Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 6585c1ccff5df84f586b306fb4b22a9a
SHA1: 91522fa95641921b5a625a7a9ec710b94958cd80
SHA256: 9383aa838e5afb67190c9fba301efd213e1ae8b2e296f1d0813b23eea10ba4a4
SSDeep: 24576:j3ovLKFTpghXWJgYsb3Rt35CJ31mYgdto/VOACdhrJrlBziTDyELEZ951lcTRtaV:OG4ReNgWyr7Be/yEU1lX0TZagKDv
Size: 2037624 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: SafeInstall, LLC
Created at: 2014-07-18 22:18:07
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
%original file name%.exe:1592
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1592 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\custom-check.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\rockettab.vi.zip (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\smartdriverupdater.vi.zip (928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\screen.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\uninstallhelper.vi.zip (507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\secureweb.vi.zip (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\pcspeedup.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\pcspeedup.vi.zip (820 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoosuite.vi.zip (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\bg-installprogress.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\title-bar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\process.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\blasteroids.vi.zip (833 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\websearches.vi.zip (731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\muvic.vi.zip (786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\responsemanager.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\screenmanager.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_hpds_startpage.test.vi.zip (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\knctr.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_keepmysettingsx.vi.zip (412 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\searchdonkey.vi.zip (861 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\btn.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\maxthon.vi.zip (754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\registryhelper.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\arcadeparlor.vi.zip (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\close.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\knockout-2.2.1.js (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SCC[1].dll (25212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\json2.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\radio.png (870 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\linkey.vi.zip (1 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\speedupmypc_sales_r2_v2.vi.zip (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\darkux_3step_r2_v4.vi.zip (11960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\yahoo-widget.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\fulldiskfighter.vi.zip (968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\6585c1ccff5df84f586b306fb4b22a9a.log (3557835 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\speedupmypc_sales_r2_v2.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\point-loadingbar.png (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\driverfighter.vi.zip (939 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_hpds_defaultsearch.vi.zip (434 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\registryhelper.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\ping.response.json (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\winferno.vi.zip (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\defaulttab.vi.zip (866 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.dll (14951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\yahoo.js (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\jquery.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\loadingbar.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\wecareaspca.vi.zip (973 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_hpds_defaultsearch.test.vi.zip (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\btn-win.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\checkbox.png (650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\testsuitemanager.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\seaapp.vi.zip (885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\truedownloader.vi.zip (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\vd1-yahoo-toolbar.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dealgest.vi.zip (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\common.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\step-contents.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\smartpccleaner.vi.zip (930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\uifactory.js (381 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\offerbox.vi.zip (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\clickmanager.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\freeflvconverting.vi.zip (999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\btn-win-cancel.png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\convertfilesforfree.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\wecaresavethechildren.vi.zip (955 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\smartweb.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ENG.SCC.config[1].txt (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\fulldiskfighter.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\nortonsecurityscan.vi.zip (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\severeweatheralerts.vi.zip (816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\offerparser.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\smartpccleaner.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\lodash.custom.min.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\7zip_bimo.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\step-contents-stepped.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\contentexplorer.vi.zip (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\screenfactory.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\knctr.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\container-separator.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\omigaplus.vi.zip (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\genieo.vi.zip (904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\noyahoo.js (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\slowpcfighter.vi.zip (926 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\pcoptimizerpro.vi.zip (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\nortonantivirus.vi.zip (892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\jquery-1.10.2.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\7zip_bimo\7-zip_new.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS2.zip (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\nortoninternetsecurity.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\installprogress.png (998 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\smartdriverupdater.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\darkux_3step_r2_v4.vi.json (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\darkux_3step_r2_v4.vi.html (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\minmax.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\filewhiz_tn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\view.darkux_3step_r2_v4.vi.json (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\css\style.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\driverfighter.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\converterfreeonline.vi.zip (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\kaspersky.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\7zip_bimo_7268.txt (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\blitzmediaplayeroffer.vi.zip (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\kaspersky.vi.zip (888 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\utils.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\bg-loadingbar.png (297 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\nortonsecurityscan.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\surfcanyon.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS.dll (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\wecarecleanwater.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\custom-form-elements.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.config (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\7zip_bimo.vi.zip (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\contentexplorer.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\jenkatgamesarcadeplus.vi.zip (856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\weatherbug.vi.zip (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\resultsbay.vi.zip (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\config.xml (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\driverscanner.vi.zip (811 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\mypcbackup.vi.zip (904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_hpds_startpage.vi.zip (422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\product-icon.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\script.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCCLog.txt (168898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\pcoptimizerpro.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCISDll.txt (38245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\smartweb.vi.zip (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\config.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\driversupport.vi.zip (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\bg_disc_wrap.gif (2 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302\index.dat (0 bytes)
Registry activity
The process %original file name%.exe:1592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014073020140731]
"CacheLimit" = "8192"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014073020140731]
"CacheOptions" = "11"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\InstallIQ]
"test" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014073020140731]
"CacheRepair" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1405711087"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 E5 F3 CE A8 86 FB 01 1F 77 31 60 1F 3A 31 4D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014073020140731]
"CachePrefix" = ":2014073020140731:"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014073020140731]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014073020140731\"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013030120130302]
[HKLM\SOFTWARE\InstallIQ]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130218]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021820130225]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
[HKLM\SOFTWARE\InstallIQ]
"test"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
Dropped PE files
| MD5 | File path |
|---|---|
| 38212789a0f996c9f49d2646446c02f3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SCC.dll |
| d0f25e1b717ee325780b5c5a014f9623 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SymCCIS.dll |
| 38212789a0f996c9f49d2646446c02f3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SCC[1].dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\custom-check.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\rockettab.vi.zip (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\smartdriverupdater.vi.zip (928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\screen.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\uninstallhelper.vi.zip (507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\secureweb.vi.zip (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\pcspeedup.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\pcspeedup.vi.zip (820 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoosuite.vi.zip (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\bg-installprogress.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\title-bar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\process.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\blasteroids.vi.zip (833 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\websearches.vi.zip (731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\muvic.vi.zip (786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\responsemanager.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\screenmanager.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_hpds_startpage.test.vi.zip (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\knctr.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_keepmysettingsx.vi.zip (412 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\searchdonkey.vi.zip (861 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\btn.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\maxthon.vi.zip (754 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\registryhelper.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\arcadeparlor.vi.zip (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\close.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\knockout-2.2.1.js (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SCC[1].dll (25212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\json2.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\radio.png (870 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\linkey.vi.zip (1 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\speedupmypc_sales_r2_v2.vi.zip (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\darkux_3step_r2_v4.vi.zip (11960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\yahoo-widget.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\fulldiskfighter.vi.zip (968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\6585c1ccff5df84f586b306fb4b22a9a.log (3557835 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\speedupmypc_sales_r2_v2.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\point-loadingbar.png (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\driverfighter.vi.zip (939 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_hpds_defaultsearch.vi.zip (434 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\registryhelper.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\ping.response.json (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\winferno.vi.zip (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\defaulttab.vi.zip (866 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.dll (14951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\yahoo.js (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\jquery.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\loadingbar.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\wecareaspca.vi.zip (973 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_hpds_defaultsearch.test.vi.zip (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\btn-win.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\checkbox.png (650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\testsuitemanager.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\seaapp.vi.zip (885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\truedownloader.vi.zip (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\vd1-yahoo-toolbar.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dealgest.vi.zip (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\common.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\step-contents.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\smartpccleaner.vi.zip (930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\uifactory.js (381 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\offerbox.vi.zip (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\clickmanager.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\freeflvconverting.vi.zip (999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\btn-win-cancel.png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\convertfilesforfree.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\wecaresavethechildren.vi.zip (955 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\smartweb.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ENG.SCC.config[1].txt (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\fulldiskfighter.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\nortonsecurityscan.vi.zip (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\severeweatheralerts.vi.zip (816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\offerparser.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\smartpccleaner.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\lodash.custom.min.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\7zip_bimo.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\step-contents-stepped.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\contentexplorer.vi.zip (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\screenfactory.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\knctr.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\container-separator.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\omigaplus.vi.zip (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\genieo.vi.zip (904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\noyahoo.js (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\slowpcfighter.vi.zip (926 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\pcoptimizerpro.vi.zip (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\nortonantivirus.vi.zip (892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\jquery-1.10.2.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\7zip_bimo\7-zip_new.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS2.zip (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\nortoninternetsecurity.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\installprogress.png (998 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\smartdriverupdater.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\darkux_3step_r2_v4.vi.json (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\darkux_3step_r2_v4.vi.html (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\minmax.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\filewhiz_tn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\view.darkux_3step_r2_v4.vi.json (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\css\style.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\driverfighter.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\converterfreeonline.vi.zip (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\kaspersky.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\7zip_bimo_7268.txt (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\blitzmediaplayeroffer.vi.zip (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\kaspersky.vi.zip (888 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\utils.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\bg-loadingbar.png (297 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\nortonsecurityscan.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\surfcanyon.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS.dll (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\wecarecleanwater.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\custom-form-elements.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.config (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\7zip_bimo.vi.zip (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\contentexplorer.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\jenkatgamesarcadeplus.vi.zip (856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\weatherbug.vi.zip (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\resultsbay.vi.zip (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\config.xml (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\driverscanner.vi.zip (811 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\mypcbackup.vi.zip (904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\yahoo_hpds_startpage.vi.zip (422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\product-icon.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\script.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCCLog.txt (168898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\pcoptimizerpro.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCISDll.txt (38245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\smartweb.vi.zip (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\js\config.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\driversupport.vi.zip (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_12212020\dialogs\library\images\bg_disc_wrap.gif (2 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: SafeInstall, LLC
Product Name: SafeInstaller
Product Version: 1.0.53.0
Legal Copyright: Copyright (C) 2014
Legal Trademarks:
Original Filename: safeinstall.exe
Internal Name: SafeInstaller
File Version: 1.0.53.0
File Description: Safe Installer
Comments:
Language: Language Neutral
Company Name: SafeInstall, LLCProduct Name: SafeInstallerProduct Version: 1.0.53.0Legal Copyright: Copyright (C) 2014Legal Trademarks: Original Filename: safeinstall.exeInternal Name: SafeInstallerFile Version: 1.0.53.0File Description: Safe InstallerComments: Language: Language Neutral
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 502377 | 502784 | 4.4973 | b338c4f06bb25d131acfc1ed0d3b910a |
| .text-qu | 507904 | 3859 | 4096 | 4.15753 | 6861d682397fa6f89f9ccebebe3e2a97 |
| .text-co | 512000 | 85184 | 85504 | 4.48632 | 30c647ed0f8c74d3d2fa45ea6c2bc26e |
| .text-co | 598016 | 74520 | 74752 | 4.4797 | 9b6992674956ed805eb62620ea7d5933 |
| .text-co | 675840 | 47594 | 47616 | 4.49095 | 560063ecfb14aaf517a8392846689e94 |
| .text-co | 724992 | 14255 | 14336 | 4.48791 | b8dc82be38e07a88bb69c3376466ce5d |
| .text-co | 741376 | 28523 | 28672 | 4.61182 | 36e7d2e0a395c1eb492165b684ff21f9 |
| .text-co | 770048 | 10274 | 10752 | 4.35717 | 9d15b25b36a0aec64f6f87914cf03244 |
| .text-co | 782336 | 263610 | 263680 | 4.59556 | d8fa4b3f2944d095cbff74eff463d0a0 |
| .text-ti | 1048576 | 43367 | 43520 | 4.59023 | ff372763c3868124b49a3e7baf95ce37 |
| .text-co | 1093632 | 16090 | 16384 | 4.36508 | f33a4ed5dfd811c5653ac4e6b63e18e8 |
| .text-co | 1110016 | 59 | 512 | 0.606205 | 8757421a283c68152d0bf59cca95f8fa |
| .text-co | 1114112 | 12734 | 12800 | 4.42054 | 4ab817563c627d908a314e5a9fb542c9 |
| .rdata | 1130496 | 267066 | 267264 | 3.89299 | 83511534e1e3862c29a646f3716b4687 |
| .data | 1400832 | 27140 | 17408 | 3.34082 | c4d744e255e65effe0c170eaed5ab9e6 |
| .data-qu | 1429504 | 41 | 512 | 0 | bf619eac0cdf3f68d496ea9344137e8b |
| .data-co | 1433600 | 188 | 512 | 0 | bf619eac0cdf3f68d496ea9344137e8b |
| .data-co | 1437696 | 56 | 512 | 0.042395 | 8b0a1130def49ef72eb23a88fe9ecc8e |
| .data-co | 1441792 | 40 | 512 | 0 | bf619eac0cdf3f68d496ea9344137e8b |
| .data-co | 1445888 | 44 | 512 | 0.014135 | 2d5fe836dd5a60fa37b7c590cfc70410 |
| .data-co | 1449984 | 41 | 512 | 0 | bf619eac0cdf3f68d496ea9344137e8b |
| .data-co | 1454080 | 40 | 512 | 0 | bf619eac0cdf3f68d496ea9344137e8b |
| .data-co | 1458176 | 2932 | 3072 | 1.36231 | e950f32e666ef7f6b7e5840a619df91b |
| .data-ti | 1462272 | 1176 | 1536 | 1.01245 | 97008ba8201369f830a0d0e1ec267fa0 |
| .data-co | 1466368 | 40 | 512 | 0 | bf619eac0cdf3f68d496ea9344137e8b |
| .data-co | 1470464 | 4 | 512 | 0.014135 | d340f23a7d18057bb02252a3cb40b877 |
| .data-co | 1474560 | 40 | 512 | 0 | bf619eac0cdf3f68d496ea9344137e8b |
| .rsrc | 1478656 | 627360 | 627712 | 5.31153 | 6993533993159f9696607975e6a49e9c |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://1-vinstaller.com/api/productsession | 66.77.96.160 |
| hxxp://a568.d.akamai.net/upgrade/NSS/SymCCIS/Production/SCC.dll | |
| hxxp://a568.d.akamai.net/upgrade/NSS/SymCCIS/Production/SCC/w3i/ENG.SCC.config.txt | |
| hxxp://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC.dll | 72.247.8.67 |
| hxxp://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/ENG.SCC.config.txt | 72.247.8.67 |
| stats.norton.com | 63.245.201.111 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /upgrade/NSS/SymCCIS/Production/SCC.dll HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: liveupdate.symantecliveupdate.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
ETag: "38212789a0f996c9f49d2646446c02f3:1402650668"
Last-Modified: Fri, 13 Jun 2014 09:09:28 GMT
Accept-Ranges: bytes
Content-Length: 167264
Content-Type: application/octet-stream
Cache-Control: max-age=305
Expires: Wed, 30 Jul 2014 06:37:06 GMT
Date: Wed, 30 Jul 2014 06:32:01 GMT
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r.................................E...............................Q...................................Rich............PE..L......S...........!.........>.......z....................................................@.........................Ew......tx..{....p..=............t..`........... ................................................................................text....`.......T......PEC2TO...... ....rsrc.... ...p.......X.............. ....reloc...............r..............@.....................................................................................................................................................................................................................................................................................................................................................................................................................................*..U..9k3e..O.U...-.[O?wV|.........Uk .B..u3g5.I...jUi..c#.d.N.k.....jxf....f.....M..k./K.>.'S(..8.......Wz.j.....Q.Q.z p...F.....Z...A.n..&...Id.......>o...5.1...&?.....cA.!.}L...>..u......D...c.~3.:.M%.d.......BU.....o4[.$..|..n..$.vL<..~...Jd...uV.}....Q."..e..........Q...z..O.P..;...R.qlm.z.......4.'..O.._.C..[..C...].._..`r.;[.c.9@2..,6..m1...x.f=....d...9HR..?...A..?.f........>GUa..Q=^#\....<.e..e@r.)..y.Q.J...{..<`*....~f.Q......p..V....P.BP...y..=...?.....>O.f.?.
<<
<<< skipped >>>
GET /upgrade/NSS/SymCCIS/Production/SCC/w3i/ENG.SCC.config.txt HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: liveupdate.symantecliveupdate.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
ETag: "b8dbac3cc2be258b539c305a828416aa:1395133614"
Last-Modified: Tue, 18 Mar 2014 09:06:50 GMT
Accept-Ranges: bytes
Content-Length: 3216
Content-Type: text/plain
Cache-Control: max-age=1178
Expires: Wed, 30 Jul 2014 06:51:40 GMT
Date: Wed, 30 Jul 2014 06:32:02 GMT
Connection: keep-alive
...<..iy..}...e_.k.2..#r...-..\\^../..SG>Jc.G2...S... .d".!..:.\..A...='.... .......^....0...>.y..G...X...(.v..u.._...z.....#.[....yIie.......G.^1h...-.....7i........L(,.t......<.3....9.&.......q.....]O.6..A..h...^.:q.....X4a;T.....2.[.h. ..................`S...u......\.y.-...b...YVPT.CqXK....c....\,....R.N.[..2.[.h. ..SV.3..-......#.!u......A.S...^......o..p"d#../q...-.......0a.3.g. ..A...........{xE...%.ws=....d'Y....C...$..k.7...4.]|....Z..L..R.O._S?.g........n..G.v...d....!........\r.T...V.{.]h2.Z.]I...S.}.B..}..._%.n.t.6XK..rK.v.K...3Na..-...?......~_.....9..|............!fr.qON".H .......[.k..&..1l.>a2......3.C.#.A.y.....zx......4.."......u...%.....t.Nsb.&r..NS..]/.c^.j(z0M..pSn.:..t.....&~...E.|ab.L..(}..8..S._3...r....H.Y....0f...X<..U.o....b.g..U...av.....P#W..,.4..x..._..Y..D.......s...K.....8.....?.H.P.L..b.H..J.R..y...........R......'@.l.. k.. .z..m..8.9h.....3#...hkO.AiD....W>1...3...J.....eVqE.H.......v....._.........f..-0....@:....&.`.M.{...O.Ew.O..c..P.....(c...a;T......M~.1*.........hL..l.A....F}<)K.#.T.n.#..h{...U.&.`.M.{.di<:hTh.(............y..!.[.-RJ\...._...Tp.PD"#.".E.....gu,.3..o(X...ZL.....eX.(...y\....t..py1...EE...R....DOQ.H. .y......S.f...x]v.R...?..8|...........f..-0..Z...u.n.........`..;.5.(...S...EE...R..l..*.].F.....$.u%.".IT.F.....$...(c...]O.6..A....@.L...g.V.4...._..w.....(i...g. ..A..jyE. ..B..cH..{j,g........(......!....,..........N..W.Q.M...<'..U...~.$}.Z..]/...:U..@p(U...~.$}@.......%..h_...O]3...y..I.!.R....a......l..D.9:...K. .r.s.xa...H.
<<
<<< skipped >>>
POST /api/productsession HTTP/1.1
Content-Type: application/json; charset=utf-8
Accept: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: 1-vinstaller.com
Content-Length: 260
Cache-Control: no-cache
{"CampaignName":"","ShortName":"7zip_bimo","ProductSubId":-1,"AccountId":14380,"VersionId":-1,"InstallerVersion":"1.0.53.0","OSId":5,"TemplateId":319,"LangId":1033,"ParentOfferIds":[],"Browsers":[{"Key":"IE","Value":6}],"DefaultBrowser":{"Key":"IE","Value":6}}
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="PSA OUR DEM"
X-Robots-Tag: noindex, nofollow
Date: Wed, 30 Jul 2014 06:31:59 GMT
Content-Length: 12258
{"Response":{"configuration":{"month":7,"week":31,"year":2014,"targetbrowser":{"Key":"IE","Value":"6"},"pingurl":"hXXp://1-vinstaller.com/api/productsession","postbackurl":"hXXp://1-vinstaller.com/api/trackofferinstalldetails","errorurl":"hXXp://1-vinstaller.com/api/installerror","host":"hXXp://dl2.v47installer.com/lm/","compliant":false,"randomoffersort":false},"productsession":{"productid":2957,"productsubid":-1,"productsessionid":"92798542-4d76-4782-84a1-16fffc36fb38","shortname":"7zip_bimo","deviceclienttype":7,"guiclienttype":7,"versionid":-1,"session":{"accountid":14380,"vendorid":6944,"campaignid":8281851,"campaignname":"Default","countryid":124,"country":"CA"}},"accountconfiguration":{"accountid":14380,"accountverticalid":18,"showwelcomescreen":true,"showdownloadmanager":true,"showfirstofferinwelcomescreen":true,"allowicondrop":true,"active":true},"offers":[{"accountid":14380,"offerid":20228,"parentofferid":5780,"position":1,"active":true,"offerversion":0.0,"configuration":{"configid":"passshow.v.all","type":"exe","displayname":"PassShow","downloadurl":"hXXp://jpeg.syncrvloader.com/apps/dist/1030-2031_PassShow.exe","commandline":"/mstp12","stopchrome":"1","stopfirefox":"1","stopie":"1"}},{"accountid":14380,"offerid":19875,"parentofferid":4424,"position":2,"active":true,"offerversion":0.0,"configuration":{"configid":"itibiti.all","type":"exe","displayname":"Itibiti","downloadurl":"hXXp://VVV.itibitiphone.com/download/Itibiti_Knctr_B.exe","commandline":"/verysilent /norestart","msiinstall":"1"}},{"account
<<
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1592:
.text
.text
`.text-qu
`.text-qu
`.text-co
`.text-co
`.text-coko
`.text-coko
`.text-co"(
`.text-co"(
`.text-tig
`.text-tig
`.text-co;
`.text-co;
`.rdata
`.rdata
@.data
@.data
.data-qu)
.data-qu)
.data-co
.data-co
.data-co8
.data-co8
.data-co(
.data-co(
.data-co,
.data-co,
.data-co)
.data-co)
.data-cot
.data-cot
.data-ti
.data-ti
.rsrc
.rsrc
CSShZ
CSShZ
7SSh$
7SSh$
7SSh.
7SSh.
7SSh3
7SSh3
7SSh8
7SSh8
CSSh3
CSSh3
CSSh8
CSSh8
CSSh=
CSSh=
CSShk
CSShk
<-t><pre><*u%F</pre><pre>CSSh`</pre><pre><:%u4</pre><pre>t8Ht.HHt#</pre><pre>.FGy1</pre><pre>Af;FP}%S3</pre><pre>|$|.tD</pre><pre>#t.Ht</pre><pre> 2 34 567</pre><pre>u.SSV</pre><pre>1t.Ht</pre><pre>9sxv%UW</pre><pre>function not supported</pre><pre>operation canceled</pre><pre>address_family_not_supported</pre><pre>operation_in_progress</pre><pre>operation_not_supported</pre><pre>protocol_not_supported</pre><pre>operation_would_block</pre><pre>address family not supported</pre><pre>broken pipe</pre><pre>inappropriate io control operation</pre><pre>not supported</pre><pre>operation in progress</pre><pre>operation not permitted</pre><pre>operation not supported</pre><pre>operation would block</pre><pre>protocol not supported</pre><pre>operator</pre><pre>GetProcessWindowStation</pre><pre>Operation not permitted</pre><pre>Inappropriate I/O control operation</pre><pre>Broken pipe</pre><pre>0xX</pre><pre>Invalid CRT parameter</pre><pre>QuickStartApp.cpp</pre><pre>vi.engine.xml</pre><pre>chk_firefox</pre><pre>chk_chrome</pre><pre>%s[%d]</pre><pre>position=%d, active=%d</pre><pre>%d,%d,%d</pre><pre>** Debug mode: simulating stopping Firefox</pre><pre>** Debug mode: simulating stopping Chrome</pre><pre>%s must be closed before continuing. Press OK to close %s now. You may need to close %s manually.</pre><pre>Firefox</pre><pre>Google Chrome</pre><pre>%d err: %s</pre><pre>Chrome</pre><pre>firefox</pre><pre>chrome</pre><pre>opera</pre><pre>searchprotector.exe</pre><pre>view=%d,sel=%d,inst=%d,conf=%d,can=%d,err=%d,eid=%d,pos=%d,%s</pre><pre>.json</pre><pre>control.txt</pre><pre>00000000-0000-0000-0000-000000000000</pre><pre>QuickStartProcess.cpp</pre><pre>%programfiles%\Free Offers from Freeze.com</pre><pre>disabling offer because system doesn't have Firefox</pre><pre>disabling offer because system doesn't have Chrome</pre><pre>%s[%s]: view=%s accept=%s</pre><pre>%s,%s</pre><pre>WindowsErrorCode</pre><pre>targetbrowser/key</pre><pre>%s:v=%s,id=%s,rc=%d,f=%d,e=%d,i=%s,p=%s,pb=%s,ex=%s,tr=%s,px=%d</pre><pre>%s:v=%s,rc=%d,os=%s,%s,%s|ie=%s</pre><pre>%d,%d,%s,%s,%s,%s</pre><pre>%d,%d,%d,%d,%d</pre><pre>%d,%d,%s,%s,%s,%s,%s</pre><pre>%d,%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%d,%d,%s,%s,%d,%s</pre><pre>offers</pre><pre>%s,%s,%s,%s,%s,%s,%s,%s</pre><pre>%s,%d,%s,%s</pre><pre>Unable to open thankyou page; url is empty or invalid!</pre><pre>statsd.response.txt</pre><pre>Web.Installer.VDI.CommError</pre><pre>Web.Installer.VDI.InstallError</pre><pre>Web.Installer.VDI.OfferDownloadError</pre><pre>Web.Installer.VDI.OfferInstallError</pre><pre>Web.Installer.VDI.OfferInstallFailed</pre><pre>http://dl2.v47installer.com/lm/bundles/keepmysettingsx/keepmysettingsx.zip</pre><pre>http://sdspapi.com/api/values</pre><pre>http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140522,19669,0,FF29,7635</pre><pre>Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallX Search Protect for Yahoo</pre><pre>http://dl2.v47installer.com/lm/bundles/keepmysettingsx/spv1.zip</pre><pre>spv1.zip</pre><pre>.html</pre><pre>MainWnd.cpp</pre><pre>OfferThread.cpp</pre><pre>Setting offer checkbox value: key=</pre><pre>COfferExe::GetXpiFilename</pre><pre>c:\tfs.vs2012\admin\windows\main\installer.quickstart.application\installer.quickstart.lib\OfferExe.h</pre><pre>downloadurl</pre><pre>downloadurl.64bit</pre><pre>msie.downloadurl</pre><pre>msie.commandline</pre><pre>firefox.downloadurl</pre><pre>firefox.commandline</pre><pre>chrome.downloadurl</pre><pre>chrome.commandline</pre><pre>allbrowser.downloadurl</pre><pre>allbrowser.commandline</pre><pre>regkeyadd</pre><pre>ieregkey</pre><pre>firefox.pref</pre><pre>firefox.xpimethod</pre><pre>firefox.xpilocation</pre><pre>firefox.xpidelete</pre><pre>LUA account detected, and flag lua_runasdesktopuser detected, forcing executeAsDesktopUser</pre><pre>iconurl</pre><pre>configuration/downloadurl</pre><pre>configuration/downloadurl.64bit</pre><pre>configuration/msie.downloadurl</pre><pre>configuration/msie.commandline</pre><pre>configuration/firefox.downloadurl</pre><pre>configuration/firefox.commandline</pre><pre>configuration/chrome.downloadurl</pre><pre>configuration/chrome.commandline</pre><pre>configuration/allbrowser.downloadurl</pre><pre>configuration/allbrowser.commandline</pre><pre>configuration/regkeyadd</pre><pre>configuration/ieregkey</pre><pre>configuration/firefox.pref</pre><pre>configuration/firefox.xpimethod</pre><pre>configuration/firefox.xpilocation</pre><pre>configuration/firefox.xpidelete</pre><pre>configuration/iconurl</pre><pre>adding %s entry, ourVal='%s', theirVal='%s'</pre><pre>COfferExe::Download</pre><pre>Download url is empty!</pre><pre>_firefox is NULL!</pre><pre>COfferExe::OnInstall</pre><pre>Install is a dropfile; no exe to run...</pre><pre>Icon offer (in exe config) detected, running icon install</pre><pre>COfferExe::Run</pre><pre>COfferExe::HandleFirefoxOptions</pre><pre>firefoxoffer</pre><pre>HandleFirefoxOptions called with incorrect preferences set in config!</pre><pre>COfferExe::BuildCommandLine</pre><pre>msiexec.exe /i "%s" /qn ALLUSERS=2 REBOOT=ReallySuppress</pre><pre>msiexec.exe /i "%s" %s</pre><pre>Could not find firefox exe to install</pre><pre>Offer is installing XPI for Firefox 8 or higher, enabling GUI.</pre><pre>"%s" "%s"</pre><pre>"%s" %s</pre><pre>COfferExe::RunSearchProtectInstall</pre><pre>COfferExe::WaitForInstallProcess</pre><pre>OfferExe.cpp</pre><pre>COfferExe::WaitForProcessStarted</pre><pre>waiting for registry key:</pre><pre>COfferExe::WaitForRegistryValue</pre><pre>Registry key found.</pre><pre>Registry key found (64-bit).</pre><pre>COfferExe::WaitForFile</pre><pre>COfferExe::InstallXpi</pre><pre>Bad RegKeyAdd config; not correct format: (missing hive \ )</pre><pre>Bad RegKeyAdd config; not correct format: (missing , )</pre><pre>Bad RegKeyAdd config; not correct format: (missing = )</pre><pre>unable to set regkey from following RegKeyAdd:</pre><pre>RegKeyAdd:</pre><pre>unrecognized values in RegKeyAdd:</pre><pre>unable to set regkey from following IERegKey:</pre><pre>IERegKeyAdd:</pre><pre>unrecognized values in IERegKey:</pre><pre>COfferExe::FinishXpiInstall</pre><pre>COfferExe::CancelXpiInstall</pre><pre>COfferExe::RunIconInstall</pre><pre>%s_%s.url</pre><pre>configuration/url</pre><pre>configuration/msie.url</pre><pre>configuration/firefox.url</pre><pre>configuration/chrome.url</pre><pre>All urls are empty!</pre><pre>COfferStartPage::InstallFirefox</pre><pre>_firefox is NULL!</pre><pre>** Debug mode: simulated setting Firefox startpage:</pre><pre>Error writing Firefox pref for startpage!</pre><pre>Error setting Firefox new tab!</pre><pre>Set new tab in Firefox.</pre><pre>Firefox startpage set successful.</pre><pre>chromeoffer</pre><pre>COfferStartPage::InstallChrome</pre><pre>_chrome is NULL!</pre><pre>** Debug mode: simulated setting Chrome startpage:</pre><pre>Error setting Chrome startpage: browser is still running!</pre><pre>Error writing Chrome pref for startpage!</pre><pre>Can't set new tab Chrome, function is not implemented.</pre><pre>Chrome startpage set successful.</pre><pre>OfferStartPage.cpp</pre><pre>startpageurl</pre><pre>oldstartpageurl</pre><pre>http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}</pre><pre>http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=#REVENUE_TAG#</pre><pre>http://search.yahoo.com/favicon.ico</pre><pre>configuration/msie.searchname</pre><pre>configuration/firefox.searchname</pre><pre>configuration/firefox.suggesturl</pre><pre>configuration/firefox.selectedengine</pre><pre>configuration/firefox.keywordurl</pre><pre>configuration/chrome.selectedengine</pre><pre>configuration/chrome.keyword</pre><pre>configuration/chrome.faviconurl</pre><pre>configuration/chrome.suggesturl</pre><pre>Error setting IE search: url is empty!</pre><pre>Internet Explorer version 6 or older does not support default search!</pre><pre>COfferDefaultSearch::InstallFirefox</pre><pre>** Debug mode: simulated setting Firefox default search:</pre><pre>Failed to write Yahoo xml for Firefox!</pre><pre>Firefox default search set successful.</pre><pre>COfferDefaultSearch::InstallChrome</pre><pre>** Debug mode: simulated setting Chrome default search:</pre><pre>Failed to set search pref for chrome!</pre><pre>Chrome default search set successful.</pre><pre>OfferDefaultSearch.cpp</pre><pre>searchurl</pre><pre>oldsearchurl</pre><pre>http://vinstaller.com/api/trackofferinstalldetails</pre><pre>http://vinstaller.com/api/installerror</pre><pre>ping.response.json</pre><pre>postback.response.json</pre><pre>config.xml</pre><pre>pingurl</pre><pre>postbackurl</pre><pre>errorurl</pre><pre>statsdurl</pre><pre>uninstalloptionurl</pre><pre>PingUrl</pre><pre>PostbackUrl</pre><pre>Sending session request, url=</pre><pre>Ping url is empty!</pre><pre>Ping url is invalid!</pre><pre>http://dl5.v1installer.com/</pre><pre>PingResponse.cpp</pre><pre>targetbrowser/Key</pre><pre>PingThread.cpp</pre><pre>offer %s[%s]: isInstalled=%d canShow=%d</pre><pre>rule %s[%s]: isInstalled=%d</pre><pre>QuickStartDetectThread.cpp</pre><pre>ResourceThread.cpp</pre><pre>Sending postback request, url=</pre><pre>Postback url is empty!</pre><pre>Postback url is invalid!</pre><pre>Response/url</pre><pre>passed</pre><pre>CRequirementManager::RunExecute</pre><pre>CRequirementManager::ParseExecuteResult</pre><pre>invalid flag in execute result:</pre><pre>Software\Microsoft\Windows\CurrentVersion\RunOnce</pre><pre>Running requirement.OnInstall:</pre><pre>Running requirement.OnCancel:</pre><pre>requirement.OnCancel is empty, skipping.</pre><pre>Running requirement.OnExit:</pre><pre>requirement.OnExit is empty, skipping.</pre><pre>%programdata%\W3i\UninstallHelper\iqu.ini</pre><pre>2.0.1.0</pre><pre>%programdata%\W3i\UninstallHelper\import</pre><pre>quickstart.xml</pre><pre>quickstart%d.xml</pre><pre>Failed to save IQU data, too many import files in directory!</pre><pre>%programfiles%\W3i\UninstallHelper\UninstallHelper.exe</pre><pre>quickstart_si.xml</pre><pre>quickstart_si%d.xml</pre><pre>Failed to save SoftwareInfo data, too many import files in directory!</pre><pre>http://dl.installiq.com/API/IQU/SoftwareInfo.aspx</pre><pre>UH executable not found!</pre><pre>"%s" /silent /noswinfo</pre><pre>%s:%d</pre><pre>handling firefox cookies...</pre><pre>FF.GetCookiesError</pre><pre>FF.NoCookies</pre><pre>firefox: no cookies found</pre><pre>FF.SetCookieError</pre><pre>FF.SetCookies</pre><pre>firefox: set cookies</pre><pre>getting firefox cookies for</pre><pre>CCookieManager::GetFirefoxCookies</pre><pre>Error enumerating firefox cookies!</pre><pre>firefoxenum</pre><pre>http://</pre><pre>cookie.dat</pre><pre>Vista.NoResult</pre><pre>Vista.SavedLow</pre><pre>Vista.NoCookies</pre><pre>Vista.CopiedLow</pre><pre>%a, %d-%b-%Y %H:%M:%S GMT</pre><pre>cookieman.exe</pre><pre>Vista.ExtractError</pre><pre>Vista.CreateLowError</pre><pre>handling chrome cookies</pre><pre>Chrome.GetCookiesError</pre><pre>Chrome.NoCookies</pre><pre>Chrome: no cookies found</pre><pre>Chrome.SetCookieError</pre><pre>Chrome.SetCookies</pre><pre>Chrome: set cookies succeeded</pre><pre>getting Chrome cookies for</pre><pre>CCookieManager::GetChromeCookies</pre><pre>Error enumerating chrome cookies!</pre><pre>chromeenum</pre><pre>Safari.GetCookiesError</pre><pre>Safari.NoCookies</pre><pre>Safari.SetCookieError</pre><pre>Safari.SetCookies</pre><pre>ErrorLogger.cpp</pre><pre>explorer.exe</pre><pre>CDialogWindowJson::OnBeforeNavigate2, url=</pre><pre>DialogWindowJson.cpp</pre><pre>%s: view=%s accept=%s</pre><pre>chk_%s=</pre><pre>checkbox found; %s=%s</pre><pre>adding disclosure(%s): %s</pre><pre>installedbrowsers/firefox</pre><pre>installedbrowsers/chrome</pre><pre>installedbrowsers/opera</pre><pre>view.buildconfig.json</pre><pre>view.productconfig.json</pre><pre>ProgressDialog.cpp</pre><pre>Installing %d of %d</pre><pre>uninstalloption.exe</pre><pre>InstallIQFirefoxLock</pre><pre>postinstallexecute</pre><pre>postinstallexecuteintegrity</pre><pre>stopfirefox</pre><pre>stopchrome</pre><pre>configuration/postinstallexecute</pre><pre>configuration/postinstallexecuteintegrity</pre><pre>/msie.autoconfirm</pre><pre>/firefox.autoconfirm</pre><pre>/chrome.autoconfirm</pre><pre>msie.autoconfirm</pre><pre>firefox.autoconfirm</pre><pre>chrome.autoconfirm</pre><pre>COffer::WaitForFirefoxLock</pre><pre>Offer.cpp</pre><pre>_firefoxLock is already created!</pre><pre>Waiting for Firefox lock...</pre><pre>Firefox lock status:</pre><pre>Releasing Firefox lock</pre><pre>PostInstallExecute:</pre><pre>iexplore.exe</pre><pre>** Debug mode: simulating PostInstallExecute:</pre><pre>Cannot run post-install execute, file does not exist:</pre><pre>COffer::PostInstallExecute</pre><pre>PostInstallExecute command failed!</pre><pre>http:</pre><pre>Adding UH data: %s|%s,%s</pre><pre>Failed to extract uninstall option exe!</pre><pre>Error; uninstalloption.exe doesn't exist (after download and extract!)</pre><pre>Error copying uninstalloption.exe to program files!</pre><pre>error downloading uninstall option url!</pre><pre>http://airdownload.adobe.com/air/win/download/latest/AdobeAIRInstaller.exe</pre><pre>%programfiles%\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe</pre><pre>"%s" %s "%s"</pre><pre>AdobeAirInstaller.exe</pre><pre>Uninstall keys:</pre><pre>/uninstallkeys/uninstallkey</pre><pre>%s/uninstallkeys/uninstallkey[%d]/type/text()</pre><pre>%s/uninstallkeys/uninstallkey[%d]/value/text()</pre><pre>%firefoxprofiles%</pre><pre>Unknown uninstall key type encountered, skipping lookup</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>crterr:%d</pre><pre>Win32Err:%d</pre><pre>HRESULT:0x%X</pre><pre>@ line %d in function <%s>.</pre><pre>Unknown error: %d</pre><pre>wininet.dll</pre><pre>IDispatch error #%d</pre><pre>LoadLibrary failed in loading current exe:</pre><pre>CoreResource.cpp</pre><pre>CStringW.GetBuffer failed!</pre><pre>0xx</pre><pre>%s. {%s} @ line %d in function <%s> in module %s.</pre><pre>Win32Err:%d</pre><pre>HRESULT:0x%X</pre><pre>Error:%d</pre><pre>HttpStatus:%d</pre><pre>-- %s line %d --</pre><pre>[X]</pre><pre>L%d:d.d.d_d:d:d.d</pre><pre>ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%d</pre><pre>%s_%x%x%x%x%x</pre><pre>CoreFile.cpp</pre><pre>Exception %X in module %s at: 0x%p.</pre><pre>dbghelp.dll</pre><pre>0x%p %s</pre><pre>CoreProcess.cpp</pre><pre>ShellExecuteCommand:</pre><pre>Failed to execute command:</pre><pre>CCoreProcess::ShellExecuteCommand</pre><pre>CCoreProcess::CloseProcessWindowsByModuleName</pre><pre>CCoreProcess::ShellExecuteCommandAndWait</pre><pre>CCoreProcess::GetProcessExe32</pre><pre>CCoreProcess::GetProcessExe64</pre><pre>kernel32.dll</pre><pre>CoreXml.cpp</pre><pre>_ftprintf_s failed writing header to</pre><pre>]/Key/text()</pre><pre>CCoreXml::ParseRequiredKeyValue</pre><pre>CCoreXml::ParseRequiredKeyInt</pre><pre>CoreThread.cpp</pre><pre>https://</pre><pre>ftp://</pre><pre>CCoreSystem::GetWindowsVersionId</pre><pre>Missing windows version, check the code!!</pre><pre>CoreSystem.cpp</pre><pre>%s (Build %d)</pre><pre>CCoreSystem::CacheWindowsInfo</pre><pre>Unknown OS! Major: 0xX, Minor: 0xX</pre><pre>%windows%</pre><pre>%system%</pre><pre>Software\Microsoft\Windows\CurrentVersion</pre><pre>Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders</pre><pre>Þsktopdir%</pre><pre>Þsktop%</pre><pre>%userprofile%</pre><pre>%s0x%.2x%.2x%.2x%.2x%.2x%.2x-</pre><pre>SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727</pre><pre>SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322</pre><pre>SOFTWARE\Microsoft\.NETFramework\policy\v1.0</pre><pre>3321-3705</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\</pre><pre>Iphlpapi.dll</pre><pre>%windows%\Desktop</pre><pre>VBoxService.exe</pre><pre>vboxtray.exe</pre><pre>proc.vboxsvc</pre><pre>vmtoolsd.exe</pre><pre>proc.vboxtray</pre><pre>vmicsvc.exe</pre><pre>proc.vmtools</pre><pre>proc.hvsvc</pre><pre>reg.vboxguest</pre><pre>reg.vboxmouse</pre><pre>reg.vboxsvc</pre><pre>reg.vboxsf</pre><pre>reg.vboxvid</pre><pre>reg.vboxbios</pre><pre>%system%\vboxhook.dll</pre><pre>reg.vboxsguest</pre><pre>file.vboxhook</pre><pre>reg.vmvid</pre><pre>reg.vmpci</pre><pre>reg.vmdbg</pre><pre>reg.vmcrd</pre><pre>reg.vmmem</pre><pre>reg.vmmouse</pre><pre>reg.vmdsk</pre><pre>reg.vmtools</pre><pre>reg.vmsnap</pre><pre>reg.vmnet64</pre><pre>reg.hvgenctr</pre><pre>reg.hvvmbus</pre><pre>SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000</pre><pre>SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\0000</pre><pre>reg.hvvid</pre><pre>SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\0000</pre><pre>reg.hvscsi</pre><pre>reg.hvinput</pre><pre>reg.vboxdisk</pre><pre>reg.vmdisk</pre><pre>reg.hvdisk</pre><pre>sng.vmt1</pre><pre>sng.vmt3</pre><pre>sng.vmt2</pre><pre>gen.dbg</pre><pre>sng.vmt4</pre><pre>gen.diftime</pre><pre>CCoreRegKey::Create</pre><pre>Warning: HKEY_CLASSES_ROOT opened for writing! This can lead to unpredictable results.</pre><pre>CCoreRegKey::Open</pre><pre>RegCreateKeyEx failed on key=</pre><pre>RegOpenKeyEx failed on key=</pre><pre>Registry key is not open! (</pre><pre>CoreRegKey.cpp</pre><pre>CCoreRegKey::GetValueType</pre><pre>CCoreRegKey::GetValueSize</pre><pre>CCoreRegKey::GetValueString</pre><pre>CCoreRegKey::GetValue</pre><pre>CCoreRegKey::SetValue</pre><pre>CCoreRegKey::DeleteValue</pre><pre>RegDeleteKeyExA</pre><pre>CCoreRegKey::DeleteKey</pre><pre>RegDeleteKey failed on</pre><pre>RegDeleteKeyEx failed on</pre><pre>CCoreRegKey::EnumSubKeys</pre><pre>SHCopyKey failed for</pre><pre>CCoreRegKey::CopyTree</pre><pre>CCoreEntryPoint<long>::LoadProcAddress</long></pre><pre>CCoreEntryPoint<long>::CCoreEntryPoint</long></pre><pre>Advapi32.dll</pre><pre>UniqueId.cpp</pre><pre>subKey is NULL!</pre><pre>%u,%u,%u,%u</pre><pre>0.0.0.0</pre><pre>\/:*?"<>|</pre><pre>createurlfilefail</pre><pre>Failed to create URL file!</pre><pre>Encryption key not initialized!</pre><pre>CoreEvent.cpp</pre><pre>shell32.dll</pre><pre>CoreVista.cpp</pre><pre>Software\Microsoft\Windows\CurrentVersion\Policies\System</pre><pre>HKEY_CURRENT_CONFIG</pre><pre>HKEY_LOCAL_MACHINE</pre><pre>HKEY_USERS</pre><pre>HKEY_CLASSES_ROOT</pre><pre>HKEY_CURRENT_USER</pre><pre>%Y-%m-%dT%H:%M:%S</pre><pre>CommandLine.cpp</pre><pre>%s.%s</pre><pre>iexplore,ie.http</pre><pre>Failed to get IE version key!</pre><pre>Loading IE cookies for url:[</pre><pre>wrote %d cookies</pre><pre>CoreInternetExplorer.cpp</pre><pre>-noframemerging "%s"</pre><pre>ie.http\shell\open\command</pre><pre>Unable to find iexplore.exe, using shell execute (with possible warnings)</pre><pre>Default search regkey not found (may be a brand new install)</pre><pre>EnumSubKeys failed!</pre><pre>ieframe.dll</pre><pre>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</pre><pre>url is empty!</pre><pre>Replacing existing provider url:</pre><pre>Error setting provider url!</pre><pre>CCoreInternetExplorer::FindFirstHistoryUrl</pre><pre>findfirsturlfailed</pre><pre>FindFirstUrlCacheEntry() failed!!</pre><pre>FindUrlCache handle is null!! Did you call FindFirstHistoryUrl first??</pre><pre>CCoreInternetExplorer::FindNextHistoryUrl</pre><pre>findnexturlfailed</pre><pre>FindNextUrlCacheEntry() failed!!</pre><pre>FindCloseUrlCache() failed!!</pre><pre>CCoreInternetExplorer::FindCloseHistoryUrl</pre><pre>findcloseurlfailed</pre><pre>msgText is required!</pre><pre>msgTitle is required!</pre><pre>browser.search.selectedEngine</pre><pre>browser.search.defaultenginename</pre><pre>browser.startup.homepage</pre><pre>keyword.URL</pre><pre>MozillaWindowClass</pre><pre>MozillaUIWindowClass</pre><pre>firefox.exe,firefox.url,firefoxportableurl,firefoxurl,firefox</pre><pre>Software\Mozilla\Mozilla Firefox</pre><pre>CCoreFirefox::GetVersion</pre><pre>firefoxver</pre><pre>Failed to get Firefox version key!</pre><pre>Profile%d</pre><pre>profiles.ini</pre><pre>%appdata%\Mozilla\Firefox</pre><pre>Loading Firefox3 cookies for url:[</pre><pre>Firefox versions prior to 3 are not supported by LoadProfileCookies!</pre><pre>cookies.sqlite</pre><pre>%s=%s</pre><pre>Enumerating Firefox3 cookies for</pre><pre>cookies.txt</pre><pre>Found partial cookie in Firefox profile:</pre><pre>Enumerating Firefox cookies for</pre><pre>-requestPending -osint -new-window "%s"</pre><pre>firefox.exe</pre><pre>%programfiles%\Mozilla Firefox</pre><pre>PathToExe</pre><pre>CCoreFirefox::GetPrefString</pre><pre>prefs.js</pre><pre>CoreFirefox.cpp</pre><pre>user_pref("%s", %s%s%s);</pre><pre>CCoreFirefox::SetPrefString</pre><pre>CCoreFirefox::SetDefaultSearch</pre><pre>suggestionUrl is empty!</pre><pre>searchUrl is empty!</pre><pre>Setting Firefox default search engine:</pre><pre>Can't set search engine while Firefox is running!</pre><pre>SearchUrl=</pre><pre>SuggestionUrl=</pre><pre>Failed to write Yahoo search prefs for Firefox!</pre><pre>http://www.mozilla.org/2006/browser/search/</pre><pre>browser.search.order.2</pre><pre>browser.search.order.1</pre><pre>downloads.sqlite</pre><pre>Failed to open downloads.sqlite database!</pre><pre>places.sqlite</pre><pre>select source from moz_downloads where source like '%%%s%%' order by id desc</pre><pre>Failed to open places.sqlite database!</pre><pre>select url from moz_places where url like '%%%s%%' order by id desc</pre><pre>CCoreFirefox::SetStartpage</pre><pre>browser.startup.page</pre><pre>cannot set startpage; firefox is currently running!</pre><pre>CCoreFirefox::SetNewTab</pre><pre>Cannot set newtab because firefox is running!</pre><pre>browser.newtab.url</pre><pre>firefox pref: keyword.URL=</pre><pre>firefox pref: browser.search.param.yahoo-fr=</pre><pre>browser.search.param.yahoo-fr</pre><pre>CCoreChrome::SetCookie</pre><pre>c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreChrome.h</pre><pre>Chrome_WindowImpl_0</pre><pre>Chrome_RenderWidgetHostHWND</pre><pre>Chrome_WidgetWin_0</pre><pre>chrome.exe,chrome.hwd,chromehtml,chromiumhtml,chrome,chromium</pre><pre>Chrome_WidgetWin_1</pre><pre>CCoreChrome; Cookie file does not exist</pre><pre>%local_appdata%\Google\Chrome\User Data\Default\Cookies</pre><pre>select name, value, host_key, path, expires_utc from cookies where</pre><pre>Loading Google Chrome cookies for url:[</pre><pre>Enumerating Google Chrome cookies for</pre><pre>host_key like '%</pre><pre>Chrome cookie file does not exist</pre><pre>CCoreChrome::EnumCookiesLegacy</pre><pre>select host_key, name, value, path, expires_utc from cookies where host_key like '%</pre><pre>CCoreChrome::EnumCookiesV33</pre><pre>Enumerating Google Chrome cookies (v33) for</pre><pre>Failed to decrypt chrome cookie:</pre><pre>select host_key, name, value, path, expires_utc, encrypted_value from cookies where host_key like '%</pre><pre>chrome.dll</pre><pre>Chrome cookie:</pre><pre>Unable to find chrome.exe, using shell execute (with possible warnings)</pre><pre>--new-window "%s"</pre><pre>ChromeHTML\shell\open\command</pre><pre>chrome.exe</pre><pre>%programfiles%\Google\Chrome\Application</pre><pre>%local_appdata%\Google\Chrome\Application</pre><pre>CCoreChrome::GetStartpage</pre><pre>CCoreChrome::GetStartupPages</pre><pre>session/startup_urls</pre><pre>session/urls_to_restore_on_startup</pre><pre>CoreChrome.cpp</pre><pre>CCoreChrome::IsMultiStartPageEnabled</pre><pre>CCoreChrome::SetStartpage</pre><pre>CCoreChrome::SetStartPageOld</pre><pre>CCoreChrome::SetStartPageNew</pre><pre>%local_appdata%\Google\Chrome\User Data\Default\Web Data</pre><pre>SELECT value FROM meta WHERE key='Default Search Provider ID'</pre><pre>SELECT id, short_name, url FROM keywords where id = %s</pre><pre>default_search_provider_data/template_url_data</pre><pre>CCoreChrome::GetDSUrlFromPrefTemplate</pre><pre>default_search_provider_data/template_url_data/short_name</pre><pre>default_search_provider_data/template_url_data/url</pre><pre>CCoreChrome::SetDefaultSearch</pre><pre>default_search_provider_data/template_url_data/id</pre><pre>CCoreChrome: keyword param cannot be blank</pre><pre>CCoreChrome: Name param cannot be blank</pre><pre>http://www.yahoo.com/favicon.ico</pre><pre>CCoreChrome: url param cannot be blank</pre><pre>failed to set Database keyword search!!</pre><pre>Found existing default search in Chrome: id=</pre><pre>Successfully set Default Search provider in chrome</pre><pre>Chrome v25 or higher detected, skipping keyword_backup and keyword hashing..</pre><pre>Failed to set keyword hash!!</pre><pre>failed to set database keyword search backup table!</pre><pre>CCoreChrome::SetDatabaseKeywordSearch</pre><pre>keywords</pre><pre>UPDATE meta SET value='%s' WHERE key='Default Search Provider ID'</pre><pre>sql string is empty</pre><pre>CCoreChrome::SetDatabaseKeywordSearchBackup</pre><pre>Successfully added default search data to keyword and meta tables</pre><pre>UPDATE meta SET value='%s' WHERE key='Default Search Provider ID Backup'</pre><pre>keywords_backup</pre><pre>CCoreChrome::SetPrefDefaultSearchTemplate</pre><pre>Successfully added default search data to keyword_backup and meta tables</pre><pre>chrome preferences failed to load!</pre><pre>default_search_provider_data/template_url_data/</pre><pre>keyword</pre><pre>favicon_url</pre><pre>suggestions_url</pre><pre>CCoreChrome::FindSearchEntryID</pre><pre>url = '</pre><pre>keyword like '%</pre><pre>url like '%</pre><pre>SELECT id FROM keywords WHERE</pre><pre>Please, don't change this Chrome setting</pre><pre>Setting existing default search in Chrome:</pre><pre>CCoreChrome::SetExistingDefaultSearchUrl</pre><pre>Error opening Chrome Web Data!</pre><pre>Looking up default search url:</pre><pre>unable to set the database keyword hash!</pre><pre>Sqlite is not open!</pre><pre>CCoreChrome::LookupDefaultSearchUrl</pre><pre>SELECT id FROM keywords WHERE short_name='%s'</pre><pre>SELECT id FROM keywords WHERE url='%s'</pre><pre>LookupDefaultSearchUrl: id not found in row</pre><pre>LookupDefaultSearchUrl: url not found in table</pre><pre>CCoreChrome::GetPreference</pre><pre>%local_appdata%\Google\Chrome\User Data\Default\Preferences</pre><pre>CCoreChrome::LoadChromePreferences</pre><pre>UPDATE %s set short_name='%s', keyword='%s', url='%s', favicon_url='%s'</pre><pre>, suggest_url='%s'</pre><pre>, show_in_default_list=%s, safe_for_autoreplace=%s, input_encodings='%s'</pre><pre>INSERT INTO %s (</pre><pre>WHERE id=%s</pre><pre>short_name, keyword, favicon_url, url,</pre><pre>input_encodings, show_in_default_list, suggest_url, prepopulate_id,</pre><pre>safe_for_autoreplace, originating_url, date_created, usage_count,</pre><pre>created_by_policy, instant_url, last_modified, sync_guid) VALUES (</pre><pre>%s, '%s', %s, %s,</pre><pre>'%s', '%s', '%s', '%s',</pre><pre>%s, '%s', %s, '%s')</pre><pre>'%s', %s, '%s', %s,</pre><pre>SELECT id || short_name || keyword || favicon_url || url || safe_for_autoreplace || originating_url || date_created || usage_count || input_encodings || show_in_default_list || suggest_url || prepopulate_id || created_by_policy || instant_url || last_modified || sync_guid FROM keywords_backup ORDER BY id ASC</pre><pre>CCoreChrome::GetHashData</pre><pre>INSERT OR REPLACE INTO meta (key,value) VALUES (?,?)</pre><pre>CCoreChrome::InsertHashSignature</pre><pre>%local_appdata%\Google\Chrome\User Data\Default\History</pre><pre>select url from downloads_url_chains where url like '%%%s%%' order by id desc</pre><pre>CoreFirefoxXPIInstaller.cpp</pre><pre>CCoreFirefoxXpiInstaller::Install</pre><pre>CCoreFirefoxXpiInstaller::GetXpiInfo</pre><pre>install.rdf</pre><pre>xml.LoadBuffer failed on</pre><pre>Firefox.exe not found!</pre><pre>Installing Firefox add-ons via package...</pre><pre>installiq.xpi</pre><pre>Create install.rdf failed!</pre><pre>CCoreFirefoxXpiInstaller::InstallAsPackage</pre><pre>Running Firefox to install add-ons:</pre><pre>Error running Firefox!</pre><pre><?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><pre>xmlns:NC="http://home.netscape.com/NC-rdf#"</pre><pre>xmlns:em="http://www.mozilla.org/2004/em-rdf#"></pre><pre><Description about="urn:mozilla:install-manifest"></Description></pre><pre><em:id>multi@installiq.com</em:id></pre><pre><em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id></pre><pre><em:maxVersion>*.*.*</em:maxVersion></pre><pre>Error creating install.rdf!</pre><pre>CCoreFirefoxXpiInstaller::CreateInstallRDF</pre><pre>Installed Firefox extension:</pre><pre>CCoreFirefoxXpiInstaller::SetResult</pre><pre>Can't get Firefox default profiles folder!</pre><pre>CCoreFirefoxXpiInstaller::GetExtensionsFolder</pre><pre>c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreSearchProtectorApp.h</pre><pre>keepmysettingsx.exe</pre><pre>https://installer.freeze.com/LogError.aspx</pre><pre>Restoring V1 toolbar uninstall key...</pre><pre>Error replacing toolbar uninstall key!</pre><pre>Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion</pre><pre>Software\Microsoft\Windows\CurrentVersion\Uninstall\KeepMySettingsX</pre><pre>Renaming V1 uninstall key...</pre><pre>Error opeing uninstall registry key in HKLM\</pre><pre>Error copying V1 registry key!</pre><pre>CoreSearchProtectorApp.cpp</pre><pre>Error removing V1 registry key from HKLM\</pre><pre>CCoreSearchProtectorApp.ShutDown: window not found</pre><pre>Software\Microsoft\Windows\CurrentVersion\Run</pre><pre>Error removing registry key from HKLM\</pre><pre>apiurl</pre><pre>dsotherurl</pre><pre>spotherurl</pre><pre>searchkeyword</pre><pre>http://bing.com</pre><pre>%s/provider[%d]</pre><pre>https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-us:IE-Address&ie=&oe=</pre><pre>http://google.com</pre><pre>firefoxstartpage</pre><pre>firefoxsearch</pre><pre>chromestartpage</pre><pre>chromesearch</pre><pre>config.dat</pre><pre>Yahoo uninstall key not found</pre><pre>Error replacing Yahoo Toolbar uninstall key!</pre><pre>UninstallKey</pre><pre>Software\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>UninstallKey=</pre><pre>ChromeStartPage</pre><pre>ChromePriorSearchUrl</pre><pre>FirefoxPriorSearchUrl</pre><pre>ChromePriorStartPage</pre><pre>FirefoxPriorStartPage</pre><pre>CoreBrowserOptionUninstaller.cpp</pre><pre>c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreSafari.h</pre><pre>safari.exe,safariurl,safari</pre><pre>%appdata%\Apple Computer\Safari\Cookies\Cookies.binarycookies</pre><pre>Loading Safari cookies for url:[</pre><pre>CoreSafari.cpp</pre><pre>%appdata%\Apple Computer\Safari\Cookies\Cookies.plist</pre><pre>Failed to get Safari version key!</pre><pre>safari.exe</pre><pre>-url "%s"</pre><pre>Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice</pre><pre>http\shell\open\command</pre><pre>Can't find shell associations or shell command reg keys!</pre><pre>CoreBrowser.cpp</pre><pre>SQLite format 3</pre><pre>REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY</pre><pre>CREATE TABLE sqlite_master(</pre><pre>sql text</pre><pre>0123456789ABCDEF3.7.5</pre><pre>CREATE TEMP TABLE sqlite_temp_master(</pre><pre>zip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll</pre><pre>unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll</pre><pre>1.2.7</pre><pre>deflate 1.2.7 Copyright 1995-2012 Jean-loup Gailly and Mark Adler</pre><pre>inflate 1.2.7 Copyright 1995-2012 Mark Adler</pre><pre>Detect.cpp</pre><pre>Dll %s failed, resultcode = %x</pre><pre>SymCCIS.dll</pre><pre>SymCCIS2.zip</pre><pre>RunDLL productlist="%s" resultcodes="%s"</pre><pre>/execute/text()</pre><pre>Missing ExecuteResult in requirement config!</pre><pre>/executeresult/text()</pre><pre>%programfiles%\iTunes\iTunes.exe</pre><pre>SOFTWARE\Microsoft\Windows Live\Messenger</pre><pre>ydetect.ytb</pre><pre>msnmsgr.exe</pre><pre>ydetect.yhp</pre><pre>ydetect.yas</pre><pre>Rules.cpp</pre><pre>RegKeyExists</pre><pre>regkey</pre><pre>chromeprefs</pre><pre>firefoxprefs</pre><pre>CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32</pre><pre>%firefoxprofiles%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf</pre><pre>CDetectionYahooToolbar::IsInstalledFirefox</pre><pre>KeyExists</pre><pre>SourceKey</pre><pre>hkey_local_machine</pre><pre>hkey_current_user</pre><pre>hkey_current_config</pre><pre>hkey_classes_root</pre><pre>multireg: key found:</pre><pre>multireg%d</pre><pre>multireg: unable to parse key:</pre><pre>1.1.0.6</pre><pre>//flag[%d]/text()</pre><pre>Cannot evaluate .NET Version, .NET may not be installed!</pre><pre>DetectionFile.cpp</pre><pre>wajam_validate.zip</pre><pre>wajamexemissing</pre><pre>extracted wajam exe file not found!</pre><pre>Timed out waiting for wajam_validate.exe!</pre><pre>Unable to get returncode from wajam_validate.exe!</pre><pre>wajam_validate.exe detection process result = %d</pre><pre>yahoo.com</pre><pre>live.com</pre><pre>google.com</pre><pre>ask.com</pre><pre>msn.com</pre><pre>aol.com</pre><pre>DetectionFirefoxPrefs.cpp</pre><pre>CDetectionFirefoxPrefs::OnEvaluate</pre><pre>CDetectionChromePrefs::OnEvaluate</pre><pre>DetectionChromePrefs.cpp</pre><pre>)] disabled because of minimum windows version.</pre><pre>minwindowsversion</pre><pre>DetectionRule.cpp</pre><pre>Disabled; Firefox is not installed</pre><pre>Disabled; rule target is not Firefox</pre><pre>Disabled; Chrome is not installed</pre><pre>Disabled; rule target is not Chrome</pre><pre>asktbdet.zip</pre><pre>Ask detection process result = %d</pre><pre>CoreWininet.cpp</pre><pre>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)</pre><pre>wininet: connecting to %s:%d</pre><pre>CCoreWininet::HTTPSendRequest</pre><pre>HTTPSendRequest:</pre><pre>httpopenrequest</pre><pre>wininet: HttpOpenRequest failed!</pre><pre>httpreqerr</pre><pre>wininet: Request handle is NULL after HttpSendRequest!</pre><pre>unable to set wininet http decoding</pre><pre>wininet: HttpAddRequestHeaders (post flag) failed!</pre><pre>Content-Type: application/x-www-form-urlencoded</pre><pre>Range: bytes=%u-</pre><pre>httpaddheaders</pre><pre>wininet: HttpAddRequestHeaders (range specification) failed!</pre><pre>Range: bytes=%u-%u</pre><pre>httpaddheader</pre><pre>httpsendreq</pre><pre>wininet: HttpSendRequest failed! (verb=</pre><pre>httptimeout</pre><pre>wininet: HttpQueryInfo failed!</pre><pre>wininet: HttpSendRequest failed!</pre><pre>httpqueryinfo</pre><pre>httpproxy</pre><pre>wininet: Server responded with error: %d, %s. %s %s</pre><pre>wininet: HttpSendRequest: status OK received</pre><pre>httpstatus</pre><pre>wininet: HttpQueryInfo for content range failed!</pre><pre>wininet: HttpQueryInfo for file size failed!</pre><pre>wininet: Operation cancelled by caller.</pre><pre>Software\Microsoft\Windows\CurrentVersion\Internet Settings</pre><pre>HTTP Status %d: %s</pre><pre>API url is invalid!</pre><pre>apiUrl is null!</pre><pre>%m/%d/%Y</pre><pre>Url is null!</pre><pre>%s, %s, l=0xx</pre><pre>[0x%X]</pre><pre>d:%s</pre><pre>01234567</pre><pre>%s(%s);</pre><pre>CoreJSON2.cpp</pre><pre>Node path not valid; node "%s" in path "%s" is not type Node!</pre><pre>PackageZlib.cpp</pre><pre>Error: %d bytes of %d read from file %s.</pre><pre>unzOpenCurrentFilePassword failed!</pre><pre>Error: %d bytes of %d were written to file %s.</pre><pre>unzOpenCurrentFilePassword failed! err=</pre><pre>Package.cpp</pre><pre>autorun.txt</pre><pre>CCoreSqlite::OpenDatabase</pre><pre>CCoreSqlite::CloseDatabase</pre><pre>CCoreSqlite::ExecuteStatement</pre><pre>dbexecerror</pre><pre>sqlite3_exec failed, returned error:</pre><pre>CoreSqlite.cpp</pre><pre>CCoreSqlite::StandardExecuteCallback</pre><pre>CCoreSqlite::PrepareCompiledStmt</pre><pre>Cannot prepare statement, sql is empty!</pre><pre>Failed to prepare compiled statement, sqlite returned error: %d</pre><pre>sqlempty</pre><pre>sqliteerror</pre><pre>CCoreSqlite::BindTextToCompiledStmt</pre><pre>bind text failed, errorcode=%d</pre><pre>CCoreSqlite::ExecuteCompiledStmt</pre><pre>sqlite3_step failed, errorcode=%d</pre><pre>CCoreSqlite::CheckStmtRowValid</pre><pre>sqlitestepfailed</pre><pre>Cannot get row results: statement has not executed!!</pre><pre>sqlite3_finalize failed, errorcode=%d</pre><pre>CCoreSqlite::CloseCompiledStmt</pre><pre>SQLITE_</pre><pre>d-d-d d:d:d</pre><pre>d-d-d</pre><pre>d:d:d</pre><pre>failed memory resize %u to %u bytes</pre><pre>failed to allocate %u bytes of memory</pre><pre>API call with %s database connection pointer</pre><pre>922337203685477580</pre><pre>RowKey</pre><pre>%s-shm</pre><pre>OsError 0x%x (%u)</pre><pre>%s\etilqs_</pre><pre>Recovered %d frames from WAL file %s</pre><pre>invalid page number %d</pre><pre>Failed to read ptrmap key=%d</pre><pre>2nd reference to page %d</pre><pre>%d of %d pages missing from overflow list starting at %d</pre><pre>Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)</pre><pre>freelist leaf count too big on page %d</pre><pre>failed to get page %d</pre><pre>unable to get the page. error code=%d</pre><pre>Page %d:</pre><pre>On tree page %d cell %d:</pre><pre>btreeInitPage() returns error code %d</pre><pre>On page %d at right child:</pre><pre>Corruption detected in cell %d on page %d</pre><pre>Fragmentation of %d bytes reported as %d on page %d</pre><pre>Multiple uses for byte %d of page %d</pre><pre>Pointer map page %d is referenced</pre><pre>Page %d is never used</pre><pre>Outstanding page count goes from %d to %d during this analysis</pre><pre>unknown database %s</pre><pre>keyinfo(%d</pre><pre>%s(%d)</pre><pre>%s-mjX</pre><pre>foreign key constraint failed</pre><pre>bind on a busy prepared statement: [%s]</pre><pre>unable to use function %s in the requested context</pre><pre>zeroblob(%d)</pre><pre>abort at %d in [%s]: %s</pre><pre>cannot open savepoint - SQL statements in progress</pre><pre>constraint failed at %d in [%s]</pre><pre>no such savepoint: %s</pre><pre>cannot %s savepoint - SQL statements in progress</pre><pre>cannot commit transaction - SQL statements in progress</pre><pre>cannot rollback transaction - SQL statements in progress</pre><pre>sqlite_master</pre><pre>sqlite_temp_master</pre><pre>SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid</pre><pre>database table is locked: %s</pre><pre>cannot change %s wal mode from within a transaction</pre><pre>statement aborts at %d: [%s] %s</pre><pre>cannot open value of type %s</pre><pre>cannot open virtual table: %s</pre><pre>no such column: "%s"</pre><pre>cannot open view: %s</pre><pre>indexed</pre><pre>foreign key</pre><pre>cannot open %s column for writing</pre><pre>misuse of aliased aggregate %s</pre><pre>%s: %s.%s</pre><pre>%s: %s.%s.%s</pre><pre>not authorized to use function: %s</pre><pre>%s: %s</pre><pre>%r %s BY term out of range - should be between 1 and %d</pre><pre>too many terms in %s BY clause</pre><pre>Expression tree is too large (maximum depth %d)</pre><pre>too many SQL variables</pre><pre>variable number must be between ?1 and ?%d</pre><pre>too many columns in %s</pre><pre>EXECUTE %s%s SUBQUERY %d</pre><pre>misuse of aggregate: %s()</pre><pre>%.*s"%w"%s</pre><pre>sqlite_rename_table</pre><pre>%s%.*s"%w"</pre><pre>sqlite_rename_parent</pre><pre>sqlite_rename_trigger</pre><pre>%s OR name=%Q</pre><pre>type='trigger' AND (%s)</pre><pre>sqlite_</pre><pre>there is already another table or index with this name: %s</pre><pre>view %s may not be altered</pre><pre>table %s may not be altered</pre><pre>UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');</pre><pre>UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;</pre><pre>UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q</pre><pre>sqlite_sequence</pre><pre>Cannot add a PRIMARY KEY column</pre><pre>UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;</pre><pre>UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q</pre><pre>sqlite_altertab_%s</pre><pre>sqlite_stat1</pre><pre>DELETE FROM %Q.%s WHERE tbl=%Q</pre><pre>CREATE TABLE %Q.%s(%s)</pre><pre>SELECT tbl, idx, stat FROM %Q.sqlite_stat1</pre><pre>too many attached databases - max %d</pre><pre>invalid name: "%s"</pre><pre>database %s is already in use</pre><pre>no such database: %s</pre><pre>unable to open database: %s</pre><pre>cannot detach database %s</pre><pre>sqlite_detach</pre><pre>database %s is locked</pre><pre>%s %T cannot reference objects in database %s</pre><pre>sqlite_attach</pre><pre>access to %s.%s.%s is prohibited</pre><pre>access to %s.%s is prohibited</pre><pre>object name reserved for internal use: %s</pre><pre>there is already an index named %s</pre><pre>duplicate column name: %s</pre><pre>too many columns on %s</pre><pre>table "%s" has more than one primary key</pre><pre>default value of column [%s] is not constant</pre><pre>AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY</pre><pre>no such collation sequence: %s</pre><pre>CREATE %s %.*s</pre><pre>CREATE TABLE %Q.sqlite_sequence(name,seq)</pre><pre>UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d</pre><pre>UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d</pre><pre>view %s is circularly defined</pre><pre>use DROP TABLE to delete table %s</pre><pre>table %s may not be dropped</pre><pre>DELETE FROM %s.sqlite_sequence WHERE name=%Q</pre><pre>use DROP VIEW to delete view %s</pre><pre>DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q</pre><pre>DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'</pre><pre>number of columns in foreign key does not match the number of columns in the referenced table</pre><pre>foreign key on %s should reference only one column of table %T</pre><pre>indexed columns are not unique</pre><pre>unknown column "%s" in foreign key definition</pre><pre>views may not be indexed</pre><pre>table %s may not be indexed</pre><pre>there is already a table named %s</pre><pre>virtual tables may not be indexed</pre><pre>sqlite_autoindex_%s_%d</pre><pre>index %s already exists</pre><pre>table %s has no column named %s</pre><pre>CREATE%s INDEX %.*s</pre><pre>INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);</pre><pre>index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped</pre><pre>no such index: %S</pre><pre>DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q</pre><pre>DELETE FROM %Q.%s WHERE name=%Q AND type='index'</pre><pre>a JOIN clause is required before %s</pre><pre>table %s may not be modified</pre><pre>unable to identify the object to be reindexed</pre><pre>cannot modify %s because it is a view</pre><pre>sqlite_version</pre><pre>sqlite_compileoption_used</pre><pre>sqlite_source_id</pre><pre>sqlite_compileoption_get</pre><pre>foreign key mismatch</pre><pre>%d values for %d columns</pre><pre>table %S has %d columns but %d values were supplied</pre><pre>table %S has no column named %s</pre><pre>PRIMARY KEY must be unique</pre><pre>%s.%s may not be NULL</pre><pre>unable to open shared library [%s]</pre><pre>sqlite3_extension_init</pre><pre>error during initialization: %s</pre><pre>no entry point [%s] in shared library [%s]</pre><pre>automatic extension loading failed: %s</pre><pre>foreign_keys</pre><pre>foreign_key_list</pre><pre>*** in database %s ***</pre><pre>unsupported encoding: %s</pre><pre>%s - %s</pre><pre>malformed database schema (%s)</pre><pre>unsupported file format</pre><pre>database schema is locked: %s</pre><pre>SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid</pre><pre>RIGHT and FULL OUTER JOINs are not currently supported</pre><pre>unknown or unsupported join type: %T %T%s%T</pre><pre>cannot have both ON and USING clauses in the same join</pre><pre>a NATURAL join may not have an ON or USING clause</pre><pre>cannot join using column %s - column not present in both tables</pre><pre>USE TEMP B-TREE FOR %s</pre><pre>COMPOUND SUBQUERIES %d AND %d %s(%s)</pre><pre>LIMIT clause should come after %s not before</pre><pre>ORDER BY clause should come after %s not before</pre><pre>no such index: %s</pre><pre>SELECTs to the left and right of %s do not have the same number of result columns</pre><pre>no such table: %s</pre><pre>sqlite_subquery_%p_</pre><pre>sqlite3_get_table() called with two or more incompatible queries</pre><pre>cannot create %s trigger on view: %S</pre><pre>INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')</pre><pre>cannot create INSTEAD OF trigger on table: %S</pre><pre>no such trigger: %S</pre><pre>no such column: %s</pre><pre>-- TRIGGER %s</pre><pre>cannot VACUUM - SQL statements in progress</pre><pre>PRAGMA vacuum_db.synchronous=OFF</pre><pre>SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'</pre><pre>SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0</pre><pre>SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0</pre><pre>SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'</pre><pre>SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';</pre><pre>SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'</pre><pre>INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)</pre><pre>UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d</pre><pre>vtable constructor did not declare schema: %s</pre><pre>vtable constructor failed: %s</pre><pre>no such module: %s</pre><pre>table %s: xBestIndex returned an invalid plan</pre><pre>%s SUBQUERY %d</pre><pre>%s AS %s</pre><pre>%s TABLE %s</pre><pre>%s USING INTEGER PRIMARY KEY</pre><pre>%s USING %s%sINDEX%s%s%s</pre><pre>%s (rowid>? AND rowid<?)</pre><pre>%s (rowid=?)</pre><pre>%s (rowid<?)</pre><pre>%s (rowid>?)</pre><pre>%s (~%lld rows)</pre><pre>%s VIRTUAL TABLE INDEX %d:%s</pre><pre>cannot use index: %s</pre><pre>at most %d tables in a join</pre><pre>the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers</pre><pre>the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers</pre><pre>unable to close due to unfinished backup operation</pre><pre>SQL logic error or missing database</pre><pre>unknown operation</pre><pre>large file support is disabled</pre><pre>unknown database: %s</pre><pre>no such vfs: %s</pre><pre>misuse at line %d of [%.10s]</pre><pre>database corruption at line %d of [%.10s]</pre><pre>cannot open file at line %d of [%.10s]</pre><pre>&#xX;</pre><pre></pre><pre>%s="%s"</pre><pre>%s='%s'</pre><pre>version="%s"</pre><pre><!--%s--></pre><pre><![CDATA[%s]]></pre><pre>standalone="%s"</pre><pre>encoding="%s"</pre><pre>CoreDialogCloseProcess.cpp</pre><pre>CoreHtmlDialog.cpp</pre><pre>onBeforeNavigate2 called, url=</pre><pre>CoreIEControl.cpp</pre><pre>uxtheme.dll</pre><pre>CCoreWinTask::AddExecAction</pre><pre>Error getting IExecAction!</pre><pre>c:\tfs.vs2012\admin\windows\main\core.cpplib\core.cpplib.browser\CoreOpera.h</pre><pre>EnumCookies is not implemented for Opera!</pre><pre>CCoreOpera::EnumCookies</pre><pre>CCoreOpera::SetCookie</pre><pre>SetCookie is not implemented for Opera!</pre><pre>CCoreOpera::LoadCookies</pre><pre>LoadCookies is not implemented for Opera!</pre><pre>opera.exe,opera.protocol,opera.url,opera,operanext,operastable</pre><pre>CCoreOpera::OpenUrl</pre><pre>OpenURL is not implemented for Opera!</pre><pre>Software\Opera Software</pre><pre>opera.exe</pre><pre>%programfiles%\Opera</pre><pre>launcher.exe</pre><pre>%programfiles%\Opera Next</pre><pre>CoreIEHost.cpp</pre><pre>m_WebBrowserEvents failed</pre><pre>IWebBrowser2 failed</pre><pre>_WebBrowserEvents failed</pre><pre>_webBrowser->Quit failed!</pre><pre>Not initialized or _webBrowser is NULL!</pre><pre>Sending Quit to web browser...</pre><pre>IWebBrowser failed!</pre><pre>CCoreIEHost::DeleteHistoryUrl</pre><pre>CCoreIEHost.OnDocumentComplete:</pre><pre>WebBrowser object is NULL!</pre><pre>Error: Collection didn't support IHTMLElementCollection!</pre><pre>*** set key code to 0 ****</pre><pre>c:\tfs.vs2012\admin\windows\main\Installer.QuickStart.Application\ReleaseNoMFC\quickstart.pdb</pre><pre>KERNEL32.dll</pre><pre>USER32.dll</pre><pre>OLEAUT32.dll</pre><pre>SHDeleteEmptyKeyA</pre><pre>SHLWAPI.dll</pre><pre>COMCTL32.dll</pre><pre>GetProcessHeap</pre><pre>GetCPInfo</pre><pre>ShellExecuteExA</pre><pre>SHELL32.dll</pre><pre>ole32.dll</pre><pre>PSAPI.DLL</pre><pre>VERSION.dll</pre><pre>USERENV.dll</pre><pre>InternetCrackUrlA</pre><pre>InternetCanonicalizeUrlA</pre><pre>InternetCombineUrlA</pre><pre>FindFirstUrlCacheEntryA</pre><pre>FindNextUrlCacheEntryA</pre><pre>FindCloseUrlCache</pre><pre>HttpOpenRequestA</pre><pre>HttpAddRequestHeadersA</pre><pre>HttpSendRequestA</pre><pre>HttpQueryInfoA</pre><pre>WININET.dll</pre><pre>UrlEscapeA</pre><pre>SHCopyKeyA</pre><pre>gdiplus.dll</pre><pre>IsValidURL</pre><pre>urlmon.dll</pre><pre>GetWindowsDirectoryA</pre><pre>EnumWindows</pre><pre>EnumChildWindows</pre><pre>GetKeyboardState</pre><pre>GDI32.dll</pre><pre>RegCloseKey</pre><pre>RegCreateKeyExA</pre><pre>RegOpenKeyExA</pre><pre>RegDeleteKeyA</pre><pre>RegQueryInfoKeyA</pre><pre>RegEnumKeyExA</pre><pre>ADVAPI32.dll</pre><pre>CRYPT32.dll</pre><pre>zcÁ</pre><pre>.?AV?$_Ref_count@VCOfferExe@@@std@@</pre><pre>.?AV?$_Ref_count_obj@VCOfferExe@@@std@@</pre><pre>.?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@</pre><pre>.?AVCOfferExe@@</pre><pre>.?AVCCoreStringUrl@@</pre><pre>.?AV?$CFlags@W4WebArgFlag@@@@</pre><pre>.?AV?$CCoreEntryPoint@P6GJPAUHKEY__@@PBDKK@Z@@</pre><pre>.?AVCCoreRegKey@@</pre><pre>.?AV?$CAtlArray@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@@ATL@@</pre><pre>.?AVCCoreFirefox@@</pre><pre>.?AV?$CFlags@W4CoreFirefoxCache@@@@</pre><pre>.?AV?$_Func_impl@U?$_Callable_obj@V?$_Bind@$00XU?$_Pmf_wrap@P8CCoreChrome@@AEXPAVCCoreSqlite@@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@ZXV1@PAV2@PAV34@U_Nil@std@@U56@U56@U56@U56@@std@@QAVCCoreChrome@@AAV?$_Ph@$00@2@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@U_Nil@2@U72@U72@U72@@std@@$0A@@std@@V?$allocator@V?$_Func_class@XPAVCCoreSqlite@@U_Nil@std@@U23@U23@U23@U23@U23@@std@@@2@XPAVCCoreSqlite@@U_Nil@2@U52@U52@U52@U52@U52@@std@@</pre><pre>.?AVCCoreChrome@@</pre><pre>.?AV?$CFlags@W4CoreChromeCache@@@@</pre><pre>.?AV?$_Func_base@XPAVCCoreSqlite@@U_Nil@std@@U23@U23@U23@U23@U23@@std@@</pre><pre>.?AV?$_Bind@$00XU?$_Pmf_wrap@P8CCoreChrome@@AEXPAVCCoreSqlite@@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@ZXV1@PAV2@PAV34@U_Nil@std@@U56@U56@U56@U56@@std@@QAVCCoreChrome@@AAV?$_Ph@$00@2@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@U_Nil@2@U72@U72@U72@@std@@</pre><pre>.?AVCCoreFirefoxXpiInstaller@@</pre><pre>.?AV?$_Ref_count_obj@VCCoreOpera@@@std@@</pre><pre>.?AV?$_Ref_count_obj@VCCoreChrome@@@std@@</pre><pre>.?AV?$_Ref_count_obj@VCCoreFirefox@@@std@@</pre><pre>.?AV?$_Ref_count_obj@VCDetectionChromePrefs@@@std@@</pre><pre>.?AV?$_Ref_count_obj@VCDetectionFirefoxPrefs@@@std@@</pre><pre>.?AVCDetectionFirefoxPrefs@@</pre><pre>.?AVCDetectionChromePrefs@@</pre><pre>.?AV?$CAtlArray@UWebArg@@V?$CElementTraits@UWebArg@@@ATL@@@ATL@@</pre><pre>.?AVCCoreWebArgs@@</pre><pre>.?AVCCoreSqlite@@</pre><pre>.?AV?$CAtlArray@PAV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V12@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V32@@ATL@@V?$CElementTraits@PAV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V12@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V32@@ATL@@@2@@ATL@@</pre><pre>.?AVCCoreSqliteResult@@</pre><pre>.?AVexecution_error@TinyXPath@@</pre><pre>.?AV?$CFlags@W4CoreOperaCache@@@@</pre><pre>.?AVCCoreOpera@@</pre><pre>.?AUDWebBrowserEvents2@@</pre><pre>.?AVCCoreWebBrowserEvents@@</pre><pre>c:\%original file name%.exe</pre><pre>@.reloc</pre><pre>Vista.BadArgs</pre><pre>\cookie.ini</pre><pre>\cookie.dat</pre><pre>Vista.BadArgs2</pre><pre>Domain%d</pre><pre>Name%d</pre><pre>\cookie%d.dat</pre><pre>\cookie%d.ini</pre><pre>Vista.NoAppLow</pre><pre>Vista.WideFail</pre><pre>Vista.GetCookieFail</pre><pre>Vista.AllocFail</pre><pre>Vista.CreateFileError</pre><pre>Vista.WriteFileError</pre><pre>Vista.SetCookie</pre><pre>SetCookie%d</pre><pre>Vista.SetCookieError</pre><pre>Error: %d. %s</pre><pre>c:\tfs.vs2012\admin\windows\main\Installer.QuickStart.Application\ReleaseNoMFC\Installer.CookieMan.pdb</pre><pre><requestedExecutionLevel level="asInvoker" uiAccess="false" /></pre><pre>3 3%3,323</pre><pre>T.qmu</pre><pre>Url 87</pre><pre>(.ALPO</pre><pre>.STBs</pre><pre>6.GQr</pre><pre>Hu.nbKzO</pre><pre>pI.sqO</pre><pre>Db.bE</pre><pre>B(P%S</pre><pre>u.oq$</pre><pre>]j.cA</pre><pre>==.vp</pre><pre> g.oLWJ</pre><pre>wajam_validate.exe</pre><pre>R2dmjg</pre><pre>Z.Md*J</pre><pre>s1.IE</pre><pre>darkux_3step_r2_v4.vi.zip</pre><pre>T.Kod</pre><pre>.bL{\</pre><pre>Z.ATO</pre><pre>`.LZ/</pre><pre>%S\t|</pre><pre> .Mw$</pre><pre>B.y%X</pre><pre>*t.hI<{</pre><pre>^.gXd</pre><pre>*^n.qm</pre><pre>.iB$%</pre><pre>.DhEFmJ</pre><pre>_s.UzTo</pre><pre>.OHFG</pre><pre><_J%C /><pre>7zip_bimo.vi.zip%k</pre><pre>maxthon.vi.zip</pre><pre>EIWEb76,</pre><pre>offerbox.vi.zip</pre><pre>pcoptimizerpro.vi.zipXQ#</pre><pre>QkKU6sql</pre><pre>n9 .PK</pre><pre>pcspeedup.vi.zip</pre><pre>registryhelper.vi.zip</pre><pre>driverscanner.vi.zip</pre><pre>fulldiskfighter.vi.zipfr$j`</pre><pre>smartpccleaner.vi.zip</pre><pre>speedupmypc_sales_r2_v2.vi.zipk6</pre><pre>weatherbug.vi.zipbC</pre><pre>nortonsecurityscan.vi.zip</pre><pre>wecaresavethechildren.vi.zip5</pre><pre>wecarecleanwater.vi.zip</pre><pre>wecareaspca.vi.zipC</pre><pre>winferno.vi.zip</pre><pre>uninstallhelper.vi.zipl</pre><pre>driverfighter.vi.zip</pre><pre>kaspersky.vi.zip/@/N</pre><pre>slowpcfighter.vi.zip</pre><pre>genieo.vi.zip</pre><pre>searchdonkey.vi.zip</pre><pre>nortoninternetsecurity.vi.zip</pre><pre>defaulttab.vi.zip</pre><pre>knctr.vi.zip: </pre><pre>yahoosuite.vi.zip </pre><pre>arcadeparlor.vi.zip</pre><pre>severeweatheralerts.vi.zip</pre><pre>seaapp.vi.zip</pre><pre>nortonantivirus.vi.zip</pre><pre>secureweb.vi.zip{</pre><pre>yahoo_hpds_defaultsearch.test.vi.zip</pre><pre>blasteroids.vi.zip%</pre><pre>blitzmediaplayeroffer.vi.zipXo</pre><pre>mypcbackup.vi.zip</pre><pre>convertfilesforfree.vi.zip</pre><pre>driversupport.vi.zip</pre><pre>contentexplorer.vi.zip!</pre><pre>muvic.vi.zipm</pre><pre>freeflvconverting.vi.zip</pre><pre>smartdriverupdater.vi.zip</pre><pre>rockettab.vi.zip0</pre><pre>surfcanyon.vi.zip</pre><pre>truedownloader.vi.zip`";</pre><pre>yahoo_hpds_startpage.test.vi.zip</pre><pre>converterfreeonline.vi.zip</pre><pre>resultsbay.vi.zip</pre><pre>.iCo7</pre><pre>linkey.vi.zip}</pre><pre>jenkatgamesarcadeplus.vi.zipr</pre><pre>omigaplus.vi.zip</pre><pre>smartweb.vi.zip</pre><pre>websearches.vi.zipUv></pre><pre>dealgest.vi.zip</pre><pre>yahoo_hpds_defaultsearch.vi.zipDs 0</pre><pre>yahoo_hpds_startpage.vi.zip</pre><pre>yahoo_keepmysettingsx.vi.zip9</pre><pre>7zip_bimo_7268.txt</pre><pre>config.xmlPK</pre><pre>darkux_3step_r2_v4.vi.zipPK</pre><pre>7zip_bimo.vi.zipPK</pre><pre>maxthon.vi.zipPK</pre><pre>offerbox.vi.zipPK</pre><pre>pcoptimizerpro.vi.zipPK</pre><pre>pcspeedup.vi.zipPK</pre><pre>registryhelper.vi.zipPK</pre><pre>driverscanner.vi.zipPK</pre><pre>fulldiskfighter.vi.zipPK</pre><pre>smartpccleaner.vi.zipPK</pre><pre>speedupmypc_sales_r2_v2.vi.zipPK</pre><pre>weatherbug.vi.zipPK</pre><pre>nortonsecurityscan.vi.zipPK</pre><pre>wecaresavethechildren.vi.zipPK</pre><pre>wecarecleanwater.vi.zipPK</pre><pre>wecareaspca.vi.zipPK</pre><pre>winferno.vi.zipPK</pre><pre>uninstallhelper.vi.zipPK</pre><pre>driverfighter.vi.zipPK</pre><pre>kaspersky.vi.zipPK</pre><pre>slowpcfighter.vi.zipPK</pre><pre>genieo.vi.zipPK</pre><pre>searchdonkey.vi.zipPK</pre><pre>nortoninternetsecurity.vi.zipPK</pre><pre>defaulttab.vi.zipPK</pre><pre>knctr.vi.zipPK</pre><pre>yahoosuite.vi.zipPK</pre><pre>arcadeparlor.vi.zipPK</pre><pre>severeweatheralerts.vi.zipPK</pre><pre>seaapp.vi.zipPK</pre><pre>nortonantivirus.vi.zipPK</pre><pre>secureweb.vi.zipPK</pre><pre>yahoo_hpds_defaultsearch.test.vi.zipPK</pre><pre>blasteroids.vi.zipPK</pre><pre>blitzmediaplayeroffer.vi.zipPK</pre><pre>mypcbackup.vi.zipPK</pre><pre>convertfilesforfree.vi.zipPK</pre><pre>driversupport.vi.zipPK</pre><pre>contentexplorer.vi.zipPK</pre><pre>muvic.vi.zipPK</pre><pre>freeflvconverting.vi.zipPK</pre><pre>smartdriverupdater.vi.zipPK</pre><pre>rockettab.vi.zipPK</pre><pre>surfcanyon.vi.zipPK</pre><pre>truedownloader.vi.zipPK</pre><pre>yahoo_hpds_startpage.test.vi.zipPK</pre><pre>converterfreeonline.vi.zipPK</pre><pre>resultsbay.vi.zipPK</pre><pre>linkey.vi.zipPK</pre><pre>jenkatgamesarcadeplus.vi.zipPK</pre><pre>omigaplus.vi.zipPK</pre><pre>smartweb.vi.zipPK</pre><pre>websearches.vi.zipPK</pre><pre>dealgest.vi.zipPK</pre><pre>yahoo_hpds_defaultsearch.vi.zipPK</pre><pre>yahoo_hpds_startpage.vi.zipPK</pre><pre>yahoo_keepmysettingsx.vi.zipPK</pre><pre>7zip_bimo_7268.txtPK</pre><pre><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS></application></compatibility></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING</pre><pre>Emscoree.dll</pre><pre>- CRT not initialized</pre><pre>- Attempt to initialize the CRT more than once.</pre><pre>- floating point support not loaded</pre><pre>USER32.DLL</pre><pre>combase.dll</pre><pre>777705555443332</pre><pre>5555443332</pre><pre>5555443332</pre><pre>mscoree.dll</pre><pre>Please email Customer Support at support@installiq.com if you need further assistance.</pre><pre>Installer.QuickStart</pre><pre>1.0.53.0</pre><pre>safeinstall.exe</pre><b>%original file name%.exe_1592_rwx_00EC0000_00002000:</b><pre>The procedure %s could not be located in the DLL %s.</pre><pre>The ordinal %d could not be located in the DLL %s.</pre><b>%original file name%.exe_1592_rwx_01390000_00002000:</b><pre>The procedure %s could not be located in the DLL %s.</pre><pre>The ordinal %d could not be located in the DLL %s.</pre><b>%original file name%.exe_1592_rwx_10001000_00082000:</b><pre>SSSSh</pre><pre>t%SWh</pre><pre>1.3.6.1.4.1.311.10.3.5</pre><pre>1.3.6.1.4.1.311.10.3.6</pre><pre>1.3.6.1.5.5.7.3.3</pre><pre>2.5.4.6</pre><pre>2.5.4.8</pre><pre>2.5.4.7</pre><pre>2.5.4.10</pre><pre>2.5.4.11</pre><pre>2.5.4.3</pre><pre>WINTRUST.dll</pre><pre>CRYPT32.dll</pre><pre>{X-X-X-XX-XXXXXX}</pre><pre>operator</pre><pre>GetProcessWindowStation</pre><pre>SCC_CheckCriteria_Web</pre><pre>RegOpenKeyTransactedW</pre><pre>RegCreateKeyTransactedW</pre><pre>RegDeleteKeyTransactedW</pre><pre>RegDeleteKeyExW</pre><pre>2.0.0.29</pre><pre>CryptCATCatalogInfoFromContext</pre><pre>CryptMsgClose</pre><pre>CertCloseStore</pre><pre>CertFreeCertificateContext</pre><pre>CertFindCertificateInStore</pre><pre>CryptMsgGetParam</pre><pre>CertGetEnhancedKeyUsage</pre><pre>CertNameToStrW</pre><pre>CertGetNameStringW</pre><pre>URLOpenStreamW</pre><pre>urlmon.dll</pre><pre>DeleteUrlCacheEntryW</pre><pre>HttpOpenRequestW</pre><pre>HttpAddRequestHeadersW</pre><pre>HttpSendRequestW</pre><pre>WININET.dll</pre><pre>KERNEL32.dll</pre><pre>USER32.dll</pre><pre>RegCloseKey</pre><pre>RegOpenKeyExW</pre><pre>RegDeleteKeyW</pre><pre>RegCreateKeyExW</pre><pre>ADVAPI32.dll</pre><pre>ShellExecuteExW</pre><pre>SHELL32.dll</pre><pre>ole32.dll</pre><pre>SHLWAPI.dll</pre><pre>USERENV.dll</pre><pre>GetProcessHeap</pre><pre>GetWindowsDirectoryW</pre><pre>GetCPInfo</pre><pre>MsgWaitForMultipleObjectsEx</pre><pre>RegEnumKeyExW</pre><pre>RegQueryInfoKeyW</pre><pre>OLEAUT32.dll</pre><pre>SHDeleteKeyW</pre><pre>SHDeleteEmptyKeyW</pre><pre>SYMCCIS.dll</pre><pre>zcÁ</pre><pre>O .BN </pre><pre>c:\%original file name%.exe</pre><pre>0xX</pre><pre>..\Source\ccVerifyTrustStatic.cpp</pre><pre>%SymEFA%</pre><pre>EFACli.dll</pre><pre>CLSID\%s\LocalServer32</pre><pre>CLSID\%s\InprocServer32</pre><pre>NTDLL.DLL</pre><pre>..\Source\ccVerifyTrustImpl.cpp</pre><pre>..\Source\FileCache.cpp</pre><pre>g..\Source\VerifyFile.cpp</pre><pre>..\Source\ccVerifyTrustPolicy.cpp</pre><pre>..\Source\CatalogIterator.cpp</pre><pre>..\Source\CatalogFileHash.cpp</pre><pre>WinTrust.dll</pre><pre>..\Source\CatalogContext.cpp</pre><pre>..\Source\ccSymModuleLifetimeMgrImpl.cpp</pre><pre>%s, %s, %s, %s(%ld)</pre><pre>..\Source\ccModule.cpp</pre><pre>..\Source\ccSystemInfo.cpp</pre><pre>..\Source\ccRegistry.cpp</pre><pre>..\Source\ccStringConvert.cpp</pre><pre>CSIDL_WINDOWS</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion</pre><pre>..\Source\ccPathExpansion.cpp</pre><pre>\\?\UNC</pre><pre>..\Source\ccSplitPath.cpp</pre><pre>..\Source\ccOSInfo.cpp</pre><pre>\wpeutil.dll</pre><pre>\FACTORY.exe</pre><pre>\wpeinit.exe</pre><pre>..\Source\ccMemory.cpp</pre><pre>..\Source\ccFile.cpp</pre><pre>..\Source\ccWow64FsRedirection.cpp</pre><pre>%s\%s</pre><pre>CIsolation::GetRegistryHive(): RegOpenKeyEx() returned ERROR_FILE_NOT_FOUND</pre><pre>CIsolation::GetRegistryHive(): RegOpenKeyEx() returned ERROR_ACCESS_DENIED</pre><pre>isolate.ini</pre><pre>%COMMON_SILO_DATA%</pre><pre>..\Source\ccEncryptedString.cpp</pre><pre>..\Source\ccSynchronize.cpp</pre><pre>..\Source\ccSymDllLifetimeMgr.cpp</pre><pre>kernel32.dll</pre><pre>KERNEL32.DLL</pre><pre>PSAPI.DLL</pre><pre>..\Source\ccPEBReader.cpp</pre><pre>..\Source\ccPrivilege.cpp</pre><pre>..\Source\ccSymIndexValueCollectionImpl.cpp</pre><pre>AWTSAPI32.DLL</pre><pre>..\Source\ccSymDllLifetimeMgrLocal.cpp</pre><pre>..\Source\ccSymIndexValueCollection.cpp</pre><pre>..\Source\ccSymValueCollection.cpp</pre><pre>ÌROOT%</pre><pre>rcPFRes.dll</pre><pre>rcPxyEvt.dll</pre><pre>rcProxy.dll</pre><pre>rcSvcHst.dll</pre><pre>rcEmlPxy.dll</pre><pre>rcLgView.dll</pre><pre>rcErrDsp.dll</pre><pre>rcAlert.dll</pre><pre>rcApp.dll</pre><pre>ccEmlPxy.dll</pre><pre>ccGLog.dll</pre><pre>ccJobMgr.dll</pre><pre>ccGEvt.dll</pre><pre>ccIPC.dll</pre><pre>ccRkSn.dll</pre><pre>PFPriv.dll</pre><pre>ccPxyIns.dll</pre><pre>ccPxyEvt.dll</pre><pre>ccInst64.dll</pre><pre>ccEvtCli.dll</pre><pre>ccTrstPc.dll</pre><pre>ccSvc.dll</pre><pre>ccEraser.dll</pre><pre>OEHeur.dll</pre><pre>ccCharCv.dll</pre><pre>ccInst.dll</pre><pre>DefUtDCD.dll</pre><pre>ccScanw.dll</pre><pre>ccScan.dll</pre><pre>dec_abi.dll</pre><pre>ccDec.dll</pre><pre>ccALEng.dll</pre><pre>ccErrDsp.dll</pre><pre>ccProSub.dll</pre><pre>ccVrTrst.dll</pre><pre>ccSetEvt.dll</pre><pre>ccSet.dll</pre><pre>ccAlert.dll</pre><pre>..\Source\ccArchive.cpp</pre><pre>..\Source\ccDummyArchive.cpp</pre><pre>..\Source\ccInstanceFactory.cpp</pre><pre>..\Source\ccSymValueCollectionConvert.cpp</pre><pre>..\Source\ccSymStreamArchive.cpp</pre><pre>Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders</pre><pre>Software\Microsoft\Windows\CurrentVersion</pre><pre>ÌROOT%\</pre><pre>ÌDATA%\</pre><pre>..\Source\ccSymInstalledApps.cpp</pre><pre>..\Source\ccSymDigest.cpp</pre><pre>..\Source\ccSymKeyValueCollectionImpl.cpp</pre><pre>..\Source\ccSymMemoryImpl.cpp</pre><pre>Archive.Write(CMemoryImpl::CSerializeImpl::Version) == FALSE</pre><pre>Archive.Read(nVersion) == FALSE</pre><pre>..\Source\ccSymStringImpl.cpp</pre><pre>Archive.Write(CStringImpl::Version) == FALSE</pre><pre>..\Source\ccSymInstanceFactoryImpl.cpp</pre><pre>t..\Source\ccMessageLock.cpp</pre><pre>..\Source\ccSymKeyValueCollection.cpp</pre><pre>..\Source\ccSymPersist.cpp</pre><pre>ÌROOT%\ccSet.dll</pre><pre>..\Source\ccSymObjectRepository.cpp</pre><pre>CommonClient\OBJID\%s</pre><pre>..\Source\ccMemoryArchive.cpp</pre><pre>..\Source\ccSymMemoryStreamImpl.cpp</pre><pre>mscoree.dll</pre><pre>- Attempt to initialize the CRT more than once.</pre><pre>- CRT not initialized</pre><pre>- floating point support not loaded</pre><pre>WUSER32.DLL</pre><pre>FileDownloader::callURLOpenStream</pre><pre>CHttpRequest::CHttpRequest</pre><pre>CHttpRequest::~CHttpRequest</pre><pre>CHttpRequest::RequestPage</pre><pre>CHttpRequest::ParseURLW</pre><pre>https</pre><pre>[s d, d - d:d:d:d]</pre><pre>%s %ld</pre><pre>%s %s</pre><pre>%s 0x%x</pre><pre>http://cps.qalabs.symantec.com/teams/isp/symccis</pre><pre>http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Staging</pre><pre>http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production</pre><pre>SymCCIS.dll</pre><pre>SCC.dll</pre><pre>OfferUI.dll</pre><pre>SymInstallStub.exe</pre><pre>SymCCISDll.txt</pre><pre>Total CheckCriteria execution time in seconds =</pre><pre>NortonOfferEngineImpl::CheckCriteria_Web</pre><pre>downloadStubInstallerExe() failed, HR =</pre><pre>Failed to delete existing SCC.dll, GetLastError =</pre><pre>NortonOfferEngineImpl::downloadStubInstallerExe</pre><pre>Failed to delete existing SymInstallStub.exe, GetLastError =</pre><pre>NortonOfferEngineImpl::buildComponentDownloadURL</pre><pre>NortonOfferEngineImpl::getTestEnvironmentRootURL</pre><pre>NortonOfferEngineImpl::getISExeDestPath</pre><pre>getISExeDestPath() returned =</pre><pre>NortonOfferEngineImpl::sendPingForCheckCriteriaWeb</pre><pre>NortonOfferEngineImpl::getCheckCriteriaPingDataWeb</pre><pre>NortonOfferEngineImpl::getStubInstallerCmdLine</pre><pre>getStubInstallerCmdLine() returned =</pre><pre>NortonOfferEngineImpl::deleteDeclineCountRegKeyForThisProduct</pre><pre>NortonOfferEngineImpl::deleteDeclineCountParentKeyIfNoMoreProductsExist</pre><pre>Deleting DeclineCount subkey for partner =</pre><pre>Failed to create/open DECLINE_COUNT_REG_KEY</pre><pre>Advapi32.dll</pre><pre>http://stats.norton.com/n/p?</pre><pre>PingData::SendCheckCriteriaWebPing</pre><pre>PingData::createBaseURL</pre><pre>PingData::getCheckCriteriaPingURL</pre><pre>PingData::getCheckCriteriaWebPingURL</pre><pre>PingData::getInstallProductsPingURL</pre><pre>PingData::getOfferAcceptancePingURL</pre><pre>pingURL =</pre><pre>X.X</pre><pre>%u.%u.%u.%u.%u</pre><pre>Utility::LaunchProcessWithShellExecute</pre><pre>ShellExecuteEx failed, GetLastError =</pre><pre>; 5->>>></pre><pre>000000000</pre><pre>00000000000001</pre><b>%original file name%.exe_1592_rwx_10084000_00002000:</b><pre><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></pre><pre>NRTN_OfferEngine_CheckCriteria_Web</pre><pre>kernel32.dll</pre><pre>urlmon.dll</pre><pre>URLOpenStreamW</pre><pre>WININET.dll</pre><pre>USER32.dll</pre><pre>MsgWaitForMultipleObjectsEx</pre><pre>ADVAPI32.dll</pre><pre>SHELL32.dll</pre><pre>ole32.dll</pre><pre>SHLWAPI.dll</pre><pre>USERENV.dll</pre><pre>OLEAUT32.dll</pre><pre>2.0.0.29</pre></pre></RDF></pre></-t>