="color: #0000ff;">here</span></a>) to download and install Ad-Aware Free Antivirus.</li><li>Update the definition files.</li><li>Run a full scan of your computer.</li></ol><p><strong class="font_20"><span style="font-size:medium;">Manual removal*</span></strong></p><ol><li>Terminate malicious process(es) (<a href="http://www.lavasoft.com/mylavasoft/malware-removal-support/blog/how-to-end-a-process-with-the-task-manager"><span style="color: #0000ff;">How to End a Process With the Task Manager</span></a>):<p style="padding-left: 30px; font-size: x-small; color: #ff0000;">CltMngSvc.exe:2068<br>CltMngSvc.exe:224<br>nsm4.exe:148<br>%original file name%.exe:1276<br>cltmng.exe:2516<br>nsq9.exe:1404<br></p></li><li>Delete the original Virus file.<br></li><li>Delete or disinfect the following files created/modified by the Virus:<p style="padding-left: 30px; font-size: x-small; color: #ff0000;">%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\nse6.tmp\inetc.dll (24 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\lib\json2.js (784 bytes)<br>%Program Files%\SearchProtect\Dialogs\spsd\settings.js (11 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\winaownli.exe (741 bytes)<br>%Program Files%\SearchProtect\ffprotect\nsprotector.js (1 bytes)<br>%Program Files%\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (1 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\0014EDF8_Rar\%original file name%.exe (15799 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\nsl3.tmp\System.dll (11 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (1 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\nsq9.exe (3616 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spsd\main.html (2 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\cltmng.exe (89498 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spsd\settings.js (11 bytes)<br>%Program Files%\SearchProtect\bin\SPHook32.dll (5520 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\SPHook32.dll (5520 bytes)<br>%Program Files%\SearchProtect\Dialogs\spsd\main.html (2 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\msvcp100.dll (14184 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\nsz7.tmp (741694 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spsd\settings.js (11 bytes)<br>%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (432 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (3312 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\popupTransparent.xul (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\SPRunner.exe (11048 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\FirefoxModule.dll (34773 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (2 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\dialogsApi.js (2 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spsd\images\separation-line.png (938 bytes)<br>%Program Files%\SearchProtect\Dialogs\spsd\SearchProtector.css (3 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\nsv2.tmp (175875 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (1 bytes)<br>%Program Files%\SearchProtect\bin\uninstall.exe (6584 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (2 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\abstraction.js (52 bytes)<br>%Program Files%\SearchProtect\bin\SPRunner.exe (11048 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\nsz8.tmp (1856 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spsd\main.html (2 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\msvcr100.dll (25824 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spsd\images\ok-button.png (1 bytes)<br>%System%\msvcr100.dll (10882 bytes)<br>%Program Files%\SearchProtect\bin\cltmng.exe (89498 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\lib\jquery.min.js (3312 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\InternetExplorerModule.dll (33877 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\ChromeModule.dll (28288 bytes)<br>%WinDir%\system.ini (72 bytes)<br>%Program Files%\SearchProtect\Dialogs\dialogsApi.js (1 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\nsm4.exe (3616 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\nsl3.tmp\ConduitMsTimestamp.dll (3616 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\dialogsApi.js (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (3 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spbd\images\information.png (2 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\CltMngSvc.exe (3312 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spbd\bubble.js (6 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\lib\json2.js (784 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\nsprotector.js (1 bytes)<br>%Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)<br>%Program Files%\SearchProtect\Dialogs\spbd\images\information.png (2 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (1 bytes)<br>%Program Files%\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (1 bytes)<br>%Program Files%\SearchProtect\Dialogs\spsd\images\separation-line.png (938 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spbd\main.html (986 bytes)<br>%Program Files%\SearchProtect\Dialogs\spbd\main.html (986 bytes)<br>%Program Files%\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spbd\bubble.css (1 bytes)<br>%System%\msvcp100.dll (4642 bytes)<br>%Program Files%\SearchProtect\Dialogs\spbd\bubble.css (1 bytes)<br>%Program Files%\SearchProtect\bin\ChromeModule.dll (28288 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (6 bytes)<br>%Program Files%\SearchProtect\bin\FirefoxModule.dll (34773 bytes)<br>%Program Files%\SearchProtect\ffprotect\abstraction.js (52 bytes)<br>%Program Files%\SearchProtect\bin\msvcr100.dll (25824 bytes)<br>%Program Files%\SearchProtect\bin\InternetExplorerModule.dll (33877 bytes)<br>%Program Files%\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (938 bytes)<br>%Program Files%\SearchProtect\Dialogs\spsd\images\warning.png (2 bytes)<br>%Program Files%\SearchProtect\Dialogs\spbd\bubble.js (6 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spsd\images\warning.png (2 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\application.js (3312 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spsd\SearchProtector.css (3 bytes)<br>%Program Files%\SearchProtect\bin\CltMngSvc.exe (3312 bytes)<br>%Program Files%\SearchProtect\ffprotect\application.js (601 bytes)<br>%Program Files%\SearchProtect\bin\msvcp100.dll (14184 bytes)<br>%Program Files%\SearchProtect\Dialogs\lib\jquery.min.js (3312 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (1 bytes)<br>%Documents and Settings%\%current user%\Application Data\SearchProtect\Dialogs\spbd\main.html (986 bytes)<br>%Program Files%\SearchProtect\Dialogs\lib\json2.js (784 bytes)<br>%Program Files%\SearchProtect\Dialogs\spsd\images\ok-button.png (1 bytes)<br>%Documents and Settings%\%current user%\Local Settings\Temp\nshB.tmp\inetc.dll (24 bytes)</p></li><li>Delete the following value(s) in the autorun key (<a href="http://www.lavasoft.com/mylavasoft/malware-removal-support/blog/how-to-work-with-the-system-registry"><span style="color: #0000ff;">How to Work with System Registry</span></a>):<p style="padding-left: 30px; font-size: x-small; color: #ff0000;">[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]<br>"SearchProtectAll" = "%Program Files%\SearchProtect\bin\cltmng.exe"<br><br>[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]<br>"SearchProtect" = "%Documents and Settings%\%current user%\Application Data\SearchProtect\bin\cltmng.exe"</p></li><li>Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.<br></li><li>Reboot the computer.<br></li></ol>*Manual removal may cause unexpected system behaviour and should be performed at your own risk.</div></di?></pre></6></pre></0></pre></6></pre></2></pre></4></pre></5>