Trojan.NSIS.StartPage_953598580c

by malwarelabrobot on April 10th, 2014 in Malware Descriptions.

Trojan-Downloader.Win32.Genome.ghos (Kaspersky), Trojan-Downloader.NSIS.Agent.nos (v) (VIPRE), Artemis!953598580CE4 (McAfee), Trojan.NSIS.StartPage.FD, Trojan.Win32.IEDummy.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 953598580ce47905e48df3323dfe171d
SHA1: e39c37979a96199c4199e9ca8fbaf3253bd2002f
SHA256: fde9e070d468048a203afb940c259c74de8aac05627f885e13e277404df63a0f
SSDeep: 6144:ue34vYsvdb VUxaLbQQckDPxcKd/soTHTrSri:WYOwXQ1OX/sUTuG
Size: 226648 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company:
Created at: 2009-06-07 00:41:59
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

wuauclt.exe:540
%original file name%.exe:1684
sqgbfvt.exe:3960

The Trojan injects its code into the following process(es):

greendou.exe:1856
iexplore.exe:416

File activity

The process greendou.exe:1856 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vExport[2].js (2187 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2276/270200[1].swf (1728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vExport[1].js (1927 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\liangao1[1].htm (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\close[1].png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\close[1].png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAG1AJ4X.htm (1875 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (5784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vDisplay[2].htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vShow[1].htm (7973 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpv1[1].htm (797 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (2587 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vDisplay[1].htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA8H0LKB.htm (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\70e1[1].htm (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vShow[1].htm (8851 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2276/270200[2].swf (1728 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[2].txt (2552 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\close[1].png (0 bytes)

The process wuauclt.exe:540 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (2016 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)

The Trojan deletes the following file(s):

%WinDir%\SoftwareDistribution\DataStore\Logs\tmp.edb (0 bytes)

The process %original file name%.exe:1684 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Start Menu\Programs\Â̶¹ä¯ÀÀÆ÷\Â̶¹ä¯ÀÀÆ÷.lnk (678 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ccvjdr_70567.exe (145540 bytes)
%Program Files%\greeou\greendou.exe (7764 bytes)
%Program Files%\greeou\PopWinParam.xml (4 bytes)
%Documents and Settings%\%current user%\Desktop\Â̶¹ä¯ÀÀÆ÷.lnk (666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjE.tmp\p0.ini.log (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sqgbfvt.exe (258236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjE.tmp\p0.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjE.tmp\NSISdl.dll (14 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsjE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjD.tmp (0 bytes)

The process sqgbfvt.exe:3960 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\tmpdzqj4c.dll (87814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDMSkin.dll (38495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDMReport.dll.bdl (3248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDMNetGetInfo.dll (9608 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDLogicUtils.dll (30968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\res\onlineWnd.zip (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq10.tmp (163469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDMDownload.dll (5520 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nslF.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp (0 bytes)

The process iexplore.exe:416 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ico_tuniu_2[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mz_toggle[1].png (986 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\logo162x54_2[1].png (3333 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@2345[1].txt (2135 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@778669[1].txt (133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\common_20140403_01[1].js (1681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tip_stopXP[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[2].js (916 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\5shk[1].html (552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\func_20140408_01[1].js (977 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\siteClicks[1].xml (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\topic_zhineng[1].jpg (2635 bytes)
%Documents and Settings%\%current user%\UserData\KTOR0Z81\__his__[1].xml (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index_20140408_04[1].css (3233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\body0_2[1].png (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2b[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ico[1].png (735 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\lazyloading[1].gif (1 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (37108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\topic_xpstopupdate[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\2345[1].htm (10160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ico_vipshop[1].png (439 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\4d[1].jpg (14995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\mz_0408_58[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140331195924[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\zjsVersion[1].js (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].js (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\m_close[1].png (987 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\20140404114402[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ajax[2].txt (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2345_0225[1].eot (3644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\blank[1].png (953 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tmall_GIF_0214[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mz_0408[1].png (594 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@2345[3].txt (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\index[1].html (264 bytes)
%Documents and Settings%\%current user%\UserData\4XCFALMJ\data-userdata[1].xml (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ico_amazon[1].png (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1a[1].jpg (5388 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@2345[2].txt (2626 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@778669[2].txt (745 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\data-userdata[1].xml (162 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\sjlm[1].png (428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\mystyle_wait[1].gif (381 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i_tmall[1].png (1 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\wc[1].xml (126 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (335 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\mz_0307[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ajax43[2].txt (335 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (9704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\time[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\myfav_0218[1].png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\baidu_web[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\entertainChannel_20140103[1].js (7 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ajax43[1].txt (158 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140325164946[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\baidu_20140110_01[1].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\w_day40[1].png (5 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\__siteClicksTip__[1].xml (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tipSet_ie6[1].png (731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\456[1].htm (3003 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin0_19[1].png (643 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\w_night40[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\i_lieping2[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tmall0401[1].jpg (2136 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[2].txt (10752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\gameChannel_20140103[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\google_web[1].gif (2 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\lc[1].xml (126 bytes)
%Documents and Settings%\%current user%\UserData\KTOR0Z81\data-userdata[1].xml (266 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140331195919[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\6f[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3c[1].jpg (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\input_20140408_01[1].js (9 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ajax[1].txt (154 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\icos23[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\newsChannel_20140103[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ico_taobao[1].png (958 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\bgs14[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140409[1].js (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\5e[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\2345[1] (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index[1].php (2401 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\chart100x100[1].png (6 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ajax[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@2345[2].txt (0 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\data-userdata[1].xml (0 bytes)
%Documents and Settings%\%current user%\UserData\4XCFALMJ\data-userdata[1].xml (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ajax43[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[2].txt (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@2345[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@778669[1].txt (0 bytes)

Registry activity

The process greendou.exe:1856 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "greendou.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1390210298"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 4E B9 C0 B1 36 42 5F A5 A3 60 EA 8A 04 50 0D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\MediaPlayer\Health\{405254FD-DA65-4BA6-8CD1-F4B9669D4DF6}]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1684 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Â̶¹ä¯ÀÀÆ÷]
"Publisher" = "nsis-2.45_824_2078664262312"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Â̶¹ä¯ÀÀÆ÷]
"DisplayName" = "Â̶¹ä¯ÀÀÆ÷ 1.0.0.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 2D 22 A0 FB 24 12 51 E6 B8 B2 F1 2C FC 30 92"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Â̶¹ä¯ÀÀÆ÷]
"DisplayVersion" = "1.0.0.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process sqgbfvt.exe:3960 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\metnsd\clsid]
"SequenceID" = "EE 6A F9 F7 F5 44 38 49 96 DF 3D 7C 7E 77 19 1D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 9C 5E A1 D6 AA 65 61 11 D4 AC 5B 3D 41 4B 66"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp]
"sqgbfvt.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\sqgbfvt.exe:*:Enabled:百度杀毒在线安装程序"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp]
"sqgbfvt.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\sqgbfvt.exe:*:Enabled:百度杀毒在线安装程序"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process iexplore.exe:416 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_10"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040920140410]
"CacheOptions" = "11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"Address" = "4294967295"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count]
"HRZR_PGYFRFFVBA" = "A1 99 7A 0E 0A 00 00 00"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"WFlags" = "2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Type" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"MinPos1276x846(1).y" = "4294967295"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_03"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040920140410]
"CachePrefix" = ":2014040920140410:"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"WinPos1276x846(1).right" = "888"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Type" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"WinPos1276x846(1).bottom" = "716"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_22"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"Rev" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "iexplore.exe"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Count" = "15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"NodeSlots" = "02 02 02 02 02 02 02 02 02 02 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
"(Default)" = "Java Plug-in 1.3.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"WinPos1276x846(1).left" = "88"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Time" = "DE 07 04 00 02 00 08 00 15 00 05 00 0B 00 5B 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
"(Default)" = "{5852F5ED-8BF4-11D4-A245-0080C6F74284}"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"FullScreen" = "no"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"FFlags" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"WinPos1276x846(1).top" = "116"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Count" = "15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"HotKey" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040920140410]
"CacheLimit" = "8192"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_23"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040920140410]
"CacheRepair" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Count" = "12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_02"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Window_Placement" = "2C 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"MRUListEx" = "01 00 00 00 00 00 00 00 03 00 00 00 02 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"ShowCmd" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_09"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DE 07 04 00 02 00 08 00 15 00 05 00 0D 00 2C 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"MaxPos1276x846(1).x" = "4294967295"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Time" = "DE 07 04 00 02 00 08 00 15 00 05 00 0C 00 6B 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Type" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1208111653"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"Links" = "4294967295"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_03"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"Buttons" = "4294967295"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar]
"Locked" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Time" = "DE 07 04 00 02 00 08 00 15 00 05 00 0B 00 8A 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040920140410]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014040920140410\"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DE 07 04 00 02 00 08 00 15 00 05 00 0D 00 2C 02"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 28 24 31 CF 6E 33 7A 88 05 0D A3 41 66 13 F6"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"MinPos1276x846(1).x" = "4294967295"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"MaxPos1276x846(1).y" = "4294967295"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links]
"Order" = "08 00 00 00 02 00 00 00 00 02 00 00 01 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_09"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\JavaPlugin.160_18]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell]
"Vid"

Dropped PE files

MD5 File path
0e54f1daa2d9c248ba16507c08ee9881 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf11.tmp\BDLogicUtils.dll
b62367fe2d02b8f47914b088a006d50c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf11.tmp\BDMDownload.dll
928208161b61b8c36fa1a6095c1ccfab c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf11.tmp\BDMNetGetInfo.dll
39257175ac9c90199c69aea1a7bcbda0 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf11.tmp\BDMSkin.dll
763b532d651f0ad5e135d9b57bf4fba4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf11.tmp\dl.dll
ebfe7c9594e300bb0c16e7bb99a7e66d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf11.tmp\hu.dll
f17c17efe1f02275e519996272d19bb8 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf11.tmp\tmpdzqj4c.dll
254f13dfd61c5b7d2119eb2550491e1d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsjE.tmp\NSISdl.dll
d5114ae0131ee21ff9596807cbd19e1c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\sqgbfvt.exe
e2839177e4099e46f0ec9dca3171ce54 c:\Program Files\greeou\greendou.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: MeinV
Product Name: HD Player
Product Version: 1.0.0.0
Legal Copyright: Corporation. All rights reserved.
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: Installer Application
Comments: http://cc.tlng.org
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23628 24064 4.46394 856b32eb77dfd6fb67f21d6543272da5
.rdata 28672 4764 5120 3.4982 dc77f8a1e6985a4361c55642680ddb4f
.data 36864 154712 1024 3.3278 7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata 192512 81920 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 274432 17280 17408 1.72024 8d103ec92d185d6885e253e5a4e0a691

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://42.62.4.52/images/ico.png
hxxp://42.62.4.52/images/w_day40.png
hxxp://42.62.4.52/right/homepage/img/block1/tab1/20140325164946.jpg
hxxp://42.62.4.52/images/mystyle_wait.gif
hxxp://42.62.4.52/right/homepage/img/block3/tab1/20140331195919.jpg
hxxp://42.62.4.52/right/homepage/img/block1/tab1/20140404114402.jpg
hxxp://42.62.4.52/right/homepage/img/block3/tab1/20140331195924.jpg
hxxp://update.180308.com/m1/popwinparamupdate.aspx?mainver=1.0.0&popver=1.0.0&xmlver=20140304160000 59.57.13.169
hxxp://223.255.145.200/a/liangao1.html
hxxp://223.255.145.200/a/70e1.html
hxxp://lg1236.565882.com/pShow.php?PID=5534 115.238.244.82
hxxp://lg1236.565882.com/vShow.php?id=5535
hxxp://lg1236.565882.com/vExport.php?plugParme=1|1396991163|http%3A%2F%2Flvdou.damisou.com%2Fa%2Fliangao1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2143|2893|4333|3367|go786|1&pushToken=NTUzNXw4MjM3ZWNkZDlhYTM1YjgxMWI5MTE4MzhmODRhN2I5NjZiYw==&gotoUrl=http://shadu.baidu.yq568.com/liangao/dadada.html&bannerFile=2143%2F270200.swf
hxxp://lg1236.565882.com/vExport.php?plugParme=1|1396991163|http%3A%2F%2Flvdou.damisou.com%2Fa%2F70e1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2143|2893|4333|3367|go786|1&pushToken=NTUzNXw4MjM3ZWNkZDlhYTM1YjgxMWI5MTE4MzhmODRhN2I5NjZiYw==&gotoUrl=http://shadu.baidu.yq568.com/liangao/dadada.html&bannerFile=2143%2F270200.swf
hxxp://lg1236.565882.com/pClick.php?ap=NTUzNHw0ODMxYjQyYzEzM2Y5NjJjZGZhNzNjZjVjZmY1YzdjZWI0Nw==&pt=1&ft=1396991157&af=http://lvdou.damisou.com/a/cpv1.html&sf=&spm=1,1,en,1,1276_846&rn=0.3510071525383865
hxxp://lg1236.565882.com/pClick.php?ap=NTUzNHw4NDEyMjFmYjY5NzAwNjZkYTI3NWExZjYwZmY5MGVmYWE5MA==&pt=1&ft=1396991165&af=http://lvdou.damisou.com/a/cpv1.html&sf=&spm=1,1,en,1,1276_846&rn=0.578502220407564
hxxp://lg1236.565882.com/vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2Fliangao1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2276|3025|4333|3367|go786|1&pushToken=NTUzNXw4OTU5ZWU0YTBjYTg0MWZjYmE1NGUxYTc4OGQwMTQyNmMzYw==&gotoUrl=http://0407.5baby.pw/lgx.html&bannerFile=2276%2F270200.swf
hxxp://lg1236.565882.com/vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2F70e1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2276|3025|4333|3367|go786|1&pushToken=NTUzNXw4OTU5ZWU0YTBjYTg0MWZjYmE1NGUxYTc4OGQwMTQyNmMzYw==&gotoUrl=http://0407.5baby.pw/lgx.html&bannerFile=2276%2F270200.swf
hxxp://lg3.pic9382.com/public/close.png 122.225.106.109
hxxp://lg3.pic9382.com/public/vExport.js
hxxp://lg3.pic9382.com/html/2276/270200.swf
hxxp://lg1236.565882.com/vDisplay.php?bannerId=3025&siteId=4333&projectId=2276&keep=1&siteFromPage=&adFromPage=http%3A%2F%2Flvdou.damisou.com%2Fa%2Fliangao1.html&secret=668b013231a9da4780a28293fa01c08f6ba&startTime=1396991166
hxxp://lg1236.565882.com/vDisplay.php?bannerId=3025&siteId=4333&projectId=2276&keep=1&siteFromPage=&adFromPage=http%3A%2F%2Flvdou.damisou.com%2Fa%2F70e1.html&secret=1839511a40ec77e02e94b5dcec2a4a524a4&startTime=1396991166
hxxp://223.255.145.200/a/images/btn_close.gif
lg2.pic9382.com 122.225.106.109
www.123xa.com 222.187.223.14
down.ddqsh.org 222.186.60.12
dy.kk126.com 117.25.129.245
lg1.pic9382.com 122.225.106.109
p.x.baidu.com 123.125.65.152


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Outdated Windows Flash Version IE
ET POLICY HTTP Request on Unusual Port Possibly Hostile

Traffic

GET /vShow.php?id=5535 HTTP/1.1
Accept: */*
Referer: hXXp://lvdou.damisou.com/a/liangao1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive
Cookie: lgPTN43333247109351=0


HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:06:04 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: lgImageHost=lg2; expires=Fri, 27-Feb-2331 14:52:43 GMT; path=/; domain=.pic9382.com
3051..(function() {..    var isReady = false;..    var readyList = [];
..    var timer;..    ready = function(fn){..        if(isReady) fn.ca
ll(document);..        else readyList.push(function(){..            re
turn fn.call(this);..        });..        return this;..    }..    var
 tops = self.setInterval("lgVshowTop()",1);..    var onDOMReady = func
tion(){..        for(var i=0;i<readyList.length;i  ){..            
readyList[i].apply(document);..        }..        readyList = null;.. 
   }..    var bindReady = function(evt){..        if (isReady) return;
..        isReady = true;..        onDOMReady.call(window);..        i
f (document.removeEventListener) {..            document.removeEventLi
stener("DOMContentLoaded", bindReady, false);..        }else if(docume
nt.attachEvent){..            document.detachEvent("onreadystatechange
", bindReady);..            if(window == window.top){..               
 clearInterval(timer);..                timer = null;..            }..
        }..    };..    if(document.addEventListener){..        documen
t.addEventListener("DOMContentLoaded", bindReady, false);..    }else i
f(document.attachEvent){..        document.attachEvent("onreadystatech
ange",..        function(){..            if ((/loaded|complete/).test(
document.readyState)) bindReady();..        });..        if(window == 
window.top){..            timer = setInterval(function(){..           
     try{..                    isReady || document.documentElement.doS
croll('left');..                }catch(e){..                    re
<<< skipped >>>

GET /vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2F70e1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2276|3025|4333|3367|go786|1&pushToken=NTUzNXw4OTU5ZWU0YTBjYTg0MWZjYmE1NGUxYTc4OGQwMTQyNmMzYw==&gotoUrl=http://0407.5baby.pw/lgx.html&bannerFile=2276%2F270200.swf HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://lvdou.damisou.com/a/70e1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive
Cookie: lgPTN43333247109351=0; lgUnion43333247109351=2251; lgunion_track=YTo2OntzOjk6ImxnQWdlbnRJZCI7aTo0MzMzO3M6MTA6ImxnQmFubmVySWQiO2k6MjI1MTtzOjExOiJsZ1Byb2plY3RJZCI7aToxOTEzO3M6Njoic2l0ZUlkIjtpOjQzMzM7czo2OiJ1c2VySWQiO2k6MzM2NztzOjg6InVzZXJOYW1lIjtzOjU6ImdvNzg2Ijt9; lgunion_3_2251=1; lgunion_3=1


HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:06:06 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: lgVTN43333247109351=_3025; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
Set-Cookie: union_lg_images_cookie=lg1; expires=Fri, 27-Feb-2331 14:52:45 GMT; path=/; domain=.565882.com
b8f..<meta http-equiv="Content-Type" content="text/html; charset=gb
k"><style type="text/css">body{background:none;background-col
or: transparent;}</style><body style="margin:0;cursor:pointer
;"><div style=" position:absolute;z-index:2147483647;display:blo
ck;cursor:pointer;width:270px;height:200px;background-color:white;opac
ity:0;filter:alpha(opacity=0)"></div><script language='jav
ascript' type='text/javascript' src='hXXp://lg1.pic9382.com/public/vEx
port.js'></script>.<script language="javascript">..<
!--.    writeflashhtml("_swf=hXXp://lg1.pic9382.com/html/2276/270200
.swf", "_width=270", "_height=200" ,"_wmode=transparent");..document.w
rite('<form style="margin:0px;padding:0px" id="lgUnionMediaForm" na
me="lgUnionMediaForm" method="get" action="hXXp://lg1236.565882.com/vC
ount.php" target="_blank">');..document.write('<input type="hidd
en" name="plugParme" value="1|1396991165|http://lvdou.damisou.co
m/a/70e1.html||1,1,en,1,1276_846" />');..document.write('<in
put type="hiddenHTTP/1.1 200 OK..Server: nginx/1.0.0..Date: Tue, 08 Ap
r 2014 21:06:06 GMT..Content-Type: text/html; charset=gb2312..Transfer
-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.2.17..
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"..Set-Cookie: l
gVTN43333247109351=_3025; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=
/; domain=.565882.com..Set-Cookie: union_lg_images_cookie=lg1; expires
=Fri, 27-Feb-2331 14:52:45 GMT; path=/; domain=.565882.com..b8f..&
<<< skipped >>>

GET /vDisplay.php?bannerId=3025&siteId=4333&projectId=2276&keep=1&siteFromPage=&adFromPage=http%3A%2F%2Flvdou.damisou.com%2Fa%2F70e1.html&secret=1839511a40ec77e02e94b5dcec2a4a524a4&startTime=1396991166 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://lg1236.565882.com/vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2F70e1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2276|3025|4333|3367|go786|1&pushToken=NTUzNXw4OTU5ZWU0YTBjYTg0MWZjYmE1NGUxYTc4OGQwMTQyNmMzYw==&gotoUrl=http://0407.5baby.pw/lgx.html&bannerFile=2276%2F270200.swf
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive
Cookie: lgPTN43333247109351=1; lgUnion43333247109351=2251-2808; lgunion_track=YTo2OntzOjk6ImxnQWdlbnRJZCI7aTo0MzMzO3M6MTA6ImxnQmFubmVySWQiO2k6MjgwODtzOjExOiJsZ1Byb2plY3RJZCI7aToyMDU4O3M6Njoic2l0ZUlkIjtpOjQzMzM7czo2OiJ1c2VySWQiO2k6MzM2NztzOjg6InVzZXJOYW1lIjtzOjU6ImdvNzg2Ijt9; lgunion_3_2251=1; lgunion_3=1; lgVTN43333247109351=_3025; union_lg_images_cookie=lg2; lgunion_3_2808=1


HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:06:09 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: lgunion_1_3025=yes; expires=Thu, 01-Jan-1970 01:00:00 GMT; path=/; domain=lg1236.565882.com
Set-Cookie: lgunion_1=yes; expires=Sat, 02-Aug-2014 14:52:48 GMT; path=/; domain=lg1236.565882.com
4..suc!..0..HTTP/1.1 200 OK..Server: nginx/1.0.0..Date: Tue, 08 Apr 20
14 21:06:09 GMT..Content-Type: text/html; charset=gb2312..Transfer-Enc
oding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.2.17..P3P:
 CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"..Cache-Control: no
-cache, must-revalidate..Set-Cookie: lgunion_1_3025=yes; expires=Thu, 
01-Jan-1970 01:00:00 GMT; path=/; domain=lg1236.565882.com..Set-Cookie
: lgunion_1=yes; expires=Sat, 02-Aug-2014 14:52:48 GMT; path=/; domain
=lg1236.565882.com..4..suc!..0..



GET /public/vExport.js HTTP/1.1
Accept: */*
Referer: hXXp://lg1236.565882.com/vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2F70e1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2276|3025|4333|3367|go786|1&pushToken=NTUzNXw4OTU5ZWU0YTBjYTg0MWZjYmE1NGUxYTc4OGQwMTQyNmMzYw==&gotoUrl=http://0407.5baby.pw/lgx.html&bannerFile=2276%2F270200.swf
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1.pic9382.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.5
Date: Tue, 08 Apr 2014 21:06:07 GMT
Content-Type: application/x-javascript; charset=gb2312
Content-Length: 4524
Connection: keep-alive
Last-Modified: Wed, 02 Jul 2008 07:19:38 GMT
Expires: Tue, 15 Apr 2014 21:06:07 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
function writeflashhtml( arg )..{..var parm = []..var _default_version
 = "8,0,24,0";..var _default_quality = "high";..var _default_align = "
middle";..var _default_menu = "false";..for(i = 0; i < arguments.le
ngth; i   )..{..parm[i] = arguments[i].split(' ').join('').split('=').
.for (var j = parm[i].length-1; j > 1; j --){..parm[i][j-1] ="=" pa
rm[i].pop();..}..switch (parm[i][0])..{..case '_version' : var _versio
n = parm[i][1] ; break ; ..case '_swf' : var _swf = parm[i][1] ; break
 ; ..case '_base' : var _base = parm[i][1] ; break ; ..case '_quality'
 : var _quality = parm[i][1] ; break ; ..case '_loop' : var _loop = pa
rm[i][1] ; break ; ..case '_bgcolor' : var _bgcolor = parm[i][1] ; bre
ak ; ..case '_wmode' : var _wmode = parm[i][1] ; break ; ..case '_play
' : var _play = parm[i][1] ; break ; ..case '_menu' : var _menu = parm
[i][1] ; break ; ..case '_scale' : var _scale = parm[i][1] ; break ; .
.case '_salign' : var _salign = parm[i][1] ; break ; ..case '_height' 
: var _height = parm[i][1] ; break ; ..case '_width' : var _width = pa
rm[i][1] ; break ; ..case '_hspace' : var _hspace = parm[i][1] ; break
 ; ..case '_vspace' : var _vspace = parm[i][1] ; break ; ..case '_alig
n' : var _align = parm[i][1] ; break ; ..case '_class' : var _class = 
parm[i][1] ; break ; ..case '_id' : var _id = parm[i][1] ; break ; ..c
ase '_name' : var _name = parm[i][1] ; break ; ..case '_style' : var _
style = parm[i][1] ; break ; ..case '_declare' : var _declare = parm[i
][1] ; break ; ..case '_flashvars' : var _flashvars = parm[i][1] ;
<<< skipped >>>

GET /html/2276/270200.swf HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://lg1236.565882.com/vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2F70e1.html||1,1,en,1
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1.pic9382.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.5
Date: Tue, 08 Apr 2014 21:06:09 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 12553
Connection: keep-alive
Last-Modified: Tue, 18 Mar 2014 03:22:36 GMT
Expires: Thu, 08 May 2014 21:06:09 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
CWS.}6..x..z.PTM.. Y%g.(*. "...I..$gI.JFr.A....$IN.d...f..3C..4.0.a...
........V.[.U{N..........>.........p.....p}....p/n...J...~..Z..H..&
lt;.}.k.)....v-..................?...8q...<j.P...f.0.rD3".e=.N.....
FL...............2....l..W...er<.....,t.p.....c..m=...;..8.o9Y..9j.
.7....:?......p.3..#.t.*..2.DD.r...KmVR....$......H....gZ .O..`....q.w
.... ......X.,.q...&Mu.7T.*'.s...-....\Do.(.......D..]\..].d.....l.p.9
.......z3..&.....\G.?8...}....W_.G.pwV^G.1v..%.....I My...800.......[.
i.g'U^N.:[email protected]".b......./.....Q.Ba.t7.....]}c.%[email protected]
i...tbA.`.......7../..s...#*1..f 0/..<...5A.=V.Y.5E..>.%;...E.f.
..n..\...r.^....X.Q..p.y4.j.....D.0.J.Y...~V.w..r.l.vy..vFW.5...g.....
c......@]..w.3.E.sqo...%.....*lP.......T....}[ ..../.......A..@k..'...
@.....$z5w..'US.5.4.. d../p..5/[email protected]..*.8......e.._9.....
6u._.....I........O....J..!.{...._..Jw...y.^5.a...b..e[I...8F.R.r.V.T.
").b..j.~.9s.EO..[.".2..&6......j.....p...z......x)...<......_[...l
..;.eP...S....!.j...Yv..........g.........n.P=[u...i`q.t$....uewEV..m.
.7}.........=.z.tr.z......*J$.....c.n .0. [email protected].$..n..w....
...l..q......A........e\G;Z'.....:......1....<T}v......>o@.:\...
.........*.].... .aL/C...=........|....*qE....S..x.............3.....-
\F....;[email protected]./.)..rRl.g..-O..2...R...d.x...o..H......k.J!'..
.fQ.60.?`.3..P&.j..A./=..C...{3...i..(...]j=..k;..p]......3....uea....
..m..12|.5-:BYi......G..........?8.........._...P...E8||..:......eL...
..$"..n.. ..'..'_...."........x......LkG..[ q..._.,.0..g.O!....o..
<<< skipped >>>


GET /images/ico.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.2345.com/?24384-1018
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.2345.com
Connection: Keep-Alive
Cookie: sts=0; _CC_={"closeSpotlight":0,"ggbd":0}; wc=54511; lc=54511; lc2=54511; wc_n=%u5317%u4EAC


HTTP/1.1 200 OK
Date: Tue, 08 Apr 2014 21:05:34 GMT
Server: Apache
Last-Modified: Mon, 10 Dec 2012 07:29:57 GMT
ETag: "2df-4d07a883b0740"
Accept-Ranges: bytes
Content-Length: 735
Cache-Control: max-age=31536000
Expires: Wed, 08 Apr 2015 21:05:34 GMT
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR.............E5.N...bPLTE)..'..0..1.. .....E..Y.......
.b..A..#..-..... .....(..S.....,..u..(..*..%..Z..!..6........t........
...6..(..4..`[email protected]........!.....3..-........,..?........5..v..t...
........g.....k..C..:..2..(........1..,..3........E.. ..4.....?..2....
....{........O..1.....7..d........8.....V.....(..L..u..n.._.....6..*..
.w./.....7...........$..1..>........G........Kl2....vtRNS..........
......................................................................
.......................................b.G....IDAT..c(--e..,N.....JK..
u..".L}@<.n.n...k~.  /./.....V..0.....9..$RRL...A.Y..).....%......)
M.$J..W<...#..G.D....1.AG......LB..O.AM.1O/.R8.OP&..T.3....D.$.@...
.B.....t....J.......lJK.|.(`.").....IEND.B`.....


GET /right/homepage/img/block1/tab1/20140325164946.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.2345.com/?24384-1018
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.2345.com
Connection: Keep-Alive
Cookie: sts=0; _CC_={"closeSpotlight":0,"ggbd":0}; wc=54511; lc=54511; lc2=54511; wc_n=%u5317%u4EAC


HTTP/1.1 200 OK
Date: Tue, 08 Apr 2014 21:05:34 GMT
Server: Apache
Last-Modified: Tue, 08 Apr 2014 21:00:02 GMT
ETag: "bd9-4f68e4481f880"
Accept-Ranges: bytes
Content-Length: 3033
Cache-Control: max-age=31536000
Expires: Wed, 08 Apr 2015 21:05:34 GMT
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: image/jpeg
.....0Exif..MM.*.......1..............VVV.meitu.com....C..............
.......................%...#... , #&')*)..-0-(0%()(...C...........(...
((((((((((((((((((((((((((((((((((((((((((((((((((......A.d...........
....................................................}........!1A..Qa."
q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwx
yz....................................................................
..........................................................w.......!1..
AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghi
jstuvwxyz.............................................................
.......................?.....[..\K...1..9.vzI .^]c.....KP......G.....W
c.99....}.....wadC.^. G.Q../#D.......9.....SvDI.*....V...l}J..X......S
..l).......:.....o...ND..`g..m%r..6...R.."........f..^y.jS..4.;;3.t..F
a......S.5.vu.nA.\[..5..s..E......2Z..........$. ...U.W.s.RrcQ]J).....
\...]. ..i..K...g?........../[email protected];/..T~....:..
...#O...;.....-M..F?p............u-..q....}.o....ZS.m.*;....fP..!.z..=
[-J;$|..{.7~..b.....Bm.Bm$......".)..Z.N.)......;.f.$JXg.C......Gdu.b.
.:H...M.f9....o.'.Q..4.1Hf....2}hcG........Z=.V........i.....Z|%.K..@~
..7....c... .mKg<...O.\.'.R...4 ..R-..6g..\...Et....q....O.|e%..m.&
..-.|...I............J.  .m ^...i........6V.....i#...T......X._C..44&g
t;#.C{..=..[H...j..p.YJ. .A...0.....v.u.hzu..-....B..@q..:...&..... O.
..T.b!.......d.=....g.........>(../g.../.."C....ja}.:...M\./.h...g.
..5..=..2......e(..V'.....jI...i..ip.....)?..|.}.I....i.JiY3..:..M
<<< skipped >>>

GET /right/homepage/img/block3/tab1/20140331195919.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.2345.com/?24384-1018
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.2345.com
Connection: Keep-Alive
Cookie: sts=0; _CC_={"closeSpotlight":0,"ggbd":0}; wc=54511; lc=54511; lc2=54511; wc_n=%u5317%u4EAC


HTTP/1.1 200 OK
Date: Tue, 08 Apr 2014 21:05:34 GMT
Server: Apache
Last-Modified: Tue, 08 Apr 2014 21:00:02 GMT
ETag: "14d1-4f68e4481f880"
Accept-Ranges: bytes
Content-Length: 5329
Cache-Control: max-age=31536000
Expires: Wed, 08 Apr 2015 21:05:34 GMT
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: image/jpeg
......Exif..II*.................Ducky.......F..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp
MM:InstanceID="xmp.iid:9E50FCD5AFFF11E3B2D9AF59B1B1EE6E" xmpMM:Documen
tID="xmp.did:9E50FCD6AFFF11E3B2D9AF59B1B1EE6E"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:9E50FCD3AFFF11E3B2D9AF59B1B1EE6E" stRef:d
ocumentID="xmp.did:9E50FCD4AFFF11E3B2D9AF59B1B1EE6E"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
....................A.d...............................................
...........................................!1..A".Q2..a.BR#..rs.$4q...
t56.....3S%.......................!1..AQ..a2.q."...B#3.............?.i
.X.u.*.\%..Y.Tm..*.Q...c.H.I.*[?..j.h.P.H.Z........O.2Wp.-$...........
..$..5!v."...%.b..,.~........B..t/{~.a{[[H..",...<..r>.Pjr.L....
:.../_O.....A.M...G( ...H|)Q..K..i?.8..798...4..q.N.p..T1.3.."....8.r.
...H.sq..$.,!... ..s.QZ/....5.H..]y[tf...... ........i...<.....
<<< skipped >>>

GET /right/homepage/img/block3/tab1/20140331195924.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.2345.com/?24384-1018
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.2345.com
Connection: Keep-Alive
Cookie: sts=0; _CC_={"closeSpotlight":0,"ggbd":0}; wc=54511; lc=54511; lc2=54511; wc_n=%u5317%u4EAC


HTTP/1.1 200 OK
Date: Tue, 08 Apr 2014 21:05:35 GMT
Server: Apache
Last-Modified: Tue, 08 Apr 2014 21:00:02 GMT
ETag: "1a20-4f68e4481f880"
Accept-Ranges: bytes
Content-Length: 6688
Cache-Control: max-age=31536000
Expires: Wed, 08 Apr 2015 21:05:35 GMT
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: image/jpeg
......Exif..II*.................Ducky.......F.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4B897D7428B6E311B
E48A6A31AC897E1" xmpMM:DocumentID="xmp.did:E3546AF9B89811E3A993A6434CF
7D58C" xmpMM:InstanceID="xmp.iid:E3546AF8B89811E3A993A6434CF7D58C" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:4C897D7428B6E311BE48A6A31AC897E1" stRef:doc
umentID="xmp.did:4B897D7428B6E311BE48A6A31AC897E1"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
..................A.d.................................................
........................................!1.A"2..Qa#.q.B.3..RCDt5.6rS$u
....s.4.%......................!.1A..Qaq.."2.........B#R.3br..D.......
......?.C?.....N..<.UPzf.|.E.....4...U.T..........2a..n......,.U...
.{.fC3.w......dp......e...VQ..*...{J..Y..oTr...c6<...s.s...d....b.5
..Q.)..*!7Z..4..]l..l.~....t..1.j$8..IH..`..W...X(..[Z.Uu.\..h....
<<< skipped >>>


GET /pShow.php?PID=5534 HTTP/1.1
Accept: */*
Referer: hXXp://lvdou.damisou.com/a/cpv1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive
Cookie: lgPTN43333247109351=0


HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:06:04 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate
Set-Cookie: lgPTN43333247109351=0; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
2ffe..var popUrl = 'hXXp://lg1236.565882.com/pClick.php?ap=NTUzNHw4NDE
yMjFmYjY5NzAwNjZkYTI3NWExZjYwZmY5MGVmYWE5MA==';..var lgUnionPushUrl = 
CrazyInitUrl(popUrl);..function CrazyInitUrl(urls){...var sf=0,sc=0,ol
='',sd=0;...var ae = function(p) {....v = false;....document.write('&l
t;SCRIPT LANGUAGE=VBScript>\n on error resume next \n v = IsObject(
CreateObject("' p '"))<\/SCRIPT>\n');....if(v){.....return '1';.
...}else{.....return '0';....}...};...var af = function(p) {....var m 
= '';....for (var i=0; i < navigator.mimeTypes.length; i  ){.....m 
 = navigator.mimeTypes[i].type.toLowerCase();....}....v = '0';....if (
m.indexOf(p) != -1){.....if (navigator.mimeTypes[p].enabledPlugin != n
ull) v = '1';....}....return v;...};...var __dm  = (navigator.appName.
indexOf("Netscape") != -1);...var __di  = (navigator.userAgent.toLower
Case().indexOf("msie") != -1);...var __dw = ((navigator.userAgent.toLo
werCase().indexOf("win")!=-1) || (navigator.userAgent.toLowerCase().in
dexOf("32bit")!=-1));...if(__dw && __di) sf = ae("ShockwaveFlash.Shock
waveFlash.1");...if(!__dw || __dm) fs = af("application/x-shockwave-fl
ash");...if(navigator.appName=="Netscape"){....ol = navigator.language
.substr(0,2);...}else{....ol = navigator.userLanguage.substr(0,2);...}
...try{....var us = window.screen.width '_' window.screen.height;...}c
atch(e){....var us = 0;...}...if(navigator.cookieEnabled) sc = 1;...if
(document.getElementById) sd = 1;...var t = new Date();...var pushTime
 = parseInt(t.getTime()/1000);...urls ='&pt=1&ft=' pushTime '&af='
<<< skipped >>>

GET /vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2Fliangao1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2276|3025|4333|3367|go786|1&pushToken=NTUzNXw4OTU5ZWU0YTBjYTg0MWZjYmE1NGUxYTc4OGQwMTQyNmMzYw==&gotoUrl=http://0407.5baby.pw/lgx.html&bannerFile=2276%2F270200.swf HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://lvdou.damisou.com/a/liangao1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive
Cookie: lgPTN43333247109351=0; lgUnion43333247109351=2251; lgunion_track=YTo2OntzOjk6ImxnQWdlbnRJZCI7aTo0MzMzO3M6MTA6ImxnQmFubmVySWQiO2k6MjI1MTtzOjExOiJsZ1Byb2plY3RJZCI7aToxOTEzO3M6Njoic2l0ZUlkIjtpOjQzMzM7czo2OiJ1c2VySWQiO2k6MzM2NztzOjg6InVzZXJOYW1lIjtzOjU6ImdvNzg2Ijt9; lgunion_3_2251=1; lgunion_3=1


HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:06:06 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: lgVTN43333247109351=_3025; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
Set-Cookie: union_lg_images_cookie=lg2; expires=Fri, 27-Feb-2331 14:52:45 GMT; path=/; domain=.565882.com
b97..<meta http-equiv="Content-Type" content="text/html; charset=gb
k"><style type="text/css">body{background:none;background-col
or: transparent;}</style><body style="margin:0;cursor:pointer
;"><div style=" position:absolute;z-index:2147483647;display:blo
ck;cursor:pointer;width:270px;height:200px;background-color:white;opac
ity:0;filter:alpha(opacity=0)"></div><script language='jav
ascript' type='text/javascript' src='hXXp://lg2.pic9382.com/public/vEx
port.js'></script>.<script language="javascript">..<
!--.    writeflashhtml("_swf=hXXp://lg2.pic9382.com/html/2276/270200
.swf", "_width=270", "_height=200" ,"_wmode=transparent");..document.w
rite('<form style="margin:0px;padding:0px" id="lgUnionMediaForm" na
me="lgUnionMediaForm" method="get" action="hXXp://lg1236.565882.com/vC
ount.php" target="_blank">');..document.write('<input type="hidd
en" name="plugParme" value="1|1396991165|http://lvdou.damisou.co
m/a/liangao1.html||1,1,en,1,1276_846" />');..document.write('&l
t;input type="hidden" name="memberParme" value="270|200|4333|2276|3025
|4333|3367|go786|1" />');..document.write('<input type="hidden" 
name="mousePos" id="mousePos" value="0_0" />');..document.write('&l
t;input type="hidden" name="gotoUrl"  value="http://0407.5baby.p
w/lgx.html" />');..document.write('<input type="hidden" name="
pushToken" value="5535|8959ee4a0ca841fcba54e1a788d01426c3c" />');..
document.write('<input type="hidden" name="pushFormat" value="c
<<< skipped >>>

GET /vDisplay.php?bannerId=3025&siteId=4333&projectId=2276&keep=1&siteFromPage=&adFromPage=http%3A%2F%2Flvdou.damisou.com%2Fa%2Fliangao1.html&secret=668b013231a9da4780a28293fa01c08f6ba&startTime=1396991166 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://lg1236.565882.com/vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2Fliangao1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2276|3025|4333|3367|go786|1&pushToken=NTUzNXw4OTU5ZWU0YTBjYTg0MWZjYmE1NGUxYTc4OGQwMTQyNmMzYw==&gotoUrl=http://0407.5baby.pw/lgx.html&bannerFile=2276%2F270200.swf
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive
Cookie: lgPTN43333247109351=1; lgUnion43333247109351=2251-2808; lgunion_track=YTo2OntzOjk6ImxnQWdlbnRJZCI7aTo0MzMzO3M6MTA6ImxnQmFubmVySWQiO2k6MjgwODtzOjExOiJsZ1Byb2plY3RJZCI7aToyMDU4O3M6Njoic2l0ZUlkIjtpOjQzMzM7czo2OiJ1c2VySWQiO2k6MzM2NztzOjg6InVzZXJOYW1lIjtzOjU6ImdvNzg2Ijt9; lgunion_3_2251=1; lgunion_3=1; lgVTN43333247109351=_3025; union_lg_images_cookie=lg2; lgunion_3_2808=1


HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:06:09 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: lgunion_1_3025=yes; expires=Thu, 01-Jan-1970 01:00:00 GMT; path=/; domain=lg1236.565882.com
Set-Cookie: lgunion_1=yes; expires=Sat, 02-Aug-2014 14:52:48 GMT; path=/; domain=lg1236.565882.com
4..suc!..0..HTTP/1.1 200 OK..Server: nginx/1.0.0..Date: Tue, 08 Apr 20
14 21:06:09 GMT..Content-Type: text/html; charset=gb2312..Transfer-Enc
oding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.2.17..P3P:
 CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"..Cache-Control: no
-cache, must-revalidate..Set-Cookie: lgunion_1_3025=yes; expires=Thu, 
01-Jan-1970 01:00:00 GMT; path=/; domain=lg1236.565882.com..Set-Cookie
: lgunion_1=yes; expires=Sat, 02-Aug-2014 14:52:48 GMT; path=/; domain
=lg1236.565882.com..4..suc!..0..



GET /public/vExport.js HTTP/1.1
Accept: */*
Referer: hXXp://lg1236.565882.com/vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2Fliangao1.html||1,1,en,1,1276_846&memberParme=270|200|4333|2276|3025|4333|3367|go786|1&pushToken=NTUzNXw4OTU5ZWU0YTBjYTg0MWZjYmE1NGUxYTc4OGQwMTQyNmMzYw==&gotoUrl=http://0407.5baby.pw/lgx.html&bannerFile=2276%2F270200.swf
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg2.pic9382.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.5
Date: Tue, 08 Apr 2014 21:06:07 GMT
Content-Type: application/x-javascript; charset=gb2312
Content-Length: 4524
Connection: keep-alive
Last-Modified: Wed, 02 Jul 2008 07:19:38 GMT
Expires: Tue, 15 Apr 2014 21:06:07 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
function writeflashhtml( arg )..{..var parm = []..var _default_version
 = "8,0,24,0";..var _default_quality = "high";..var _default_align = "
middle";..var _default_menu = "false";..for(i = 0; i < arguments.le
ngth; i   )..{..parm[i] = arguments[i].split(' ').join('').split('=').
.for (var j = parm[i].length-1; j > 1; j --){..parm[i][j-1] ="=" pa
rm[i].pop();..}..switch (parm[i][0])..{..case '_version' : var _versio
n = parm[i][1] ; break ; ..case '_swf' : var _swf = parm[i][1] ; break
 ; ..case '_base' : var _base = parm[i][1] ; break ; ..case '_quality'
 : var _quality = parm[i][1] ; break ; ..case '_loop' : var _loop = pa
rm[i][1] ; break ; ..case '_bgcolor' : var _bgcolor = parm[i][1] ; bre
ak ; ..case '_wmode' : var _wmode = parm[i][1] ; break ; ..case '_play
' : var _play = parm[i][1] ; break ; ..case '_menu' : var _menu = parm
[i][1] ; break ; ..case '_scale' : var _scale = parm[i][1] ; break ; .
.case '_salign' : var _salign = parm[i][1] ; break ; ..case '_height' 
: var _height = parm[i][1] ; break ; ..case '_width' : var _width = pa
rm[i][1] ; break ; ..case '_hspace' : var _hspace = parm[i][1] ; break
 ; ..case '_vspace' : var _vspace = parm[i][1] ; break ; ..case '_alig
n' : var _align = parm[i][1] ; break ; ..case '_class' : var _class = 
parm[i][1] ; break ; ..case '_id' : var _id = parm[i][1] ; break ; ..c
ase '_name' : var _name = parm[i][1] ; break ; ..case '_style' : var _
style = parm[i][1] ; break ; ..case '_declare' : var _declare = parm[i
][1] ; break ; ..case '_flashvars' : var _flashvars = parm[i][1] ;
<<< skipped >>>

GET /html/2276/270200.swf HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://lg1236.565882.com/vExport.php?plugParme=1|1396991165|http%3A%2F%2Flvdou.damisou.com%2Fa%2Fliangao1.html||1,1,en
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg2.pic9382.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.5
Date: Tue, 08 Apr 2014 21:06:09 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 12553
Connection: keep-alive
Last-Modified: Tue, 18 Mar 2014 03:22:36 GMT
Expires: Thu, 08 May 2014 21:06:09 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
CWS.}6..x..z.PTM.. Y%g.(*. "...I..$gI.JFr.A....$IN.d...f..3C..4.0.a...
........V.[.U{N..........>.........p.....p}....p/n...J...~..Z..H..&
lt;.}.k.)....v-..................?...8q...<j.P...f.0.rD3".e=.N.....
FL...............2....l..W...er<.....,t.p.....c..m=...;..8.o9Y..9j.
.7....:?......p.3..#.t.*..2.DD.r...KmVR....$......H....gZ .O..`....q.w
.... ......X.,.q...&Mu.7T.*'.s...-....\Do.(.......D..]\..].d.....l.p.9
.......z3..&.....\G.?8...}....W_.G.pwV^G.1v..%.....I My...800.......[.
i.g'U^N.:[email protected]".b......./.....Q.Ba.t7.....]}c.%[email protected]
i...tbA.`.......7../..s...#*1..f 0/..<...5A.=V.Y.5E..>.%;...E.f.
..n..\...r.^....X.Q..p.y4.j.....D.0.J.Y...~V.w..r.l.vy..vFW.5...g.....
c......@]..w.3.E.sqo...%.....*lP.......T....}[ ..../.......A..@k..'...
@.....$z5w..'US.5.4.. d../p..5/[email protected]..*.8......e.._9.....
6u._.....I........O....J..!.{...._..Jw...y.^5.a...b..e[I...8F.R.r.V.T.
").b..j.~.9s.EO..[.".2..&6......j.....p...z......x)...<......_[...l
..;.eP...S....!.j...Yv..........g.........n.P=[u...i`q.t$....uewEV..m.
.7}.........=.z.tr.z......*J$.....c.n .0. [email protected].$..n..w....
...l..q......A........e\G;Z'.....:......1....<T}v......>o@.:\...
.........*.].... .aL/C...=........|....*qE....S..x.............3.....-
\F....;[email protected]./.)..rRl.g..-O..2...R...d.x...o..H......k.J!'..
.fQ.60.?`.3..P&.j..A./=..C...{3...i..(...]j=..k;..p]......3....uea....
..m..12|.5-:BYi......G..........?8.........._...P...E8||..:......eL...
..$"..n.. ..'..'_...."........x......LkG..[ q..._.,.0..g.O!....o..
<<< skipped >>>


GET /a/70e1.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://lvdou.damisou.com/a/cpv1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lvdou.damisou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 338
Content-Type: text/html
Last-Modified: Mon, 24 Mar 2014 21:04:53 GMT
Accept-Ranges: bytes
ETag: "f2e6d3b3a447cf1:158c"
Server: Microsoft-IIS/6.0
Date: Tue, 08 Apr 2014 21:05:53 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..</head>..&
lt;body>..<script type="text/javascript" src="hXXp://lg1236.5658
82.com/vShow.php?id=5535"></script>..<div style="display:n
one">..</div>..</body>..</html>HTTP/1.1 200 OK..C
ontent-Length: 338..Content-Type: text/html..Last-Modified: Mon, 24 Ma
r 2014 21:04:53 GMT..Accept-Ranges: bytes..ETag: "f2e6d3b3a447cf1:158c
"..Server: Microsoft-IIS/6.0..Date: Tue, 08 Apr 2014 21:05:53 GMT..<
;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http:/
/VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns
="hXXp://VVV.w3.org/1999/xhtml">..<head>..</head>..<
body>..<script type="text/javascript" src="hXXp://lg1236.565882.
com/vShow.php?id=5535"></script>..<div style="display:none
">..</div>..</body>..</html>....


GET /a/images/btn_close.gif HTTP/1.1


Accept: */*
Referer: hXXp://lvdou.damisou.com/a/cpv1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lvdou.damisou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Content-Length: 1630
Content-Type: text/html
Server: Microsoft-IIS/6.0
Date: Tue, 08 Apr 2014 21:06:09 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>.....
.......</TITLE>..<META HTTP-EQUIV="Content-Type" Content="tex
t/html; charset=GB2312">..<STYLE type="text/css">..  BODY { f
ont: 9pt/12pt .... }..  H1 { font: 12pt/15pt .... }..  H2 { font: 9pt/
12pt .... }..  A:link { color: red }..  A:visited { color: maroon }..&
lt;/STYLE>..</HEAD><BODY><TABLE width=500 border=0 c
ellspacing=10><TR><TD>..<h1>............</h1&g
t;....................................................<hr>..<
p>................</p>..<ul>..<li>...............
.........................................</li>..<li>......
......................................................................
......</li>..<li>....<a href="javascript:history.back(1
)">....</a>....................</li>..</ul>..<
h2>HTTP .... 404 - ..................<br>Internet ........ (I
IS)</h2>..<hr>..<p>..............................<
;/p>..<ul>..<li>.... <a href="hXXp://go.microsoft.co
m/fwlink/?linkid=8180">Microsoft ............</a>..........&l
dquo;HTTP”..“404”........</li>..<li>....
“IIS ....”...... IIS ...... (inetmgr) ....................
....“........”..“............”..“.......
...........”........</li>..</ul>..</TD><
<<< skipped >>>


GET /pShow.php?PID=5534 HTTP/1.1
Accept: */*
Referer: hXXp://lvdou.damisou.com/a/cpv1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:05:56 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate
Set-Cookie: lgPTN43333247109351=0; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
2ffe..var popUrl = 'hXXp://lg1236.565882.com/pClick.php?ap=NTUzNHw0ODM
xYjQyYzEzM2Y5NjJjZGZhNzNjZjVjZmY1YzdjZWI0Nw==';..var lgUnionPushUrl = 
CrazyInitUrl(popUrl);..function CrazyInitUrl(urls){...var sf=0,sc=0,ol
='',sd=0;...var ae = function(p) {....v = false;....document.write('&l
t;SCRIPT LANGUAGE=VBScript>\n on error resume next \n v = IsObject(
CreateObject("' p '"))<\/SCRIPT>\n');....if(v){.....return '1';.
...}else{.....return '0';....}...};...var af = function(p) {....var m 
= '';....for (var i=0; i < navigator.mimeTypes.length; i  ){.....m 
 = navigator.mimeTypes[i].type.toLowerCase();....}....v = '0';....if (
m.indexOf(p) != -1){.....if (navigator.mimeTypes[p].enabledPlugin != n
ull) v = '1';....}....return v;...};...var __dm  = (navigator.appName.
indexOf("Netscape") != -1);...var __di  = (navigator.userAgent.toLower
Case().indexOf("msie") != -1);...var __dw = ((navigator.userAgent.toLo
werCase().indexOf("win")!=-1) || (navigator.userAgent.toLowerCase().in
dexOf("32bit")!=-1));...if(__dw && __di) sf = ae("ShockwaveFlash.Shock
waveFlash.1");...if(!__dw || __dm) fs = af("application/x-shockwave-fl
ash");...if(navigator.appName=="Netscape"){....ol = navigator.language
.substr(0,2);...}else{....ol = navigator.userLanguage.substr(0,2);...}
...try{....var us = window.screen.width '_' window.screen.height;...}c
atch(e){....var us = 0;...}...if(navigator.cookieEnabled) sc = 1;...if
(document.getElementById) sd = 1;...var t = new Date();...var pushTime
 = parseInt(t.getTime()/1000);...urls ='&pt=1&ft=' pushTime '&af='
<<< skipped >>>


GET /pClick.php?ap=NTUzNHw0ODMxYjQyYzEzM2Y5NjJjZGZhNzNjZjVjZmY1YzdjZWI0Nw==&pt=1&ft=1396991157&af=http://lvdou.damisou.com/a/cpv1.html&sf=&spm=1,1,en,1,1276_846&rn=0.3510071525383865 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive
Cookie: lgPTN43333247109351=0


HTTP/1.1 302 Found
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:06:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: lgPTN43333247109351=1; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
Set-Cookie: lgUnion43333247109351=2251; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
Set-Cookie: lgunion_track=YTo2OntzOjk6ImxnQWdlbnRJZCI7aTo0MzMzO3M6MTA6ImxnQmFubmVySWQiO2k6MjI1MTtzOjExOiJsZ1Byb2plY3RJZCI7aToxOTEzO3M6Njoic2l0ZUlkIjtpOjQzMzM7czo2OiJ1c2VySWQiO2k6MzM2NztzOjg6InVzZXJOYW1lIjtzOjU6ImdvNzg2Ijt9; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
Set-Cookie: lgunion_3_2251=1; expires=Tue, 08-Apr-2014 22:06:03 GMT; path=/; domain=.565882.com
Set-Cookie: lgunion_3=1; expires=Sat, 02-Aug-2014 14:52:42 GMT; path=/; domain=.565882.com
Location: hXXp://VVV.123xa.com/tupian/tuijian/0liangao.html?ext=MTkzxMywyMjUxLGdvNzg2LDMzNjcsNDMzMyw0MzMzLA==
0..HTTP/1.1 302 Found..Server: nginx/1.0.0..Date: Tue, 08 Apr 2014 21:
06:03 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Connec
tion: keep-alive..X-Powered-By: PHP/5.2.17..P3P: CP="IDC DSP COR CURa 
ADMa OUR IND PHY ONL COM STA"..Set-Cookie: lgPTN43333247109351=1; expi
res=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com..Set-Coo
kie: lgUnion43333247109351=2251; expires=Wed, 09-Apr-2014 16:00:00 GMT
; path=/; domain=.565882.com..Set-Cookie: lgunion_track=YTo2OntzOjk6Im
xnQWdlbnRJZCI7aTo0MzMzO3M6MTA6ImxnQmFubmVySWQiO2k6MjI1MTtzOjExOiJsZ1By
b2plY3RJZCI7aToxOTEzO3M6Njoic2l0ZUlkIjtpOjQzMzM7czo2OiJ1c2VySWQiO2k6Mz
M2NztzOjg6InVzZXJOYW1lIjtzOjU6ImdvNzg2Ijt9; expires=Wed, 09-Apr-2014 1
6:00:00 GMT; path=/; domain=.565882.com..Set-Cookie: lgunion_3_2251=1;
 expires=Tue, 08-Apr-2014 22:06:03 GMT; path=/; domain=.565882.com..Se
t-Cookie: lgunion_3=1; expires=Sat, 02-Aug-2014 14:52:42 GMT; path=/; 
domain=.565882.com..Location: hXXp://VVV.123xa.com/tupian/tuijian/0lia
ngao.html?ext=MTkzxMywyMjUxLGdvNzg2LDMzNjcsNDMzMyw0MzMzLA==..0..>....
<<< skipped >>>

GET /pClick.php?ap=NTUzNHw4NDEyMjFmYjY5NzAwNjZkYTI3NWExZjYwZmY5MGVmYWE5MA==&pt=1&ft=1396991165&af=http://lvdou.damisou.com/a/cpv1.html&sf=&spm=1,1,en,1,1276_846&rn=0.578502220407564 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive
Cookie: lgPTN43333247109351=0; lgUnion43333247109351=2251; lgunion_track=YTo2OntzOjk6ImxnQWdlbnRJZCI7aTo0MzMzO3M6MTA6ImxnQmFubmVySWQiO2k6MjI1MTtzOjExOiJsZ1Byb2plY3RJZCI7aToxOTEzO3M6Njoic2l0ZUlkIjtpOjQzMzM7czo2OiJ1c2VySWQiO2k6MzM2NztzOjg6InVzZXJOYW1lIjtzOjU6ImdvNzg2Ijt9; lgunion_3_2251=1; lgunion_3=1


HTTP/1.1 302 Found
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:06:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: lgPTN43333247109351=1; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
Set-Cookie: lgUnion43333247109351=2251-2808; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
Set-Cookie: lgunion_track=YTo2OntzOjk6ImxnQWdlbnRJZCI7aTo0MzMzO3M6MTA6ImxnQmFubmVySWQiO2k6MjgwODtzOjExOiJsZ1Byb2plY3RJZCI7aToyMDU4O3M6Njoic2l0ZUlkIjtpOjQzMzM7czo2OiJ1c2VySWQiO2k6MzM2NztzOjg6InVzZXJOYW1lIjtzOjU6ImdvNzg2Ijt9; expires=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com
Set-Cookie: lgunion_3_2808=1; expires=Tue, 08-Apr-2014 22:06:06 GMT; path=/; domain=.565882.com
Location: hXXp://dy.kk126.com/pic/uauaa/liangao/go.html?ext=MjAz1OCwyODA4LGdvNzg2LDMzNjcsNDMzMyw0MzMzLA==
0..HTTP/1.1 302 Found..Server: nginx/1.0.0..Date: Tue, 08 Apr 2014 21:
06:06 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Connec
tion: keep-alive..X-Powered-By: PHP/5.2.17..P3P: CP="IDC DSP COR CURa 
ADMa OUR IND PHY ONL COM STA"..Set-Cookie: lgPTN43333247109351=1; expi
res=Wed, 09-Apr-2014 16:00:00 GMT; path=/; domain=.565882.com..Set-Coo
kie: lgUnion43333247109351=2251-2808; expires=Wed, 09-Apr-2014 16:00:0
0 GMT; path=/; domain=.565882.com..Set-Cookie: lgunion_track=YTo2OntzO
jk6ImxnQWdlbnRJZCI7aTo0MzMzO3M6MTA6ImxnQmFubmVySWQiO2k6MjgwODtzOjExOiJ
sZ1Byb2plY3RJZCI7aToyMDU4O3M6Njoic2l0ZUlkIjtpOjQzMzM7czo2OiJ1c2VySWQiO
2k6MzM2NztzOjg6InVzZXJOYW1lIjtzOjU6ImdvNzg2Ijt9; expires=Wed, 09-Apr-2
014 16:00:00 GMT; path=/; domain=.565882.com..Set-Cookie: lgunion_3_28
08=1; expires=Tue, 08-Apr-2014 22:06:06 GMT; path=/; domain=.565882.co
m..Location: hXXp://dy.kk126.com/pic/uauaa/liangao/go.html?ext=MjAz1OC
wyODA4LGdvNzg2LDMzNjcsNDMzMyw0MzMzLA==..0..
<<< skipped >>>


GET /public/close.png HTTP/1.1
Accept: */*
Referer: hXXp://lvdou.damisou.com/a/70e1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg2.pic9382.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.5
Date: Tue, 08 Apr 2014 21:06:07 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
Last-Modified: Wed, 03 Apr 2013 02:50:19 GMT
Expires: Thu, 08 May 2014 21:06:07 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx.b...?.5........{{{7 [email protected].......*.
.d f.a.W ...SXXX.......A.122..Z.B.g.@\...@[email protected]. ..s.F....C...
"K&&&2.....<<<`1...de....pa.z.|.......n@kk ......./....-.....
z.j.....AG..a...dHJJ..u .X.:./.t....U..................d$..e...d8.9...
?.).y.....k..a....e.ul.z..................."..8.....U.b....l.(VA1.s!(.
..OPV...D.i....Bby0..!...............T..Hu.,.........w.....f5.7....oy.
2.....hp?.}.)...\....8..&..0.0..%[email protected]`.....


GET /public/close.png HTTP/1.1


Accept: */*
Referer: hXXp://lvdou.damisou.com/a/liangao1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg2.pic9382.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.5
Date: Tue, 08 Apr 2014 21:06:07 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
Last-Modified: Wed, 03 Apr 2013 02:50:19 GMT
Expires: Thu, 08 May 2014 21:06:07 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx.b...?.5........{{{7 [email protected].......*.
.d f.a.W ...SXXX.......A.122..Z.B.g.@\...@[email protected]. ..s.F....C...
"K&&&2.....<<<`1...de....pa.z.|.......n@kk ......./....-.....
z.j.....AG..a...dHJJ..u .X.:./.t....U..................d$..e...d8.9...
?.).y.....k..a....e.ul.z..................."..8.....U.b....l.(VA1.s!(.
..OPV...D.i....Bby0..!...............T..Hu.,.........w.....f5.7....oy.
2.....hp?.}.)...\....8..&..0.0..%[email protected]`.HTTP/1.1 200
 OK..Server: nginx/1.2.5..Date: Tue, 08 Apr 2014 21:06:07 GMT..Content
-Type: image/png..Content-Length: 536..Connection: keep-alive..Last-Mo
dified: Wed, 03 Apr 2013 02:50:19 GMT..Expires: Thu, 08 May 2014 21:06
:07 GMT..Cache-Control: max-age=2592000..Accept-Ranges: bytes...PNG...
.....IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....
IDATx.b...?.5........{{{7 [email protected].......*..d f.a.
W ...SXXX.......A.122..Z.B.g.@\...@[email protected]. ..s.F....C..."K&&&2.
....<<<`1...de....pa.z.|.......n@kk ......./....-.....z.j....
.AG..a...dHJJ..u .X.:./.t....U..................d$..e...d8.9...?.).y..
...k..a....e.ul.z..................."..8.....U.b....l.(VA1.s!(...OPV..
.D.i....Bby0..!...............T..Hu.,.........w.....f5.7....oy.2.....h
p?.}.)...\....8..&..0.0..%[email protected]`...
<<< skipped >>>


GET /images/w_day40.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.2345.com/?24384-1018
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.2345.com
Connection: Keep-Alive
Cookie: sts=0; _CC_={"closeSpotlight":0,"ggbd":0}; wc=54511; lc=54511; lc2=54511; wc_n=%u5317%u4EAC


HTTP/1.1 200 OK
Date: Tue, 08 Apr 2014 21:05:34 GMT
Server: Apache
Last-Modified: Wed, 04 Sep 2013 01:32:03 GMT
ETag: "163b-4e584c5c04ac0"
Accept-Ranges: bytes
Content-Length: 5691
Cache-Control: max-age=31536000
Expires: Wed, 08 Apr 2015 21:05:34 GMT
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR.....................PLTEooo)......f............O.....
U.........................................C......................."R..
........z..R...........l.......................<.....N.....N.......
.i........E..H...........D....................{..T........t...........
..................j..n.............. ...........\..[...:..........B..#
.....~..<.............................f}}}../../.....t.............
..........{................._.....?..o.....N.{......b...X..../.....Y..
 .................:.................a...........-.....q.....?.....S...
.................K.....3...........#..m...........).....O.._..E.....K.
._.................t.....O.....n...........3.....R....s...............
...............).....{..,.....B............../.....l...........J..y...
..!..H.....E...........<..............C.......u......tRNS..........
......................................................................
......................................................................
......................................................................
....................................S..%....IDATx....|.e..k..Xj.....f.
&u-....V.E];..e........u..-.... .."cC...6. .F.....t..*..............'.
..I.r..=..Yz.=.Osm.>.{.{..y.....$.0 ..m......VOQ..<..a.....l...V
l).5....`c...-...v...a....9.....C.*......u......`4..jC..E.?"..>...{
..q.=.........^[email protected]..<l"
.VV.Y\'F$......Af...6.d.t8.a..Y...N.C{a..a.M....=..FAzS.w.XyAT-...kmc.
.YH..e..).x.......7%..`.z...=R.]i..G..(......A.0....T^w..5=&@.<
<<< skipped >>>

GET /images/mystyle_wait.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.2345.com/?24384-1018
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.2345.com
Connection: Keep-Alive
Cookie: sts=0; _CC_={"closeSpotlight":0,"ggbd":0}; wc=54511; lc=54511; lc2=54511; wc_n=%u5317%u4EAC


HTTP/1.1 200 OK
Date: Tue, 08 Apr 2014 21:05:34 GMT
Server: Apache
Last-Modified: Thu, 17 Feb 2011 07:01:58 GMT
ETag: "17d-49c74f9354580"
Accept-Ranges: bytes
Content-Length: 381
Cache-Control: max-age=31536000
Expires: Wed, 08 Apr 2015 21:05:34 GMT
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: image/gif
GIF89a.............s.................!..NETSCAPE2.0.....!.......,.....
.....0h.E.0.2.\ ..^...D..e..],.._...U..........F....d..!.......,......
.....hj..&.PHa....]..!.......,...........XT.F.8...`......!.......,....
.......XTf4.).j... B.@..!.......,...........hVTJ.(..... ..J..!.......,
...........hjE.....`....]..!.......,..............."8.X!e.A.-..!......
.,.............f!.).j-.42H.E..;....


GET /right/homepage/img/block1/tab1/20140404114402.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.2345.com/?24384-1018
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.2345.com
Connection: Keep-Alive
Cookie: sts=0; _CC_={"closeSpotlight":0,"ggbd":0}; wc=54511; lc=54511; lc2=54511; wc_n=%u5317%u4EAC


HTTP/1.1 200 OK
Date: Tue, 08 Apr 2014 21:05:35 GMT
Server: Apache
Last-Modified: Tue, 08 Apr 2014 21:00:02 GMT
ETag: "11c0-4f68e4481f880"
Accept-Ranges: bytes
Content-Length: 4544
Cache-Control: max-age=31536000
Expires: Wed, 08 Apr 2015 21:05:35 GMT
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: image/jpeg
......JFIF.....`.`.....<Exif..MM.*...................1.........&...
.VVV.meitu.com....C...................................................
.................C....................................................
...................A.d..".............................................
...............}........!1A..Qa."q.2....#B...R..$3br........%&'()*4567
89:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...................................
......................................................................
.....................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&
'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz............................
........................................................?.....2.-._.F.
....B...\...;.......<E.)4..M....W..@:...95.x....j...........Z.S.~..
nm.../..."..r4dt`U..lc..w$...b.1.:...?..O........G...6.......9;@..>
...y8..|).....>...?l.v.o.......-b.t..tr...;.....N...[..m.....X.....
...py>...x:......ad...L.^..>l.......5..-.........l..1......,.e..
..>...;.....`........?.~;...............V......1...w.:2. 'G.\.>.
...._.....U..F..8%..sI|c......]...Y.^D......F.'.zW...r.......7?n..(..O
.x.|5..KR.|6....:\.........*...S.R.n3.Mz.n:..3.W..n...lU.<kN.....S.
..X.-G....r.z.......MLD#]Be...q....o.....R....Z.<W..I...#kS.r..-...
.#...........9.?.:/...-..V.V;.....2.........X7e7.~.}.......I... ....O.
'[email protected]. ..9.'M....A.6.u..?\.[.i..m"18%O*x.y..4.O,..
. ..iN;t?7.qQ...U....e....x?.....n....<..aEQ...cM.g.... ...O)..... 
......-....O.7._....5.}5VM&M...&'z...C..1.T.zW....................
<<< skipped >>>


GET /m1/popwinparamupdate.aspx?mainver=1.0.0&popver=1.0.0&xmlver=20140304160000 HTTP/1.1
User-Agent: hello crazyk
Host: update.180308.com
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 08 Apr 2014 21:11:33 GMT
Connection: close
Content-Length: 315
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""hXXp://VVV.w3.org
/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>Not Fo
und</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/ht
ml; charset=us-ascii"></HEAD>..<BODY><h2>Not Foun
d</h2>..<hr><p>HTTP Error 404. The requested resourc
e is not found.</p>..</BODY></HTML>....



GET /a/liangao1.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://lvdou.damisou.com/a/cpv1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lvdou.damisou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 338
Content-Type: text/html
Last-Modified: Mon, 24 Mar 2014 21:04:55 GMT
Accept-Ranges: bytes
ETag: "82dbcbb4a447cf1:158c"
Server: Microsoft-IIS/6.0
Date: Tue, 08 Apr 2014 21:05:53 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..</head>..&
lt;body>..<script type="text/javascript" src="hXXp://lg1236.5658
82.com/vShow.php?id=5535"></script>..<div style="display:n
one">..</div>..</body>..</html>HTTP/1.1 200 OK..C
ontent-Length: 338..Content-Type: text/html..Last-Modified: Mon, 24 Ma
r 2014 21:04:55 GMT..Accept-Ranges: bytes..ETag: "82dbcbb4a447cf1:158c
"..Server: Microsoft-IIS/6.0..Date: Tue, 08 Apr 2014 21:05:53 GMT..<
;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http:/
/VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns
="hXXp://VVV.w3.org/1999/xhtml">..<head>..</head>..<
body>..<script type="text/javascript" src="hXXp://lg1236.565882.
com/vShow.php?id=5535"></script>..<div style="display:none
">..</div>..</body>..</html>....



GET /vShow.php?id=5535 HTTP/1.1
Accept: */*
Referer: hXXp://lvdou.damisou.com/a/liangao1.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lg1236.565882.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Tue, 08 Apr 2014 21:05:56 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: lgImageHost=lg3; expires=Fri, 27-Feb-2331 14:52:35 GMT; path=/; domain=.pic9382.com
307b..(function() {..    var isReady = false;..    var readyList = [];
..    var timer;..    ready = function(fn){..        if(isReady) fn.ca
ll(document);..        else readyList.push(function(){..            re
turn fn.call(this);..        });..        return this;..    }..    var
 tops = self.setInterval("lgVshowTop()",1);..    var onDOMReady = func
tion(){..        for(var i=0;i<readyList.length;i  ){..            
readyList[i].apply(document);..        }..        readyList = null;.. 
   }..    var bindReady = function(evt){..        if (isReady) return;
..        isReady = true;..        onDOMReady.call(window);..        i
f (document.removeEventListener) {..            document.removeEventLi
stener("DOMContentLoaded", bindReady, false);..        }else if(docume
nt.attachEvent){..            document.detachEvent("onreadystatechange
", bindReady);..            if(window == window.top){..               
 clearInterval(timer);..                timer = null;..            }..
        }..    };..    if(document.addEventListener){..        documen
t.addEventListener("DOMContentLoaded", bindReady, false);..    }else i
f(document.attachEvent){..        document.attachEvent("onreadystatech
ange",..        function(){..            if ((/loaded|complete/).test(
document.readyState)) bindReady();..        });..        if(window == 
window.top){..            timer = setInterval(function(){..           
     try{..                    isReady || document.documentElement.doS
croll('left');..                }catch(e){..                    re
<<< skipped >>>
%original file name%.exe_1684:

.text
`.rdata
@.data
.ndata
.rsrc
uDSSh
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationA
ShellExecuteA
SHELL32.dll
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
verifying installer: %d%%
http://nsis.sf.net/NSIS_Error
... %d%%
~nsu.tmp
%u.%u%s%s
RegDeleteKeyExA
%s=%s
*?|<>/":
\LOCALS~1\Temp\nsjE.tmp\NSISdl.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjE.tmp\NSISdl.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjE.tmp
p0.ini
http://www.usertrust.com1
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
2Terms of use at https://www.verisign.com/rpa (c)101.0,
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
https://www.verisign.com/cps0*
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
4$4/464?4_4
1-1E1m1}1
7‚8c8x8
2%2-262=2
2$2(2,202
8.979=9~?
8 8$8(8,8
2 2$2(2,20242
5 5$50585
l.EyK
RegQueryInfoKeyA
RegEnumKeyExA
OLEAUT32.dll
SHLWAPI.dll
InternetOpenUrlA
HttpQueryInfoA
WININET.dll
imagehlp.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
.vN {
nsjE.tmp
ni&v=1.0.0.0
1.0.0.0 Setup
//down.ddqsh.org:99/ccvjdr_70567.rar
c:\%original file name%.exe
%Program Files%\greeou
%original file name%.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjD.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
ccvjdr_70567.exe
http://down.ddqsh.org:99/ccvjdr_70567.rar
333333333333
Nullsoft Install System v2.45
%Documents and Settings%\%current user%\Desktop\
Replace%Select the entire document
Arrange Icons/Arrange windows so they overlap
Cascade Windows5Arrange windows as non-overlapping tiles
Tile Windows5Arrange windows as non-overlapping tiles
Tile Windows(Split the active window into panes
1, 0, 0, 1
http://cc.tlng.org
1.0.0.0

iexplore.exe_416:




%?9-*09,*19}*09
.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
SHLWAPI.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
rsabase.dll
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
watson.microsoft.com
IEWatsonURL
%s -h %u
iedw.exe
Iexplore.XPExceptionFilter
jscript.DLL
mshtml.dll
mlang.dll
urlmon.dll
wininet.dll
shdocvw.DLL
browseui.DLL
comctl32.DLL
IEXPLORE.EXE
iexplore.pdb
ADVAPI32.dll
MsgWaitForMultipleObjects
IExplorer.EXE
IIIIIB(II<.Fg
7?_____ZZSSH%
)z.UUUUUUUU
,....Qym
````2```
{.QLQIIIKGKGKGKGKGKG
;33;33;0
8888880
8887080
browseui.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
Windows
Operating System
6.00.2900.5512

greendou.exe_1856:




.text
`.rdata
@.data
.rsrc
@.reloc
>%u5V
vSSSh
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
kernel32.dll
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
portuguese-brazilian
operator
GetProcessWindowStation
USER32.DLL
PopWinParam.xml
setup.ini
1.0.0
20131020010000
/m1/popwinparamupdate.aspx?mainver=%s&popver=%s&xmlver=%s
%d.%d.%d
%d:%d
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
&#xX;
%s="%s"
%s='%s'
version="%s"
encoding="%s"
standalone="%s"
isShow
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
InternetOpenUrlA
HttpQueryInfoA
WININET.dll
imagehlp.dll
VERSION.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
zcÁ
.?AUDWebBrowserEvents2@@
http://update.035668.com
http://update.180308.com
%Program Files%\greeou\greendou.exe
>>>222:::
:::222@@@
@@@222:::
:::222>>>
4$4/464?4_4
1-1E1m1}1
7‚8c8x8
2%2-262=2
2$2(2,202
8.979=9~?
8 8$8(8,8
2 2$2(2,20242
5 5$50585
ekernel32.dll
mscoree.dll
KERNEL32.DLL
shell.Explorer.2
Replace%Select the entire document
Arrange Icons/Arrange windows so they overlap
Cascade Windows5Arrange windows as non-overlapping tiles
Tile Windows5Arrange windows as non-overlapping tiles
Tile Windows(Split the active window into panes
1, 0, 0, 1

sqgbfvt.exe_3960:




.text
`.rdata
@.data
.ndata
.rsrc
@.reloc
RegDeleteKeyExW
Kernel32.DLL
PSAPI.DLL
%s=%s
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
GetAsyncKeyState
USER32.dll
GDI32.dll
SHFileOperationW
ShellExecuteW
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
#Lnd.Rh
.qN
H$Hz%X
c/\e%s=T
.Fl7^
D$À
> >$>(>,>0>|>
Thawte Certification1
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
&https://www.globalsign.com/repository/03
"http://crl.globalsign.net/root.crl0
http://ts-ocsp.ws.symantec.com07
 http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
 http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
[email protected]
&https://www.globalsign.com/repository/0
-http://crl.globalsign.com/gs/gscodesigng2.crl0P
4http://secure.globalsign.com/cacert/gscodesigng2.crt0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
Nullsoft Install System v2.46.5-Unicode
logging set to %d
settings logging to %d
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack < %d elements
RMDir: "%s"
MessageBox: %d,"%s"
Delete: "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename on reboot: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
Sleep(%d)
detailprint: %s
Call: %d
Aborting: "%s"
Jump: %d
verifying installer: %d%%
unpacking data: %d%%
... %d%%
http://nsis.sf.net/NSIS_Error
~nsu.tmp
install.log
%u.%u%s%s
Skipping section: "%s"
Section: "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
*?|<>/":
invalid registry key
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
LOCALS~1\Temp\nsf11.tmp\tmpdzqj4c.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf11.tmp\tmpdzqj4c.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf11.tmp
Nullsoft Install System v2.46.5-Unicode
%Program Files%\
sf11.tmp
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf11.tmp\tmpdzqj4c.dll" (overwriteflag=1)
p\tmpdzqj4c.dll"
:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\sqgbfvt.exe"
"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\sqgbfvt.exe"
%Program Files%\Baidu\BaiduSd
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
sqgbfvt.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nslF.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\sqgbfvt.exe
436864026
1.0.18.648


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    wuauclt.exe:540
    %original file name%.exe:1684
    sqgbfvt.exe:3960

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vExport[2].js (2187 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (145 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2276/270200[1].swf (1728 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vExport[1].js (1927 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\liangao1[1].htm (338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\close[1].png (536 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\close[1].png (536 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAG1AJ4X.htm (1875 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (5784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vDisplay[2].htm (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vShow[1].htm (7973 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpv1[1].htm (797 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (2587 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vDisplay[1].htm (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA8H0LKB.htm (603 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\70e1[1].htm (338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vShow[1].htm (8851 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2276/270200[2].swf (1728 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@565882[2].txt (2552 bytes)
    %WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
    %WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (2016 bytes)
    %WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Â̶¹ä¯ÀÀÆ÷\Â̶¹ä¯ÀÀÆ÷.lnk (678 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ccvjdr_70567.exe (145540 bytes)
    %Program Files%\greeou\greendou.exe (7764 bytes)
    %Program Files%\greeou\PopWinParam.xml (4 bytes)
    %Documents and Settings%\%current user%\Desktop\Â̶¹ä¯ÀÀÆ÷.lnk (666 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjE.tmp\p0.ini.log (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\sqgbfvt.exe (258236 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjE.tmp\NSISdl.dll (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\tmpdzqj4c.dll (87814 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\hu.dll (3312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\dl.dll (65930 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDMSkin.dll (38495 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDMReport.dll.bdl (3248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDMNetGetInfo.dll (9608 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDLogicUtils.dll (30968 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\res\onlineWnd.zip (6360 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq10.tmp (163469 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsf11.tmp\BDMDownload.dll (5520 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ico_tuniu_2[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mz_toggle[1].png (986 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\logo162x54_2[1].png (3333 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@2345[1].txt (2135 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@778669[1].txt (133 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\common_20140403_01[1].js (1681 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tip_stopXP[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[2].js (916 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\5shk[1].html (552 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\func_20140408_01[1].js (977 bytes)
    %Documents and Settings%\%current user%\UserData\2Z89WTQV\siteClicks[1].xml (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\topic_zhineng[1].jpg (2635 bytes)
    %Documents and Settings%\%current user%\UserData\KTOR0Z81\__his__[1].xml (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index_20140408_04[1].css (3233 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\body0_2[1].png (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2b[1].jpg (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ico[1].png (735 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\lazyloading[1].gif (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\topic_xpstopupdate[1].jpg (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\2345[1].htm (10160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ico_vipshop[1].png (439 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\4d[1].jpg (14995 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\mz_0408_58[1].gif (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140331195924[1].jpg (6 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\zjsVersion[1].js (274 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].js (475 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\m_close[1].png (987 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\20140404114402[1].jpg (4 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@ajax[2].txt (328 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2345_0225[1].eot (3644 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\blank[1].png (953 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (148 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tmall_GIF_0214[1].gif (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mz_0408[1].png (594 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@2345[3].txt (328 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\index[1].html (264 bytes)
    %Documents and Settings%\%current user%\UserData\4XCFALMJ\data-userdata[1].xml (194 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ico_amazon[1].png (536 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1a[1].jpg (5388 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@2345[2].txt (2626 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@778669[2].txt (745 bytes)
    %Documents and Settings%\%current user%\UserData\YJM90VAL\data-userdata[1].xml (162 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\sjlm[1].png (428 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\mystyle_wait[1].gif (381 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i_tmall[1].png (1 bytes)
    %Documents and Settings%\%current user%\UserData\YJM90VAL\wc[1].xml (126 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (335 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\mz_0307[1].png (1 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@ajax43[2].txt (335 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\time[1].txt (0 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\myfav_0218[1].png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\baidu_web[1].gif (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\entertainChannel_20140103[1].js (7 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@ajax43[1].txt (158 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140325164946[1].jpg (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\baidu_20140110_01[1].js (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\w_day40[1].png (5 bytes)
    %Documents and Settings%\%current user%\UserData\YJM90VAL\__siteClicksTip__[1].xml (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tipSet_ie6[1].png (731 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\456[1].htm (3003 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin0_19[1].png (643 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\w_night40[1].png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\i_lieping2[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tmall0401[1].jpg (2136 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\gameChannel_20140103[1].js (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\google_web[1].gif (2 bytes)
    %Documents and Settings%\%current user%\UserData\2Z89WTQV\lc[1].xml (126 bytes)
    %Documents and Settings%\%current user%\UserData\KTOR0Z81\data-userdata[1].xml (266 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (141 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140331195919[1].jpg (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\6f[1].jpg (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3c[1].jpg (4152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\input_20140408_01[1].js (9 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@ajax[1].txt (154 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\icos23[1].png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\newsChannel_20140103[1].js (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ico_taobao[1].png (958 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\bgs14[1].png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140409[1].js (53 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\5e[1].jpg (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\2345[1] (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index[1].php (2401 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\chart100x100[1].png (6 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now