Trojan.NSIS.StartPage_431ce28a13

not-a-virus:AdWare.Win32.OpenCandy.aq (Kaspersky), Trojan.NSIS.StartPage.FD, Trojan.Win32.BHO.FD, Trojan.Win32.Ransom.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS) Behaviour: Ra...
Blog rating:4 out of5 with3 ratings

Trojan.NSIS.StartPage_431ce28a13

by malwarelabrobot on March 20th, 2017 in Malware Descriptions.

not-a-virus:AdWare.Win32.OpenCandy.aq (Kaspersky), Trojan.NSIS.StartPage.FD, Trojan.Win32.BHO.FD, Trojan.Win32.Ransom.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Ransom, Trojan, Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 431ce28a13c102f094e0ddd1e6c8a023
SHA1: c0ac53c76f25a1c4adb02360b998e2de163f8aa9
SHA256: fb7933db75604bfe00dc9e2dd533e122f350e39fa29c23a1e26905b69f7519fe
SSDeep: 393216:8VylAQ4kOJxPVtDn3Xej2NjLMs2MqdWTkXr0kIHGbZ:8glApjPv6aNKWgXdIw
Size: 12732963 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2011-05-28 19:04:29
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

DAEMONLite4.41.exe:3616
sidebar.exe:1808
%original file name%.exe:1796
rundll32.exe:3972
DrvInst.exe:2628
DrvInst.exe:3532
DrvInst.exe:4052
SetupHelper.exe:2904
regsvr32.exe:1428

The Trojan injects its code into the following process(es):

DT_free_Rus_YandexBar1022.exe:2792
DTLite4413-0173.exe:1672
irsetup.exe:2296

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process DAEMONLite4.41.exe:3616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe (1151 bytes)

The process %original file name%.exe:1796 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DAEMONLite4.41.exe (5340 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\zone-it.com.url (198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\zone-it.com.nfo (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\KOB.dll (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\x.bat (964 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\Readme2.vbs (75 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\RUN.exe (2192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\เครดิต.txt (133 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_337648 (0 bytes)

The process DrvInst.exe:2628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\inf\setupapi.dev.log (478 bytes)
C:\Windows\System32\DriverStore\infpub.dat (248 bytes)
C:\Windows\Temp\Tar4716.tmp (2712 bytes)
C:\Windows\Temp\Tar45E8.tmp (2712 bytes)
C:\Windows\Temp\Tar4659.tmp (2712 bytes)
C:\Windows\Temp\Tar4598.tmp (2712 bytes)
C:\Windows\System32\DriverStore\infstrng.dat (1036 bytes)
C:\Windows\Temp\Cab45E7.tmp (48 bytes)
C:\Windows\Temp\Tar4628.tmp (2712 bytes)
C:\Windows\Temp\Cab4658.tmp (48 bytes)
C:\Windows\Temp\Cab4627.tmp (48 bytes)
C:\Windows\Temp\Cab4715.tmp (48 bytes)
C:\Windows\inf\oem10.PNF (7501 bytes)
C:\Windows\System32\drivers\SET46FE.tmp (1281 bytes)
C:\Windows\Temp\Cab4597.tmp (48 bytes)

The Trojan deletes the following file(s):

C:\Windows\Temp\Tar4716.tmp (0 bytes)
C:\Windows\Temp\Tar45E8.tmp (0 bytes)
C:\Windows\Temp\Tar4659.tmp (0 bytes)
C:\Windows\Temp\Tar4598.tmp (0 bytes)
C:\Windows\Temp\Cab45E7.tmp (0 bytes)
C:\Windows\Temp\Tar4628.tmp (0 bytes)
C:\Windows\Temp\Cab4658.tmp (0 bytes)
C:\Windows\Temp\Cab4627.tmp (0 bytes)
C:\Windows\Temp\Cab4715.tmp (0 bytes)
C:\Windows\System32\drivers\SET46FE.tmp (0 bytes)
C:\Windows\Temp\Cab4597.tmp (0 bytes)

The process DrvInst.exe:3532 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F62.tmp (1281 bytes)
C:\Windows\System32\DriverStore\FileRepository\dtsoftbus01.inf_x86_neutral_1cc2711e3c419337\dtsoftbus01.PNF (14978 bytes)
C:\Windows\System32\DriverStore\infpub.dat (252 bytes)
C:\Windows\Temp\Tar415A.tmp (2712 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F50.tmp (7 bytes)
C:\Windows\Temp\Tar4127.tmp (2712 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b} (4 bytes)
C:\Windows\Temp\Tar417B.tmp (2712 bytes)
C:\Windows\inf\oem10.inf (1 bytes)
C:\Windows\System32\DriverStore\INFCACHE.0 (1523 bytes)
C:\Windows\Temp\Tar4139.tmp (2712 bytes)
C:\Windows\Temp\Cab417A.tmp (48 bytes)
C:\Windows\System32\DriverStore\infstrng.dat (1036 bytes)
C:\Windows\Temp\Cab4138.tmp (48 bytes)
C:\Windows\System32\DriverStore\infstor.dat (308 bytes)
C:\Windows\Temp\Cab4126.tmp (48 bytes)
C:\Windows\Temp\Cab40C7.tmp (48 bytes)
C:\Windows\Temp\Tar40C8.tmp (2712 bytes)
C:\Windows\Temp\Cab4159.tmp (48 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F51.tmp (1 bytes)

The Trojan deletes the following file(s):

C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F62.tmp (0 bytes)
C:\Windows\Temp\Tar415A.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F50.tmp (0 bytes)
C:\Windows\Temp\Tar4127.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b} (0 bytes)
C:\Windows\Temp\Tar417B.tmp (0 bytes)
C:\Windows\Temp\Tar4139.tmp (0 bytes)
C:\Windows\Temp\Cab417A.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\dtsoftbus01.sys (0 bytes)
C:\Windows\Temp\Cab4138.tmp (0 bytes)
C:\Windows\Temp\Cab4126.tmp (0 bytes)
C:\Windows\Temp\Cab40C7.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\dtsoftbus01.inf (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\dtsoftbus01.cat (0 bytes)
C:\Windows\Temp\Tar40C8.tmp (0 bytes)
C:\Windows\Temp\Cab4159.tmp (0 bytes)
C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F51.tmp (0 bytes)

The process DrvInst.exe:4052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\inf\setupapi.dev.log (2324 bytes)

The process DTLite4413-0173.exe:1672 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider.png (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_bottom.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Grabbing.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives4.png (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\setuphlp.dll (267063 bytes)
%Program Files%\DAEMON Tools Lite\DTLite.exe (316919 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_middle.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\add_slot.png (906 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drive_controls.png (10 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SLV.dll (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHS.dll (1597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_bottom.png (627 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ESN.dll (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\virtual_drive.js (226 bytes)
%Program Files%\DAEMON Tools Lite\imgengine.dll (11663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\no_slot.png (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\NLB.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\TRK.dll (2461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_selected.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_out.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_drive_disable.png (505 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SRL.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\warning_48.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_hint_right.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives0.png (547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_news_display_top.gif (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar43EA.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\content_bottom.gif (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\MNDManager.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives0.png (23 bytes)
C:\Windows\System32\catroot2\dberr.txt (1255 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\down_drive.png (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_2.png (209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab1.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\down_drive.png (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\no_drive_select.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_bottom_links_news.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab2.png (1340 bytes)
%Program Files%\DAEMON Tools Lite\SPTDinst-x86.exe (21234 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HYE.dll (3398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_out.png (893 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_left.png (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\RUS.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\content_bottom.gif (207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED3.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_9.png (502 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HRV.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_window.png (11 bytes)
%Program Files%\DAEMON Tools Lite\DT.gadget (33248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab3.png (995 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin3_pro.jpg (1873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\style.css (851 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_right.png (137 bytes)
C:\Windows\System32\DriverStore\infstrng.dat (844 bytes)
%Program Files%\DAEMON Tools Lite\DTCommonRes.dll (109567 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_selected.png (606 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\skins_gallery_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc341B.tmp (799348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_middle.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab1.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_tab.gif (535 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_selected.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_top.png (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab3.png (1155 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_over.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BIH.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_bottom_links_news.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_top_right.png (168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_top.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\DTGadget_icon.png (1910 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_out.png (597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dell_slot.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_controls_icons.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives2.png (8 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ARA.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_bottom.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SVE.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_window.png (824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KOR.dll (1597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\read.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\skin_select.gif (295 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\help.png (896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\unmounted.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar438B.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DEU.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drive_controls.png (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tabgrey.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_selected.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_hint.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_window.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives2.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_drive_hover.png (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\unmounted.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_middle.png (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\DTSetupHelper.exe (6532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_over.png (744 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\IND.dll (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_news_display_top.gif (134 bytes)
%Program Files%\DAEMON Tools Lite\Lang\PLK.dll (3616 bytes)
%Program Files%\DAEMON Tools Lite\Lang\BGR.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FRA.dll (5114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\feedback.png (761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drive_select.png (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drive_controls.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\no_drive_select.png (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\make_img.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_out.png (811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drag.png (1359 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SKY.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_bottom_right.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_selected.png (606 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3EE5.tmp (1281 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ITA.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KAT.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drive_select.png (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Grabbing.ico (1 bytes)
%Program Files%\DAEMON Tools Lite\DT_free_Rus_YandexBar1022.exe (84187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives3.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_selected.png (871 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives4.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\prop_.png (1096 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HUN.dll (3312 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HEB.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\01_attached_unmounted.png (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\CHT.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\inf.png (686 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_7.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_over.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_top.png (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_right.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LTH.dll (3722 bytes)
%Program Files%\DAEMON Tools Lite\Lang\CSY.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_3.png (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab438A.tmp (51 bytes)
%Program Files%\DAEMON Tools Lite\Lang\NOR.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_icon.png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_1.png (311 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_bottom.gif (424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\content_bottom.gif (282 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget_pro.xml (913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab1.ico (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_6.png (171 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget_lite.xml (913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SKY.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives1.png (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\settings.html (856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\1.png (122 bytes)
%Program Files%\DAEMON Tools Lite\Lang\DEU.dll (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab2.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_out.png (669 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives0.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\down_drive_hover.png (348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_top.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\skin_gallery.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_drive.png (943 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ELL.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar4379.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED4.tmp (1 bytes)
%Program Files%\DAEMON Tools Lite\Lang\LTH.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\skin_select.gif (295 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives1.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_over.png (402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png (500 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ENU.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar44EC.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_top.png (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\MNDManager.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\add_drive.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_out.png (471 bytes)
%Program Files%\DAEMON Tools Lite\Lang\TRK.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab44EB.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\settings.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_middle.png (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab448B.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_bottom.png (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Grabbing.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\1.png (122 bytes)
%Program Files%\DAEMON Tools Lite\Lang\KOR.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_icon.png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_out.png (797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\error.png (809 bytes)
%Program Files%\DAEMON Tools Lite\Lang\FRA.dll (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\mount_n_drive.html (2 bytes)
%Program Files%\DAEMON Tools Lite\uninst.exe (66912 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\lines.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_drive.png (903 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png (1536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_unread.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message.css (995 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider_left.png (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\message.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_selected.png (362 bytes)
%Program Files%\DAEMON Tools Lite\DTShellHlp.exe (98771 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_refresh.png (800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\main_controls_icons.png (964 bytes)
%Program Files%\DAEMON Tools Lite\Lang\UKR.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slot_button1.gif (859 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar448C.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_middle.gif (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\shortcut_hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_news_display_middle.gif (59 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HUN.dll (3398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_middle.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives3.png (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_bottom.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\1.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\down_drive_hover.png (348 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\Uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives1.png (7 bytes)
%Program Files%\DAEMON Tools Lite\Lang\PTB.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\DTGadget_icon.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\chenge_view.png (575 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_bottom_links_news.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_out.png (597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\lines.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss.gif (635 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin2.jpg (633 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_selected.png (385 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_bottom.png (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\JPN.dll (1921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_over.png (642 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\add_image.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ESN.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\mounted.png (433 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ARA.dll (3398 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ROM.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_bottom_left.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_middle.png (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ENU.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\close.png (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\IND.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\DTGadget_icon.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab3.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_butts.gif (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_news_display_top.gif (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a} (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\feedback.png (761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\drive_slotes.js (1309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\popup_window.css (103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\feedback.png (761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\1.png (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PLK.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\left_right_butts.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slot_button.gif (852 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\down_drive_hover.png (348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_selected.png (750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drive_select.png (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHT.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\photoshop.png (2 bytes)
C:\Windows\System32\DriverStore\infpub.dat (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\01_attached_mounted.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_drive_disable.png (904 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_bottom.png (140 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_drive_disable.png (505 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\SetupHelper.exe (1856 bytes)
%Program Files%\DAEMON Tools Lite\dtsoftbus01.sys (232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_icon.png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab2.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_refresh.png (759 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\global_settings.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\chenge_view.png (575 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_divider_left.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\rss.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\1.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_out.png (3 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HRV.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_refresh.png (800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_divider_right.png (135 bytes)
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_butts.gif (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\unread.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\jquery-1.3.1.min.js (2333 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives2.png (1724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\make_img.css (103 bytes)
%Program Files%\DAEMON Tools Lite\InstallGadget.exe (12536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin3.jpg (578 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FIN.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_unread.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\shortcut_hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\mounted.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_middle.gif (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\unmounted.png (1 bytes)
%Program Files%\DAEMON Tools Lite\DTHelper.exe (19152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_over.png (157 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ITA.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab441A.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\gadget.js (454 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_window_small.png (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_selected.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_over.png (374 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\photoshop.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ROM.dll (3406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_selected.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_drive_hover.png (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\lines.png (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\shortcut_hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar447B.tmp (2712 bytes)
%Program Files%\DAEMON Tools Lite\Lang\LVI.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tabblue.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SRL.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\help.png (896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_out.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\add_image.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_window_small.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\help.png (896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_over.png (642 bytes)
%Program Files%\DAEMON Tools Lite\Lang\KAT.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\json_parse.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_top.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_top_left.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin2_pro.jpg (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_butt.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_window.png (1162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\add_image.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\no_drive_select.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget.xml (913 bytes)
C:\ProgramData\DAEMON Tools Lite\license.dat (2156 bytes)
%Program Files%\DAEMON Tools Lite\Engine.dll (132485 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab43E9.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_icon_pro.png (960 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_controls_icons.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\mounted.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_butt.png (1 bytes)
%Program Files%\DAEMON Tools Lite\DTGadget32.dll (10136 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives3.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\prop_.png (804 bytes)
%Program Files%\DAEMON Tools Lite\Lang\AFK.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\main_controls_icons.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_drive.png (903 bytes)
%Program Files%\DAEMON Tools Lite\dtsoftbus01.inf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives4.png (962 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider_right.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin1_pro.jpg (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_top.png (137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DAN.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_selected.png (465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\dtcom.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_controls_icons.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab4378.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_over.png (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LVI.dll (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\gadjet_scripts.js (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_left.png (137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message.css (995 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\down_drive.png (343 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_drive_hover.png (366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\System.dll (11 bytes)
%Program Files%\DAEMON Tools Lite\SPTDinst-x64.exe (24832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_selected.png (465 bytes)
%Program Files%\DAEMON Tools Lite\Lang\BIH.dll (3616 bytes)
%Program Files%\DAEMON Tools Lite\Lang\SVE.dll (3616 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\dtsetup.ini (1358 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab1.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\chenge_view.png (677 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\skins_gallery_but.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_8.png (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_butt.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab447A.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\AFK.dll (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar441B.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab1.ico (16 bytes)
%Program Files%\DAEMON Tools Lite\DTGadget64.dll (12088 bytes)
%Program Files%\DAEMON Tools Lite\Lang\FIN.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\MNDManager.ico (1150 bytes)
%Program Files%\DAEMON Tools Lite\Lang\DAN.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_selected.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_over.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin1.jpg (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_selected.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\style.css (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_out.png (669 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\warning.png (3 bytes)
%Program Files%\DAEMON Tools Lite\Lang\RUS.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_out.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_bottom.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HEB.dll (2473 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_butts.gif (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_over.png (891 bytes)
%Program Files%\DAEMON Tools Lite\Lang\ELL.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\photoshop.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_middle.gif (897 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\prop_.png (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NLB.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\mount.html (2 bytes)
%Program Files%\DAEMON Tools Lite\Lang\JPN.dll (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CSY.dll (3718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\style.css (1093 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_unread.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab1.ico (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\UKR.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\rss.js (988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_over.png (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\1.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PTB.dll (3722 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BGR.dll (3730 bytes)
%Program Files%\DAEMON Tools Lite\Lang\HYE.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SLV.dll (1921 bytes)
%Program Files%\DAEMON Tools Lite\dtsoftbus01.cat (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_bottom.gif (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NOR.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\main_controls_icons.png (488 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget.html (9 bytes)
%Program Files%\DAEMON Tools Lite\Lang\CHS.dll (1552 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar438B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab438A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3EE5.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\dtsoftbus01.sys (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab447A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar44EC.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar441B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a} (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab44EB.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab441A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab448B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar448C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab4378.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\dtsoftbus01.inf (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc33CC.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED3.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar447B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\dtsoftbus01.cat (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar43EA.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab43E9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar4379.tmp (0 bytes)

The process irsetup.exe:2296 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe (187244 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat (2712 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)

Registry activity

The process DAEMONLite4.41.exe:3616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process sidebar.exe:1808 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Sidebar\Settings]
"ShowGadgets" = "1"

The process %original file name%.exe:1796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process rundll32.exe:3972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process DrvInst.exe:2628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\root#dtsoftbus01]
"Security" = "01 00 04 90 00 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemPath%\system32\DRIVERS]
"dtsoftbus01.sys" = "5"

[HKU\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\root#dtsoftbus01]
"ClassGUID" = "{4d36e97d-e325-11ce-bfc1-08002be10318}"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"SCSI Miniport" = "42 00 00 00 00 01 00 00 01 01 00 00 19 00 00 00"

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\root#dtsoftbus01]
"Service" = "dtsoftbus01"
"DeviceCharacteristics" = "256"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\root#dtsoftbus01]
"Exclusive"
"DeviceType"
"LowerFilters"
"UpperFilters"

The process DrvInst.exe:3532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0]
"Blob" = "0F 00 00 00 01 00 00 00 14 00 00 00 03 F5 5B 4D"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD]
"Blob" = "0F 00 00 00 01 00 00 00 20 00 00 00 52 29 BA 15"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0]
"Blob" = "0F 00 00 00 01 00 00 00 14 00 00 00 03 F5 5B 4D"

[HKU\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates]
"5557C0953FBD9F93745B214FB2483E9369B597F0"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"D69B561148F01C77C54578C10926DF5B856976AD"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates]
"5557C0953FBD9F93745B214FB2483E9369B597F0"

The process DrvInst.exe:4052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters]
"DefaultRequestFlags" = "8"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters\DigitalAudio]
"CDDAAccurate" = "1"

[HKU\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\System\CurrentControlSet\services\eventlog\System\cdrom]
"TypesSupported" = "7"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters\DigitalAudio]
"CDDASupported" = "1"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"SCSI CDROM Class" = "03 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemPath%\system32\DRIVERS]
"cdrom.sys" = "1"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters\DigitalAudio]
"SettingsFromDevice" = "1"

[HKLM\System\CurrentControlSet\services\eventlog\System\cdrom]
"EventMessageFile" = "%SystemRoot%\System32\IoLogMsg.dll"

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\GenCdRom]
"ClassGUID" = "{4d36e965-e325-11ce-bfc1-08002be10318}"
"Service" = "cdrom"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters]
"DefaultDvdRegion" = "1"

[HKLM\System\CurrentControlSet\Enum\DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00\Device Parameters\DigitalAudio]
"ReadSizesSupported" = "4294967295"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\GenCdRom]
"DeviceType"
"DeviceCharacteristics"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PnPSysprep\ServiceStartTypeBackup]
"cdrom"

[HKLM\System\CurrentControlSet\Control\CriticalDeviceDatabase\GenCdRom]
"LowerFilters"
"UpperFilters"
"Exclusive"
"Security"

The process SetupHelper.exe:2904 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process DTLite4413-0173.exe:1672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit30]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit62]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit124]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit117]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit114]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit28]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit13]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit40]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit58]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit60]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit17]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit50]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit18]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit82]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SYSTEM\Setup\SetupapiLogStatus]
"setupapi.app.log" = "4096"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit113]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}]
"Class" = "dtsoftbus01"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit90]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit120]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro\FileTypesSave\.mdx]
"Type" = "Type: REG_SZ, Length: 0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayName" = "DAEMON Tools Lite"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit39]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit111]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"B67DE95D-274B-0C7D-C784-82C002ECA45C" = "Type: REG_SZ, Length: 0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit26]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\DAEMON.Tools.Lite\DefaultIcon]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTLite.exe,0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit53]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}\Properties]
"Security" = "01 00 0C 90 00 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit77]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}]
"NoDisplayClass" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit103]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit81]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit91]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit93]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro]
"Version Minor" = "41"
"Version Release" = "3"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit67]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit97]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit108]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit34]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit101]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\.mdx]
"(Default)" = "DAEMON.Tools.Lite"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit23]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit116]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit1]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit66]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit2]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit63]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit10]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit96]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit36]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit92]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayIcon" = "%Program Files%\DAEMON Tools Lite\DTLite.exe"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit5]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit12]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DTLite.exe]
"Path" = "%Program Files%\DAEMON Tools Lite\"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit118]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit4]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit70]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit41]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit7]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit107]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit76]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 55 57 C0 95"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit71]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit121]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro\FileTypesSave\.mdf]
"Type" = "Type: REG_SZ, Length: 0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit119]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit35]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit38]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit25]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit126]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit14]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit110]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit98]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}]
"NoUseClass" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit83]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit49]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro]
"Version Major" = "4"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit99]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro\Config]
"AdapterStateDT" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit42]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit46]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit15]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DTLite.exe]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTLite.exe"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit44]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit48]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit54]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit68]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit86]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 55 57 C0 95"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit21]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit80]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\DAEMON.Tools.Lite]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit102]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit84]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit73]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit89]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit106]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit51]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit45]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit75]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit55]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit16]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit20]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit57]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\.mds]
"(Default)" = "DAEMON.Tools.Lite"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit69]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit19]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit65]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit85]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit22]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro\FileTypesSave\.mds]
"Type" = "Type: REG_SZ, Length: 0"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit95]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayVersion" = "4.41.3.0173"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit123]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit6]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit0]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit9]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit105]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit115]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit94]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit78]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit56]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit61]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"Publisher" = "DT Soft Ltd"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit32]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit72]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SYSTEM\Setup\SetupapiLogStatus]
"setupapi.dev.log" = "4096"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit104]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\DAEMON.Tools.Lite\shell\open\command]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTLite.exe -shellmount %1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit100]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit88]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\DT Soft\DAEMON Tools Pro]
"Path" = "%Program Files%\DAEMON Tools Lite\"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit11]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01]
"AdapterStatus" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit29]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalAssocChangedCounter" = "45"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01]
"client" = "41 3B 13 40 37 80 B7 AF AB 63 56 48 3F BA 8E B6"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit59]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit37]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"URLInfoAbout" = "http://www.daemon-tools.cc/"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit33]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit122]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit31]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"UninstallString" = "%Program Files%\DAEMON Tools Lite\uninst.exe"

[HKCU\Software\DT Soft\DAEMON Tools Pro\Config]
"AutoStart" = "1"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit64]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit47]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit79]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit74]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit43]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit109]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit27]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit24]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKCR\.mdf]
"(Default)" = "DAEMON.Tools.Lite"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit125]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit3]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit8]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit112]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit52]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

[HKLM\System\CurrentControlSet\Services\dtsoftbus01\unit87]
"data" = "3D 3E E9 B0 38 9B E1 76 C8 D3 2E 75 A4 BF 2D 40"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite" = "%Program Files%\DAEMON Tools Lite\DTLite.exe -autorun"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\dtsoftbus01]
"Start" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates]
"5557C0953FBD9F93745B214FB2483E9369B597F0"

[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\%Program Files%\DAEMON Tools Lite]
"DTLite.exe"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates]
"5557C0953FBD9F93745B214FB2483E9369B597F0"

The process regsvr32.exe:1428 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\DTGadget.RSS.1]
"(Default)" = "RSS Class"

[HKCR\DTGadget.GadgetControl.1]
"(Default)" = "GadgetControl Class"

[HKCR\DTGadget.GadgetControl\CurVer]
"(Default)" = "DTGadget.GadgetControl.1"

[HKCR\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTGadget32.dll"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}]
"AppID" = "{F574FC8D-EFB4-4DAB-AA18-B6C688A8CC58}"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}]
"AppID" = "{F574FC8D-EFB4-4DAB-AA18-B6C688A8CC58}"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\HELPDIR]
"(Default)" = "%Program Files%\DAEMON Tools Lite"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\VersionIndependentProgID]
"(Default)" = "DTGadget.GadgetControl"

[HKCR\DTGadget.RSS\CurVer]
"(Default)" = "DTGadget.RSS.1"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTGadget32.dll"

[HKCR\DTGadget.RSS.1\CLSID]
"(Default)" = "{46F8ADC5-0EA1-49d7-9657-56A50133CD42}"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\TypeLib]
"(Default)" = "{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}]
"(Default)" = "IGadgetControl"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}]
"(Default)" = "IRSS"

[HKCR\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0]
"(Default)" = "DTGadget 1.0 Type Library"

[HKCR\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win32]
"(Default)" = "%Program Files%\DAEMON Tools Lite\DTGadget32.dll"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\ProgID]
"(Default)" = "DTGadget.GadgetControl.1"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{FEC8A564-EF2C-4D4F-BDED-D01E03D9DDD1}\TypeLib]
"(Default)" = "{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}]
"(Default)" = "GadgetControl Class"

[HKCR\DTGadget.GadgetControl.1\CLSID]
"(Default)" = "{273C813F-46B0-4D2D-B522-73CB5D1C372A}"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}\TypeLib]
"(Default)" = "{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}"

[HKCR\DTGadget.RSS\CLSID]
"(Default)" = "{46F8ADC5-0EA1-49d7-9657-56A50133CD42}"

[HKCR\Interface\{476B3CEC-34F4-4B44-800C-918202FABD51}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\{F574FC8D-EFB4-4DAB-AA18-B6C688A8CC58}]
"(Default)" = "DTGadget"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\VersionIndependentProgID]
"(Default)" = "DTGadget.RSS"

[HKCR\DTGadget.GadgetControl\CLSID]
"(Default)" = "{273C813F-46B0-4D2D-B522-73CB5D1C372A}"

[HKCR\AppID\DTGadget.DLL]
"AppID" = "{F574FC8D-EFB4-4DAB-AA18-B6C688A8CC58}"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}]
"(Default)" = "RSS Class"

[HKCR\DTGadget.GadgetControl]
"(Default)" = "GadgetControl Class"

[HKCR\DTGadget.RSS]
"(Default)" = "RSS Class"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\TypeLib]
"(Default)" = "{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}"

[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\ProgID]
"(Default)" = "DTGadget.RSS.1"

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
"ThreadingModel" = "Apartment"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\ProgID]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\VersionIndependentProgID]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\VersionIndependentProgID]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\Programmable]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\TypeLib]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\TypeLib]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\Programmable]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}]
[HKCR\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
[HKCR\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\ProgID]

Dropped PE files

MD5 File path
fd5b3fbfe4346f45d3764d149afc761a c:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
00d0a111a66f1e531f849727a528036b c:\Program Files\DAEMON Tools Lite\DTGadget32.dll
62f4fda5c8db21799ca4c30c10046ca7 c:\Program Files\DAEMON Tools Lite\DTGadget64.dll
252ff12c709418a7792b593605188cb6 c:\Program Files\DAEMON Tools Lite\DTHelper.exe
cea0461aae4b8b6216f164501b1b5a10 c:\Program Files\DAEMON Tools Lite\DTLite.exe
f9803b1b1fa3e9d34f309d2dd8db30b5 c:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
1bc6ff991384848c588e4ec94512a2fc c:\Program Files\DAEMON Tools Lite\DT_free_Rus_YandexBar1022.exe
f605346de44da5e5037392616d3b919d c:\Program Files\DAEMON Tools Lite\Engine.dll
e52159020ed1fe44684f8aa003f2dd40 c:\Program Files\DAEMON Tools Lite\InstallGadget.exe
cf0ba43ae03d5dc57e96fa583d26f506 c:\Program Files\DAEMON Tools Lite\Lang\AFK.dll
92749b95321bf93e7e285537229feaad c:\Program Files\DAEMON Tools Lite\Lang\ARA.dll
c1286d50ea59268af55eb7bc72e9fd30 c:\Program Files\DAEMON Tools Lite\Lang\BGR.dll
9d692d85639d0d9fcc8fd8428cb8ff2c c:\Program Files\DAEMON Tools Lite\Lang\BIH.dll
98b5f8d3c7f45937fa6b920e51e83782 c:\Program Files\DAEMON Tools Lite\Lang\CHS.dll
44def48444c237ca2455b12f020a41d6 c:\Program Files\DAEMON Tools Lite\Lang\CHT.dll
1838b84c7cc7529319dd704759d4273e c:\Program Files\DAEMON Tools Lite\Lang\CSY.dll
49dfb5b9bc3b193a847f96f72ba7deab c:\Program Files\DAEMON Tools Lite\Lang\DAN.dll
7305e2e252ec3ca9809fd3172dd63a68 c:\Program Files\DAEMON Tools Lite\Lang\DEU.dll
27d9823928ab2be476b6f07ead03c33c c:\Program Files\DAEMON Tools Lite\Lang\ELL.dll
ae1efc111af8c51865f7982cf6563178 c:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
e1a42e5f8460ccbd8cd0a389a8798cc7 c:\Program Files\DAEMON Tools Lite\Lang\ESN.dll
7731e2156769c740f8a2c31b5e4df534 c:\Program Files\DAEMON Tools Lite\Lang\FIN.dll
614fcda9095d370e39209d6d42958fb3 c:\Program Files\DAEMON Tools Lite\Lang\FRA.dll
4211100519c955e423215e9a3a08c1d7 c:\Program Files\DAEMON Tools Lite\Lang\HEB.dll
9731e2fe05e3da9a66067908f6d3be07 c:\Program Files\DAEMON Tools Lite\Lang\HRV.dll
b5ec9c8bb10b4d032c1362463758a25e c:\Program Files\DAEMON Tools Lite\Lang\HUN.dll
61c46b0a6fa7e2d189dc104632800be6 c:\Program Files\DAEMON Tools Lite\Lang\HYE.dll
70f07f8cc1a4b5fc982df281c543f2a8 c:\Program Files\DAEMON Tools Lite\Lang\IND.dll
95b38c347abd82b8b87408434bd16077 c:\Program Files\DAEMON Tools Lite\Lang\ITA.dll
d0b2fed29ef162a3a8d736fd40961b3b c:\Program Files\DAEMON Tools Lite\Lang\JPN.dll
b3eaa9d656acff1824c20c8248c35e76 c:\Program Files\DAEMON Tools Lite\Lang\KAT.dll
5765c1d93c810fa191b2603952d0534f c:\Program Files\DAEMON Tools Lite\Lang\KOR.dll
85fa1b1123c4b48671e0da25dacf246b c:\Program Files\DAEMON Tools Lite\Lang\LTH.dll
e4d780ef46b04d4e79baf5148f3d8dd9 c:\Program Files\DAEMON Tools Lite\Lang\LVI.dll
d02efd07e77c06b994430065b69d2c2f c:\Program Files\DAEMON Tools Lite\Lang\NLB.dll
89906933894f18cde773b2325e6bb042 c:\Program Files\DAEMON Tools Lite\Lang\NOR.dll
2b58f578d140b24e70ef8382223263b6 c:\Program Files\DAEMON Tools Lite\Lang\PLK.dll
f10f25b99d119f70d033aaf1f6e1b172 c:\Program Files\DAEMON Tools Lite\Lang\PTB.dll
4e1d52f4c97d3c47325c0e7eea53427a c:\Program Files\DAEMON Tools Lite\Lang\ROM.dll
9477befb435d7e49a495785b9e12af0f c:\Program Files\DAEMON Tools Lite\Lang\RUS.dll
bbcb4687f9d735db1999e4e3541c2561 c:\Program Files\DAEMON Tools Lite\Lang\SKY.dll
0c6d4a502a4a7da18b170d80711ba345 c:\Program Files\DAEMON Tools Lite\Lang\SLV.dll
60f3def51db1fb1cb6f0cdd26c517f6f c:\Program Files\DAEMON Tools Lite\Lang\SRL.dll
c24c9fc4ac8f4bd44f8e89746cf97cc4 c:\Program Files\DAEMON Tools Lite\Lang\SVE.dll
43baa07c3f4326d6783fc05c0f620e8f c:\Program Files\DAEMON Tools Lite\Lang\TRK.dll
e29dd8fc5f137994c80629a7ad002d5c c:\Program Files\DAEMON Tools Lite\Lang\UKR.dll
d2adc3ee87c7983b34c1d284aad2d163 c:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
fd62e3b8d7e193ab19e71f26c1fc81b6 c:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
c0c7ceccb6c85994c2bc92d58e52d3f2 c:\Program Files\DAEMON Tools Lite\dtsoftbus01.sys
d6cd851869a9a3fbeb2254d3766a9aba c:\Program Files\DAEMON Tools Lite\imgengine.dll
92e541cb724a8a0ee3f04469b8099c04 c:\Program Files\DAEMON Tools Lite\uninst.exe
a20431e552a37ab90e6cc98ce5ed82d1 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DAEMONLite4.41.exe
d74a7db367d407dec2fcbbd22043a91b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\KOB.dll
ee6d5584f593fab1c5d3d8e548b7203b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\RUN.exe
e808a6b7751f6f980f97008d1aeb8036 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe
cdec84efa7e61e09f8f344f1a151ba59 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
4f88bef9204d347c0d1c99d7be7baae8 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\DTSetupHelper.exe
cf0ba43ae03d5dc57e96fa583d26f506 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\AFK.dll
92749b95321bf93e7e285537229feaad c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ARA.dll
c1286d50ea59268af55eb7bc72e9fd30 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BGR.dll
9d692d85639d0d9fcc8fd8428cb8ff2c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BIH.dll
98b5f8d3c7f45937fa6b920e51e83782 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHS.dll
44def48444c237ca2455b12f020a41d6 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHT.dll
1838b84c7cc7529319dd704759d4273e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CSY.dll
49dfb5b9bc3b193a847f96f72ba7deab c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DAN.dll
7305e2e252ec3ca9809fd3172dd63a68 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DEU.dll
27d9823928ab2be476b6f07ead03c33c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ELL.dll
ae1efc111af8c51865f7982cf6563178 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ENU.dll
e1a42e5f8460ccbd8cd0a389a8798cc7 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ESN.dll
7731e2156769c740f8a2c31b5e4df534 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FIN.dll
614fcda9095d370e39209d6d42958fb3 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FRA.dll
4211100519c955e423215e9a3a08c1d7 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HEB.dll
9731e2fe05e3da9a66067908f6d3be07 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HRV.dll
b5ec9c8bb10b4d032c1362463758a25e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HUN.dll
61c46b0a6fa7e2d189dc104632800be6 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HYE.dll
70f07f8cc1a4b5fc982df281c543f2a8 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\IND.dll
95b38c347abd82b8b87408434bd16077 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ITA.dll
d0b2fed29ef162a3a8d736fd40961b3b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\JPN.dll
b3eaa9d656acff1824c20c8248c35e76 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KAT.dll
5765c1d93c810fa191b2603952d0534f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KOR.dll
85fa1b1123c4b48671e0da25dacf246b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LTH.dll
e4d780ef46b04d4e79baf5148f3d8dd9 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LVI.dll
d02efd07e77c06b994430065b69d2c2f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NLB.dll
89906933894f18cde773b2325e6bb042 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NOR.dll
2b58f578d140b24e70ef8382223263b6 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PLK.dll
f10f25b99d119f70d033aaf1f6e1b172 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PTB.dll
4e1d52f4c97d3c47325c0e7eea53427a c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ROM.dll
9477befb435d7e49a495785b9e12af0f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\RUS.dll
bbcb4687f9d735db1999e4e3541c2561 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SKY.dll
0c6d4a502a4a7da18b170d80711ba345 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SLV.dll
60f3def51db1fb1cb6f0cdd26c517f6f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SRL.dll
c24c9fc4ac8f4bd44f8e89746cf97cc4 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SVE.dll
43baa07c3f4326d6783fc05c0f620e8f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\TRK.dll
e29dd8fc5f137994c80629a7ad002d5c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\UKR.dll
7fbc1cd7de7bc2dc40e9960bd3d3ecc8 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\SetupHelper.exe
959ea64598b9a3e494c00e8fa793be7e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\System.dll
9adb3f7c3d4b623f74c4a17ee665d65f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\setuphlp.dll
c0c7ceccb6c85994c2bc92d58e52d3f2 c:\Windows\System32\DriverStore\FileRepository\dtsoftbus01.inf_x86_neutral_1cc2711e3c419337\dtsoftbus01.sys
c0c7ceccb6c85994c2bc92d58e52d3f2 c:\Windows\System32\drivers\dtsoftbus01.sys

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 72088 72192 4.546 984dfeff737935f78877d3d08b82ef95
.rdata 77824 7189 7680 3.37138 0fb0a72395723950e1915d6bf373f506
.data 86016 65324 512 2.43883 11ffdfc240c81dfe9d957f6bf1761f00
.CRT 151552 16 512 0.147711 a5ba361df79e0a565f00bd42dc501625
.rsrc 155648 16504 16896 2.78807 4a42d4a1c79a481d4a049c0bb7911c60

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://dt.web-search-home.com/getsettings?query=GNNfZQWUSUiqIdLnKNvMCWONHmmtB4GyN1neWQ5Hrhcs97W0l3CNcge3IKypSpg5kSHNUNN1OsEkUhQ3B+tZ2A== 198.16.77.12
hxxp://dt.web-search-home.com/download/yandexdtLite 198.16.77.12
hxxp://mirror23.mountspace.com/getfile.php?p=hxxp://eu-uk7.disk-tools.com/f8c73ad1ae1a2b396bd63e8855c2017a/DT_free_Rus_YandexBar1022.exe 188.120.245.109
hxxp://web-search-home.com/download/yandexdtLite 198.16.77.12


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY PE EXE or DLL Windows file download HTTP

Traffic

GET /getsettings?query=GNNfZQWUSUiqIdLnKNvMCWONHmmtB4GyN1neWQ5Hrhcs97W0l3CNcge3IKypSpg5kSHNUNN1OsEkUhQ3B+tZ2A== HTTP/1.1
Connection: Keep-Alive
Host: dt.web-search-home.com


HTTP/1.1 200 OK
Server: nginx/1.0.15
Date: Sun, 19 Mar 2017 20:50:07 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.29
Set-Cookie: PHPSESSID=tmtd9mej8682qtd5kn84kdgja7; path=/; domain=web-search-home.com
Content-Length: 3904
Jhz9HA/OCm0GW6fp9ZcSPDN34A485s78WSH2Jd SS2e96LkhrSzsfWe/aniircng kpRLo
ZsqhAQv8vCVpKIf08MvKSvlWND8pTpxJea euCVcbwqRQCtsUE vavGJoC630cVWj/iIQH
NtvbMPDN9ChUZ66FNi6Cn0I5sEQsCRCGAwt5Tjkb1rnTGMV hGpIrOtC1q924swB3 7RaN
POkIYAco8kr9kFVuFmXRs0sD9UmV13VFwenUxK0H1bbFve5xHdkhoGDFDUDC5adsSfz43j
S/TmKtIQm7GEjMZFE7EKZ qAlIjCRV3BBhX /VpWDS4TO9aXEtdHbJq7bsR RldNXvJjl9
y du67xyCIwYdaw WJbMzBRGQA fW/WOmpdzUDaY44j5mm1T89qA8UbM18s998P9YW4zZA
qmfOAU16hWoG3v/ixsNPAMnKnEzFTdcWLDTD32iNGzbbhPMrB AslbUUtWrqoUvhd/neRJ
WKWFU4L2roLbhRI0qNGMtKe7YXF9p3EVFCy hSXE5HAV88AV4z0vw4rVop2baNVxyrwrrd
8RN9tHVBsVvRvGR5RVb7MeOAX bmXo7d2kPm6n4mLUZWnGLdpojnYK4J70mRW7DL9KStSF
2iHuZnUrGTvgSCVlKgT31eba02Ho6iK7AbIYzImgScRxdnNoJzvnnVgH9C8K99Y03AQLBi
ByudppCDFVxmk IDSxiIF5x5EwKkj2zjZ5h94RsqGB63KFNOmMmowv8s/EZSHGP7lJuLys
cLN7rl6qttro6lHpGe6HtT8W3UCKn60EMERHisGRpCFV u3YcdVYSctQrHSwIlZ0Hy1rPN
q8iGRrQjpIG/bNBiEd dYIFH7WYyDVsts6 iFDJklN18/Fuw7xXDGm8IPlumykb4ufaT6a
/4OstjcX3c9dychuaghoNWiGEXI1QRgzdT6r2T5fvfV4pd0kg9JXIMOTbi62fIikQj9ZnC
Eo67fG3H0NXE0ZKklKmdjSUaIlGZkKkANicWsbCrKYA3zuKPDJv0lD7WQrP7m8s7Hbv5Ta
wxpRVPSOj2ay1rjIkrSSkXVJECoqEVjloZzYctZJ0D60AoCN4GyxkC8cIwxK4ho/wG8T2m
Pi31H3iYw0WzSTmkadHNcZggYo6qZOhWOEPPMJJW3uCH5oJs0Loccx OiRChZ2EvQ22jKr
M40EPkNEZyNt6ILjRYIZDgJIp4tfq5AMpCwRd24d5TmdVTvlbE43TMuPkP4suVvVKjxGQc
LxsQfDSyU7EPSxVS39HgQqsMkAMhXbdoVSGS4Kbrob97ByKsz//02CMpGIA54QOlNEs0nf
dhtRBPJwD2tVCW6AYlhUis/1ctmqWJ5pG1rncAPBn8CRTMEpQmBit9T/IjYmPOYB/GgvKF
uePlfx1kYTVqP Bb3SIevwVIsMdefhBHn29Ub4KEo9esQiNQ47bpFxpnINyaseLMDvYUx4
lR22L1oed4s0a9cJcpokLK/ e5QBRb7frT6ljCDUw lFLrqNjX07iOMJ/0cxdS/tWi

<<< skipped >>>

GET /getfile.php?p=hXXp://eu-uk7.disk-tools.com/f8c73ad1ae1a2b396bd63e8855c2017a/DT_free_Rus_YandexBar1022.exe HTTP/1.1
Connection: Keep-Alive
Host: mirror23.mountspace.com


HTTP/1.1 200 OK
Server: nginx/0.8.55
Date: Sun, 19 Mar 2017 20:50:22 GMT
Content-Type: application/octet-stream
Connection: close
X-Powered-By: PHP/5.3.19
Cache-Control: 
Pragma: 
Content-Disposition: attachment; filename="DT_free_Rus_YandexBar1022.exe"
Content-Transfer-Encoding: binary
Accept-Ranges: bytes
Content-Length: 878208
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......^".u.C.&.C.&
.C.&..S&.C.&..g&kC.&..f&3C.&.;^&.C.&.C.&.C.&..b&.C.&..W&.C.&..P&.C.&Ri
ch.C.&........................PE..L....v.P............................
.O............@..................................Z....@...............
......................x....p...............R.......p..$...`...........
....................p...@............................................t
ext............................... ..`.rdata...V.......X..............
....@..@.data....1...0......................@....rsrc........p.......,
..............@..@.reloc...$...p...&...,..............@..B............
......................................................................
......................................................................
......................................................................
......................................................................
............................................U..W....9w@t5.G....w].$...
@...tR.F..I..tI.F.P.A.P....@..5..t5.F..,..t,.F..#......w6......s...Nt%
......u...t.....uJ.M............_].........2...r...8...v.......u....H.
..v..A......RP....@...VS... ..WP....@._]....I...@.%.@.9.@.l.@.l.@.....
....................U....$.U..M.SV.u..^..F.W.}..U.3.R.U..U..U..U..U.R.
U.RQ.]..]..^...W.E..M.P.....E.$....E......}....M....N...tK..9w.t....r'
../v...7u..]..<......t...1...v...8...v..F..u..U..F.Rj.P....@.......
..u..N...F...t .~..u..N.......F..B.Q...F......._^..[..]...........

<<< skipped >>>

GET /download/yandexdtLite HTTP/1.1
Connection: Keep-Alive
Host: web-search-home.com


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.15
Date: Sun, 19 Mar 2017 20:50:22 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.3.29
Set-Cookie: PHPSESSID=qq11dd7q3ss3td1dp3d1v6kch6; path=/; domain=web-search-home.com
Location: hXXp://mirror23.mountspace.com/getfile.php?p=hXXp://eu-uk7.disk-tools.com/f8c73ad1ae1a2b396bd63e8855c2017a/DT_free_Rus_YandexBar1022.exe
0..


The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_1796:

.text
`.rdata
@.data
@.rsrc
VSSSSh
^SShq
%.*s(%d)%s
COMCTL32.dll
SHLWAPI.dll
GetProcessHeap
GetCPInfo
KERNEL32.dll
USER32.dll
GDI32.dll
COMDLG32.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
ADVAPI32.dll
SHFileOperationW
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
WINRAR.SFX
d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
version="1.0.0.0"
<requestedExecutionLevel level="asInvoker"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<!--The ID below indicates application support for Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--The ID below indicates application support for Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
r%.*s(%d)%s
rtmp%d
<head><meta http-equiv="content-type" content="text/html; charset=
Shell.Explorer
%s %s
%s %s %s
GETPASSWORD1
%s%s%d
Software\Microsoft\Windows\CurrentVersion
%s.%d.tmp
winrarsfxmappingfile.tmp
-el -s2 "-d%s" "-p%s" "-sp%s"
__tmp_rar_sfx_access_check_%u
sfxcmd
riched20.dll
riched32.dll
Extracting %s
c:\%original file name%.exe
Enter password
&Enter password for the encrypted file:
Skipping %s
The file "%s" header is corrupt%The archive comment header is corrupt
Unknown method in %s
Cannot open %s
Cannot create %s
Cannot create folder %sDCRC failed in the encrypted file %s. Corrupt file or wrong password.
CRC failed in %s
Packed data CRC failed in %s
Wrong password for %s5Write error in the file %s. Probably the disk is full
Read error in the file %s
Extracting from %s
ErroraErrors encountered while performing the operation
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Extracting files to %s folder$Extracting files to temporary folder
=Total path and file name length must not exceed %d characters

conhost.exe_3496:

.text
`.data
.rsrc
@.reloc
GDI32.dll
USER32.dll
msvcrt.dll
ntdll.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
KERNEL32.dll
IMM32.dll
ole32.dll
OLEAUT32.dll
PutInputInBuffer: EventsWritten != 1 (0x%x), 1 expected
Invalid message 0x%x
InitExtendedEditKeys: Unsupported version number(%d)
Console init failed with status 0x%x
CreateWindowsWindow failed with status 0x%x, gle = 0x%x
InitWindowsStuff failed with status 0x%x (gle = 0x%x)
InitSideBySide failed create an activation context. Error: %d
GetModuleFileNameW requires more than ScratchBufferSize(%d) - 1.
GetModuleFileNameW failed %d.
Invalid EventType: 0x%x
Dup handle failed for %d of %d (Status = 0x%x)
Couldn't grow input buffer, Status == 0x%x
InitializeScrollBuffer failed, Status = 0x%x
CreateWindow failed with gle = 0x%x
Opening Font file failed with error 0x%x
\ega.cpi
NtReplyWaitReceivePort failed with Status 0x%x
ConsoleOpenWaitEvent failed with Status 0x%x
NtCreatePort failed with Status 0x%x
GetCharWidth32 failed with error 0x%x
GetTextMetricsW failed with error 0x%x
GetSystemEUDCRangeW: RegOpenKeyExW(%ws) failed, error = 0x%x
RtlStringCchCopy failed with Status 0x%x
Cannot allocate 0n%d bytes
|%SWj
O.fBf;
ReCreateDbcsScreenBuffer failed. Restoring to CP=%d
Invalid Parameter: 0x%x, 0x%x, 0x%x
ConsoleKeyInfo buffer is full
Invalid screen buffer size (0x%x, 0x%x)
SetROMFontCodePage: failed to memory allocation %d bytes
FONT.NT
Failed to set font image. wc=x, sz=(%x,%x)
Failed to set font image. wc=x sz=(%x, %x).
Failed to set font image. wc=x sz=(%x,%x)
FullscreenControlSetColors failed - Status = 0x%x
FullscreenControlSetPalette failed - Status = 0x%x
WriteCharsFromInput failed 0x%x
WriteCharsFromInput failed %x
RtlStringCchCopyW failed with Status 0x%x
CreateFontCache failed with Status 0x%x
FTPh
\>.Sj
GetKeyboardLayout
MapVirtualKeyW
VkKeyScanW
GetKeyboardState
UnhookWindowsHookEx
SetWindowsHookExW
GetKeyState
ActivateKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
_amsg_exit
_acmdln
ShipAssert
NtReplyWaitReceivePort
NtCreatePort
NtEnumerateValueKey
NtQueryValueKey
NtOpenKey
NtAcceptConnectPort
NtReplyPort
SetProcessShutdownParameters
GetCPInfo
conhost.pdb
%$%a%b%V%U%c%Q%W%]%\%[%
%<%^%_%Z%T%i%f%`%P%l%g%h%d%e%Y%X%R%S%k%j%
version="5.1.0.0"
name="Microsoft.Windows.ConsoleHost"
<requestedExecutionLevel
name="Microsoft.Windows.ConsoleHost.SystemDefault"
publicKeyToken="6595b64144ccf1df"
name="Microsoft.Windows.SystemCompatible"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
< =$>:>@>
2%2X2
%SystemRoot%
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\FullScreen
WindowSize
ColorTableu
ExtendedEditkeyCustom
ExtendedEditKey
Software\Microsoft\Windows\CurrentVersion
\ !:=/.<>;|&
%d/%d
cmd.exe
desktop.ini
\console.dll
%d/%d
6.1.7601.17641 (win7sp1_gdr.110623-1503)
CONHOST.EXE
Windows
Operating System
6.1.7601.17641

DAEMONLite4.41.exe_3616:

.text
`.rdata
@.data
.rsrc
diu2.iu
Advapi32.dll
irsetup.exe
Could not determine a temp directory name. Try running setup.exe /T:<Path>
c:\temp
%s\irsetup.exe
%s%s_%d
"__IRSID:%s"
"__IRCT:%d"
"__IRAFN:%s"
__IRAOFF:%u
KERNEL32.DLL
mscoree.dll
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
kernel32.dll
GetProcessWindowStation
USER32.DLL
operator
KERNEL32.dll
MsgWaitForMultipleObjects
USER32.dll
ADVAPI32.dll
ShellExecuteExA
SHELL32.dll
GetProcessHeap
GetCPInfo
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DAEMONLite4.41.exe
%xERRj3cqZQ
! !!####0
;;;9551%%0
! !!565665@
version="8.1.1000.0"
name="setup.exe"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
04090000
VVV.u-soft.org
0.0.0.0
suf80_launch.exe

irsetup.exe_2296:

`.rsrc
FtPh
FtPhu
SSSSh
SSh`UQ
SSh4UQ
SShlTQ
SShDTQ
u1SSh
Su%Sh
SShx`Q
txSSh<`Q
SSh _Q
@ SSh
.hPsQ
SSShDxQ
9^$u&SSSSh?
u SSSSh?
9^$u)SSSSh?
u.VWS
WSSh|DQ
udPQ
t.Ht Ht(Ht
y2SSh
FHSSh
GHSSh
GTSSh
G\SSh
FlSSh
Nt.Nt
SShlSR
tjSShHSR
t;SSh$SR
F<%u3
t'SShl
u$SShe
aSSSh
.VVVVVSRSSj
FTPjK
FtPj;
C.PjRV
diu2.iuz
MSG_ERROR
%s %d. %s
MSG_ASK_FOR_DISK
MSG_NEW_LOCATION
MSG_CONFIRM_ABORT
MSG_CONFIRM
A%s.%d
%s, Line %d: %s
File condition evaluation for file "%s"
C:\temp\SUF_SFX_TEST\
msi.dll
\msi.dll
Software\Microsoft\Windows\CurrentVersion\Installer
MSG_INITIALIZING
16670749
[%d]: %s
*** LOCATION: %s
__NOREPORT__
Script: %s, %s (%s)
__ir_eval_value = %s;
%s (%s:%d)
F:\Program Files\Microsoft Visual Studio 8\VC\atlmfc\include\afxwin2.inl
%Copyright%. All rights reserved. %CompanyURL%
WindowStyle
MainWindowSettings
%s at offset %d unterminated
Incorrect %s at offset %d
Element '%s' at offset %d not ended
End tag '%s' at offset %d does not match start tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
%s%d bytes
%s%d wide chars to %d bytes
%d bytes to %s%d wide chars
MSG_SEARCH_FILE
(*.*)|*.*||
MSG_SEARCH_ALL
MSG_SEARCH_MASK
MSG_INSERTDISK
MSG_CANCEL
MSG_OK
MSG_BROWSE
MSG_PATH
Windows Server 2008
Windows Vista
Windows Server 2003
Windows XP
Windows 2000
Windows NT4
Windows NT3
Windows ME
Windows 98
Windows 95
CPasswordData
-- Defined in _SUF70_Global_Functions.lua
number e_ErrorCode, string e_ErrorMsgID
%WindowsFolder%\%ProductName% Setup Log.txt
%StartupFolder%
%StartFolder%
%StartProgramsFolder%
ÞsktopFolder%
%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%CommonFilesFolder%\Microsoft Shared\DAO
Software\Microsoft\Shared Tools\DAO350.dll
Software\Microsoft\Shared Tools\DAO360.dll
ÚOPath%
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
%SourceFolder%
%SystemDrive%
_WindowsFolder
%WindowsFolder%
%SystemFolder%
%CommonFilesFolder%
%CommonFilesFolder64%
%CommonProgramW6432%
%CommonDocumentsFolder%
%StartupFolderCommon%
%StartProgramsFolderCommon%
%StartFolderCommon%
%FontsFolder%
ÞsktopFolderCommon%
UninstallSupportFiles
CPRegKey
Run extra uninstall script: %d
%SourceDrive%
%SourceFilename%
\irsetup.dat
Support file added to uninstall list:
Registry key added to uninstall list:
Remove uninstall support file:
Remove uninstall CP entry from Registry: HKEY_LOCAL_MACHINE\
Register font: %s, %s
%sbk%d
MSG_NO
MSG_YES_TOALL
MSG_YES
MSG_UNINSTALL_OK_REMOVE
MSG_UNINSTALL_NO_APP_USE
MSG_UNINSTALL_REMOVE_SHARED
Decrement shared file count: %s (New count = %d)
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
: %s (#%d)
Global include script: %s
RegisterTypeLib: %s
RegisterTypeLib: %s - %s
Register COM file: %s
Register COM file: %s - System Error # %u
Register COM file on reboot: %s
regsvr32.exe /s %s
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Increment usage count: %s
Increment usage count: %s (New count = %d)
%s\%s
%s (%d)
local e_Stage = %d;local e_CurrentItemText=[[%s]];local e_CurrentItemPct=%d;local e_StagePct=%d;
MSG_SYSREQ_WARN
MSG_NOTICE
MSG_SYSREQ_ABORT
%s: %s
MSG_SYSREQ_USERPERMISSION
MSG_SYSREQ_SYSTEMADMIN
MSG_SYSREQ_COLORDEPTH
MSG_BITSPERPIXEL
MSG_SYSREQ_SCREENHEIGHT
MSG_SYSREQ_SCREENWIDTH
%s: %d
%s: %d %s
MSG_SYSREQ_RAM
MSG_SIZE_MEGABYTES
Operating System
MSG_SYSREQ_OS
MSG_OS_PART_ORNEWER
MSG_OS_PART_NOSERVPACK
MSG_OS_PART_SERVPACK
MSG_OS_PART_SE
MSG_OS_PART_C
MSG_OS_PART_B
MSG_OS_PART_A
MSG_OS_ALL
MSG_OS_NONE
MSG_OS_WSRV2008
MSG_OS_WVISTA
MSG_OS_WSRV2003
MSG_OS_WXP
MSG_OS_W2000
MSG_OS_WNT4
MSG_OS_WNT3
MSG_OS_WME
MSG_OS_W98
MSG_OS_W95
MSG_OS_UNKNOWN
MSG_SYSREQ_NOTMET
MSG_EXP_USESLEFT
MSG_EXP_USESLEFT2
%s %d %s
MSG_EXP_DAYSLEFT
MSG_EXP_DAYSLEFT2
Software\Microsoft\Windows\CurrentVersion\I652R9823\
MSG_EXP_CONTACT_START
MSG_SEEKING
Dependency Detection Passed
Arc: %s
FN: %s
%s (#%d)
MSG_SKIPPING
MSG_INSTALLING
Run project event: %s
local e_ErrorCode=%d; local e_ErrorMsgID = "%s"
Start project event: %s
MSG_UNINSTALLFILE_NOREMOVE
MSG_UNINSTALLFILE_INUSE
%s (%s: %u)
\WININIT.INI
MSG_FILE_EXISTS_INUSE
MSG_FILE_EXISTS_RETRY
MSG_FILE_EXISTS_ANY
MSG_FILE_EXISTS_NEWER
MSG_FILE_OVERWRITE_CONFIRM
%s\%s.lnk
%s (Return code: %d)
Product: %s, version %s
%s (%d):
MSG_PROG_UNINSTALL_CREATECONTROLFILE
ERR_CREATEUNINSTALL_OPEN_EXE_READ
ERR_CREATEUNINSTALL_OPEN_EXE_WRITE
Overwrite uninstall executable:
MSG_PROG_UNINSTALL_CREATEEXE
@MSG_PROG_UNINSTALL_CREATEDATFILE
?MSG_PROG_UNINSTALL_CREATEFOLDER
"/U:%s"
MSG_PROG_UNINSTALL_CREATESC
Create uninstall CP entry key
ERR_CREATEUNINSTALL_CREATEREGKEY
"%s",%d
Uninstall CP entry: URLUpdateInfo =
URLUpdateInfo
Uninstall CP entry: URLInfoAbout =
URLInfoAbout
"%s" "/U:%s"
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
MSG_PROG_UNINSTALL_CREATECPENTRY
MSG_PROG_UNINSTALL_COPYSUPPORTFILES
MSG_PROG_UNINSTALL_COPYPLUGINS
%s %s
MSG_REQUIRED_DRIVE
MSG_AVAILABLE_DRIVE
MSG_PROG_CHECKING_DRIVESPACE
MSG_PROG_CHECKING_FILES
%A, %B %d, %Y
[%s] %s
%m/%d/%Y %H:%M:%S
MsgFile
ERR_MSI_PATCH_REMOVAL_UNSUPPORTED
ERR_MSI_PATCH_PACKAGE_UNSUPPORTED
ERR_MSI_INSTALL_PLATFORM_UNSUPPORTED
ERR_MSI_UNSUPPORTED_TYPE
ERR_MSI_INSTALL_LANGUAGE_UNSUPPORTED
ERR_SERVER_FILE_DOWNLOAD_SET_PROXY_PASSWORD
ERR_SERVER_FILE_DOWNLOAD_OPEN_FTP_FILE
ERR_SERVER_FILE_DOWNLOAD_OPEN_HTTP_FILE
ERR_ODBC_INVALID_KEYWORD_VALUE
ERR_WEB_503
ERR_WEB_500
ERR_WEB_404
ERR_WEB_403
ERR_WEB_400
ERR_WEB_SET_PROXY_PASSWORD
ERR_WEB_SET_PROXY_USERNAME
ERR_WEB_WRITE_MEMORY
ERR_WEB_FTP_FILE_OPEN
ERR_WEB_USER_ABORT
ERR_WEB_FILE_WRITE
ERR_WEB_DOWNLOAD_FILE_ERROR
ERR_WEB_INVALID_HTTP_RESPONSE
ERR_WEB_DESTINATION_FILE_OPEN
ERR_WEB_SEND_REQUEST
ERR_WEB_OPEN_REQUEST
ERR_WEB_CREATE_HTTP_CONNECTION
ERR_WEB_CREATE_INTERNET_SESSION
ERR_REG_GET_SUB_KEY_NAME
ERR_REG_NON_EXISTANT_SUB_KEY
ERR_REG_DELETE_KEY
ERR_REG_CREATE_KEY
ERR_FILE_EXECUTION_FAILED_ELEVATION
ERR_KEY_RUN_ON_REBOOT_FAILED
ERR_USER_ABORTED_OPERATION
ERR_NON_EXISTANT_VIEWER_EXE
ERR_FILE_EXECUTION_FAILED
ERR_SPECIFIED_EXE_FILE_INVALID
MSG_SUCCESS
Language set: Primary = %d, Secondary = %d
%CompanyURL%
%CompanyName%
UxTheme.dll
%Copyright% %CompanyName%. All rights reserved. %CompanyURL%
%WindowsFolder%\%ProductName% Uninstall Log.txt
%CompanyName% Support Department
%WindowsFolder%\%ProductName%\uninstall.exe
uninstall.xml
CWebBrowser2
Confirm Operation
kernel32.dll
KERNEL32.DLL
PSAPI.DLL
Kernel32.dll
WS2_32.DLL
Copying "%s"
"%s" %s
%d.%d.%d.%d
\StringFileInfo\xx\ProductVersion
\StringFileInfo\xx\PrivateBuild
.bak%d
Windows NT 4
Windows NT 3
%s\shell\open\command
NUL=%s
Software\Microsoft\Windows NT\CurrentVersion\Fonts
Software\Microsoft\Windows\CurrentVersion\Fonts
***!!!***@@
Advapi32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%s\%s.url
%s\%s.pif
srclient.dll
%s_%d
%s\_ir_tmpfnt_%d
/\:*?"<>|
jsproxy.dll
DetectAutoProxyUrl
wininet.dll
%%x
d:d
WinINet.dll
Could not create Internet session: %u
Error downloading file: %u
Error writing the destination file: %d-%u
Could not create HTTP connection: %u
Could not create HTTP connection
Incorrect HTTP status returned by server: %d
Send request failed: %u
Content-Type: application/x-www-form-urlencoded
Could not open HTTP file: %s
PTF://
hXXps://
hXXp://
Could not open request: %u
Could not HTTP file: %u
MSG_STATUS_HANDLE_CREATED
MSG_STATUS_HANDLE_CLOSING
MSG_STATUS_REQUEST_COMPLETE
MSG_REDIRECTING
MSG_CONNECTION_CLOSED
MSG_RESOLVING_HOST_NAME
MSG_HOST_NAME_RESOLVED
MSG_CONNECTING_TO_SERVER
MSG_CONNECTED_TO_SERVER
MSG_CLOSING_CONNECTION
TRACE: LastError = %d ("%s")
Script: %s, %s
Script: %s, Line %d
All Files (*.*)|*.*|
PasswordInput
MSG_MOVING
MSG_COPYING
MSG_FROM
MSG_TO
MSG_DELETING
MSG_SEARCHING
\StringFileInfo\xx\SpecialBuild
\StringFileInfo\xx\OriginalFilename
\StringFileInfo\xx\Comments
\StringFileInfo\xx\LegalTrademarks
\StringFileInfo\xx\LegalCopyright
\StringFileInfo\xx\ProductName
\StringFileInfo\xx\InternalName
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\CompanyName
ErrorMsg
%Y-%m-%dT%H:%M:%S
MSG_INSTALL_DO_YOU_WANT_OVERWRITE
MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG
MSG_INSTALL_FILE_OLDER_MSG
OpenURL
\msiexec.exe
RunMsiexec
SQLInstallerError
SQLRemoveDriverManager
odbccp32.dll
SQLConfigDataSource
SQLInstallDriverEx
SQLInstallDriverManager
SQLRemoveDriver
\Kernel32.dll
GetKeyNames
DoesKeyExist
DeleteKey
CreateKey
ShortcutKey
keycode
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
MSG_SIZE_BYTES
P?MSG_SIZE_KILOBYTES
>MSG_SIZE_GIGABYTES
xxxxxx
%s-%s-%s
%s/%s/%s
%s:%s:%s
%d:%s:%s AM
%d:%s:%s PM
MSG_REBOOT_FAILED
WININET.DLL
PPassword
Password
%s %s %s %s (%0.2f %s)
%0.1f %s/%0.1f %s
%I64u %s/%I64u %s
MSG_KB_PER_SEC
MSG_ESTIMATED_TIME_LEFT
MSG_SAVING
MSG_DOWNLOADING
%s %s %s %s
MSG_QUERYING_INTERNET
MSG_READING
GetHTTPErrorInfo
%s > %s
local e_CtrlID=%d; local e_MsgID=%d;
Button%d
Check%d
ComboBox%d
Edit%d
Space available on selected drive: %SpaceAvailable%
Space required: %SpaceRequired%
Error: The specified file: '%s' could not be found.
Error: The specified file: '%s' could not be opened.
Error: The specified file: '%s' is too large to read.
Error: The specified file: '%s' could not be read.
number e_CtrlID, number e_MsgID, table e_Details
Application.Exit();
Screen.Next();
Screen.Back();
Radio%d
Total space required: %SpaceRequired%
IDS_CTRL_CHECK_BOX_d
IDS_CTRL_BUTTON_d
IDS_CTRL_STATICTEXT_LABEL_d
IDS_CTRL_COMBOBOX_d_DEFAULT
IDS_CTRL_EDIT_d
IDS_CTRL_RADIO_BUTTON_d
IDS_CTRL_LISTBOX_d
IDS_CTRL_SCROLLTEXT_BODY_d
IDS_CTRL_PROGRESS_BAR_d
IDS_CTRL_GROUP_BOX_d
IDS_CTRL_SELECT_PACKAGE_TREE_d
CTRL_CHECK_BOX_d
CTRL_BUTTON_d
CTRL_STATICTEXT_LABEL_d
CTRL_COMBOBOX_d
CTRL_EDIT_d
CTRL_RADIO_BUTTON_d
CTRL_LIST_BOX_d
CTRL_SCROLLTEXT_BODY_d
CTRL_PROGRESS_BAR_d
CTRL_GROUP_BOX_d
CTRL_SELECT_PACKAGE_TREE_d
IDS_CTRL_COMBOBOX_d_ITEMS
IDS_CTRL_SCROLLTEXT_FILE_d
WebWindow
IDS_CTRL_CATEGORY_NAME_d_%.3d
IDS_CTRL_CATEGORY_DESCRIPTION_d_%.3d
$Lua: Lua 5.0.2 Copyright (C) 1994-2004 Tecgraf, PUC-Rio $
$URL: VVV.lua.org $
!"#$%&'()* ,-./012
#*1892 $
%,3:;4-&
'.5<=6/7>?
mgM
CNotSupportedException
GDI32.DLL
hhctrl.ocx
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
CCmdTarget
f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
MSWHEEL_ROLLMSG
comctl32.dll
comdlg32.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
ntdll.dll
%s.dll
mfcm80.dll
CHttpConnection
CHttpFile
HTTP/1.0
user32.dll
f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
ole32.dll
mscoree.dll
Visual C   CRT: Not enough memory to complete call to strerror.
cmd.exe
command.com
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
?#%X.y
operator
GetProcessWindowStation
USER32.DLL
OLEACC.dll
WININET.dll
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
.?AVCCmdTarget@@
.PAVCFileException@@
.PAVCException@@
.?AVCMainWindowSettings@@
.?AVCMD5@@
.?AVCPasswordData@@
.?AVCRTSessionVarMgr@@
.?AVCScreenCrtrMeasure@@
.?AVCWebBrowser2@@
.PAVCInternetException@@
.PAVCMemoryException@@
.PAVCResourceException@@
.?AVCScreenCtrlMsg@@
.?AVCScreenCtrlMsgDetail@@
Lua 5.0.2
attempt to %s a %s value
attempt to %s %s `%s' (a %s value)
attempt to compare %s with %s
attempt to compare two %s values
%s:%d: %s
system error %d
file (%s)
`popen' not supported
field `%s' missing in date table
^$* ?.([%-
missing `[' after `%%f' in pattern
no function environment for tail call at level %d
could not load package `%s' from path `%s'
error loading package `%s' (%s)
?;?.lua
bad argument #%d to `%s' (%s)
calling `%s' on bad self (%s)
%s expected, got %s
%s:%d:
stack overflow (%s)
cannot read %s: %s
`__pow' (`^' operator) is not a function
invalid key for `next'
too many %s (limit=%d)
%s:%d: %s near `%s'
char(%d)
`%s' expected (to close `%s' at line %d)
`%s' expected
bad code in %s
unexpected end of file in %s
bad integer in %s
bad nupvalues in %s: read %d; expected %d
bad constant type (%d) in %s
unknown number format in %s
%s too old: read version %d.%d; expected at least %d.%d
%s too new: read version %d.%d; expected at most %d.%d
bad signature in %s
virtual machine mismatch in %s: size of %s is %d but read %d
.PAVCSimpleException@@
.PAVCObject@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCOleException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.PAVCArchiveException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
zcÁ
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
GetConsoleOutputCP
GetCPInfo
GetProcessHeap
GetWindowsDirectoryA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetViewportExtEx
ShellExecuteA
ShellExecuteExA
UrlUnescapeA
URLDownloadToFileA
SetWindowsHookExA
UnhookWindowsHookEx
CreateDialogIndirectParamA
GetKeyState
ExitWindowsEx
EnumWindows
MsgWaitForMultipleObjects
GetAsyncKeyState
.text
`.rdata
@.data
.rsrc
%xERRj3cqZQ
! !!####0
;;;9551%%0
! !!565665@
version="8.1.1000.0"
name="setup.exe"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
ADVAPI32.dll
COMCTL32.dll
GDI32.dll
NETAPI32.dll
OLEAUT32.dll
oledlg.dll
SHELL32.dll
SHLWAPI.dll
urlmon.dll
USER32.dll
VERSION.dll
WINMM.dll
WINSPOOL.DRV
accKeyboardShortcut
Argument %d must be of type %s.
%d arguments required.
All Files (*.*)
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
#Unable to load mail system support.
Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.
Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Disk full while accessing %1..An attempt was made to access %1 past its end.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
8.1.1000.0
2008 Indigo Rose Corporation (VVV.indigorose.com)
suf80_rt.exe

irsetup.exe_2296_rwx_00401000_00172000:

FtPhu
SSSSh
FtPh
SSh`UQ
SSh4UQ
SShlTQ
SShDTQ
u1SSh
Su%Sh
SShx`Q
txSSh<`Q
SSh _Q
@ SSh
.hPsQ
SSShDxQ
9^$u&SSSSh?
u SSSSh?
9^$u)SSSSh?
u.VWS
WSSh|DQ
udPQ
t.Ht Ht(Ht
y2SSh
FHSSh
GHSSh
GTSSh
G\SSh
FlSSh
Nt.Nt
SShlSR
tjSShHSR
t;SSh$SR
F<%u3
t'SShl
u$SShe
aSSSh
.VVVVVSRSSj
FTPjK
FtPj;
C.PjRV
diu2.iuz
MSG_ERROR
%s %d. %s
MSG_ASK_FOR_DISK
MSG_NEW_LOCATION
MSG_CONFIRM_ABORT
MSG_CONFIRM
A%s.%d
%s, Line %d: %s
File condition evaluation for file "%s"
C:\temp\SUF_SFX_TEST\
msi.dll
\msi.dll
Software\Microsoft\Windows\CurrentVersion\Installer
MSG_INITIALIZING
16670749
[%d]: %s
*** LOCATION: %s
__NOREPORT__
Script: %s, %s (%s)
__ir_eval_value = %s;
%s (%s:%d)
F:\Program Files\Microsoft Visual Studio 8\VC\atlmfc\include\afxwin2.inl
%Copyright%. All rights reserved. %CompanyURL%
WindowStyle
MainWindowSettings
%s at offset %d unterminated
Incorrect %s at offset %d
Element '%s' at offset %d not ended
End tag '%s' at offset %d does not match start tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
%s%d bytes
%s%d wide chars to %d bytes
%d bytes to %s%d wide chars
MSG_SEARCH_FILE
(*.*)|*.*||
MSG_SEARCH_ALL
MSG_SEARCH_MASK
MSG_INSERTDISK
MSG_CANCEL
MSG_OK
MSG_BROWSE
MSG_PATH
Windows Server 2008
Windows Vista
Windows Server 2003
Windows XP
Windows 2000
Windows NT4
Windows NT3
Windows ME
Windows 98
Windows 95
CPasswordData
-- Defined in _SUF70_Global_Functions.lua
number e_ErrorCode, string e_ErrorMsgID
%WindowsFolder%\%ProductName% Setup Log.txt
%StartupFolder%
%StartFolder%
%StartProgramsFolder%
ÞsktopFolder%
%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%CommonFilesFolder%\Microsoft Shared\DAO
Software\Microsoft\Shared Tools\DAO350.dll
Software\Microsoft\Shared Tools\DAO360.dll
ÚOPath%
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
%SourceFolder%
%SystemDrive%
_WindowsFolder
%WindowsFolder%
%SystemFolder%
%CommonFilesFolder%
%CommonFilesFolder64%
%CommonProgramW6432%
%CommonDocumentsFolder%
%StartupFolderCommon%
%StartProgramsFolderCommon%
%StartFolderCommon%
%FontsFolder%
ÞsktopFolderCommon%
UninstallSupportFiles
CPRegKey
Run extra uninstall script: %d
%SourceDrive%
%SourceFilename%
\irsetup.dat
Support file added to uninstall list:
Registry key added to uninstall list:
Remove uninstall support file:
Remove uninstall CP entry from Registry: HKEY_LOCAL_MACHINE\
Register font: %s, %s
%sbk%d
MSG_NO
MSG_YES_TOALL
MSG_YES
MSG_UNINSTALL_OK_REMOVE
MSG_UNINSTALL_NO_APP_USE
MSG_UNINSTALL_REMOVE_SHARED
Decrement shared file count: %s (New count = %d)
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
: %s (#%d)
Global include script: %s
RegisterTypeLib: %s
RegisterTypeLib: %s - %s
Register COM file: %s
Register COM file: %s - System Error # %u
Register COM file on reboot: %s
regsvr32.exe /s %s
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Increment usage count: %s
Increment usage count: %s (New count = %d)
%s\%s
%s (%d)
local e_Stage = %d;local e_CurrentItemText=[[%s]];local e_CurrentItemPct=%d;local e_StagePct=%d;
MSG_SYSREQ_WARN
MSG_NOTICE
MSG_SYSREQ_ABORT
%s: %s
MSG_SYSREQ_USERPERMISSION
MSG_SYSREQ_SYSTEMADMIN
MSG_SYSREQ_COLORDEPTH
MSG_BITSPERPIXEL
MSG_SYSREQ_SCREENHEIGHT
MSG_SYSREQ_SCREENWIDTH
%s: %d
%s: %d %s
MSG_SYSREQ_RAM
MSG_SIZE_MEGABYTES
Operating System
MSG_SYSREQ_OS
MSG_OS_PART_ORNEWER
MSG_OS_PART_NOSERVPACK
MSG_OS_PART_SERVPACK
MSG_OS_PART_SE
MSG_OS_PART_C
MSG_OS_PART_B
MSG_OS_PART_A
MSG_OS_ALL
MSG_OS_NONE
MSG_OS_WSRV2008
MSG_OS_WVISTA
MSG_OS_WSRV2003
MSG_OS_WXP
MSG_OS_W2000
MSG_OS_WNT4
MSG_OS_WNT3
MSG_OS_WME
MSG_OS_W98
MSG_OS_W95
MSG_OS_UNKNOWN
MSG_SYSREQ_NOTMET
MSG_EXP_USESLEFT
MSG_EXP_USESLEFT2
%s %d %s
MSG_EXP_DAYSLEFT
MSG_EXP_DAYSLEFT2
Software\Microsoft\Windows\CurrentVersion\I652R9823\
MSG_EXP_CONTACT_START
MSG_SEEKING
Dependency Detection Passed
Arc: %s
FN: %s
%s (#%d)
MSG_SKIPPING
MSG_INSTALLING
Run project event: %s
local e_ErrorCode=%d; local e_ErrorMsgID = "%s"
Start project event: %s
MSG_UNINSTALLFILE_NOREMOVE
MSG_UNINSTALLFILE_INUSE
%s (%s: %u)
\WININIT.INI
MSG_FILE_EXISTS_INUSE
MSG_FILE_EXISTS_RETRY
MSG_FILE_EXISTS_ANY
MSG_FILE_EXISTS_NEWER
MSG_FILE_OVERWRITE_CONFIRM
%s\%s.lnk
%s (Return code: %d)
Product: %s, version %s
%s (%d):
MSG_PROG_UNINSTALL_CREATECONTROLFILE
ERR_CREATEUNINSTALL_OPEN_EXE_READ
ERR_CREATEUNINSTALL_OPEN_EXE_WRITE
Overwrite uninstall executable:
MSG_PROG_UNINSTALL_CREATEEXE
@MSG_PROG_UNINSTALL_CREATEDATFILE
?MSG_PROG_UNINSTALL_CREATEFOLDER
"/U:%s"
MSG_PROG_UNINSTALL_CREATESC
Create uninstall CP entry key
ERR_CREATEUNINSTALL_CREATEREGKEY
"%s",%d
Uninstall CP entry: URLUpdateInfo =
URLUpdateInfo
Uninstall CP entry: URLInfoAbout =
URLInfoAbout
"%s" "/U:%s"
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
MSG_PROG_UNINSTALL_CREATECPENTRY
MSG_PROG_UNINSTALL_COPYSUPPORTFILES
MSG_PROG_UNINSTALL_COPYPLUGINS
%s %s
MSG_REQUIRED_DRIVE
MSG_AVAILABLE_DRIVE
MSG_PROG_CHECKING_DRIVESPACE
MSG_PROG_CHECKING_FILES
%A, %B %d, %Y
[%s] %s
%m/%d/%Y %H:%M:%S
MsgFile
ERR_MSI_PATCH_REMOVAL_UNSUPPORTED
ERR_MSI_PATCH_PACKAGE_UNSUPPORTED
ERR_MSI_INSTALL_PLATFORM_UNSUPPORTED
ERR_MSI_UNSUPPORTED_TYPE
ERR_MSI_INSTALL_LANGUAGE_UNSUPPORTED
ERR_SERVER_FILE_DOWNLOAD_SET_PROXY_PASSWORD
ERR_SERVER_FILE_DOWNLOAD_OPEN_FTP_FILE
ERR_SERVER_FILE_DOWNLOAD_OPEN_HTTP_FILE
ERR_ODBC_INVALID_KEYWORD_VALUE
ERR_WEB_503
ERR_WEB_500
ERR_WEB_404
ERR_WEB_403
ERR_WEB_400
ERR_WEB_SET_PROXY_PASSWORD
ERR_WEB_SET_PROXY_USERNAME
ERR_WEB_WRITE_MEMORY
ERR_WEB_FTP_FILE_OPEN
ERR_WEB_USER_ABORT
ERR_WEB_FILE_WRITE
ERR_WEB_DOWNLOAD_FILE_ERROR
ERR_WEB_INVALID_HTTP_RESPONSE
ERR_WEB_DESTINATION_FILE_OPEN
ERR_WEB_SEND_REQUEST
ERR_WEB_OPEN_REQUEST
ERR_WEB_CREATE_HTTP_CONNECTION
ERR_WEB_CREATE_INTERNET_SESSION
ERR_REG_GET_SUB_KEY_NAME
ERR_REG_NON_EXISTANT_SUB_KEY
ERR_REG_DELETE_KEY
ERR_REG_CREATE_KEY
ERR_FILE_EXECUTION_FAILED_ELEVATION
ERR_KEY_RUN_ON_REBOOT_FAILED
ERR_USER_ABORTED_OPERATION
ERR_NON_EXISTANT_VIEWER_EXE
ERR_FILE_EXECUTION_FAILED
ERR_SPECIFIED_EXE_FILE_INVALID
MSG_SUCCESS
Language set: Primary = %d, Secondary = %d
%CompanyURL%
%CompanyName%
UxTheme.dll
%Copyright% %CompanyName%. All rights reserved. %CompanyURL%
%WindowsFolder%\%ProductName% Uninstall Log.txt
%CompanyName% Support Department
%WindowsFolder%\%ProductName%\uninstall.exe
uninstall.xml
CWebBrowser2
Confirm Operation
kernel32.dll
KERNEL32.DLL
PSAPI.DLL
Kernel32.dll
WS2_32.DLL
Copying "%s"
"%s" %s
%d.%d.%d.%d
\StringFileInfo\xx\ProductVersion
\StringFileInfo\xx\PrivateBuild
.bak%d
Windows NT 4
Windows NT 3
%s\shell\open\command
NUL=%s
Software\Microsoft\Windows NT\CurrentVersion\Fonts
Software\Microsoft\Windows\CurrentVersion\Fonts
***!!!***@@
Advapi32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%s\%s.url
%s\%s.pif
srclient.dll
%s_%d
%s\_ir_tmpfnt_%d
/\:*?"<>|
jsproxy.dll
DetectAutoProxyUrl
wininet.dll
%%x
d:d
WinINet.dll
Could not create Internet session: %u
Error downloading file: %u
Error writing the destination file: %d-%u
Could not create HTTP connection: %u
Could not create HTTP connection
Incorrect HTTP status returned by server: %d
Send request failed: %u
Content-Type: application/x-www-form-urlencoded
Could not open HTTP file: %s
PTF://
hXXps://
hXXp://
Could not open request: %u
Could not HTTP file: %u
MSG_STATUS_HANDLE_CREATED
MSG_STATUS_HANDLE_CLOSING
MSG_STATUS_REQUEST_COMPLETE
MSG_REDIRECTING
MSG_CONNECTION_CLOSED
MSG_RESOLVING_HOST_NAME
MSG_HOST_NAME_RESOLVED
MSG_CONNECTING_TO_SERVER
MSG_CONNECTED_TO_SERVER
MSG_CLOSING_CONNECTION
TRACE: LastError = %d ("%s")
Script: %s, %s
Script: %s, Line %d
All Files (*.*)|*.*|
PasswordInput
MSG_MOVING
MSG_COPYING
MSG_FROM
MSG_TO
MSG_DELETING
MSG_SEARCHING
\StringFileInfo\xx\SpecialBuild
\StringFileInfo\xx\OriginalFilename
\StringFileInfo\xx\Comments
\StringFileInfo\xx\LegalTrademarks
\StringFileInfo\xx\LegalCopyright
\StringFileInfo\xx\ProductName
\StringFileInfo\xx\InternalName
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\CompanyName
ErrorMsg
%Y-%m-%dT%H:%M:%S
MSG_INSTALL_DO_YOU_WANT_OVERWRITE
MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG
MSG_INSTALL_FILE_OLDER_MSG
OpenURL
\msiexec.exe
RunMsiexec
SQLInstallerError
SQLRemoveDriverManager
odbccp32.dll
SQLConfigDataSource
SQLInstallDriverEx
SQLInstallDriverManager
SQLRemoveDriver
\Kernel32.dll
GetKeyNames
DoesKeyExist
DeleteKey
CreateKey
ShortcutKey
keycode
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
MSG_SIZE_BYTES
P?MSG_SIZE_KILOBYTES
>MSG_SIZE_GIGABYTES
xxxxxx
%s-%s-%s
%s/%s/%s
%s:%s:%s
%d:%s:%s AM
%d:%s:%s PM
MSG_REBOOT_FAILED
WININET.DLL
PPassword
Password
%s %s %s %s (%0.2f %s)
%0.1f %s/%0.1f %s
%I64u %s/%I64u %s
MSG_KB_PER_SEC
MSG_ESTIMATED_TIME_LEFT
MSG_SAVING
MSG_DOWNLOADING
%s %s %s %s
MSG_QUERYING_INTERNET
MSG_READING
GetHTTPErrorInfo
%s > %s
local e_CtrlID=%d; local e_MsgID=%d;
Button%d
Check%d
ComboBox%d
Edit%d
Space available on selected drive: %SpaceAvailable%
Space required: %SpaceRequired%
Error: The specified file: '%s' could not be found.
Error: The specified file: '%s' could not be opened.
Error: The specified file: '%s' is too large to read.
Error: The specified file: '%s' could not be read.
number e_CtrlID, number e_MsgID, table e_Details
Application.Exit();
Screen.Next();
Screen.Back();
Radio%d
Total space required: %SpaceRequired%
IDS_CTRL_CHECK_BOX_d
IDS_CTRL_BUTTON_d
IDS_CTRL_STATICTEXT_LABEL_d
IDS_CTRL_COMBOBOX_d_DEFAULT
IDS_CTRL_EDIT_d
IDS_CTRL_RADIO_BUTTON_d
IDS_CTRL_LISTBOX_d
IDS_CTRL_SCROLLTEXT_BODY_d
IDS_CTRL_PROGRESS_BAR_d
IDS_CTRL_GROUP_BOX_d
IDS_CTRL_SELECT_PACKAGE_TREE_d
CTRL_CHECK_BOX_d
CTRL_BUTTON_d
CTRL_STATICTEXT_LABEL_d
CTRL_COMBOBOX_d
CTRL_EDIT_d
CTRL_RADIO_BUTTON_d
CTRL_LIST_BOX_d
CTRL_SCROLLTEXT_BODY_d
CTRL_PROGRESS_BAR_d
CTRL_GROUP_BOX_d
CTRL_SELECT_PACKAGE_TREE_d
IDS_CTRL_COMBOBOX_d_ITEMS
IDS_CTRL_SCROLLTEXT_FILE_d
WebWindow
IDS_CTRL_CATEGORY_NAME_d_%.3d
IDS_CTRL_CATEGORY_DESCRIPTION_d_%.3d
$Lua: Lua 5.0.2 Copyright (C) 1994-2004 Tecgraf, PUC-Rio $
$URL: VVV.lua.org $
!"#$%&'()* ,-./012
#*1892 $
%,3:;4-&
'.5<=6/7>?
mgM
CNotSupportedException
GDI32.DLL
hhctrl.ocx
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
CCmdTarget
f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
MSWHEEL_ROLLMSG
comctl32.dll
comdlg32.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
ntdll.dll
%s.dll
mfcm80.dll
CHttpConnection
CHttpFile
HTTP/1.0
user32.dll
f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
ole32.dll
mscoree.dll
Visual C   CRT: Not enough memory to complete call to strerror.
cmd.exe
command.com
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
?#%X.y
operator
GetProcessWindowStation
USER32.DLL
OLEACC.dll
WININET.dll
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
.?AVCCmdTarget@@
.PAVCFileException@@
.PAVCException@@
.?AVCMainWindowSettings@@
.?AVCMD5@@
.?AVCPasswordData@@
.?AVCRTSessionVarMgr@@
.?AVCScreenCrtrMeasure@@
.?AVCWebBrowser2@@
.PAVCInternetException@@
.PAVCMemoryException@@
.PAVCResourceException@@
.?AVCScreenCtrlMsg@@
.?AVCScreenCtrlMsgDetail@@
Lua 5.0.2
attempt to %s a %s value
attempt to %s %s `%s' (a %s value)
attempt to compare %s with %s
attempt to compare two %s values
%s:%d: %s
system error %d
file (%s)
`popen' not supported
field `%s' missing in date table
^$* ?.([%-
missing `[' after `%%f' in pattern
no function environment for tail call at level %d
could not load package `%s' from path `%s'
error loading package `%s' (%s)
?;?.lua
bad argument #%d to `%s' (%s)
calling `%s' on bad self (%s)
%s expected, got %s
%s:%d:
stack overflow (%s)
cannot read %s: %s
`__pow' (`^' operator) is not a function
invalid key for `next'
too many %s (limit=%d)
%s:%d: %s near `%s'
char(%d)
`%s' expected (to close `%s' at line %d)
`%s' expected
bad code in %s
unexpected end of file in %s
bad integer in %s
bad nupvalues in %s: read %d; expected %d
bad constant type (%d) in %s
unknown number format in %s
%s too old: read version %d.%d; expected at least %d.%d
%s too new: read version %d.%d; expected at most %d.%d
bad signature in %s
virtual machine mismatch in %s: size of %s is %d but read %d
.PAVCSimpleException@@
.PAVCObject@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCOleException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.PAVCArchiveException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCOleDispatchException@@
zcÁ
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
GetConsoleOutputCP
GetCPInfo
GetProcessHeap
GetWindowsDirectoryA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetViewportExtEx
ShellExecuteA
ShellExecuteExA
UrlUnescapeA
URLDownloadToFileA
SetWindowsHookExA
UnhookWindowsHookEx
CreateDialogIndirectParamA
GetKeyState
ExitWindowsEx
EnumWindows
MsgWaitForMultipleObjects
GetAsyncKeyState
.text
`.rdata
@.data
.rsrc
accKeyboardShortcut
Argument %d must be of type %s.
%d arguments required.
All Files (*.*)
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
#Unable to load mail system support.
Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.
Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Disk full while accessing %1..An attempt was made to access %1 past its end.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

DTLite4413-0173.exe_1672:

.text
`.rdata
@.data
.ndata
.rsrc
RegDeleteKeyExW
Kernel32.DLL
PSAPI.DLL
%s=%s
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationW
ShellExecuteW
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
%U/nE
q4*.rIY
.cr1h
;$;(;,;0;4;8;<;@;
<(</<4<8<<<]<
<&=,=0=4=8=
4 4@4\4`4
2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.
3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0?
3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
.Class 3 Public Primary Certification Authority0
hXXps://VVV.verisign.com/cps0*
#hXXp://logo.verisign.com/vslogo.gif0
hXXp://ocsp.verisign.com01
hXXp://crl.verisign.com/pca3.crl0)
hXXp://ocsp.verisign.com0
"hXXp://crl.verisign.com/tss-ca.crl0
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
<TOOLBAR version="1.00.000" >
<BUTTON ID="DTLite" key="1000" captionShow="1" img="dt.ico" caption="ID_DTLiteCaption" hint="ID_DTLiteCaptionHint" system="DTLITE_PATH -show_mdm" >
<ITEM key="1002" caption="ID_Mount" img="m.ico" system="DTLITE_PATH -show_mount"/>
<ITEM key="1003" caption="ID_UnMount" img="u.ico" system="DTLITE_PATH -unmount_all"/>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="highestAvailable" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
verifying installer: %d%%
unpacking data: %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
%u.%u%s%s
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
*?|<>/":
pData\Local\Temp\nsr342B.tmp\setuphlp.dll
0173.exe /S
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\setuphlp.dll
ON Tools Lite\DTGadget.lnk
te.lnk
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp
6.exe
Monkey's Audio!
Windows Media Audio
`~!@#$^&*() =[]{}\:;'",|<>/
<A HREF="%s">
nsr342B.tmp
\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe /S
342B.tmp\Lang\
\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe /S
%Program Files%\DAEMON Tools Lite
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0
DTLite4413-0173.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nsc33CC.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe
Windows Gadget
Integrate with Windows Explorer
SCSI Pass Through Direct (SPTD) layer is needed for Advanced Emulation features.
Windows Gadget for quick access to main DAEMON Tools functionalities from Desktop.
4.41.3.0173.0
DAEMONSetup4.41.3.0173.exe

dinotify.exe_3912:

.text
`.data
.rsrc
@.reloc
KERNEL32.dll
msvcrt.dll
pnpui.dll
dinotify.pdb
_amsg_exit
version="1.0.0.0"
name="DINotify.exe"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel
pnpui.dll,SimplifiedDINotification
Windows Device Installation
6.1.7600.16385 (win7_rtm.090713-1255)
dinotify.exe
Windows
Operating System
6.1.7600.16385

sidebar.exe_1808:

.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
GDI32.dll
USER32.dll
msvcrt.dll
ATL.DLL
ole32.dll
OLEAUT32.dll
COMCTL32.dll
gdiplus.dll
SHLWAPI.dll
SHELL32.dll
urlmon.dll
CRYPT32.dll
sfc_os.dll
dwmapi.dll
CRYPTUI.dll
UxTheme.dll
SSShZ
SSSSSSh
FTPQ
#SSSh
1.1.4
1.3.6.1.4.1.311.2.1.12
DwmApplyWindowScaleFactor
FTPh
SSShw
PSSh|
tWHt;Ht.Ht
sidebar.exe
WININET.dll
WTSAPI32.dll
WINMM.dll
IPHLPAPI.DLL
WINTRUST.dll
PROPSYS.dll
Wlanapi.dll
wlanutil.dll
OLEACC.dll
COMDLG32.dll
InternetCreateUrlW
InternetCrackUrlW
GetUrlCacheEntryInfoW
PSGetPropertyKeyFromName
ntdll.dll
RegCloseKey
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyW
ReportEventW
GetProcessHeap
RegEnumKeyExW
GetSystemWindowsDirectoryW
RegCreateKeyExW
SetViewportOrgEx
GetKeyState
GetKeyboardState
UnregisterHotKey
RegisterHotKey
MsgWaitForMultipleObjectsEx
GetAsyncKeyState
_amsg_exit
_acmdln
GdipSetPenLineJoin
GdipSetImageAttributesColorKeys
GdiplusShutdown
PathIsURLW
UrlIsW
UrlEscapeW
PathCreateFromUrlW
UrlUnescapeW
ShellExecuteW
SHFileOperationW
ShellExecuteExW
URLOpenBlockingStreamW
CreateURLMoniker
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgClose
CryptUIDlgViewCertificateW
sidebar.pdb
name="Microsoft.Windows.Sidebar"
version="1.0.0.0"
<description>Windows Sidebar</description>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
stdole2.tlbWWWp)
vOperationWW
.ssid
.backgroundWW
.lpbstrStdDisplayNameWD
KEYWh
"" ,,/,**)((
!<9:;;6611-,,)))((
yuussHIBA@<9966111/-,,),9IA89511
wfb=3/-A}
444600,,)''%%$$
"<34//*('%%$$
=55/** ('%%$$
@<25/**((%%%$$
!!//---*)(
62.*(&$#
,63.*)&$$##
/963.*)&&##
L[Q9930.*'$$&.LhmlEF
7000--,,**''''
U$.eH~
}#$##$$$ !
}    / 0/01&&()#
];<4*/%'
@.lF!=^
*8<<:8<<8<<<8<<<8*
6666666666
.oeA(
l.GCc
"Cw%X 
%d%t3
%fLpX
%US7i
;w.VS]}
.IDATx
&p.VM
j.ah@
g?.Vf
Q.hH5
)%uuu
d^pÇ
{D58F39FF-953E-4F45-898F-59F243B9A523} = s 'ghost'
'sidebar.EXE'
val AppID = s {D58F39FF-953E-4F45-898F-59F243B9A523}
NoRemove 'Windows Sidebar'
*021:1@1
3 3$3(3,3034383<3
? ?$?(?,?
8 8$8(8,808
4 4'4.4;4
="=)=0=7=
6#6*61676
=4=8=\=`=
4 4<4@4\4`4|4
5 5<5@5\5`5|5
Section%d
Software\Microsoft\Windows\CurrentVersion\Sidebar\Settings
Software\Microsoft\Windows Sidebar\IEOverride
00.00.00.02
Software\Microsoft\Windows\CurrentVersion\Sidebar\Compatibility
Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar
Microsoft\Windows Sidebar\Gadgets
Settings.ini
Microsoft\Windows Sidebar
AnimationsTimerT%d
Gadget.xml
*.Gadget
hXXp://go.microsoft.com/fwlink/?LinkId=124093
imageres.dll
{557CF406-1A04-11D3-9A73-0000F81EF32E}
Windows Sidebar\Shared Gadgets
Msg_GadgetInstalled
%d.%d.%d.%d
Wversion.dll
%s %s
.0123456789
ddwmapi.dll
Msxml.DOMDocument
Windows Sidebar\Gadgets
%s\%s
keywords
website
Software\Microsoft\Windows\CurrentVersion\Run
Section %d
\\?\UNC\
BurlyWood
Windows
Keywords
Windows Sidebar
mshelp://windows/?id=3d5bb826-ed5d-421f-9411-8e0d6ee83947
hXXp://
.html
.Gadget
<A href="%s">%s</A>
<A ID="Link">%s</A>
<A ID="Cert">%s</A>
Cert
mshelp://windows/?id=6b046ae9-1434-4423-9303-400ff6fe686b
url("gbackground:///%s")
SupportLink
SidebarExecute
{00000000-0000-0000-0000-000000000000}
\\?\Volume
style.backgroundImage
style.width
style.height
Software\Microsoft\Windows\CurrentVersion\Sidebar
style.backgroundColor
%windir%\system32\schtasks.exe
/run /tn Microsoft\Windows\SideShow\GadgetManager
HARDWARE\DESCRIPTION\System\CentralProcessor\%d
Shell.Application
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
@tzres.dll,
\tzres.dll
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
&C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
Windows Desktop Gadgets
6.1.7601.17514 (win7sp1_rtm.101119-1850)
sidebar.EXE
Windows
Operating System
1.0.7601.17514
Microsoft-Windows-Sidebar/Diagnostic

DT_free_Rus_YandexBar1022.exe_2792:

.text
`.rdata
@.data
.rsrc
@.reloc
operator
GetProcessWindowStation
%d %d %d %d
inflate 1.1.3 Copyright 1995-1998 Mark Adler
-DTLite.exe
YandexSetup.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON_Tools_Bar Toolbar
--distr /passive /msicl "
E:\Projects\toolbars\YandexToolbar\Release\ToolbarSetup.pdb
KERNEL32.dll
EnumChildWindows
EnumThreadWindows
USER32.dll
GDI32.dll
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
GetProcessHeap
GetCPInfo
t~}q{{oyylwvitsfqqdoobnn_ll^jj[hhZhhZhhZggYhhZhgZggYggYffXffXffXefXefXfeXeeWeeXddWddWddVddVddVcdVbcUbcTbcUabTabTabTaaTaaT``T``T``T``S``S__R__R^^Q^^Q^^Q^^Q]]Q]]P]\P\\P\\O\\O[[O[[O[[N[[N[ZNZZMZZLZZLZYLYYLYYKYWKYWKYWKYXKXWKWVJWWJXVIWVHWVHWVIWVHVUGVUGVUGVUGVTGUSGVTFVTEVTFVSEUSETSETSDURETRETRETRDTRDSRDTRDTQCTQCTRD
BYL<`S<^P8UF.VG.XI0^Q9VH/SE,TF-UG.UG.UG.WI1XI2SF,SF,SF,TF-TG.UH/ZM4_S:^R9^R9]Q9]P8UH0XK3VI/]Q9]Q9]Q:[N6SF,UG.XL3^R:^R:WJ2TH/UH/SF-\O7\O7\P8YM4SF.QD,SE.WK2[N7[N7[O8[N8[N8[N8[N8YL6YL6WK5XL6YL6YL6YL6WL5WK5VJ4OC1NA3MB2QE2VJ4UI3UI3TI4TH3TH3SH3SH3RG2RG2QF2PF1PE1PE1PE0PE0OD0OD0QF3OD0NB/MB.MB.
k`LOB WJ4XK5WJ4WJ4WK5WK5VJ4VJ4VI4UI4UI4TI4TI3UH3UH3TH3RG2RG2RG2RG2QF1QF1QF2QF2PE1PE1PE1OD0OD0OD0NC/MB.MB/LA.LA.LA.KA.K@.J?-J?-I?-I?,H>,
PD.XK5RD.xm[
RE.VI3PC,
NB,QF1SG3RG2RG1RF1RF1QF1RF1QE1QF2QF2PE1PD1QD1PD0OD0NC/OC/NC/NC.MB.MC/MB.MA.LA.LA.L@.K@,K@,J@,J?,J>,I>,I>,H>,G= G= G= F<*F<*E;)E;*
G;&OD0OD0OD0OC.NC.NC.NB.MB.MB/MB/MB.LB.LA.LA.LA.K@-K@.J?-MC1MC1I>,J?-I>,I>,I>,G= G=*G=*G=*G<*G<*F;)F;*E;)E;)D:(D:(D:(C9(C9(C9(
OC.TI6RG3MA-NB.MA-K?*
?5$?5$>4#>4#=4#=3"=4#=3"<2!G?.ZRC=5&:1":2":2":2":1":1":1":1"90"90"90"8/"8/!8/!8/!7. 7. 7. 7-
8/!:2$4,
@6$>4"8,
<2"<2#;2";2!:2!:1"<4$;2#90"4 
8/!8/!8/!8.!7. 7. 7. 7. 6-
80 90"2(
6- 6- 6-
JJJ...SSS
/,)/,)?:7
tGHt.Ht&
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
USER32.DLL
Seed: %d
D:\build\autobuild\e957a850ea619703\downloader\Release\downloader.pdb
RegOpenKeyExW
ole32.dll
OLEAUT32.dll
URLOpenBlockingStreamW
urlmon.dll
WINTRUST.dll
VERSION.dll
GetConsoleOutputCP
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
3.44484<4@4
"hXXp://crl.verisign.com/tss-ca.crl0
hXXp://ocsp.verisign.com0
Thawte Certification1
0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.
3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0?
3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
.Class 3 Public Primary Certification Authority0
hXXps://VVV.verisign.com/cps0*
#hXXp://logo.verisign.com/vslogo.gif0
hXXp://ocsp.verisign.com01
hXXp://crl.verisign.com/pca3.crl0)
hXXp://VVV.yandex.ru0
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
4O4
3:3?3!4.444`4
2(3,3034383
mscoree.dll
KERNEL32.DLL
WUSER32.DLL
dhXXp://legal.yandex.ru/elements_agreement/
_Hyperlink_Object_Pointer_\{AFEED740-CC6D-47c5-831D-9848FD916EEF}
%Program Files%\DAEMON Tools Lite\DT_free_Rus_YandexBar1022.exe
DAEMON Tools Lite ve Yandex.Bar
Yandex.Bar
Instalovat Yandex.Bar Seznam Edition
Nastavit Seznam.cz jako domovskou str
m Yandex.Baru Seznam Edition souhlas
Yandex.Bar v barv
tu Yandex.Bar v barv
by Seznam.cz
The file "%s" is signed and the signature was verified.
The file "%s" is not signed.
An unknown error occurred trying to verify the signature of the "%s" file.
Error is: 0x%x.
For using type: downloader.exe --partner <name> [--distr <params>] [--try] <download try count> [--sync]
Oops after %d bytes.
File downloading complete: %s, size: %d
Speed: %dKBs
File doesn't exist: %s
Can't create file '%s'
Error: 0x%x
Exit code: 0x%x
Can't get exit code. Error: 0x%x
Downloading installer: %s
try %d
HRESULT: 0xX
Distr: %s
Try to run: %s %s
%d.%d.%d
Val: %d
templ: %s
%s: %s
New partner name: %s
url: %s
name: %s
fb: %s
lt: %s
\downloader.log
cmd: %s
ver: %s
os: %s
elevated: %s
\seed.txt
Params: '%s'
hXXp://downloader.yandex.net/yandex-pack/downloader/info.rss
hXXp://download.yandex.ru/yandex-pack/downloader/info.rss
hXXp://downloader.yandex.net/yandex-pack/
YandexPackSetup.exe
YandexSearch.exe
DebugURL
downloader.yandex.net
download.yandex.ru
suffix: %s
%d.%d.%d.%d
0.1.0.16
download.exe
DT Yandex Setup.exe

WMIADAP.EXE_3440:

.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
USER32.dll
msvcrt.dll
wbemcomn.dll
OLEAUT32.dll
ole32.dll
loadperf.dll
`.bik
PSSSSSSh
WMIADAP.exe
?CloseSubKey@CRegistry@@AAEXXZ
?CreateOpen@CRegistry@@QAEJPAUHKEY__@@PBGPAGKKPAU_SECURITY_ATTRIBUTES@@PAK@Z
?DeleteCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBG@Z
?DeleteCurrentKeyValue@CRegistry@@QAEKPBG@Z
?DeleteKey@CRegistry@@QAEJPAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGPAEPAK@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGPAEPAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHStringArray@@@Z
?GetCurrentRawKeyValue@CRegistry@@AAEKPAUHKEY__@@PBGPAXPAK3@Z
?GetCurrentRawSubKeyValue@CRegistry@@AAEKPBGPAXPAK2@Z
?GetCurrentSubKeyCount@CRegistry@@QAEKXZ
?GetCurrentSubKeyName@CRegistry@@QAEKAAVCHString@@@Z
?GetCurrentSubKeyPath@CRegistry@@QAEKAAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAK@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGPAXPAK@Z
?GetLongestSubKeySize@CRegistry@@QAEKXZ
?GethKey@CRegistry@@QAEPAUHKEY__@@XZ
?LocateKeyByNameOrValueName@CRegistrySearch@@QAEHPAUHKEY__@@PBG1PAPBGKAAVCHString@@3@Z
?NextSubKey@CRegistry@@QAEKXZ
?Open@CRegistry@@QAEJPAUHKEY__@@PBGK@Z
?OpenAndEnumerateSubKeys@CRegistry@@QAEJPAUHKEY__@@PBGK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QAEJPBG0AAVCHString@@@Z
?OpenSubKey@CRegistry@@AAEKXZ
?RewindSubKeys@CRegistry@@QAEXXZ
?SearchAndBuildList@CRegistrySearch@@QAEHVCHString@@AAVCHPtrArray@@00HPAUHKEY__@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAK@Z
?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHStringArray@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAK@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHStringArray@@@Z
?SetCurrentKeyValueExpand@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?myRegCreateKeyEx@CRegistry@@AAEJPAUHKEY__@@PBGKPAGKKQAU_SECURITY_ATTRIBUTES@@PAPAU2@PAK@Z
?myRegDeleteKey@CRegistry@@AAEJPAUHKEY__@@PBG@Z
?myRegDeleteValue@CRegistry@@AAEJPAUHKEY__@@PBG@Z
?myRegEnumKey@CRegistry@@AAEJPAUHKEY__@@KPAGK@Z
?myRegEnumValue@CRegistry@@AAEJPAUHKEY__@@KPAGPAK22PAE2@Z
?myRegOpenKeyEx@CRegistry@@AAEJPAUHKEY__@@PBGKKPAPAU2@@Z
?myRegQueryInfoKey@CRegistry@@AAEJPAUHKEY__@@PAGPAK22222222PAU_FILETIME@@@Z
?myRegQueryValueEx@CRegistry@@AAEJPAUHKEY__@@PBGPAK2PAE2@Z
?myRegSetValueEx@CRegistry@@AAEJPAUHKEY__@@PBGKKPBEK@Z
QSSh0
Invalid parameter passed to C runtime function.
ntdll.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryInfoKeyW
_amsg_exit
_acmdln
?Report@CEventLog@@QAEHGKVCInsertionString@@000000000@Z
WMIADAP.pdb
<assemblyIdentity version="1.0.0.0"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
5m6z6
%s_x
%s_x_
Global\WMI_SysEvent_Semaphore_%d
WinMSGWMIADAP
\\.\root\cimv2
WMIADAP Msg window
\\.\root\wmi
PSAPI.DLL
x=%s
Describes all the counters supported via WMI Hi-Performance providers
_new.ini
xx %s%s.ini
xx %s
\\.\ROOT\cimv2:__ClassProviderRegistration.provider="\\\\.\\root\\cimv2:__Win32Provider.Name=\"WmiPerfClass\""
WmiApRes.dll
%s\%s
6.1.7600.16385 (win7_rtm.090713-1255)
wmicookr.dll
Windows
Operating System
6.1.7600.16385


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    DAEMONLite4.41.exe:3616
    sidebar.exe:1808
    %original file name%.exe:1796
    rundll32.exe:3972
    DrvInst.exe:2628
    DrvInst.exe:3532
    DrvInst.exe:4052
    SetupHelper.exe:2904
    regsvr32.exe:1428

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe (1151 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DAEMONLite4.41.exe (5340 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\zone-it.com.url (198 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\zone-it.com.nfo (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\KOB.dll (77 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\x.bat (964 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\Readme2.vbs (75 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\RUN.exe (2192 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\เครดิต.txt (133 bytes)
    C:\Windows\inf\setupapi.dev.log (478 bytes)
    C:\Windows\System32\DriverStore\infpub.dat (248 bytes)
    C:\Windows\Temp\Tar4716.tmp (2712 bytes)
    C:\Windows\Temp\Tar45E8.tmp (2712 bytes)
    C:\Windows\Temp\Tar4659.tmp (2712 bytes)
    C:\Windows\Temp\Tar4598.tmp (2712 bytes)
    C:\Windows\System32\DriverStore\infstrng.dat (1036 bytes)
    C:\Windows\Temp\Cab45E7.tmp (48 bytes)
    C:\Windows\Temp\Tar4628.tmp (2712 bytes)
    C:\Windows\Temp\Cab4658.tmp (48 bytes)
    C:\Windows\Temp\Cab4627.tmp (48 bytes)
    C:\Windows\Temp\Cab4715.tmp (48 bytes)
    C:\Windows\inf\oem10.PNF (7501 bytes)
    C:\Windows\System32\drivers\SET46FE.tmp (1281 bytes)
    C:\Windows\Temp\Cab4597.tmp (48 bytes)
    C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F62.tmp (1281 bytes)
    C:\Windows\System32\DriverStore\FileRepository\dtsoftbus01.inf_x86_neutral_1cc2711e3c419337\dtsoftbus01.PNF (14978 bytes)
    C:\Windows\Temp\Tar415A.tmp (2712 bytes)
    C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F50.tmp (7 bytes)
    C:\Windows\Temp\Tar4127.tmp (2712 bytes)
    C:\Windows\Temp\Tar417B.tmp (2712 bytes)
    C:\Windows\inf\oem10.inf (1 bytes)
    C:\Windows\System32\DriverStore\INFCACHE.0 (1523 bytes)
    C:\Windows\Temp\Tar4139.tmp (2712 bytes)
    C:\Windows\Temp\Cab417A.tmp (48 bytes)
    C:\Windows\Temp\Cab4138.tmp (48 bytes)
    C:\Windows\System32\DriverStore\infstor.dat (308 bytes)
    C:\Windows\Temp\Cab4126.tmp (48 bytes)
    C:\Windows\Temp\Cab40C7.tmp (48 bytes)
    C:\Windows\Temp\Tar40C8.tmp (2712 bytes)
    C:\Windows\Temp\Cab4159.tmp (48 bytes)
    C:\Windows\System32\DriverStore\Temp\{50980cec-0f8c-0ba4-4c14-8b02a1465e5b}\SET3F51.tmp (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider.png (131 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_bottom.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Grabbing.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives4.png (576 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\setuphlp.dll (267063 bytes)
    %Program Files%\DAEMON Tools Lite\DTLite.exe (316919 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_middle.png (166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\add_slot.png (906 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drive_controls.png (10 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\SLV.dll (1856 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHS.dll (1597 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_bottom.png (627 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\ESN.dll (4992 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\virtual_drive.js (226 bytes)
    %Program Files%\DAEMON Tools Lite\imgengine.dll (11663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\no_slot.png (2 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\NLB.dll (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\TRK.dll (2461 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_selected.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_out.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png (1640 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_drive_disable.png (505 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\SRL.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\warning_48.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_hint_right.png (119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives0.png (547 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_news_display_top.gif (145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar43EA.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\content_bottom.gif (207 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\MNDManager.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives0.png (23 bytes)
    C:\Windows\System32\catroot2\dberr.txt (1255 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\down_drive.png (343 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_2.png (209 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab1.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\down_drive.png (343 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\no_drive_select.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_bottom_links_news.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab2.png (1340 bytes)
    %Program Files%\DAEMON Tools Lite\SPTDinst-x86.exe (21234 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HYE.dll (3398 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_out.png (893 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_left.png (122 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\RUS.dll (3726 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\content_bottom.gif (207 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED3.tmp (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_9.png (502 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\HRV.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_window.png (11 bytes)
    %Program Files%\DAEMON Tools Lite\DT.gadget (33248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab3.png (995 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin3_pro.jpg (1873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\style.css (851 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_right.png (137 bytes)
    %Program Files%\DAEMON Tools Lite\DTCommonRes.dll (109567 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_selected.png (606 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\skins_gallery_but.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc341B.tmp (799348 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_middle.png (166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab1.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_tab.gif (535 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_selected.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_top.png (523 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab3.png (1155 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_over.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BIH.dll (3722 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_bottom_links_news.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_top_right.png (168 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_top.gif (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\DTGadget_icon.png (1910 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_out.png (597 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dell_slot.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_controls_icons.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives2.png (8 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\ARA.dll (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_bottom.gif (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SVE.dll (3718 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_window.png (824 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KOR.dll (1597 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\read.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\skin_select.gif (295 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\help.png (896 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\unmounted.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar438B.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DEU.dll (5110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drive_controls.png (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tabgrey.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_selected.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_hint.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_window.png (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives2.png (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_drive_hover.png (366 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\unmounted.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_middle.png (206 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\DTSetupHelper.exe (6532 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_over.png (744 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\IND.dll (1592 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_news_display_top.gif (134 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\PLK.dll (3616 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\BGR.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FRA.dll (5114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_over.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\feedback.png (761 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drive_select.png (593 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drive_controls.png (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\no_drive_select.png (1 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\make_img.html (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_out.png (811 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drag.png (1359 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\SKY.dll (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_bottom_right.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_selected.png (606 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3EE5.tmp (1281 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\ITA.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\KAT.dll (3718 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drive_select.png (593 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Grabbing.ico (1 bytes)
    %Program Files%\DAEMON Tools Lite\DT_free_Rus_YandexBar1022.exe (84187 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives3.png (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_selected.png (871 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives4.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\prop_.png (1096 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\HUN.dll (3312 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\HEB.dll (2392 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\01_attached_unmounted.png (2 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\CHT.dll (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\inf.png (686 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_over.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_7.png (119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_over.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_top.png (523 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_right.png (119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LTH.dll (3722 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\CSY.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_3.png (338 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab438A.tmp (51 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\NOR.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss.css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_icon.png (911 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_1.png (311 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_bottom.gif (424 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\content_bottom.gif (282 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget_pro.xml (913 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab1.ico (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_6.png (171 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget_lite.xml (913 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SKY.dll (3406 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives1.png (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\settings.html (856 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\1.png (122 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\DEU.dll (4992 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\tab2.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_out.png (669 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives0.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\down_drive_hover.png (348 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_out.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_top.gif (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\skin_gallery.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_drive.png (943 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ELL.dll (3406 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar4379.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{6f414ad4-98be-023d-7954-f5554fe6846a}\SET3ED4.tmp (1 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\LTH.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\skin_select.gif (295 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives1.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_over.png (402 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png (500 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\ENU.dll (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar44EC.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_top.png (523 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\MNDManager.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\add_drive.html (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_out.png (471 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\TRK.dll (2392 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab44EB.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\settings.css (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_middle.png (206 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab448B.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_bottom.png (627 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Grabbing.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\1.png (122 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\KOR.dll (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_icon.png (911 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_out.png (797 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\error.png (809 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\FRA.dll (4992 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\mount_n_drive.html (2 bytes)
    %Program Files%\DAEMON Tools Lite\uninst.exe (66912 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\lines.png (119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_drive.png (903 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png (1536 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_unread.png (776 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message.css (995 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider_left.png (145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\message.html (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_selected.png (362 bytes)
    %Program Files%\DAEMON Tools Lite\DTShellHlp.exe (98771 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\rss_refresh.png (800 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\main_controls_icons.png (964 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\UKR.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slot_button1.gif (859 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar448C.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\display_middle.gif (97 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\shortcut_hover.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_news_display_middle.gif (59 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HUN.dll (3398 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_middle.png (166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives3.png (211 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_bottom.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\1.gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\down_drive_hover.png (348 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\Uninstall.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_out.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\drives1.png (7 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\PTB.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\DTGadget_icon.png (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\chenge_view.png (575 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\Gadjet_bottom_links_news.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_out.png (597 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\links_over.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\lines.png (119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss.gif (635 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin2.jpg (633 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\links_selected.png (385 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_bottom.png (627 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\JPN.dll (1921 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_over.png (642 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\add_image.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ESN.dll (5110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\mounted.png (433 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ARA.dll (3398 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\ROM.dll (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_bottom_left.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\Gadjet_middle.png (206 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ENU.dll (3410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\close.png (2 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\IND.dll (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\DTGadget_icon.png (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab3.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_butts.gif (724 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_out.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_news_display_top.gif (134 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\feedback.png (761 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\drive_slotes.js (1309 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\popup_window.css (103 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\feedback.png (761 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\1.png (122 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PLK.dll (3722 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\left_right_butts.gif (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slot_button.gif (852 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss.css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\down_drive_hover.png (348 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_but.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_read_selected.png (750 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drive_select.png (593 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CHT.dll (1601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\photoshop.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\01_attached_mounted.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\up_down_drive_disable.png (904 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_bottom.png (140 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_drive_disable.png (505 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\SetupHelper.exe (1856 bytes)
    %Program Files%\DAEMON Tools Lite\dtsoftbus01.sys (232 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_icon.png (911 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab2.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_refresh.png (759 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\global_settings.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\chenge_view.png (575 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_divider_left.png (135 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\rss.html (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\1.gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_out.png (3 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HRV.dll (3726 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_refresh.png (800 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_divider_right.png (135 bytes)
    C:\Users\Public\Desktop\DAEMON Tools Lite.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_butts.gif (724 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\unread.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\jquery-1.3.1.min.js (2333 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\drives2.png (1724 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_but.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\make_img.css (103 bytes)
    %Program Files%\DAEMON Tools Lite\InstallGadget.exe (12536 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin3.jpg (578 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\FIN.dll (3722 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_unread.png (776 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\shortcut_hover.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\mounted.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_middle.gif (97 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\unmounted.png (1 bytes)
    %Program Files%\DAEMON Tools Lite\DTHelper.exe (19152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_pro_over.png (157 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ITA.dll (3730 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab441A.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\gadget.js (454 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_window_small.png (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_selected.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_over.png (374 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\photoshop.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\ROM.dll (3406 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\links_selected.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_drive_hover.png (366 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\lines.png (119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\shortcut_hover.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar447B.tmp (2712 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\LVI.dll (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tabblue.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SRL.dll (3722 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\help.png (896 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_out.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\add_image.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_window_small.png (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\help.png (896 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\news_over.png (642 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\KAT.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\json_parse.js (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_top.gif (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_corner_top_left.png (166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin2_pro.jpg (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_butt.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message_window.png (1162 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\add_image.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\no_drive_select.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget.xml (913 bytes)
    C:\ProgramData\DAEMON Tools Lite\license.dat (2156 bytes)
    %Program Files%\DAEMON Tools Lite\Engine.dll (132485 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab43E9.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_icon_pro.png (960 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_controls_icons.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\mounted.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\message_butt.png (1 bytes)
    %Program Files%\DAEMON Tools Lite\DTGadget32.dll (10136 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives3.png (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\prop_.png (804 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\AFK.dll (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\main_controls_icons.png (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_down_drive.png (903 bytes)
    %Program Files%\DAEMON Tools Lite\dtsoftbus01.inf (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\drives4.png (962 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_divider_right.png (139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin1_pro.jpg (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_top.png (137 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\DAN.dll (3718 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_selected.png (465 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\dtcom.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\rss_controls_icons.png (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab4378.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\settings_over.png (464 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\LVI.dll (1601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\gadjet_scripts.js (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\settings_box_left.png (137 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\message.css (995 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\down_drive.png (343 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\up_drive_hover.png (366 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\System.dll (11 bytes)
    %Program Files%\DAEMON Tools Lite\SPTDinst-x64.exe (24832 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_selected.png (465 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\BIH.dll (3616 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\SVE.dll (3616 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\dtsetup.ini (1358 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab1.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\chenge_view.png (677 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\skins_gallery_but.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\slots_window_8.png (166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\message_butt.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab447A.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\AFK.dll (29 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar441B.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\tab1.ico (16 bytes)
    %Program Files%\DAEMON Tools Lite\DTGadget64.dll (12088 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\FIN.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\MNDManager.ico (1150 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\DAN.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_selected.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_pro_over.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\previews\skin1.jpg (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_selected.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\css\style.css (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\news_out.png (669 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\warning.png (3 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\RUS.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_out.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\Gadjet_bottom.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\HEB.dll (2473 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\up_down_butts.gif (724 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\news_read_over.png (891 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\ELL.dll (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\photoshop.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\display_middle.gif (897 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\prop_.png (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NLB.dll (3410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\mount.html (2 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\JPN.dll (1856 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\CSY.dll (3718 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\style.css (1093 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\rss_unread.png (776 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\tab1.ico (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\UKR.dll (3726 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\js\rss.js (988 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\settings_over.png (464 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\1.gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\PTB.dll (3722 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\BGR.dll (3730 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\HYE.dll (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\SLV.dll (1921 bytes)
    %Program Files%\DAEMON Tools Lite\dtsoftbus01.cat (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\display_bottom.gif (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr342B.tmp\Lang\NOR.dll (3726 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\main_controls_icons.png (488 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\gadget.html (9 bytes)
    %Program Files%\DAEMON Tools Lite\Lang\CHS.dll (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\DTLite4413-0173.exe (187244 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat (2712 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite" = "%Program Files%\DAEMON Tools Lite\DTLite.exe -autorun"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Average: 4 (3 votes)

x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now