PUP.Win32.YahooCompanion_0244b184b6

by malwarelabrobot on August 27th, 2014 in Malware Descriptions.

Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, PUPYahooCompanion.YR, SearchProtectToolbar.YR, PUPInstallXSearchProtectForYahoo.YR (Lavasoft MAS)
Behaviour: Trojan, PUP


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 0244b184b67696e1503ccf05d8746877
SHA1: 33fe675bfb1a5ca0a4e63ee1efb5ea575785442e
SHA256: bc25c58a671d5b935c11f2437767ea20e4e9e12110b1d709cbce4763a6ec5136
SSDeep: 49152:tJK0Wj57rrdF4wPho6x4y6qTJlThgk59Ze:jK557rrv4J6Gy6q1ZZe
Size: 2001784 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: SafeInstall, LLC
Created at: 2014-07-24 17:11:45
Analyzed on: WindowsXP SP3 32-bit


Summary:

PUP. Potentially Unwanted Program. An application that does not display malicious behavior yet is installed without having first sought affirmative user consent for installation. Users may not realize, due to the nature of the installation procedure, that an application they have not explicitly agreed to has been installed. This category can also be used to classify other applications which in a certain context can be wanted e.g. remote administration tools or IRC clients.

Payload

No specific payload has been found.

Process activity

The PUP creates the following process(es):
No processes have been created.
The PUP injects its code into the following process(es):

%original file name%.exe:1696

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1696 makes changes in the file system.
The PUP creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\winferno.vi.zip (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\minmax.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\clickmanager.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\installprogress.png (998 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\config.xml (15904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\wecareaspca.vi.zip (973 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\speedupmypc_sales_r2_v2.vi.zip (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\arcadeparlor.vi.zip (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\step-contents-stepped.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\smartweb.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\smartdriverupdater.vi.zip (928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\websearches.vi.zip (731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\pcspeedup.vi.zip (820 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\container-separator.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\toolbaruimanager.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\converterfreeonline.vi.zip (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\registryhelper.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\truedownloader.vi.zip (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\defaulttab.vi.zip (866 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dealgest.vi.zip (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoosuite.vi.zip (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\knockout-2.2.1.js (2696 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\nortoninternetsecurity.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\coretemp_nocheck.vi.zip (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\012RC96R\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\nortonsecurityscan.vi.zip (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn_next.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\wecarecleanwater.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\fulldiskfighter.vi.zip (968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_hpds_defaultsearch.test.vi.zip (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\darkux_dynamic_compliant.vi.zip (9496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\genieo.vi.zip (904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\notoolbaruimanager.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.dll (6904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\severeweatheralerts.vi.zip (816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\darkux_dynamic_compliant.vi.json (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\kaspersky.vi.zip (888 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\nortonantivirus.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\weatherbug.vi.zip (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\coretemp_9244.txt (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\lodash.custom.min.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\pcoptimizerpro.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\coretemp_nocheck\coretemp_tn.png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\css\style.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\script.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\freeflvconverting.vi.zip (999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\surfcanyon.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\pcoptimizerpro.vi.zip (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\uninstallhelper.vi.zip (507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS2.zip (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\filewhiz_tn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\view.darkux_dynamic_compliant.vi.json (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn-win-25h.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\driverfighter.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\compliantuimanager.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\registryhelper.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\uifactory.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\seaapp.vi.zip (885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\resultsbay.vi.zip (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\blasteroids.vi.zip (833 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\driverscanner.vi.zip (811 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\0244b184b67696e1503ccf05d8746877.log (3480334 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\smartdriverupdater.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\json2.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\close.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\mypcbackup.vi.zip (904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn.png (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\bg-installprogress.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\rockettab.vi.zip (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OGX388CZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\darkux_dynamic_compliant.vi.html (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn-win-20h.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\linkey.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V5ERKD2R\ENG.SCC.config[1].txt (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\smartweb.vi.zip (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\secureweb.vi.zip (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\contentexplorer.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\omigaplus.vi.zip (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_hpds_defaultsearch.vi.zip (434 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\blitzmediaplayeroffer.vi.zip (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\offerbox.vi.zip (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\coretemp_nocheck.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\contentexplorer.vi.zip (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\title-bar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\responsemanager.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\muvic.vi.zip (786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\checkbox.png (650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\complianttoolbaruimanager.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\searchdonkey.vi.zip (861 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\step-contents.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\012RC96R\SCC[1].dll (20219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V5ERKD2R\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\smartpccleaner.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn-win.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\custom-check.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\kaspersky.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\slowpcfighter.vi.zip (926 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\driversupport.vi.zip (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCCLog.txt (168898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\ping.response.json (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\driverfighter.vi.zip (939 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\convertfilesforfree.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\wecaresavethechildren.vi.zip (955 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P1SMUOF8\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_keepmysettingsx.vi.zip (412 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\offerparser.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS.dll (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_hpds_startpage.vi.zip (422 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.config (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\product-icon.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\uninstallhelper.vi.json (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\nortonantivirus.vi.zip (892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\fulldiskfighter.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\jquery.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_hpds_startpage.test.vi.zip (739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SymCCISDll.txt (38245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\knctr.vi.zip (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\uimanager.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\bg_disc_wrap.gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\nortonsecurityscan.vi.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\smartpccleaner.vi.zip (930 bytes)

The PUP deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SCC.config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302\index.dat (0 bytes)

Registry activity

The process %original file name%.exe:1696 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014082620140827]
"CacheOptions" = "11"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014082620140827]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014082620140827\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\InstallIQ]
"test" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014082620140827]
"CacheRepair" = "0"

"CachePrefix" = ":2014082620140827:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1406211105"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A 4F 2B 9F 4C D6 44 D6 E4 A5 27 ED 17 B3 34 15"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014082620140827]
"CacheLimit" = "8192"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The PUP modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The PUP modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The PUP modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The PUP deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013030120130302]
[HKLM\SOFTWARE\InstallIQ]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130218]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021820130225]

The PUP deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"

[HKLM\SOFTWARE\InstallIQ]
"test"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

Dropped PE files

MD5 File path
38212789a0f996c9f49d2646446c02f3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SCC.dll
d0f25e1b717ee325780b5c5a014f9623 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SymCCIS.dll
38212789a0f996c9f49d2646446c02f3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\012RC96R\SCC[1].dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: SafeInstall, LLC
Product Name: SafeInstaller
Product Version: 1.0.54.0
Legal Copyright: Copyright (C) 2014
Legal Trademarks:
Original Filename: safeinstall.exe
Internal Name: SafeInstaller
File Version: 1.0.54.0
File Description: Safe Installer
Comments:
Language: English (United Kingdom)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 505177 505344 4.49292 6c09f500a5bd74be5190297e5b356442
.text-qu 512000 3859 4096 4.15412 653d649379935be8c26e1e7ea3da424a
.text-co 516096 85632 86016 4.47492 30ddfe8dbc253fceb037cac62c95b5ff
.text-co 602112 74520 74752 4.47278 f429701b334e853787a4c0f0cf10fd83
.text-co 679936 47594 47616 4.49437 20b2df0c90f8a2ecdadca5b1554dc861
.text-co 729088 14255 14336 4.48381 55db8be59762b748d837177dc1457963
.text-co 745472 28523 28672 4.60937 653f8615ca671278486d4ebdb51fbe7b
.text-co 774144 10274 10752 4.35743 79e94ddb9aa15a26573dc90c5b35b14c
.text-co 786432 263610 263680 4.59228 84bd3550fe06887f48919d601d167179
.text-ti 1052672 43367 43520 4.59432 9d28f04ce3659b237a92197c4d09f276
.text-co 1097728 16090 16384 4.36783 54233a7c7bcf858848c590f69457b0f1
.text-co 1114112 59 512 0.606205 c22988405ebe63cdbaffaeaf95818e4c
.text-co 1118208 12734 12800 4.41273 0fb4b4abf925f617f5e8bb41613ce580
.rdata 1134592 268030 268288 3.89215 36afd469caf7153f2bf829d7ed8f917e
.data 1404928 27140 17408 3.33069 ca11c70918c6d51c773d210ca56b6fa8
.data-qu 1433600 41 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1437696 188 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1441792 56 512 0.042395 7913b4be61bc57ba2078e23024a5c1a7
.data-co 1445888 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1449984 44 512 0.014135 2d5fe836dd5a60fa37b7c590cfc70410
.data-co 1454080 41 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1458176 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1462272 2932 3072 1.3623 0c2af40c829b52521f1c85c0b8278d97
.data-ti 1466368 1176 1536 1.0087 1bb77bec461d2a4e9b7372f782d4ce7b
.data-co 1470464 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.data-co 1474560 4 512 0.014135 d340f23a7d18057bb02252a3cb40b877
.data-co 1478656 40 512 0 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 1482752 587740 587776 5.28772 c2f9ed3530a55afaf8d2805030bc60f8

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://1-vinstaller.com/api/productsession 66.77.96.160
hxxp://a568.d.akamai.net/upgrade/NSS/SymCCIS/Production/SCC.dll
hxxp://a568.d.akamai.net/upgrade/NSS/SymCCIS/Production/SCC/w3i/ENG.SCC.config.txt
hxxp://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC.dll 184.84.243.41
hxxp://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/ENG.SCC.config.txt 184.84.243.41


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /upgrade/NSS/SymCCIS/Production/SCC.dll HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: liveupdate.symantecliveupdate.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "38212789a0f996c9f49d2646446c02f3:1402650668"
Last-Modified: Fri, 13 Jun 2014 09:09:28 GMT
Accept-Ranges: bytes
Content-Length: 167264
Content-Type: application/octet-stream
Cache-Control: max-age=1052
Expires: Tue, 26 Aug 2014 13:02:31 GMT
Date: Tue, 26 Aug 2014 12:44:59 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........r.........
........................E...............................Q.............
......................Rich............PE..L......S...........!........
.>.......z....................................................@....
.....................Ew......tx..{....p..=............t..`...........
......................................................................
..........text....`.......T......PEC2TO...... ....rsrc.... ...p.......
X.............. ....reloc...............r..............@..............
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.........................................................*..U..9k3e..O
.U...-.[O?wV|.........Uk .B..u3g5.I...jUi..c#.d.N.k.....jxf....f.....M
..k./K.>.'S(..8.......Wz.j.....Q.Q.z p...F.....Z...A.n..&...Id.....
..>o...5.1...&?.....cA.!.}L...>..u......D...c.~3.:.M%.d.......BU
.....o4[.$..|..n..$.vL<..~...Jd...uV.}....Q."..e..........Q...z..O.
P..;...R.qlm.z.......4.'..O.._.C..[..C...].._..`r.;[.c.9@2..,6..m1...x
.f=....d...9HR..?...A..?.f........>GUa..Q=^#\....<.e..e@r.)..y.Q
.J...{..<`*....~f.Q......p..V....P.BP...y..=...?.....>O.f.?.

<<< skipped >>>

GET /upgrade/NSS/SymCCIS/Production/SCC/w3i/ENG.SCC.config.txt HTTP/1.1

Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: liveupdate.symantecliveupdate.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "b8dbac3cc2be258b539c305a828416aa:1395133614"
Last-Modified: Tue, 18 Mar 2014 09:06:50 GMT
Accept-Ranges: bytes
Content-Length: 3216
Content-Type: text/plain
Cache-Control: max-age=1652
Expires: Tue, 26 Aug 2014 13:12:32 GMT
Date: Tue, 26 Aug 2014 12:45:00 GMT
Connection: keep-alive
...<..iy..}...e_.k.2..#r...-..\\^../..SG>Jc.G2...S... .d".!..:.\
..A...='.... .......^....0...>.y..G...X...(.v..u.._...z.....#.[....
yIie.......G.^1h...-.....7i........L(,.t......<.3....9.&.......q...
..]O.6..A..h...^.:q.....X4a;T.....2.[.h. ..................`S...u.....
.\.y.-...b...YVPT.CqXK....c....\,....R.N.[..2.[.h. ..SV.3..-......#.!u
......A.S...^......o..p"d#../q...-.......0a.3.g. ..A...........{xE...%
.ws=....d'Y....C...$..k.7...4.]|....Z..L..R.O._S?.g........n..G.v...d.
...!........\r.T...V.{.]h2.Z.]I...S.}.B..}..._%.n.t.6XK..rK.v.K...3Na.
.-...?......~_.....9..|............!fr.qON".H .......[.k..&..1l.>a2
......3.C.#.A.y.....zx......4.."......u...%.....t.Nsb.&r..NS..]/.c^.j(
z0M..pSn.:..t.....&~...E.|ab.L..(}..8..S._3...r....H.Y....0f...X<..
U.o....b.g..U...av.....P#W..,.4..x..._..Y..D.......s...K.....8.....?.H
.P.L..b.H..J.R..y...........R......'@.l.. k.. .z..m..8.9h.....3#...hkO
.AiD....W>1...3...J.....eVqE.H.......v....._.........f..-0....@:...
.&.`.M.{...O.Ew.O..c..P.....(c...a;T......M~.1*.........hL..l.A....F}&
lt;)K.#.T.n.#..h{...U.&.`.M.{.di<:hTh.(............y..!.[.-RJ\...._
...Tp.PD"#.".E.....gu,.3..o(X...ZL.....eX.(...y\....t..py1...EE...R...
.DOQ.H. .y......S.f...x]v.R...?..8|...........f..-0..Z...u.n.......
..`..;.5.(...S...EE...R..l..*.].F.....$.u%.".IT.F.....$...(c...]O.6..A
....@.L...g.V.4...._..w.....(i...g. ..A..jyE. ..B..cH..{j,g........(..
....!....,..........N..W.Q.M...<'..U...~.$}.Z..]/...:U..@p(U...~.$}
@.......%..h_...O]3...y..I.!.R....a......l..D.9:...K. .r.s.xa...H.

<<< skipped >>>

POST /api/productsession HTTP/1.1
Content-Type: application/json; charset=utf-8
Accept: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: 1-vinstaller.com
Content-Length: 259
Cache-Control: no-cache

{"CampaignName":"","ShortName":"coretemp","ProductSubId":-1,"AccountId":13307,"VersionId":-1,"InstallerVersion":"1.0.54.0","OSId":5,"TemplateId":300,"LangId":1033,"ParentOfferIds":[],"Browsers":[{"Key":"IE","Value":6}],"DefaultBrowser":{"Key":"IE","Value":6}}
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="PSA OUR DEM"
X-Robots-Tag: noindex, nofollow
Date: Tue, 26 Aug 2014 12:44:55 GMT
Content-Length: 11165
{"Response":{"configuration":{"month":8,"week":35,"year":2014,"targetb
rowser":{"Key":"IE","Value":"6"},"pingurl":"hXXp://1-vinstaller.com/ap
i/productsession","postbackurl":"hXXp://1-vinstaller.com/api/trackoffe
rinstalldetails","errorurl":"hXXp://1-vinstaller.com/api/installerror"
,"host":"hXXp://dl2.via9installer.com/lm/","compliant":true,"randomoff
ersort":false},"productsession":{"productid":2767,"productsubid":-1,"p
roductsessionid":"11b7ebe3-ed2a-4e79-8741-ce6b769f88ea","shortname":"c
oretemp","deviceclienttype":7,"guiclienttype":7,"versionid":-1,"sessio
n":{"accountid":13307,"vendorid":6475,"campaignid":4631611,"campaignna
me":"Default","countryid":124,"country":"CA"}},"accountconfiguration":
{"accountid":13307,"accountverticalid":20,"showwelcomescreen":true,"sh
owdownloadmanager":true,"showfirstofferinwelcomescreen":true,"allowico
ndrop":true,"active":true},"offers":[{"accountid":13307,"offerid":1944
4,"parentofferid":628,"position":1,"active":true,"offerversion":0.0,"c
onfiguration":{"configid":"nortonsecurityscan.all","type":"symanteccci
s","displayname":"Norton Security Scan","affiliateid":"#YYYY##MM#","cm
dargs":"/affid=#YYYY##MM#","deferreddetection":"1","productid":"nss"}}
,{"accountid":13307,"offerid":20213,"parentofferid":5778,"position":2,
"active":true,"offerversion":0.0,"configuration":{"configid":"contente
xplorer.iq.all","type":"exe","displayname":"Content Explorer","downloa
durl":"bundles/contentexplorer/20140611/CEInstaller.exe","commandline"
:"-run silent -affiliateid 026 -sid 055","firefox":"1"}},{"account

<<< skipped >>>

The PUP connects to the servers at the folowing location(s):

%original file name%.exe_1696:

.text
`.text-qu
`.text-co
`.text-coko
`.text-co"(
`.text-tig
`.text-co;
`.rdata
@.data
.data-qu)
.data-co
.data-co8
.data-co(
.data-co,
.data-co)
.data-cot
.data-ti
.rsrc
CSShZ
7SSh$
7SSh.
7SSh3
7SSh8
CSSh3
CSSh8
CSSh=
CSShk
<-t}<.
<*u%F
CSSh`
<:%u4
t8Ht.HHt#
.FGy1
Af;FP}%S3
|$|.tD
#t.Ht
 2 34 567
u.SSV
1t.Ht
9sxv%UW
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
operator
GetProcessWindowStation
Operation not permitted
Inappropriate I/O control operation
Broken pipe
0xX
Invalid CRT parameter
QuickStartApp.cpp
vi.engine.xml
chk_firefox
chk_chrome
%s[%d]
position=%d, active=%d
%d,%d,%d
** Debug mode: simulating stopping Firefox
** Debug mode: simulating stopping Chrome
%s must be closed before continuing. Press OK to close %s now. You may need to close %s manually.
Firefox
Google Chrome
%d err: %s
Chrome
firefox
chrome
opera
searchprotector.exe
view=%d,sel=%d,inst=%d,conf=%d,can=%d,err=%d,eid=%d,pos=%d,%s
.json
control.txt
00000000-0000-0000-0000-000000000000
QuickStartProcess.cpp
%programfiles%\Free Offers from Freeze.com
disabling offer because system doesn't have Firefox
disabling offer because system doesn't have Chrome
%s[%s]: view=%s accept=%s
%s,%s
WindowsErrorCode
targetbrowser/key
%s:v=%s,id=%s,rc=%d,f=%d,e=%d,i=%s,p=%s,pb=%s,ex=%s,tr=%s,px=%d
%s:v=%s,rc=%d,os=%s,%s,%s|ie=%s
%d,%d,%s,%s,%s,%s
%d,%d,%d,%d,%d
%d,%d,%s,%s,%s,%s,%s
%d,%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%d,%d,%s,%s,%d,%s
offers
%s,%s,%s,%s,%s,%s,%s,%s
%s,%d,%s,%s
Unable to open thankyou page; url is empty or invalid!
statsd.response.txt
Web.Installer.VDI.CommError
Web.Installer.VDI.InstallError
Web.Installer.VDI.OfferDownloadError
Web.Installer.VDI.OfferInstallError
Web.Installer.VDI.OfferInstallFailed
hXXp://dl2.v47installer.com/lm/bundles/keepmysettingsx/keepmysettingsx.zip
hXXp://sdspapi.com/api/values
hXXp://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140522,19669,0,FF29,7635
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallX Search Protect for Yahoo
hXXp://dl2.v47installer.com/lm/bundles/keepmysettingsx/spv1.zip
spv1.zip
.html
MainWnd.cpp
OfferThread.cpp
Setting offer checkbox value: key=
COfferExe::GetXpiFilename
c:\winapps\windows\main\installer.quickstart.application\installer.quickstart.lib\OfferExe.h
downloadurl
downloadurl.64bit
msie.downloadurl
msie.commandline
firefox.downloadurl
firefox.commandline
chrome.downloadurl
chrome.commandline
allbrowser.downloadurl
allbrowser.commandline
regkeyadd
ieregkey
firefox.pref
firefox.xpimethod
firefox.xpilocation
firefox.xpidelete
LUA account detected, and flag lua_runasdesktopuser detected, forcing executeAsDesktopUser
iconurl
residenturl
configuration/downloadurl
configuration/downloadurl.64bit
configuration/msie.downloadurl
configuration/msie.commandline
configuration/firefox.downloadurl
configuration/firefox.commandline
configuration/chrome.downloadurl
configuration/chrome.commandline
configuration/allbrowser.downloadurl
configuration/allbrowser.commandline
configuration/regkeyadd
configuration/ieregkey
configuration/firefox.pref
configuration/firefox.xpimethod
configuration/firefox.xpilocation
configuration/firefox.xpidelete
configuration/iconurl
configuration/residenturl
adding %s entry, ourVal='%s', theirVal='%s'
COfferExe::Download
Download url is empty!
_firefox is NULL!
COfferExe::OnInstall
Install is a dropfile; no exe to run...
Icon offer (in exe config) detected, running icon install
COfferExe::Run
COfferExe::HandleFirefoxOptions
firefoxoffer
HandleFirefoxOptions called with incorrect preferences set in config!
COfferExe::BuildCommandLine
msiexec.exe /i "%s" /qn ALLUSERS=2 REBOOT=ReallySuppress
msiexec.exe /i "%s" %s
Could not find firefox exe to install
Offer is installing XPI for Firefox 8 or higher, enabling GUI.
"%s" "%s"
"%s" %s
COfferExe::RunSearchProtectInstall
COfferExe::WaitForInstallProcess
OfferExe.cpp
COfferExe::WaitForProcessStarted
waiting for registry key:
COfferExe::WaitForRegistryValue
Registry key found.
Registry key found (64-bit).
COfferExe::WaitForFile
COfferExe::InstallXpi
Bad RegKeyAdd config; not correct format: (missing hive \ )
Bad RegKeyAdd config; not correct format: (missing , )
Bad RegKeyAdd config; not correct format: (missing = )
unable to set regkey from following RegKeyAdd:
RegKeyAdd:
unrecognized values in RegKeyAdd:
unable to set regkey from following IERegKey:
IERegKeyAdd:
unrecognized values in IERegKey:
COfferExe::FinishXpiInstall
COfferExe::CancelXpiInstall
COfferExe::RunIconInstall
%s_%s.url
COfferExe::InstallResident
residentUrl is NULL!
~.exe
installx.dat
installx.cfg
hXXp://click.freeze.com/?clname=resident
sessionurl
configuration/url
configuration/msie.url
configuration/firefox.url
configuration/chrome.url
All urls are empty!
COfferStartPage::InstallFirefox
_firefox is NULL!
** Debug mode: simulated setting Firefox startpage:
Error writing Firefox pref for startpage!
Error setting Firefox new tab!
Set new tab in Firefox.
Firefox startpage set successful.
chromeoffer
COfferStartPage::InstallChrome
_chrome is NULL!
** Debug mode: simulated setting Chrome startpage:
Error setting Chrome startpage: browser is still running!
Error writing Chrome pref for startpage!
Can't set new tab Chrome, function is not implemented.
Chrome startpage set successful.
OfferStartPage.cpp
startpageurl
oldstartpageurl
hXXp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
hXXp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=#REVENUE_TAG#
hXXp://search.yahoo.com/favicon.ico
configuration/msie.searchname
configuration/firefox.searchname
configuration/firefox.suggesturl
configuration/firefox.selectedengine
configuration/firefox.keywordurl
configuration/chrome.selectedengine
configuration/chrome.keyword
configuration/chrome.faviconurl
configuration/chrome.suggesturl
Error setting IE search: url is empty!
Internet Explorer version 6 or older does not support default search!
COfferDefaultSearch::InstallFirefox
** Debug mode: simulated setting Firefox default search:
Failed to write Yahoo xml for Firefox!
Firefox default search set successful.
COfferDefaultSearch::InstallChrome
** Debug mode: simulated setting Chrome default search:
Failed to set search pref for chrome!
Chrome default search set successful.
OfferDefaultSearch.cpp
searchurl
oldsearchurl
hXXp://vinstaller.com/api/trackofferinstalldetails
hXXp://vinstaller.com/api/installerror
ping.response.json
postback.response.json
config.xml
pingurl
postbackurl
errorurl
statsdurl
uninstalloptionurl
PingUrl
PostbackUrl
Sending session request, url=
Ping url is empty!
Ping url is invalid!
hXXp://dl5.v1installer.com/
PingResponse.cpp
targetbrowser/Key
PingThread.cpp
offer %s[%s]: isInstalled=%d canShow=%d
rule %s[%s]: isInstalled=%d
QuickStartDetectThread.cpp
ResourceThread.cpp
Sending postback request, url=
Postback url is empty!
Postback url is invalid!
Response/url
passed
CRequirementManager::RunExecute
CRequirementManager::ParseExecuteResult
invalid flag in execute result:
Software\Microsoft\Windows\CurrentVersion\RunOnce
Running requirement.OnInstall:
Running requirement.OnCancel:
requirement.OnCancel is empty, skipping.
Running requirement.OnExit:
requirement.OnExit is empty, skipping.
%programdata%\W3i\UninstallHelper\iqu.ini
2.0.1.0
%programdata%\W3i\UninstallHelper\import
quickstart.xml
quickstart%d.xml
Failed to save IQU data, too many import files in directory!
%programfiles%\W3i\UninstallHelper\UninstallHelper.exe
quickstart_si.xml
quickstart_si%d.xml
Failed to save SoftwareInfo data, too many import files in directory!
hXXp://dl.installiq.com/API/IQU/SoftwareInfo.aspx
UH executable not found!
"%s" /silent /noswinfo
%s:%d
handling firefox cookies...
FF.GetCookiesError
FF.NoCookies
firefox: no cookies found
FF.SetCookieError
FF.SetCookies
firefox: set cookies
getting firefox cookies for
CCookieManager::GetFirefoxCookies
Error enumerating firefox cookies!
firefoxenum
hXXp://
cookie.dat
Vista.NoResult
Vista.SavedLow
Vista.NoCookies
Vista.CopiedLow
%a, %d-%b-%Y %H:%M:%S GMT
cookieman.exe
Vista.ExtractError
Vista.CreateLowError
handling chrome cookies
Chrome.GetCookiesError
Chrome.NoCookies
Chrome: no cookies found
Chrome.SetCookieError
Chrome.SetCookies
Chrome: set cookies succeeded
getting Chrome cookies for
CCookieManager::GetChromeCookies
Error enumerating chrome cookies!
chromeenum
Safari.GetCookiesError
Safari.NoCookies
Safari.SetCookieError
Safari.SetCookies
ErrorLogger.cpp
explorer.exe
CDialogWindowJson::OnBeforeNavigate2, url=
DialogWindowJson.cpp
%s: view=%s accept=%s
chk_%s=
checkbox found; %s=%s
adding disclosure(%s): %s
installedbrowsers/firefox
installedbrowsers/chrome
installedbrowsers/opera
view.buildconfig.json
view.productconfig.json
ProgressDialog.cpp
Installing %d of %d
uninstalloption.exe
InstallIQFirefoxLock
postinstallexecute
postinstallexecuteintegrity
stopfirefox
stopchrome
configuration/postinstallexecute
configuration/postinstallexecuteintegrity
/msie.autoconfirm
/firefox.autoconfirm
/chrome.autoconfirm
msie.autoconfirm
firefox.autoconfirm
chrome.autoconfirm
COffer::WaitForFirefoxLock
Offer.cpp
_firefoxLock is already created!
Waiting for Firefox lock...
Firefox lock status:
Releasing Firefox lock
PostInstallExecute:
iexplore.exe
** Debug mode: simulating PostInstallExecute:
Cannot run post-install execute, file does not exist:
COffer::PostInstallExecute
PostInstallExecute command failed!
http:
Adding UH data: %s|%s,%s
Failed to extract uninstall option exe!
Error; uninstalloption.exe doesn't exist (after download and extract!)
Error copying uninstalloption.exe to program files!
error downloading uninstall option url!
hXXp://airdownload.adobe.com/air/win/download/latest/AdobeAIRInstaller.exe
%programfiles%\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
"%s" %s "%s"
AdobeAirInstaller.exe
Uninstall keys:
/uninstallkeys/uninstallkey
%s/uninstallkeys/uninstallkey[%d]/type/text()
%s/uninstallkeys/uninstallkey[%d]/value/text()
%firefoxprofiles%
Unknown uninstall key type encountered, skipping lookup
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
crterr:%d
Win32Err:%d
HRESULT:0x%X
@ line %d in function <%s>.
Unknown error: %d
wininet.dll
IDispatch error #%d
LoadLibrary failed in loading current exe:
CoreResource.cpp
CStringW.GetBuffer failed!
0xx
%s. {%s} @ line %d in function <%s> in module %s.
HRESULT:0x%X
HttpStatus:%d
Win32Err:%d
Error:%d
-- %s line %d --
[X]
L%d:d.d.d_d:d:d.d
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%d
%s_%x%x%x%x%x
CoreFile.cpp
Exception %X in module %s at: 0x%p.
dbghelp.dll
0x%p %s
CoreProcess.cpp
CCoreProcess::ShellExecuteCommand
ShellExecuteCommand:
CCoreProcess::ShellExecuteCommandAndWait
Failed to execute command:
CCoreProcess::CloseProcessWindowsByModuleName
CCoreProcess::GetProcessExe32
CCoreProcess::GetProcessExe64
kernel32.dll
CoreXml.cpp
_ftprintf_s failed writing header to
CCoreXml::ParseRequiredKeyValue
]/Key/text()
CCoreXml::ParseRequiredKeyInt
CoreThread.cpp
PTF://
hXXps://
CoreSystem.cpp
CCoreSystem::GetWindowsVersionId
Missing windows version, check the code!!
%s (Build %d)
Unknown OS! Major: 0xX, Minor: 0xX
CCoreSystem::CacheWindowsInfo
%system%
%windows%
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Þsktop%
Þsktopdir%
%userprofile%
%s0x%.2x%.2x%.2x%.2x%.2x%.2x-
SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322
SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
SOFTWARE\Microsoft\.NETFramework\policy\v1.0
3321-3705
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
Iphlpapi.dll
%windows%\Desktop
proc.vboxsvc
VBoxService.exe
proc.vboxtray
vboxtray.exe
proc.vmtools
vmtoolsd.exe
proc.hvsvc
vmicsvc.exe
reg.vboxguest
reg.vboxmouse
reg.vboxsvc
reg.vboxsf
reg.vboxvid
reg.vboxbios
reg.vboxsguest
file.vboxhook
%system%\vboxhook.dll
reg.vmvid
reg.vmpci
reg.vmdbg
reg.vmcrd
reg.vmmem
reg.vmmouse
reg.vmdsk
reg.vmtools
reg.vmsnap
reg.vmnet64
reg.hvgenctr
SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
reg.hvvmbus
reg.hvvid
reg.hvscsi
SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\0000
reg.hvinput
SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\0000
reg.vboxdisk
reg.vmdisk
reg.hvdisk
sng.vmt2
sng.vmt1
sng.vmt4
sng.vmt3
gen.diftime
gen.dbg
CCoreRegKey::Create
Warning: HKEY_CLASSES_ROOT opened for writing! This can lead to unpredictable results.
RegCreateKeyEx failed on key=
RegOpenKeyEx failed on key=
CCoreRegKey::Open
Registry key is not open! (
CCoreRegKey::GetValueType
CoreRegKey.cpp
CCoreRegKey::GetValueSize
CCoreRegKey::GetValue
CCoreRegKey::GetValueString
CCoreRegKey::SetValue
CCoreRegKey::DeleteValue
CCoreRegKey::DeleteKey
RegDeleteKeyEx failed on
RegDeleteKeyExA
RegDeleteKey failed on
CCoreRegKey::EnumSubKeys
CCoreRegKey::CopyTree
SHCopyKey failed for
CCoreEntryPoint<long (__stdcall*)(struct HKEY__ *,char const *,unsigned long,unsigned long)>::CCoreEntryPoint
CCoreEntryPoint<long (__stdcall*)(struct HKEY__ *,char const *,unsigned long,unsigned long)>::LoadProcAddress
Advapi32.dll
UniqueId.cpp
subKey is NULL!
0.0.0.0
%u,%u,%u,%u
\/:*?"<>|
Failed to create URL file!
createurlfilefail
Encryption key not initialized!
CoreEvent.cpp
shell32.dll
CoreVista.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
%Y-%m-%dT%H:%M:%S
CommandLine.cpp
%s.%s
iexplore,ie.http
Failed to get IE version key!
Loading IE cookies for url:[
wrote %d cookies
CoreInternetExplorer.cpp
Unable to find iexplore.exe, using shell execute (with possible warnings)
-noframemerging "%s"
ie.http\shell\open\command
Default search regkey not found (may be a brand new install)
ieframe.dll
EnumSubKeys failed!
hXXp://VVV.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
url is empty!
Replacing existing provider url:
Error setting provider url!
FindFirstUrlCacheEntry() failed!!
CCoreInternetExplorer::FindFirstHistoryUrl
CCoreInternetExplorer::FindNextHistoryUrl
findfirsturlfailed
FindNextUrlCacheEntry() failed!!
FindUrlCache handle is null!! Did you call FindFirstHistoryUrl first??
CCoreInternetExplorer::FindCloseHistoryUrl
findnexturlfailed
findcloseurlfailed
FindCloseUrlCache() failed!!
msgTitle is required!
msgText is required!
browser.search.defaultenginename
keyword.URL
browser.search.selectedEngine
MozillaUIWindowClass
browser.startup.homepage
firefox.exe,firefox.url,firefoxportableurl,firefoxurl,firefox
MozillaWindowClass
Software\Mozilla\Mozilla Firefox
Failed to get Firefox version key!
CCoreFirefox::GetVersion
Profile%d
firefoxver
%appdata%\Mozilla\Firefox
Firefox versions prior to 3 are not supported by LoadProfileCookies!
profiles.ini
Loading Firefox3 cookies for url:[
%s=%s
cookies.sqlite
Enumerating Firefox3 cookies for
cookies.txt
Enumerating Firefox cookies for
Found partial cookie in Firefox profile:
firefox.exe
-requestPending -osint -new-window "%s"
PathToExe
prefs.js
%programfiles%\Mozilla Firefox
CoreFirefox.cpp
CCoreFirefox::GetPrefString
CCoreFirefox::SetPrefString
user_pref("%s", %s%s%s);
CCoreFirefox::SetDefaultSearch
searchUrl is empty!
Can't set search engine while Firefox is running!
suggestionUrl is empty!
Setting Firefox default search engine:
SuggestionUrl=
SearchUrl=
Failed to write Yahoo search prefs for Firefox!
hXXp://VVV.mozilla.org/2006/browser/search/
browser.search.order.1
browser.search.order.2
places.sqlite
downloads.sqlite
select source from moz_downloads where source like '%%%s%%' order by id desc
Failed to open downloads.sqlite database!
select url from moz_places where url like '%%%s%%' order by id desc
Failed to open places.sqlite database!
cannot set startpage; firefox is currently running!
CCoreFirefox::SetStartpage
browser.startup.page
Cannot set newtab because firefox is running!
CCoreFirefox::SetNewTab
browser.newtab.url
firefox pref: keyword.URL=
browser.search.param.yahoo-fr
firefox pref: browser.search.param.yahoo-fr=
c:\winapps\windows\main\core.cpplib\core.cpplib.browser\CoreChrome.h
CCoreChrome::SetCookie
Chrome_WidgetWin_0
Chrome_WindowImpl_0
Chrome_WidgetWin_1
Chrome_RenderWidgetHostHWND
%local_appdata%\Google\Chrome\User Data\Default\Cookies
chrome.exe,chrome.hwd,chromehtml,chromiumhtml,chrome,chromium
Loading Google Chrome cookies for url:[
CCoreChrome; Cookie file does not exist
host_key like '%
select name, value, host_key, path, expires_utc from cookies where
CCoreChrome::EnumCookiesLegacy
Enumerating Google Chrome cookies for
Chrome cookie file does not exist
Enumerating Google Chrome cookies (v33) for
select host_key, name, value, path, expires_utc from cookies where host_key like '%
select host_key, name, value, path, expires_utc, encrypted_value from cookies where host_key like '%
CCoreChrome::EnumCookiesV33
Chrome cookie:
Failed to decrypt chrome cookie:
--new-window "%s"
chrome.dll
chrome.exe
Unable to find chrome.exe, using shell execute (with possible warnings)
%local_appdata%\Google\Chrome\Application
ChromeHTML\shell\open\command
CCoreChrome::GetStartpage
%programfiles%\Google\Chrome\Application
session/urls_to_restore_on_startup
CCoreChrome::GetStartupPages
CoreChrome.cpp
session/startup_urls
CCoreChrome::IsMultiStartPageEnabled
CCoreChrome::SetStartpage
CCoreChrome::SetStartPageOld
CCoreChrome::SetStartPageNew
SELECT value FROM meta WHERE key='Default Search Provider ID'
%local_appdata%\Google\Chrome\User Data\Default\Web Data
SELECT id, short_name, url FROM keywords where id = %s
CCoreChrome::GetDSUrlFromPrefTemplate
default_search_provider_data/template_url_data/url
default_search_provider_data/template_url_data
default_search_provider_data/template_url_data/id
default_search_provider_data/template_url_data/short_name
CCoreChrome: Name param cannot be blank
CCoreChrome::SetDefaultSearch
CCoreChrome: url param cannot be blank
CCoreChrome: keyword param cannot be blank
Found existing default search in Chrome: id=
hXXp://VVV.yahoo.com/favicon.ico
Chrome v25 or higher detected, skipping keyword_backup and keyword hashing..
failed to set Database keyword search!!
failed to set database keyword search backup table!
Successfully set Default Search provider in chrome
CCoreChrome::SetDatabaseKeywordSearch
Failed to set keyword hash!!
sql string is empty
keywords
Successfully added default search data to keyword and meta tables
UPDATE meta SET value='%s' WHERE key='Default Search Provider ID'
keywords_backup
CCoreChrome::SetDatabaseKeywordSearchBackup
Successfully added default search data to keyword_backup and meta tables
UPDATE meta SET value='%s' WHERE key='Default Search Provider ID Backup'
chrome preferences failed to load!
CCoreChrome::SetPrefDefaultSearchTemplate
default_search_provider_data/template_url_data/
favicon_url
keyword
CCoreChrome::FindSearchEntryID
suggestions_url
url = '
url like '%
keyword like '%
SELECT id FROM keywords WHERE
CCoreChrome::SetExistingDefaultSearchUrl
Please, don't change this Chrome setting
Error opening Chrome Web Data!
Setting existing default search in Chrome:
unable to set the database keyword hash!
CCoreChrome::LookupDefaultSearchUrl
Looking up default search url:
SELECT id FROM keywords WHERE url='%s'
Sqlite is not open!
LookupDefaultSearchUrl: url not found in table
SELECT id FROM keywords WHERE short_name='%s'
LookupDefaultSearchUrl: id not found in row
CCoreChrome::GetPreference
CCoreChrome::LoadChromePreferences
%local_appdata%\Google\Chrome\User Data\Default\Preferences
, show_in_default_list=%s, safe_for_autoreplace=%s, input_encodings='%s'
UPDATE %s set short_name='%s', keyword='%s', url='%s', favicon_url='%s'
WHERE id=%s
, suggest_url='%s'
INSERT INTO %s (
safe_for_autoreplace, originating_url, date_created, usage_count,
short_name, keyword, favicon_url, url,
created_by_policy, instant_url, last_modified, sync_guid) VALUES (
input_encodings, show_in_default_list, suggest_url, prepopulate_id,
'%s', '%s', '%s', '%s',
'%s', %s, '%s', %s,
%s, '%s', %s, %s,
CCoreChrome::GetHashData
%s, '%s', %s, '%s')
CCoreChrome::InsertHashSignature
SELECT id || short_name || keyword || favicon_url || url || safe_for_autoreplace || originating_url || date_created || usage_count || input_encodings || show_in_default_list || suggest_url || prepopulate_id || created_by_policy || instant_url || last_modified || sync_guid FROM keywords_backup ORDER BY id ASC
INSERT OR REPLACE INTO meta (key,value) VALUES (?,?)
%local_appdata%\Google\Chrome\User Data\Default\History
select url from downloads_url_chains where url like '%%%s%%' order by id desc
CCoreFirefoxXpiInstaller::Install
CoreFirefoxXPIInstaller.cpp
CCoreFirefoxXpiInstaller::GetXpiInfo
install.rdf
xml.LoadBuffer failed on
Installing Firefox add-ons via package...
Create install.rdf failed!
Firefox.exe not found!
CCoreFirefoxXpiInstaller::InstallAsPackage
installiq.xpi
Running Firefox to install add-ons:
Error running Firefox!
CCoreFirefoxXpiInstaller::CreateInstallRDF
<?xml version="1.0"?><RDF xmlns="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:NC="hXXp://home.netscape.com/NC-rdf#"
xmlns:em="hXXp://VVV.mozilla.org/2004/em-rdf#">
<Description about="urn:mozilla:install-manifest">
<em:id>multi@installiq.com</em:id>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
<em:maxVersion>*.*.*</em:maxVersion>
CCoreFirefoxXpiInstaller::SetResult
Error creating install.rdf!
CCoreFirefoxXpiInstaller::GetExtensionsFolder
Installed Firefox extension:
Can't get Firefox default profiles folder!
c:\winapps\windows\main\core.cpplib\core.cpplib.browser\CoreSearchProtectorApp.h
keepmysettingsx.exe
hXXps://installer.freeze.com/LogError.aspx
Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Restoring V1 toolbar uninstall key...
Renaming V1 uninstall key...
Error replacing toolbar uninstall key!
Error opeing uninstall registry key in HKLM\
Software\Microsoft\Windows\CurrentVersion\Uninstall\KeepMySettingsX
CoreSearchProtectorApp.cpp
Error removing V1 registry key from HKLM\
Error copying V1 registry key!
CCoreSearchProtectorApp.ShutDown: window not found
Error removing registry key from HKLM\
Software\Microsoft\Windows\CurrentVersion\Run
apiurl
dsotherurl
spotherurl
searchkeyword
%s/provider[%d]
hXXp://google.com
hXXp://bing.com
hXXps://VVV.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-us:IE-Address&ie=&oe=
firefoxsearch
chromesearch
firefoxstartpage
chromestartpage
config.dat
Error replacing Yahoo Toolbar uninstall key!
Yahoo uninstall key not found
Software\Microsoft\Windows\CurrentVersion\Uninstall\
UninstallKey
ChromePriorSearchUrl
UninstallKey=
ChromePriorStartPage
ChromeStartPage
FirefoxPriorStartPage
FirefoxPriorSearchUrl
CoreBrowserOptionUninstaller.cpp
c:\winapps\windows\main\core.cpplib\core.cpplib.browser\CoreSafari.h
%appdata%\Apple Computer\Safari\Cookies\Cookies.binarycookies
safari.exe,safariurl,safari
Loading Safari cookies for url:[
CoreSafari.cpp
%appdata%\Apple Computer\Safari\Cookies\Cookies.plist
Failed to get Safari version key!
-url "%s"
safari.exe
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
http\shell\open\command
CoreBrowser.cpp
Can't find shell associations or shell command reg keys!
SQLite format 3
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
CREATE TABLE sqlite_master(
sql text
3.7.5
CREATE TEMP TABLE sqlite_temp_master(
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
1.2.7
deflate 1.2.7 Copyright 1995-2012 Jean-loup Gailly and Mark Adler
inflate 1.2.7 Copyright 1995-2012 Mark Adler
Detect.cpp
Dll %s failed, resultcode = %x
SymCCIS2.zip
SymCCIS.dll
RunDLL productlist="%s" resultcodes="%s"
/executeresult/text()
/execute/text()
Missing ExecuteResult in requirement config!
%programfiles%\iTunes\iTunes.exe
SOFTWARE\Microsoft\Windows Live\Messenger
msnmsgr.exe
ydetect.yas
ydetect.ytb
ydetect.yhp
Rules.cpp
RegKeyExists
regkey
firefoxprefs
chromeprefs
CDetectionYahooToolbar::IsInstalledFirefox
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
%firefoxprofiles%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf
hkey_current_user
hkey_classes_root
hkey_local_machine
hkey_current_config
multireg%d
multireg: unable to parse key:
multireg: key found:
KeyExists
SourceKey
1.1.0.6
//flag[%d]/text()
DetectionFile.cpp
Cannot evaluate .NET Version, .NET may not be installed!
wajam_validate.zip
extracted wajam exe file not found!
wajamexemissing
Timed out waiting for wajam_validate.exe!
Unable to get returncode from wajam_validate.exe!
wajam_validate.exe detection process result = %d
yahoo.com
google.com
msn.com
live.com
aol.com
ask.com
CDetectionFirefoxPrefs::OnEvaluate
DetectionFirefoxPrefs.cpp
DetectionChromePrefs.cpp
CDetectionChromePrefs::OnEvaluate
minwindowsversion
)] disabled because of minimum windows version.
DetectionRule.cpp
Disabled; rule target is not Firefox
Disabled; rule target is not Chrome
Disabled; Firefox is not installed
Disabled; Chrome is not installed
asktbdet.zip
Ask detection process result = %d
CoreWininet.cpp
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
wininet: connecting to %s:%d
HTTPSendRequest:
wininet: HttpOpenRequest failed!
CCoreWininet::HTTPSendRequest
wininet: Request handle is NULL after HttpSendRequest!
httpopenrequest
unable to set wininet http decoding
httpreqerr
Content-Type: application/x-www-form-urlencoded
httpaddheaders
wininet: HttpAddRequestHeaders (post flag) failed!
Range: bytes=%u-%u
Range: bytes=%u-
httpaddheader
wininet: HttpAddRequestHeaders (range specification) failed!
wininet: HttpSendRequest failed! (verb=
httpsendreq
wininet: HttpSendRequest failed!
httptimeout
httpqueryinfo
wininet: HttpQueryInfo failed!
httpproxy
httpstatus
wininet: Server responded with error: %d, %s. %s %s
wininet: HttpSendRequest: status OK received
wininet: HttpQueryInfo for file size failed!
wininet: HttpQueryInfo for content range failed!
wininet: Operation cancelled by caller.
Software\Microsoft\Windows\CurrentVersion\Internet Settings
HTTP Status %d: %s
apiUrl is null!
API url is invalid!
%m/%d/%Y
Url is null!
%s, %s, l=0xx
[0x%X]
d:%s
01234567
%s(%s);
CoreJSON2.cpp
Node path not valid; node "%s" in path "%s" is not type Node!
PackageZlib.cpp
Error: %d bytes of %d read from file %s.
unzOpenCurrentFilePassword failed!
Error: %d bytes of %d were written to file %s.
unzOpenCurrentFilePassword failed! err=
Package.cpp
autorun.txt
CCoreSqlite::OpenDatabase
CCoreSqlite::CloseDatabase
sqlite3_exec failed, returned error:
CCoreSqlite::ExecuteStatement
CCoreSqlite::StandardExecuteCallback
dbexecerror
CoreSqlite.cpp
CCoreSqlite::PrepareCompiledStmt
sqlempty
Cannot prepare statement, sql is empty!
sqliteerror
Failed to prepare compiled statement, sqlite returned error: %d
CCoreSqlite::BindTextToCompiledStmt
bind text failed, errorcode=%d
CCoreSqlite::ExecuteCompiledStmt
sqlitestepfailed
sqlite3_step failed, errorcode=%d
CCoreSqlite::CheckStmtRowValid
Cannot get row results: statement has not executed!!
CCoreSqlite::CloseCompiledStmt
sqlite3_finalize failed, errorcode=%d
SQLITE_
d:d:d
d-d-d d:d:d
d-d-d
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
922337203685477580
API call with %s database connection pointer
RowKey
%s-shm
%s\etilqs_
OsError 0x%x (%u)
Recovered %d frames from WAL file %s
2nd reference to page %d
invalid page number %d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Failed to read ptrmap key=%d
failed to get page %d
%d of %d pages missing from overflow list starting at %d
Page %d:
freelist leaf count too big on page %d
btreeInitPage() returns error code %d
unable to get the page. error code=%d
On tree page %d cell %d:
On page %d at right child:
Multiple uses for byte %d of page %d
Corruption detected in cell %d on page %d
Fragmentation of %d bytes reported as %d on page %d
Page %d is never used
Outstanding page count goes from %d to %d during this analysis
Pointer map page %d is referenced
unknown database %s
keyinfo(%d
%s(%d)
foreign key constraint failed
%s-mjX
unable to use function %s in the requested context
bind on a busy prepared statement: [%s]
zeroblob(%d)
constraint failed at %d in [%s]
abort at %d in [%s]: %s
no such savepoint: %s
cannot open savepoint - SQL statements in progress
cannot rollback transaction - SQL statements in progress
cannot %s savepoint - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
sqlite_master
cannot change %s wal mode from within a transaction
statement aborts at %d: [%s] %s
database table is locked: %s
cannot open value of type %s
cannot open view: %s
cannot open virtual table: %s
foreign key
no such column: "%s"
cannot open %s column for writing
indexed
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s
%s: %s.%s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
variable number must be between ?1 and ?%d
Expression tree is too large (maximum depth %d)
too many columns in %s
too many SQL variables
misuse of aggregate: %s()
EXECUTE %s%s SUBQUERY %d
%s%.*s"%w"
%.*s"%w"%s
sqlite_rename_trigger
sqlite_rename_table
sqlite_rename_parent
type='trigger' AND (%s)
%s OR name=%Q
there is already another table or index with this name: %s
table %s may not be altered
sqlite_
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
view %s may not be altered
sqlite_sequence
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_stat1
sqlite_altertab_%s
CREATE TABLE %Q.%s(%s)
DELETE FROM %Q.%s WHERE tbl=%Q
invalid name: "%s"
SELECT tbl, idx, stat FROM %Q.sqlite_stat1
too many attached databases - max %d
database %s is already in use
unable to open database: %s
cannot detach database %s
no such database: %s
database %s is locked
sqlite_attach
sqlite_detach
%s %T cannot reference objects in database %s
access to %s.%s is prohibited
access to %s.%s.%s is prohibited
object name reserved for internal use: %s
too many columns on %s
there is already an index named %s
default value of column [%s] is not constant
duplicate column name: %s
table "%s" has more than one primary key
no such collation sequence: %s
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE %s %.*s
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
table %s may not be dropped
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
use DROP VIEW to delete view %s
use DROP TABLE to delete table %s
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %s.sqlite_sequence WHERE name=%Q
foreign key on %s should reference only one column of table %T
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
unknown column "%s" in foreign key definition
number of columns in foreign key does not match the number of columns in the referenced table
indexed columns are not unique
table %s may not be indexed
virtual tables may not be indexed
views may not be indexed
index %s already exists
there is already a table named %s
table %s has no column named %s
sqlite_autoindex_%s_%d
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
CREATE%s INDEX %.*s
no such index: %S
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q
a JOIN clause is required before %s
unable to identify the object to be reindexed
cannot modify %s because it is a view
table %s may not be modified
sqlite_source_id
sqlite_version
sqlite_compileoption_get
sqlite_compileoption_used
foreign key mismatch
table %S has %d columns but %d values were supplied
table %S has no column named %s
%d values for %d columns
%s.%s may not be NULL
PRIMARY KEY must be unique
sqlite3_extension_init
no entry point [%s] in shared library [%s]
unable to open shared library [%s]
automatic extension loading failed: %s
error during initialization: %s
foreign_keys
foreign_key_list
*** in database %s ***
unsupported encoding: %s
malformed database schema (%s)
%s - %s
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
unsupported file format
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
a NATURAL join may not have an ON or USING clause
RIGHT and FULL OUTER JOINs are not currently supported
cannot join using column %s - column not present in both tables
cannot have both ON and USING clauses in the same join
USE TEMP B-TREE FOR %s
COMPOUND SUBQUERIES %d AND %d %s(%s)
ORDER BY clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
LIMIT clause should come after %s not before
sqlite_subquery_%p_
no such index: %s
no such table: %s
sqlite3_get_table() called with two or more incompatible queries
cannot create INSTEAD OF trigger on table: %S
cannot create %s trigger on view: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
-- TRIGGER %s
no such trigger: %S
no such column: %s
cannot VACUUM - SQL statements in progress
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor did not declare schema: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
%s TABLE %s
%s SUBQUERY %d
%s AS %s
%s USING %s%sINDEX%s%s%s
%s (rowid=?)
%s USING INTEGER PRIMARY KEY
%s (rowid>?)
%s (rowid>? AND rowid<?)
%s VIRTUAL TABLE INDEX %d:%s
%s (rowid<?)
at most %d tables in a join
%s (~%lld rows)
cannot use index: %s
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
unable to close due to unfinished backup operation
SQL logic error or missing database
unknown operation
large file support is disabled
unknown database: %s
no such vfs: %s
database corruption at line %d of [%.10s]
cannot open file at line %d of [%.10s]
misuse at line %d of [%.10s]
&#xX;
%s="%s"
</%s>
<!--%s-->
%s='%s'
version="%s"
<![CDATA[%s]]>
standalone="%s"
encoding="%s"
CoreDialogCloseProcess.cpp
CoreHtmlDialog.cpp
onBeforeNavigate2 called, url=
CoreIEControl.cpp
uxtheme.dll
Error getting IExecAction!
CCoreWinTask::AddExecAction
EnumCookies is not implemented for Opera!
CCoreOpera::LoadCookies
CCoreOpera::EnumCookies
c:\winapps\windows\main\core.cpplib\core.cpplib.browser\CoreOpera.h
SetCookie is not implemented for Opera!
CCoreOpera::OpenUrl
LoadCookies is not implemented for Opera!
CCoreOpera::SetCookie
OpenURL is not implemented for Opera!
opera.exe,opera.protocol,opera.url,opera,operanext,operastable
opera.exe
Software\Opera Software
%programfiles%\Opera
%programfiles%\Opera Next
launcher.exe
CoreIEHost.cpp
m_WebBrowserEvents failed
IWebBrowser2 failed
_WebBrowserEvents failed
Not initialized or _webBrowser is NULL!
Sending Quit to web browser...
_webBrowser->Quit failed!
IWebBrowser failed!
CCoreIEHost::DeleteHistoryUrl
WebBrowser object is NULL!
CCoreIEHost.OnDocumentComplete:
Error: Collection didn't support IHTMLElementCollection!
*** set key code to 0 ****
C:\winapps\Windows\MAIN\Installer.QuickStart.Application\ReleaseNoMFC\quickstart.pdb
KERNEL32.dll
USER32.dll
OLEAUT32.dll
SHDeleteEmptyKeyA
SHLWAPI.dll
COMCTL32.dll
GetProcessHeap
GetCPInfo
ShellExecuteExA
SHELL32.dll
ole32.dll
PSAPI.DLL
VERSION.dll
USERENV.dll
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
WININET.dll
UrlEscapeA
SHCopyKeyA
gdiplus.dll
IsValidURL
urlmon.dll
GetWindowsDirectoryA
EnumWindows
EnumChildWindows
GetKeyboardState
GDI32.dll
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
ADVAPI32.dll
CRYPT32.dll
zcÁ
.?AV?$_Ref_count@VCOfferExe@@@std@@
.?AV?$_Ref_count_obj@VCOfferExe@@@std@@
.?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@
.?AVCOfferExe@@
.?AVCCoreStringUrl@@
.?AV?$CFlags@W4WebArgFlag@@@@
.?AV?$CCoreEntryPoint@P6GJPAUHKEY__@@PBDKK@Z@@
.?AVCCoreRegKey@@
.?AV?$CAtlArray@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@@ATL@@
.?AVCCoreFirefox@@
.?AV?$CFlags@W4CoreFirefoxCache@@@@
.?AV?$_Func_impl@U?$_Callable_obj@V?$_Bind@$00XU?$_Pmf_wrap@P8CCoreChrome@@AEXPAVCCoreSqlite@@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@ZXV1@PAV2@PAV34@U_Nil@std@@U56@U56@U56@U56@@std@@QAVCCoreChrome@@AAV?$_Ph@$00@2@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@U_Nil@2@U72@U72@U72@@std@@$0A@@std@@V?$allocator@V?$_Func_class@XPAVCCoreSqlite@@U_Nil@std@@U23@U23@U23@U23@U23@@std@@@2@XPAVCCoreSqlite@@U_Nil@2@U52@U52@U52@U52@U52@@std@@
.?AVCCoreChrome@@
.?AV?$CFlags@W4CoreChromeCache@@@@
.?AV?$_Func_base@XPAVCCoreSqlite@@U_Nil@std@@U23@U23@U23@U23@U23@@std@@
.?AV?$_Bind@$00XU?$_Pmf_wrap@P8CCoreChrome@@AEXPAVCCoreSqlite@@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@ZXV1@PAV2@PAV34@U_Nil@std@@U56@U56@U56@U56@@std@@QAVCCoreChrome@@AAV?$_Ph@$00@2@PAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@U_Nil@2@U72@U72@U72@@std@@
.?AVCCoreFirefoxXpiInstaller@@
.?AV?$_Ref_count_obj@VCCoreOpera@@@std@@
.?AV?$_Ref_count_obj@VCCoreChrome@@@std@@
.?AV?$_Ref_count_obj@VCCoreFirefox@@@std@@
.?AV?$_Ref_count_obj@VCDetectionChromePrefs@@@std@@
.?AV?$_Ref_count_obj@VCDetectionFirefoxPrefs@@@std@@
.?AVCDetectionFirefoxPrefs@@
.?AVCDetectionChromePrefs@@
.?AV?$CAtlArray@UWebArg@@V?$CElementTraits@UWebArg@@@ATL@@@ATL@@
.?AVCCoreWebArgs@@
.?AVCCoreSqlite@@
.?AV?$CAtlArray@PAV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V12@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V32@@ATL@@V?$CElementTraits@PAV?$CAtlMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V12@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V32@@ATL@@@2@@ATL@@
.?AVCCoreSqliteResult@@
.?AVexecution_error@TinyXPath@@
.?AVCCoreOpera@@
.?AV?$CFlags@W4CoreOperaCache@@@@
.?AUDWebBrowserEvents2@@
.?AVCCoreWebBrowserEvents@@
c:\%original file name%.exe
@.reloc
Vista.BadArgs
\cookie.ini
\cookie.dat
Vista.BadArgs2
Domain%d
Name%d
\cookie%d.dat
\cookie%d.ini
Vista.NoAppLow
Vista.WideFail
Vista.GetCookieFail
Vista.AllocFail
Vista.CreateFileError
Vista.WriteFileError
Vista.SetCookie
SetCookie%d
Vista.SetCookieError
Error: %d. %s
C:\winapps\Windows\MAIN\Installer.QuickStart.Application\ReleaseNoMFC\Installer.CookieMan.pdb
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
3 3%3,323
T.qmu
Url 87
(.ALPO
.STBs
6.GQr
Hu.nbKzO
pI.sqO
Db.bE
B(P%S
u.oq$
]j.cA
==.vp
 g.oLWJ
wajam_validate.exe
R2dmjg
config.xmlc V
darkux_dynamic_compliant.vi.zip
kte%D[
fO%f?
b.lE8'qs
1F.UG
Wl.MZT
.jb S
.Uq3$r
~%cu5
3i.mV
coretemp_nocheck.vi.zipo]
offerbox.vi.zipaY
pcoptimizerpro.vi.zip
pcspeedup.vi.zip
<7r%s
registryhelper.vi.zip
driverscanner.vi.zip
fulldiskfighter.vi.zip
smartpccleaner.vi.zip
speedupmypc_sales_r2_v2.vi.zips
weatherbug.vi.zip
nortonsecurityscan.vi.zip
wecaresavethechildren.vi.zip}R
wecarecleanwater.vi.zip]
wecareaspca.vi.zip
@.jo*6
winferno.vi.zip
uninstallhelper.vi.zip
driverfighter.vi.zip
kaspersky.vi.zip/j
slowpcfighter.vi.zip
genieo.vi.zip
searchdonkey.vi.zipB
nortoninternetsecurity.vi.zip
defaulttab.vi.zip
knctr.vi.zipI1
yahoosuite.vi.zip1
I.Zp$
.qhjx
arcadeparlor.vi.zipB
severeweatheralerts.vi.zip
seaapp.vi.zip
nortonantivirus.vi.zipa
secureweb.vi.zip
yahoo_hpds_defaultsearch.test.vi.zip
blasteroids.vi.zip
blitzmediaplayeroffer.vi.zip
mypcbackup.vi.zip
convertfilesforfree.vi.zip
driversupport.vi.zip
contentexplorer.vi.zipO
V%f i
muvic.vi.zip$-
freeflvconverting.vi.zip
smartdriverupdater.vi.zip6,
rockettab.vi.zip
surfcanyon.vi.zip
truedownloader.vi.zipy
yahoo_hpds_startpage.test.vi.zip'
converterfreeonline.vi.zip
resultsbay.vi.zip_
linkey.vi.zip
omigaplus.vi.zip
smartweb.vi.zip
websearches.vi.zip
dealgest.vi.zipT9
yahoo_hpds_defaultsearch.vi.zip{)
yahoo_hpds_startpage.vi.zip
yahoo_keepmysettingsx.vi.zip&
coretemp_9244.txt
config.xmlPK
darkux_dynamic_compliant.vi.zipPK
coretemp_nocheck.vi.zipPK
offerbox.vi.zipPK
pcoptimizerpro.vi.zipPK
pcspeedup.vi.zipPK
registryhelper.vi.zipPK
driverscanner.vi.zipPK
fulldiskfighter.vi.zipPK
smartpccleaner.vi.zipPK
speedupmypc_sales_r2_v2.vi.zipPK
weatherbug.vi.zipPK
nortonsecurityscan.vi.zipPK
wecaresavethechildren.vi.zipPK
wecarecleanwater.vi.zipPK
wecareaspca.vi.zipPK
winferno.vi.zipPK
uninstallhelper.vi.zipPK
driverfighter.vi.zipPK
kaspersky.vi.zipPK
slowpcfighter.vi.zipPK
genieo.vi.zipPK
searchdonkey.vi.zipPK
nortoninternetsecurity.vi.zipPK
defaulttab.vi.zipPK
knctr.vi.zipPK
yahoosuite.vi.zipPK
arcadeparlor.vi.zipPK
severeweatheralerts.vi.zipPK
seaapp.vi.zipPK
nortonantivirus.vi.zipPK
secureweb.vi.zipPK
yahoo_hpds_defaultsearch.test.vi.zipPK
blasteroids.vi.zipPK
blitzmediaplayeroffer.vi.zipPK
mypcbackup.vi.zipPK
convertfilesforfree.vi.zipPK
driversupport.vi.zipPK
contentexplorer.vi.zipPK
muvic.vi.zipPK
freeflvconverting.vi.zipPK
smartdriverupdater.vi.zipPK
rockettab.vi.zipPK
surfcanyon.vi.zipPK
truedownloader.vi.zipPK
yahoo_hpds_startpage.test.vi.zipPK
converterfreeonline.vi.zipPK
resultsbay.vi.zipPK
linkey.vi.zipPK
omigaplus.vi.zipPK
smartweb.vi.zipPK
websearches.vi.zipPK
dealgest.vi.zipPK
yahoo_hpds_defaultsearch.vi.zipPK
yahoo_hpds_startpage.vi.zipPK
yahoo_keepmysettingsx.vi.zipPK
coretemp_9244.txtPK
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS></application></compatibility></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADD
Emscoree.dll
- CRT not initialized
- Attempt to initialize the CRT more than once.
- floating point support not loaded
USER32.DLL
combase.dll
777705555443332
5555443332
5555443332
mscoree.dll
Please email Customer Support at support@installiq.com if you need further assistance.
Installer.QuickStart
1.0.54.0
safeinstall.exe

%original file name%.exe_1696_rwx_00EB0000_00002000:

The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.

%original file name%.exe_1696_rwx_01280000_00002000:

The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.

%original file name%.exe_1696_rwx_10001000_00082000:

SSSSh
t%SWh
1.3.6.1.4.1.311.10.3.5
1.3.6.1.4.1.311.10.3.6
1.3.6.1.5.5.7.3.3
2.5.4.6
2.5.4.8
2.5.4.7
2.5.4.10
2.5.4.11
2.5.4.3
WINTRUST.dll
CRYPT32.dll
{X-X-X-XX-XXXXXX}
operator
GetProcessWindowStation
SCC_CheckCriteria_Web
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
2.0.0.29
CryptCATCatalogInfoFromContext
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CertGetEnhancedKeyUsage
CertNameToStrW
CertGetNameStringW
URLOpenStreamW
urlmon.dll
DeleteUrlCacheEntryW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
WININET.dll
KERNEL32.dll
USER32.dll
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
ADVAPI32.dll
ShellExecuteExW
SHELL32.dll
ole32.dll
SHLWAPI.dll
USERENV.dll
GetProcessHeap
GetWindowsDirectoryW
GetCPInfo
MsgWaitForMultipleObjectsEx
RegEnumKeyExW
RegQueryInfoKeyW
OLEAUT32.dll
SHDeleteKeyW
SHDeleteEmptyKeyW
SYMCCIS.dll
zcÁ
c:\%original file name%.exe
0xX
..\Source\ccVerifyTrustStatic.cpp
%SymEFA%
EFACli.dll
CLSID\%s\LocalServer32
CLSID\%s\InprocServer32
NTDLL.DLL
..\Source\ccVerifyTrustImpl.cpp
..\Source\FileCache.cpp
g..\Source\VerifyFile.cpp
..\Source\ccVerifyTrustPolicy.cpp
..\Source\CatalogIterator.cpp
..\Source\CatalogFileHash.cpp
WinTrust.dll
..\Source\CatalogContext.cpp
..\Source\ccSymModuleLifetimeMgrImpl.cpp
%s, %s, %s, %s(%ld)
..\Source\ccModule.cpp
..\Source\ccSystemInfo.cpp
..\Source\ccRegistry.cpp
..\Source\ccStringConvert.cpp
CSIDL_WINDOWS
SOFTWARE\Microsoft\Windows\CurrentVersion
..\Source\ccPathExpansion.cpp
\\?\UNC
..\Source\ccSplitPath.cpp
..\Source\ccOSInfo.cpp
\wpeutil.dll
\FACTORY.exe
\wpeinit.exe
..\Source\ccMemory.cpp
..\Source\ccFile.cpp
..\Source\ccWow64FsRedirection.cpp
%s\%s
CIsolation::GetRegistryHive(): RegOpenKeyEx() returned ERROR_FILE_NOT_FOUND
CIsolation::GetRegistryHive(): RegOpenKeyEx() returned ERROR_ACCESS_DENIED
isolate.ini
%COMMON_SILO_DATA%
..\Source\ccEncryptedString.cpp
..\Source\ccSynchronize.cpp
..\Source\ccSymDllLifetimeMgr.cpp
kernel32.dll
KERNEL32.DLL
PSAPI.DLL
..\Source\ccPEBReader.cpp
..\Source\ccPrivilege.cpp
..\Source\ccSymIndexValueCollectionImpl.cpp
AWTSAPI32.DLL
..\Source\ccSymDllLifetimeMgrLocal.cpp
..\Source\ccSymIndexValueCollection.cpp
..\Source\ccSymValueCollection.cpp
ÌROOT%
rcPFRes.dll
rcPxyEvt.dll
rcProxy.dll
rcSvcHst.dll
rcEmlPxy.dll
rcLgView.dll
rcErrDsp.dll
rcAlert.dll
rcApp.dll
ccEmlPxy.dll
ccGLog.dll
ccJobMgr.dll
ccGEvt.dll
ccIPC.dll
ccRkSn.dll
PFPriv.dll
ccPxyIns.dll
ccPxyEvt.dll
ccInst64.dll
ccEvtCli.dll
ccTrstPc.dll
ccSvc.dll
ccEraser.dll
OEHeur.dll
ccCharCv.dll
ccInst.dll
DefUtDCD.dll
ccScanw.dll
ccScan.dll
dec_abi.dll
ccDec.dll
ccALEng.dll
ccErrDsp.dll
ccProSub.dll
ccVrTrst.dll
ccSetEvt.dll
ccSet.dll
ccAlert.dll
..\Source\ccArchive.cpp
..\Source\ccDummyArchive.cpp
..\Source\ccInstanceFactory.cpp
..\Source\ccSymValueCollectionConvert.cpp
..\Source\ccSymStreamArchive.cpp
Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion
ÌROOT%\
ÌDATA%\
..\Source\ccSymInstalledApps.cpp
..\Source\ccSymDigest.cpp
..\Source\ccSymKeyValueCollectionImpl.cpp
..\Source\ccSymMemoryImpl.cpp
Archive.Write(CMemoryImpl::CSerializeImpl::Version) == FALSE
Archive.Read(nVersion) == FALSE
..\Source\ccSymStringImpl.cpp
Archive.Write(CStringImpl::Version) == FALSE
..\Source\ccSymInstanceFactoryImpl.cpp
t..\Source\ccMessageLock.cpp
..\Source\ccSymKeyValueCollection.cpp
..\Source\ccSymPersist.cpp
ÌROOT%\ccSet.dll
..\Source\ccSymObjectRepository.cpp
CommonClient\OBJID\%s
..\Source\ccMemoryArchive.cpp
..\Source\ccSymMemoryStreamImpl.cpp
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
FileDownloader::callURLOpenStream
CHttpRequest::CHttpRequest
CHttpRequest::~CHttpRequest
CHttpRequest::RequestPage
CHttpRequest::ParseURLW
https
[s d, d - d:d:d:d]
%s %ld
%s %s
%s 0x%x
hXXp://cps.qalabs.symantec.com/teams/isp/symccis
hXXp://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Staging
hXXp://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production
SymCCIS.dll
SCC.dll
OfferUI.dll
SymInstallStub.exe
SymCCISDll.txt
Total CheckCriteria execution time in seconds =
NortonOfferEngineImpl::CheckCriteria_Web
downloadStubInstallerExe() failed, HR =
Failed to delete existing SCC.dll, GetLastError =
NortonOfferEngineImpl::downloadStubInstallerExe
Failed to delete existing SymInstallStub.exe, GetLastError =
NortonOfferEngineImpl::buildComponentDownloadURL
NortonOfferEngineImpl::getTestEnvironmentRootURL
NortonOfferEngineImpl::getISExeDestPath
getISExeDestPath() returned =
NortonOfferEngineImpl::sendPingForCheckCriteriaWeb
NortonOfferEngineImpl::getCheckCriteriaPingDataWeb
NortonOfferEngineImpl::getStubInstallerCmdLine
getStubInstallerCmdLine() returned =
NortonOfferEngineImpl::deleteDeclineCountRegKeyForThisProduct
NortonOfferEngineImpl::deleteDeclineCountParentKeyIfNoMoreProductsExist
Deleting DeclineCount subkey for partner =
Failed to create/open DECLINE_COUNT_REG_KEY
Advapi32.dll
hXXp://stats.norton.com/n/p?
PingData::SendCheckCriteriaWebPing
PingData::createBaseURL
PingData::getCheckCriteriaPingURL
PingData::getCheckCriteriaWebPingURL
PingData::getInstallProductsPingURL
PingData::getOfferAcceptancePingURL
pingURL =
X.X
%u.%u.%u.%u.%u
Utility::LaunchProcessWithShellExecute
ShellExecuteEx failed, GetLastError =
; 5->>>>
000000000
00000000000001

%original file name%.exe_1696_rwx_10084000_00002000:

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
NRTN_OfferEngine_CheckCriteria_Web
kernel32.dll
urlmon.dll
URLOpenStreamW
WININET.dll
USER32.dll
MsgWaitForMultipleObjectsEx
ADVAPI32.dll
SHELL32.dll
ole32.dll
SHLWAPI.dll
USERENV.dll
OLEAUT32.dll
2.0.0.29


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original PUP file.
  3. Delete or disinfect the following files created/modified by the PUP:

    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\winferno.vi.zip (941 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\minmax.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\clickmanager.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\installprogress.png (998 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\config.xml (15904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\wecareaspca.vi.zip (973 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\speedupmypc_sales_r2_v2.vi.zip (825 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\arcadeparlor.vi.zip (889 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\step-contents-stepped.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\smartweb.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\smartdriverupdater.vi.zip (928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\websearches.vi.zip (731 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\pcspeedup.vi.zip (820 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\container-separator.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\toolbaruimanager.js (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\converterfreeonline.vi.zip (690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\registryhelper.vi.zip (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\truedownloader.vi.zip (818 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\defaulttab.vi.zip (866 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dealgest.vi.zip (759 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoosuite.vi.zip (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\knockout-2.2.1.js (2696 bytes)
    %System%\wbem\Logs\wbemprox.log (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\nortoninternetsecurity.vi.zip (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\coretemp_nocheck.vi.zip (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\012RC96R\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\nortonsecurityscan.vi.zip (834 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn_next.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\wecarecleanwater.vi.zip (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\fulldiskfighter.vi.zip (968 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_hpds_defaultsearch.test.vi.zip (739 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\darkux_dynamic_compliant.vi.zip (9496 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\genieo.vi.zip (904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\notoolbaruimanager.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SCC.dll (6904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\severeweatheralerts.vi.zip (816 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\darkux_dynamic_compliant.vi.json (74 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\kaspersky.vi.zip (888 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\nortonantivirus.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\weatherbug.vi.zip (889 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\coretemp_9244.txt (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\lodash.custom.min.js (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\pcoptimizerpro.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\coretemp_nocheck\coretemp_tn.png (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\css\style.css (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\script.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\freeflvconverting.vi.zip (999 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\surfcanyon.vi.zip (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\pcoptimizerpro.vi.zip (720 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\uninstallhelper.vi.zip (507 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS2.zip (161 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\filewhiz_tn.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\view.darkux_dynamic_compliant.vi.json (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn-win-25h.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\driverfighter.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\compliantuimanager.js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\registryhelper.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\uifactory.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\seaapp.vi.zip (885 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\resultsbay.vi.zip (664 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\blasteroids.vi.zip (833 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\driverscanner.vi.zip (811 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\0244b184b67696e1503ccf05d8746877.log (3480334 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\smartdriverupdater.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\json2.js (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\close.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\mypcbackup.vi.zip (904 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn.png (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\bg-installprogress.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\rockettab.vi.zip (883 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OGX388CZ\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\darkux_dynamic_compliant.vi.html (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn-win-20h.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\linkey.vi.zip (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V5ERKD2R\ENG.SCC.config[1].txt (739 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\smartweb.vi.zip (821 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\secureweb.vi.zip (821 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\contentexplorer.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\omigaplus.vi.zip (726 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_hpds_defaultsearch.vi.zip (434 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\blitzmediaplayeroffer.vi.zip (852 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\offerbox.vi.zip (793 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\coretemp_nocheck.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\contentexplorer.vi.zip (823 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\title-bar.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\responsemanager.js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\muvic.vi.zip (786 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\checkbox.png (650 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\complianttoolbaruimanager.js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\searchdonkey.vi.zip (861 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\step-contents.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\012RC96R\SCC[1].dll (20219 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V5ERKD2R\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\smartpccleaner.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\btn-win.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\custom-check.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\kaspersky.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\slowpcfighter.vi.zip (926 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\driversupport.vi.zip (882 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SCCLog.txt (168898 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\ping.response.json (388 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\driverfighter.vi.zip (939 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\convertfilesforfree.vi.zip (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\wecaresavethechildren.vi.zip (955 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P1SMUOF8\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_keepmysettingsx.vi.zip (412 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\offerparser.js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SymCCIS.dll (11704 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_hpds_startpage.vi.zip (422 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SCC.config (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\product-icon.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\uninstallhelper.vi.json (725 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\nortonantivirus.vi.zip (892 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\fulldiskfighter.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\jquery.min.js (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\yahoo_hpds_startpage.test.vi.zip (739 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SymCCISDll.txt (38245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\knctr.vi.zip (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\js\uimanager.js (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\library\images\bg_disc_wrap.gif (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\dialogs\nortonsecurityscan.vi.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qs_72c2f1a70\smartpccleaner.vi.zip (930 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.