Trojan.Win32.Alureon_bec2c7f139
HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Alureon.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
MD5: bec2c7f1395083aef6948e1ba118cfaf
SHA1: 475cd88c6c1d582a15f6900182f911708a668d61
SHA256: e31705ac21d687b1380aa69fcfe69e00fca4927cee26ad9e4dc84a4ef5c35c38
SSDeep: 3072:GHlSRC9Z/ejxn37BU86VLKyOGXWSl1xh10TPHP 5dJ/5qw4wknY:clSRC9ZeJBU8ULUKk7S5q1xY
Size: 152059 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: WinterSoft
Created at: 2011-01-31 19:44:13
Summary:
Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
desktopy-plugins.exe:1728
amt_dosearches.exe:1476
ctfmon.exe:536
Updater.exe:1184
Updater.exe:888
dp.exe:2456
software__3470_il4326946.exe:972
DealPlyUpdateVer.exe:3440
Baofeng.exe:752
Baofeng.exe:2268
eGdpSvc.exe:2536
eGdpSvc.exe:2424
fileseta.exe:604
DealPlyLive.exe:2276
DealPlyLive.exe:3660
DealPlyLive.exe:2228
DealPlyLive.exe:3104
DealPlyLive.exe:3124
DealPlyLive.exe:3004
DealPlyLive.exe:3524
DealPlyLive.exe:3312
schtasks.exe:3400
schtasks.exe:3372
iexplore.exe:1412
desktopy_1.exe:1068
uninst.exe:2548
regsvr32.exe:2604
regsvr32.exe:2700
msiexec.exe:2480
%original file name%.exe:1980
The Trojan injects its code into the following process(es):
eGdpSvc.exe:2596
desktopy.exe:572
File activity
The process desktopy-plugins.exe:1728 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\desktopy\uninstall.exe (47270 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\widgets.dat (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\desktopy.oex (992 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\nszD.tmp (516 bytes)
C:\sqlite3.dll (597460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\System.dll (11264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\Processes.dll (36669 bytes)
C:\desktopyHelper.exe (120899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opera.patch.txt (365 bytes)
C:\xromDesk.exe (633607 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\wuid-7a532543-ed74-7a4b-be21-84042bfde73b\prefs.dat (486 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\widgets.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\Processes.dll (0 bytes)
C:\xromDesk.exe (0 bytes)
The process amt_dosearches.exe:1476 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\UpDate.dll (109056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\conf (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\1.1.7.8.crx (430850 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\eGdpSvc.exe (1771688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\DataBase (1174544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.json (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp (2478080 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\package1.zip (3666594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.db (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\Baofeng.exe (132992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\ep.zip (55601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\package2.zip (4483456 bytes)
The process Updater.exe:1184 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rfsE.tmp (1 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe (291880 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.xml (6311 bytes)
%WinDir%\Tasks\AmiUpdXp.job (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rfsF.tmp (48 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater (4096 bytes)
The process dp.exe:2456 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon128.png (11786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crxls\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage (3072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults\preferences\defaults.js (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\manifest.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyIE.dll (165920 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon16.png (998 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome.manifest (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdate.exe (143960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\o-update\DealPlyLive.exe (718880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\install.rdf (1036 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.crx (51066 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\uninst.exe (958464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\background.js (94750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\icon.ico (15086 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon48.png (3885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\images\icon32.png (2465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.xpi (4126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateVer.exe (174136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\dealplyshopping.xul (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateRun.exe (130744 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome.manifest (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults\preferences\defaults.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\o-update\DealPlyLive.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\install.rdf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.xpi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crxls (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences\defaults.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\o-update (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyIE.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images\icon32.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome.manifest (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\icon.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crxls\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\dealplyshopping.xul (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateRun.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\install.rdf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults\preferences (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\dealplyshopping.xul (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon48.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\images\icon32.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyIE64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\background.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateVer.exe (0 bytes)
The process software__3470_il4326946.exe:972 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh5.tmp (305132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh6.tmp (463568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh3.tmp (3071721 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\index[1].htm (16431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ami2.tmp.ico (766 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh4.tmp (250644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\desktop.ini (67 bytes)
D:\Jason_Derulo_ft._2_Chainz_-_Talk_Dirty_(get-tune.net).mp3 (2998641 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\amipb[1].js (31191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh7.tmp (1544092 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ami2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Updater.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ami2.tmp.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Jason_Derulo_ft._2_Chainz_-_Talk_Dirty_(get-tune.net).mp3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dp.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\desktopy_1.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amt_dosearches.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (0 bytes)
The process Baofeng.exe:752 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\UpDate.dll (92672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\1.1.7.8.crx (414466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\Baofeng.exe (116608 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\ЗапуÑтить обозреватель Internet Explorer.lnk (1011 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\amt_dosearches.json (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\conf (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\DataBase (1125392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\package1.zip (1392290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\ep.zip (39217 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\Internet Explorer.lnk (999 bytes)
The process Baofeng.exe:2268 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.db (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\eGdpSvc.exe (3414168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp (8192 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.db (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\eGdpSvc.exe (0 bytes)
The process eGdpSvc.exe:2536 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\eSafe\log\eGdpSvc.LOG (670 bytes)
The process eGdpSvc.exe:2596 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\eSafe\log\eGdpSvc.LOG (1130 bytes)
The process eGdpSvc.exe:2424 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\eSafe\eGdpSvc.exe (3414168 bytes)
%Documents and Settings%\All Users\Application Data\eSafe (4096 bytes)
The process fileseta.exe:604 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (61440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\guig.dll (20480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-fsa.cmd (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\setup_temp.gea (10336 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\guig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-fsa.cmd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\setup_temp.gea (0 bytes)
C:\BEC2C7F1395083AEF6948E1BA118CFAF.EXE (0 bytes)
The process DealPlyLive.exe:2276 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (1104 bytes)
The process DealPlyLive.exe:3660 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Cab14.tmp (48483 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll (32288 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll (40992 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\psuser.dll (158240 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 (128 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll (36896 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D (132 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll (158240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe (61984 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (241696 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll (37408 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll (33312 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll (33312 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll (35360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar13.tmp (146652 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab16.tmp (54009 bytes)
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (5426 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404 (126 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll (55328 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll (39456 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll (48160 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll (29728 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab12.tmp (48483 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (54009 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll (46624 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll (29728 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll (46112 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll (818208 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404 (53259 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi (40960 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D (494 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 (75433 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll (50208 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll (46112 bytes)
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineCore.job (886 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar15.tmp (146652 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll (32288 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\DealPlyLive.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll (48672 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll (36384 bytes)
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineUA.job (890 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll (34336 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll (30240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll (38432 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll (30240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar17.tmp (160255 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll (42528 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll (46624 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll (32288 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll (38432 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (116 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll (32800 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (122 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe (61984 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll (30752 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Tar13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar15.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab14.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab16.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab12.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar17.tmp (0 bytes)
The process DealPlyLive.exe:2228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (5578 bytes)
The process DealPlyLive.exe:3104 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (5474 bytes)
The process DealPlyLive.exe:3124 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (2878 bytes)
The process DealPlyLive.exe:3004 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (1222 bytes)
The process DealPlyLive.exe:3524 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-BR.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_it.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ro.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_iw.dll (33312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHandler.exe (148000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bg.dll (40992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\npGoogleUpdate3.dll (241696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sl.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_id.dll (30240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_de.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sv.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lv.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hi.dll (46624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_el.dll (42528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ko.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hu.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_cs.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sr.dll (39456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_gu.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT11.tmp (7520256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ms.dll (30240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fa.dll (36384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_da.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psuser.dll (158240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_et.dll (29728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bn.dll (46624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sw.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_uk.dll (38432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ru.dll (38432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_am.dll (35360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ta.dll (50208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_tr.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_te.dll (48160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ml.dll (55328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lt.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_no.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psmachine.dll (158240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-PT.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ur.dll (37408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ja.dll (36896 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hr.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en-GB.dll (29728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_is.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_mr.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sk.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ar.dll (34336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveOnDemand.exe (61984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveBroker.exe (61984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLive.exe (148000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_kn.dll (48672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_vi.dll (33312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-CN.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_th.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fr.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pl.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fi.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_nl.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-TW.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ca.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHelper.msi (40960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fil.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es-419.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdate.dll (1342496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es.dll (32800 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-BR.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_it.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ro.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_iw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHandler.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\npGoogleUpdate3.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_id.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_de.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_el.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ko.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_cs.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_gu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ms.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fa.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_da.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psuser.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_et.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_uk.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ru.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_am.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ta.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_tr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_te.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_no.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psmachine.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-PT.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ur.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ja.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_is.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_mr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sk.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ar.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveOnDemand.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveBroker.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLive.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_kn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_vi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-CN.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_th.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_nl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-TW.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ca.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHelper.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fil.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es-419.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en-GB.dll (0 bytes)
The process DealPlyLive.exe:3312 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (3818 bytes)
The Trojan deletes the following file(s):
%Program Files%\DealPlyLive\Update\Install (0 bytes)
The process schtasks.exe:3400 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Tasks\DealPlyUpdate.job (288 bytes)
The process iexplore.exe:1412 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Cookies\test@desktopy[2].txt (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\green_arrow[1].png (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\logo_huge[1].png (22860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\setiecookie[1].htm (2624 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013111120131112\index.dat (32768 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (24576 bytes)
%Documents and Settings%\%current user%\Cookies\test@desktopy[1].txt (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\setcook[1].css (859 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\success_01[1].jpg (43768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\success_02[1].jpg (64525 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013093020131001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013093020131001\index.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\test@desktopy[1].txt (0 bytes)
The process desktopy_1.exe:1068 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsm9.tmp (399709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktopy-plugins[1].exe (761152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\System.dll (11264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktopy[1].exe (827392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\inetc.dll (25600 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy-plugins.exe (761152 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\uninstall.exe (106170 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\desktopy.ru\desktopy.lnk (878 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe (827392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Рабочий Ñтол\desktopy.lnk (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\ShellExecAsUser.dll (7168 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsh8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy-plugins.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\ShellExecAsUser.dll (0 bytes)
The process uninst.exe:2548 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DealPlyUpdateVer.exe (108600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome.manifest (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\manifest.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images\icon32.png (2465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences\defaults.js (42 bytes)
%Program Files%\DealPly\DealPly.crx (51066 bytes)
%Program Files%\DealPly\DealPlyUpdateVer.exe (108600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\logs\uninst.log (2181 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\install.rdf (1036 bytes)
%Program Files%\DealPly\uninst.exe (892928 bytes)
%Program Files%\DealPly\DealPlyIE.dll (100384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\dealplyshopping.xul (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon128.png (11786 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\DealPly\DealPly Help.url (121 bytes)
%Program Files%\DealPly\DealPlyUpdate.exe (78424 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\background.js (94750 bytes)
%Program Files%\DealPly\icon.ico (15086 bytes)
%Program Files%\DealPly\DealPly.xpi (4126 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\DealPly\Uninstall DealPly.lnk (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon16.png (998 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\DealPly\DealPly.url (117 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon48.png (3885 bytes)
%Program Files%\DealPly\DealPlyUpdateRun.exe (92704 bytes)
The process msiexec.exe:2480 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\config\SYSTEM (53248 bytes)
%System%\config\system.LOG (10240 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (17920 bytes)
%WinDir%\Installer\6cfc25.msi (43520 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (61440 bytes)
%WinDir%\Installer\6cfc28.ipi (22228 bytes)
%WinDir%\Installer\MSI18.tmp (1587 bytes)
%System%\config (28672 bytes)
%Documents and Settings%\%current user% (28672 bytes)
%WinDir%\Installer (12288 bytes)
%WinDir%\Installer\6cfc29.msi (73239 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Мои документы\Мои риÑунки (0 bytes)
%WinDir%\Installer\6cfc25.msi (0 bytes)
%Documents and Settings%\All Users\Главное меню\Программы\ÐдминиÑтрирование (0 bytes)
%WinDir%\Installer\6cfc28.ipi (0 bytes)
D:\MSIcfc27.tmp (0 bytes)
%WinDir%\Installer\MSI18.tmp (0 bytes)
C:\MSIcfc26.tmp (0 bytes)
The process %original file name%.exe:1980 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (61440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\guig.dll (20480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\software__3470_il4326946.exe (371540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.txt (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.exe (86191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\setup_temp.gea (4386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-sf.cmd (42 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\guig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\software__3470_il4326946.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\setup_temp.gea (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-sf.cmd (0 bytes)
Registry activity
The process desktopy-plugins.exe:1728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F DA AC 22 DD 82 0C 5F 88 CC FB 43 F8 94 D7 10"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktopy]
"UninstallString" = "%Program Files%\desktopy\uninstall.exe"
"DisplayName" = "desktopy"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
The process amt_dosearches.exe:1476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp\fullpackage_temp]
"Baofeng.exe" = "暴风影音å‡çº§ç¨‹åº"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 41 E7 4A B6 EF 11 25 B7 07 35 F9 B2 1B 88 C0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process ctfmon.exe:536 makes changes in the system registry.
The Trojan deletes the following value(s) in system registry:
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"
The process Updater.exe:1184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"DisplayName" = "Software Version Updater"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data\SwvUpdater]
"Updater.exe" = "Updater"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe /uninstall"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"InstallLocation" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"DisplayVersion" = "1.1.3.8"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"DisplayIcon" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe,0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 E1 8F 2A 88 C3 F2 E9 29 4B 66 CE 70 E0 3B BE"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level" = ""
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"NoModify" = "1"
"NoRepair" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"SwvUpdtr"
The process Updater.exe:888 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}\TypeLib]
"(Default)" = "{A0EE0278-2986-4E5A-884E-A3BF0357E476}"
[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}]
"(Default)" = "IAmiUpd"
[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}]
"(Default)" = "AmiUpd Class"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}\1.0]
"(Default)" = "UpdaterLib"
[HKCR\Updater.AmiUpd\CurVer]
"(Default)" = "Updater.AmiUpd.1"
[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\VersionIndependentProgID]
"(Default)" = "Updater.AmiUpd"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}\1.0\0\win32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe"
[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}\TypeLib]
"Version" = "1.0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\Version]
"(Default)" = "1.0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKCR\Updater.AmiUpd.1\CLSID]
"(Default)" = "{67BD9EEB-AA06-4329-A940-D250019300C9}"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe"
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKCR\Updater.AmiUpd]
"(Default)" = "AmiUpd Class"
[HKCR\Updater.AmiUpd.1]
"(Default)" = "AmiUpd Class"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 91 76 DB 52 92 9B 83 D4 97 50 69 6C D6 E7 FB"
[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\TypeLib]
"(Default)" = "{A0EE0278-2986-4E5A-884E-A3BF0357E476}"
[HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}\1.0\HELPDIR]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\LocalServer32]
"ServerExecutable" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\ProgID]
"(Default)" = "Updater.AmiUpd.1"
[HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}]
"AppID" = "{D360864B-312F-4EC7-B99C-B87B753C13A5}"
The process dp.exe:2456 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 B3 F4 1F B2 95 0E 6F DE A4 BA F1 29 DF BC F6"
The process software__3470_il4326946.exe:972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32]
"(Default)" = "C:\DOCUME~1\test\LOCALS~1\Temp\software__3470_il4326946.exe"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\VersionIndependentProgID]
"(Default)" = "AmiBs.Installer"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\Version]
"(Default)" = "1.0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib]
"(Default)" = "{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}"
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}]
"(Default)" = "Installer Class"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp]
"desktopy_1.exe" = "desktopy_1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2F 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32]
"ServerExecutable" = "C:\DOCUME~1\test\LOCALS~1\Temp\software__3470_il4326946.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKCR\AmiBs.Installer.1\CLSID]
"(Default)" = "{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}"
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\0\win32]
"(Default)" = "C:\DOCUME~1\test\LOCALS~1\Temp\software__3470_il4326946.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCR\AmiBs.Installer]
"(Default)" = "Installer Class"
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\HELPDIR]
"(Default)" = "C:\DOCUME~1\test\LOCALS~1\Temp"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}]
"(Default)" = "IBoot"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "software__3470_il4326946.exe"
[HKCR\AmiBs.Installer.1]
"(Default)" = "Installer Class"
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\TypeLib]
"(Default)" = "{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}"
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\ProgID]
"(Default)" = "AmiBs.Installer.1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib]
"Version" = "1.0"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1383940624"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp]
"Updater.exe" = "Updater"
"dp.exe" = "DealPly"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 7F 2A 05 C0 CD FE 6A F9 29 39 29 C6 DA 86 41"
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0]
"(Default)" = "InstallerLib"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKCR\AmiBs.Installer\CurVer]
"(Default)" = "AmiBs.Installer.1"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\software__3470_il4326946\DEBUG]
"Trace Level" = ""
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp]
"amt_dosearches.exe" = "Skytech Downloader"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib]
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\Version]
[HKCR\AmiBs.Installer.1\CLSID]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\ProgID]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\0\win32]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\FLAGS]
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}]
[HKCR\AmiBs.Installer.1]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\TypeLib]
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\0]
[HKCR\AmiBs.Installer]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\Programmable]
[HKCR\AmiBs.Installer\CurVer]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\VersionIndependentProgID]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\HELPDIR]
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\software__3470_il4326946\DEBUG]
"Trace Level"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoConfigURL"
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32]
"ServerExecutable"
The process DealPlyUpdateVer.exe:3440 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 05 84 B2 49 0F 07 72 BE 66 CB 8E 46 DD 29 9E"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
The process Baofeng.exe:752 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command]
"(Default)" = "%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=sc&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"
[HKLM\SOFTWARE\dosearchesSoftware\dosearcheshp]
"Time" = "Type: REG_QWORD, Length: 8"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Главное меню"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Документы\ÐœÐ¾Ñ Ð¼ÑƒÐ·Ñ‹ÐºÐ°"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"
[HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=sc&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\Мои документы\Мои риÑунки"
[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Главное меню"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Документы\Мои видеозапиÑи"
"CommonPictures" = "%Documents and Settings%\All Users\Документы\Мои риÑунки"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 59 07 C8 C8 F7 B6 BF 3E A0 BB BD 1A F5 34 93"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Главное меню\Программы"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Главное меню\Программы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\dosearchesSoftware\dosearcheshp]
"oem" = "amt"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"
The process Baofeng.exe:2268 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 C4 0E B1 33 D0 AA D1 4E 4F 6B 91 19 DD 2A 99"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp\fullpackage_temp]
"eGdpSvc.exe" = "Wsys Control 10.2.1.2652"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process eGdpSvc.exe:2536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 00 68 AA EF 11 F6 E9 62 9C D7 93 8E 9E D4 3C"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\WsysSvc]
"EventMessageFile" = "%Documents and Settings%\All Users\e-"
[HKLM\SOFTWARE\eSafeSecControl]
"sid" = "eGdp"
"pid" = "eSafe"
"channel" = "eGdp"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\WsysSvc]
"TypesSupported" = "7"
[HKLM\SOFTWARE\eSafeSecControl]
"ptid" = "amt"
"ver" = "10.2.1.2652"
The process eGdpSvc.exe:2596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 4A B3 2C 09 A2 CF 31 26 87 64 F9 AA C9 89 8C"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\eSafeSecControl]
"sid" = "eGdp"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\eSafeSecControl]
"ver" = "10.2.1.2652"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"
The process eGdpSvc.exe:2424 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 79 2B F3 74 16 73 E8 30 12 71 24 83 53 51 5F"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"UninstallString" = "%Documents and Settings%\All Users\Application Data\eSafe\eGdpSvc.exe -unsvc"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\All Users\Application Data\eSafe]
"eGdpSvc.exe" = "Wsys Control 10.2.1.2652"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"publisher" = "Wsys Co., Ltd."
"DisplayName" = "Wsys Control 10.2.1.2652"
"DisplayIcon" = "%Documents and Settings%\All Users\Application Data\eSafe\eGdpSvc.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"DisplayVersion" = "10.2.1.2652"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process fileseta.exe:604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Избранное"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Главное меню"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Главное меню\Программы\Ðвтозагрузка"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Документы\ÐœÐ¾Ñ Ð¼ÑƒÐ·Ñ‹ÐºÐ°"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
"Common Startup" = "%Documents and Settings%\All Users\Главное меню\Программы\Ðвтозагрузка"
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\Мои документы\Мои риÑунки"
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
"Start Menu" = "%Documents and Settings%\%current user%\Главное меню"
"My Music" = "%Documents and Settings%\%current user%\Мои документы\ÐœÐ¾Ñ Ð¼ÑƒÐ·Ñ‹ÐºÐ°"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Документы\Мои видеозапиÑи"
"CommonPictures" = "%Documents and Settings%\All Users\Документы\Мои риÑунки"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 3B F1 68 A5 DA F4 AF 0F C9 D9 D3 EC C1 69 D8"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Главное меню\Программы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
"Programs" = "%Documents and Settings%\%current user%\Главное меню\Программы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Избранное"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
The process DealPlyLive.exe:2276 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}]
"AppID" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"
[HKCR\DealPlyLiveUpdate.Update3COMClassService]
"(Default)" = "Update3COMClass"
[HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"(Default)" = "ServiceModule"
[HKCR\DealPlyLiveUpdate.CoreClass\CLSID]
"(Default)" = "{CA5D945F-E738-4D0B-A0B5-25AC51C64659}"
[HKCR\DealPlyLiveUpdate.CoreClass\CurVer]
"(Default)" = "DealPlyLiveUpdate.CoreClass.1"
[HKCR\DealPlyLiveUpdate.Update3COMClassService.1.0]
"(Default)" = "Update3COMClass"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0\CLSID]
"(Default)" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"
[HKCR\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}]
"LocalService" = "dealplylive"
[HKCR\DealPlyLiveUpdate.Update3WebSvc]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}\ProgID]
"(Default)" = "DealPlyLiveUpdate.Update3COMClassService.1.0"
[HKCR\DealPlyLiveUpdate.CoreClass.1\CLSID]
"(Default)" = "{CA5D945F-E738-4D0B-A0B5-25AC51C64659}"
[HKCR\DealPlyLiveUpdate.Update3COMClassService.1.0\CLSID]
"(Default)" = "{F48FC5B2-094A-44C7-B48C-289738C9582D}"
[HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}\ProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0"
[HKCR\DealPlyLiveUpdate.Update3COMClassService\CurVer]
"(Default)" = "DealPlyLiveUpdate.Update3COMClassService.1.0"
[HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}\ProgID]
"(Default)" = "DealPlyLiveUpdate.CoreClass.1"
[HKCR\DealPlyLiveUpdate.Update3WebSvc\CurVer]
"(Default)" = "DealPlyLiveUpdate.Update3WebSvc.1.0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}]
"(Default)" = "Update3COMClass"
[HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"(Default)" = "DealPly Live Legacy On Demand"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc\CurVer]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0"
[HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.CoreClass"
[HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}]
"AppID" = "{F48FC5B2-094A-44C7-B48C-289738C9582D}"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc\CLSID]
"(Default)" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"
[HKCR\DealPlyLiveUpdate.Update3COMClassService\CLSID]
"(Default)" = "{F48FC5B2-094A-44C7-B48C-289738C9582D}"
[HKCR\DealPlyLiveUpdate.CoreClass.1]
"(Default)" = "DealPly Live Core Class"
[HKCR\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}]
"(Default)" = "ServiceModule"
"ServiceParameters" = "/comsvc"
[HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}\ProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebSvc.1.0"
[HKCR\DealPlyLiveUpdate.Update3WebSvc\CLSID]
"(Default)" = "{F7698761-4ABA-45C2-A5BB-D2163922C725}"
[HKCR\AppID\DealPlyLive.exe]
"AppID" = "{F48FC5B2-094A-44C7-B48C-289738C9582D}"
[HKCR\DealPlyLiveUpdate.CoreClass]
"(Default)" = "DealPly Live Core Class"
[HKCR\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"LocalService" = "dealplylivem"
[HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}]
"(Default)" = "DealPly Live Core Class"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "38 54 FC 9B 1E 0B D0 90 03 53 01 44 A9 E6 4F 3B"
[HKCR\DealPlyLiveUpdate.Update3WebSvc.1.0\CLSID]
"(Default)" = "{F7698761-4ABA-45C2-A5BB-D2163922C725}"
[HKCR\DealPlyLiveUpdate.Update3WebSvc.1.0]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc]
"(Default)" = "DealPly Live Legacy On Demand"
[HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.Update3COMClassService"
[HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebSvc"
[HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"AppID" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0]
"(Default)" = "DealPly Live Legacy On Demand"
[HKCR\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"ServiceParameters" = "/comsvc"
[HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}]
"AppID" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"
[HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassSvc"
The Trojan deletes the following registry key(s):
[HKCR\AppID\DealPlyLive.exe]
The process DealPlyLive.exe:3660 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\43DDB1FFF3B49B73831407F6BC8B975023D07C50]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 00 53 1D 1D"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 E6 0B D2 C9"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4B421F7515F6AE8A6ECEF97F6982A400A4D9224E]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 5A 11 B9 22"
[HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}]
"(Default)" = "DealPlyLive Update Plugin"
[HKCR\DealPlyLive.Update3WebControl.3]
"(Default)" = "DealPlyLive Update Plugin"
[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3]
"Version" = "3"
[HKCR\DealPlyLive.Update3WebControl.3\CLSID]
"(Default)" = "{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 DD 75 3F 56"
[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"client" = "{"h":"v24873227192535853216202013111104154816","p":"dpmnt","c":"dpmnt3470","v":"4873"}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4C95A9902ABE0777CED18D6ACCC3372D2748381E]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 4B 1C 56 8C"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4072BA31FEC351438480F62E6CB95508461EAB2F]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 70 B5 7C 48"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 C5 70 C4 A2"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}]
"Policy" = "3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\209900B63D955728140CD13622D8C687A4EB0085]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 1E 74 C3 86"
[HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}\InprocServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}]
"Policy" = "3"
[HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}\ProgID]
"(Default)" = "DealPlyLive.Update3WebControl.3"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24BA6D6C8A5B5837A48DB5FAE919EA675C94D217]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 7B B5 08 99"
[HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\InprocServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4BA7B9DDD68788E12FF852E1A024204BF286A8F6]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 18 AE 69 5D"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\394FF6850B06BE52E51856CC10E180E882B385CC]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 AA BF BF 64"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 3E 80 17 5B"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0048F8D37B153F6EA2798C323EF4F318A5624A9E]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 15 B2 98 A3"
[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"Vendor" = "DealPly Technologies Ltd"
[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3]
"Description" = "DealPlyLive Update"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4463C531D7CCC1006794612BB656D3BF8257846F]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 74 7B 82 03"
[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3]
"Vendor" = "DealPly Technologies Ltd"
"Path" = "%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0483ED3399AC3608058722EDBC5E4600E3BEF9D7]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 4C 56 41 E5"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}]
"AppPath" = "%Program Files%\DealPlyLive\Update"
[HKLM\SOFTWARE\DealPlyLive\Update]
"version" = "1.3.23.0"
"path" = "%Program Files%\DealPlyLive\Update\DealPlyLive.exe"
[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"Version" = "9"
[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"pv" = "1.3.23.0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKLM\SOFTWARE\DealPlyLive\Update\Clients\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"name" = "DealPly Live"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 45 ED 9B BC"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\216B2A29E62A00CE820146D8244141B92511B279]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 E1 4B 52 73"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\284F55C41A1A7A3F8328D4C262FB376ED6096F24]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 01 1A 3F 4D"
[HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}]
"(Default)" = "DealPlyLive Update Plugin"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}]
"AppName" = "DealPlyLive.exe"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\43F9B110D5BAFD48225231B0D0082B372FEF9A54]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 25 9D CF 5E"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2F173F7DE99667AFA57AF80AA2D1B12FAC830338]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 AB BF EA E3"
[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"Description" = "DealPlyLive Update"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 85 2F F4 76"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3]
"CLSID" = "{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 F2 7D E9 54"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DealPlyLive.exe]
"DisableExceptionChainValidation" = "0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}]
"AppName" = "DealPlyLiveBroker.exe"
[HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\DealPlyLive\Update]
"DealPlyLive.exe" = "DealPlyLive Update"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 A9 23 75 9B"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\36863563FD5128C7BEA6F005CFE9B43668086CCE]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 3A B2 DE 22"
[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"Path" = "%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 00 7C 2D FE 9A 14 D1 35 80 C9 DD 19 12 E8 9D"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\273EE12457FDC4F90C55E82B56167F62F532E547]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 DB 23 3D F9"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}]
"AppPath" = "%Program Files%\DealPlyLive\Update\1.3.23.0"
[HKLM\SOFTWARE\DealPlyLive\Update\Clients\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"pv" = "1.3.23.0"
[HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\ProgID]
"(Default)" = "DealPlyLive.OneClickCtrl.9"
[HKCR\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9]
"CLSID" = "{7F1796B2-BEC6-427B-B734-F9C75ED94A80}"
[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"brand" = "GGLS"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 50 E1 41 9D"
[HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 2A 5D 00 37"
[HKCR\DealPlyLive.OneClickCtrl.9]
"(Default)" = "DealPlyLive Update Plugin"
[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"InstallTime" = "1384143387"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 26 6D 2C 19"
[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3]
"ProductName" = "DealPlyLive Update"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47AFB915CDA26D82467B97FA42914468726138DD]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 50 19 3E 2F"
[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"ProductName" = "DealPlyLive Update"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EF2E6670AC9B5091FE06BE0E5483EAAD6BA32D9]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 03 42 87 D7"
[HKCR\DealPlyLive.OneClickCtrl.9\CLSID]
"(Default)" = "{7F1796B2-BEC6-427B-B734-F9C75ED94A80}"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1F55E8839BAC30728BE7108EDE7B0BB0D3298224]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 8C D7 9F EB"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\DealPlyLive\Update]
"LastChecked"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"43F9B110D5BAFD48225231B0D0082B372FEF9A54"
[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"UpdateAvailableSince"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"4C95A9902ABE0777CED18D6ACCC3372D2748381E"
"0048F8D37B153F6EA2798C323EF4F318A5624A9E"
"3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA"
"273EE12457FDC4F90C55E82B56167F62F532E547"
"209900B63D955728140CD13622D8C687A4EB0085"
"4BA7B9DDD68788E12FF852E1A024204BF286A8F6"
"0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52"
"1F55E8839BAC30728BE7108EDE7B0BB0D3298224"
"049811056AFE9FD0F5BE01685AACE6A5D1C4454C"
"4463C531D7CCC1006794612BB656D3BF8257846F"
"40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC"
[HKLM\SOFTWARE\DealPlyLive\Update]
"ui"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"4B421F7515F6AE8A6ECEF97F6982A400A4D9224E"
[HKLM\SOFTWARE\DealPlyLive\Update]
"uid"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C"
[HKLM\SOFTWARE\DealPlyLive\Update]
"eulaaccepted"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"36863563FD5128C7BEA6F005CFE9B43668086CCE"
[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"UpdateAvailableCount"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"24A40A1F573643A67F0A4B0749F6A22BF28ABB6B"
"216B2A29E62A00CE820146D8244141B92511B279"
"00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099"
"23E594945195F2414803B4D564D2A3A3F5D88B8C"
"47AFB915CDA26D82467B97FA42914468726138DD"
"02FAF3E291435468607857694DF5E45B68851868"
"317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6"
"24BA6D6C8A5B5837A48DB5FAE919EA675C94D217"
"2F173F7DE99667AFA57AF80AA2D1B12FAC830338"
"43DDB1FFF3B49B73831407F6BC8B975023D07C50"
"284F55C41A1A7A3F8328D4C262FB376ED6096F24"
"1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB"
"4072BA31FEC351438480F62E6CB95508461EAB2F"
"394FF6850B06BE52E51856CC10E180E882B385CC"
"4EF2E6670AC9B5091FE06BE0E5483EAAD6BA32D9"
[HKLM\SOFTWARE\DealPlyLive\Update]
"mi"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"0483ED3399AC3608058722EDBC5E4600E3BEF9D7"
[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"c"
The process DealPlyLive.exe:2228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 07 E5 28 41 3C C3 AC 82 5E 29 1D 57 C7 68 A5"
[HKCU\Software\DealPlyLive\Update\proxy]
"source" = "IE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"
The process DealPlyLive.exe:3104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 15 D8 C0 A9 1A BD 5D FC FD E8 F0 13 82 26 36"
[HKCU\Software\DealPlyLive\Update\proxy]
"source" = "IE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"
The process DealPlyLive.exe:3124 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 BD 7D DD B7 B5 B9 B6 CB CD 1D F2 C7 D7 8E 1A"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\DealPlyLive\Update]
"eulaaccepted"
[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"
The process DealPlyLive.exe:3004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\ProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}\InprocHandler32]
"ThreadingModel" = "Both"
[HKCR\DealPlyLiveUpdate.ProcessLauncher\CurVer]
"(Default)" = "DealPlyLiveUpdate.ProcessLauncher.1.0"
[HKCR\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}\ProgID]
"(Default)" = "DealPlyLiveUpdate.CoCreateAsync.1.0"
[HKCR\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}]
"(Default)" = "IJobObserver"
[HKCR\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}\NumMethods]
"(Default)" = "39"
[HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}]
"(Default)" = "IPackage"
[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}]
"(Default)" = "DealPly Live Core Class"
[HKCR\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback]
"(Default)" = "DealPly Live Legacy On Demand"
[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"
[HKCR\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}]
"(Default)" = "ICoCreateAsync"
[HKCR\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}\VersionIndependentProgID]
"(Default)" = "DealPlyLive.OneClickProcessLauncherMachine"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine\CLSID]
"(Default)" = "{83ABA270-8390-4CA6-AE48-FC089F55629E}"
[HKCR\DealPlyLiveUpdate.Update3WebMachine.1.0]
"(Default)" = "DealPly Live Broker Class Factory"
[HKCR\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}\NumMethods]
"(Default)" = "24"
[HKCR\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\Elevation]
"Enabled" = "1"
[HKCR\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}\InProcServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll"
[HKCR\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}]
"(Default)" = "ICoCreateAsyncStatus"
[HKCR\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\DealPlyLiveUpdate.ProcessLauncher]
"(Default)" = "DealPly Live Process Launcher Class"
[HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}]
"(Default)" = "CoCreateAsync"
[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachine"
[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.CoreMachineClass"
[HKCR\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}]
"(Default)" = "IRegistrationUpdateHook"
[HKCR\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\Interface\{DF51AD29-5239-441A-B921-E655C8162060}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}]
"(Default)" = "IProcessLauncher"
[HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}\InprocServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll"
[HKCR\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}\NumMethods]
"(Default)" = "10"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0]
"(Default)" = "DealPly Live Broker Class Factory"
[HKCR\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}]
"(Default)" = "IAppWeb"
[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\ProgID]
"(Default)" = "DealPlyLiveUpdate.CoreMachineClass.1"
[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\ProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachine.1.0"
[HKCR\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\DealPlyLive.OneClickProcessLauncherMachine]
"(Default)" = "DealPlyLive.OneClickProcessLauncher"
[HKCR\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}\NumMethods]
"(Default)" = "24"
[HKCR\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\Elevation]
"Enabled" = "1"
[HKCR\DealPlyLiveUpdate.Update3WebMachine\CurVer]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachine.1.0"
[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"
[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\Elevation]
"Enabled" = "1"
[HKCR\DealPlyLive.OneClickProcessLauncherMachine\CLSID]
"(Default)" = "{C536F080-57B7-46D6-8894-C647553F2889}"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]
"(Default)" = "{1E0C9B2A-6447-452C-B012-2314A0C29412}"
[HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}]
"(Default)" = "DealPly Live Process Launcher Class"
[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe"
[HKCR\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}\NumMethods]
"(Default)" = "9"
[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\Elevation]
"Enabled" = "1"
[HKCR\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\DealPlyLiveUpdate.CredentialDialogMachine]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachine"
[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"
[HKCR\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}]
"(Default)" = "IGoogleUpdate3"
[HKCR\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}]
"(Default)" = "IAppVersion"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine\CurVer]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0"
[HKCR\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}\ProgID]
"(Default)" = "DealPlyLiveUpdate.ProcessLauncher.1.0"
[HKCR\DealPlyLiveUpdate.CoreMachineClass.1\CLSID]
"(Default)" = "{501CB57A-D4E2-4855-96AD-EDB0A9083395}"
[HKCR\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}]
"(Default)" = "IProgressWndEvents"
[HKCR\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe"
[HKCR\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"
[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}]
"(Default)" = "DealPly Live Broker Class Factory"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine]
"(Default)" = "DealPly Live Broker Class Factory"
[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}]
"(Default)" = "DealPly Live Broker Class Factory"
[HKCR\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}]
"(Default)" = "IBrowserHttpRequest2"
[HKCR\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}]
"(Default)" = "IOneClickProcessLauncher"
[HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.CredentialDialogMachine"
[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\Elevation]
"Enabled" = "1"
[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback\CLSID]
"(Default)" = "{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}"
[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 19 81 1E 9D 50 D4 DE 08 DD 9E 0E 05 C8 46 19"
[HKCR\DealPlyLiveUpdate.CredentialDialogMachine.1.0\CLSID]
"(Default)" = "{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}"
[HKCR\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}]
"(Default)" = "IAppBundleWeb"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback\CurVer]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKCR\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}\NumMethods]
"(Default)" = "5"
[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback.1.0]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\DealPlyLive.OneClickProcessLauncherMachine.1.0\CLSID]
"(Default)" = "{C536F080-57B7-46D6-8894-C647553F2889}"
[HKCR\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"
[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}]
"(Default)" = "DealPly Live Legacy On Demand"
[HKCR\DealPlyLiveUpdate.CredentialDialogMachine\CLSID]
"(Default)" = "{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}"
[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback.1.0\CLSID]
"(Default)" = "{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}"
[HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"
[HKCR\DealPlyLiveUpdate.ProcessLauncher\CLSID]
"(Default)" = "{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0]
"(Default)" = "DealPly Live Legacy On Demand"
[HKCR\DealPlyLiveUpdate.Update3WebMachine.1.0\CLSID]
"(Default)" = "{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}"
[HKCR\DealPlyLiveUpdate.Update3WebMachine]
"(Default)" = "DealPly Live Broker Class Factory"
[HKCR\DealPlyLiveUpdate.CredentialDialogMachine.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCR\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{DF51AD29-5239-441A-B921-E655C8162060}]
"(Default)" = "IAppVersionWeb"
[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"
[HKCR\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}]
"(Default)" = "IApp"
[HKCR\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}\NumMethods]
"(Default)" = "13"
[HKCR\DealPlyLiveUpdate.CredentialDialogMachine\CurVer]
"(Default)" = "DealPlyLiveUpdate.CredentialDialogMachine.1.0"
[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"
[HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}]
"(Default)" = "DealPlyLive.OneClickProcessLauncher"
[HKCR\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\DealPlyLiveUpdate.ProcessLauncher.1.0\CLSID]
"(Default)" = "{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}"
[HKCR\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}]
"(Default)" = "IGoogleUpdateCore"
[HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}\InprocHandler32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll"
[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachineFallback"
[HKCR\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}\NumMethods]
"(Default)" = "40"
[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"
[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"
[HKCR\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.ProcessLauncher"
[HKCR\DealPlyLiveUpdate.ProcessLauncher.1.0]
"(Default)" = "DealPly Live Process Launcher Class"
[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback]
"(Default)" = "GoogleUpdate Update3Web"
[HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe"
[HKCR\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}\NumMethods]
"(Default)" = "8"
[HKCR\DealPlyLiveUpdate.CoCreateAsync.1.0]
"(Default)" = "CoCreateAsync"
[HKCR\DealPlyLiveUpdate.CoCreateAsync\CLSID]
"(Default)" = "{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}"
[HKCR\DealPlyLiveUpdate.CoCreateAsync.1.0\CLSID]
"(Default)" = "{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}"
[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"
[HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}]
"(Default)" = "PSFactoryBuffer"
[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\ProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachineFallback.1.0"
[HKCR\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}\NumMethods]
"(Default)" = "4"
[HKCR\DealPlyLiveUpdate.CoreMachineClass\CurVer]
"(Default)" = "DealPlyLiveUpdate.CoreMachineClass.1"
[HKCR\DealPlyLiveUpdate.CoreMachineClass]
"(Default)" = "DealPly Live Core Class"
[HKCR\DealPlyLiveUpdate.CoreMachineClass.1]
"(Default)" = "DealPly Live Core Class"
[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"
[HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\DealPlyLiveUpdate.CoCreateAsync]
"(Default)" = "CoCreateAsync"
[HKCR\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}\NumMethods]
"(Default)" = "8"
[HKCR\DealPlyLiveUpdate.Update3WebMachine\CLSID]
"(Default)" = "{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}"
[HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachineFallback"
[HKCR\DealPlyLive.OneClickProcessLauncherMachine\CurVer]
"(Default)" = "DealPlyLive.OneClickProcessLauncherMachine.1.0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}\ProgID]
"(Default)" = "DealPlyLive.OneClickProcessLauncherMachine.1.0"
[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\ProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0\CLSID]
"(Default)" = "{83ABA270-8390-4CA6-AE48-FC089F55629E}"
[HKCR\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}\NumMethods]
"(Default)" = "4"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}]
"CLSID" = "{C536F080-57B7-46D6-8894-C647553F2889}"
[HKCR\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}]
"(Default)" = "IGoogleUpdate3WebSecurity"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}]
"Policy" = "3"
[HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.CoCreateAsync"
[HKCR\Interface\{DF51AD29-5239-441A-B921-E655C8162060}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}]
"(Default)" = "ICurrentState"
[HKCR\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"
[HKCR\DealPlyLiveUpdate.CoreMachineClass\CLSID]
"(Default)" = "{501CB57A-D4E2-4855-96AD-EDB0A9083395}"
[HKCR\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}]
"(Default)" = "IGoogleUpdate3Web"
[HKCR\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}]
"(Default)" = "IGoogleUpdate"
[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback\CurVer]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachineFallback.1.0"
[HKCR\DealPlyLiveUpdate.CoCreateAsync\CurVer]
"(Default)" = "DealPlyLiveUpdate.CoCreateAsync.1.0"
[HKCR\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}\ProgID]
"(Default)" = "DealPlyLiveUpdate.CredentialDialogMachine.1.0"
[HKCR\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}]
"(Default)" = "IAppBundle"
[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"
[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback\CLSID]
"(Default)" = "{1E0C9B2A-6447-452C-B012-2314A0C29412}"
[HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe"
[HKCR\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}]
"(Default)" = "ICredentialDialog"
[HKCR\DealPlyLive.OneClickProcessLauncherMachine.1.0]
"(Default)" = "DealPlyLive.OneClickProcessLauncher"
[HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"
[HKCR\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}\NumMethods]
"(Default)" = "14"
The Trojan deletes the following registry key(s):
[HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}]
[HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}]
[HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}\InprocServer32]
[HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}\InprocHandler32]
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"
The process DealPlyLive.exe:3524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 3B F9 1C 84 7A E2 4F 05 EA E7 51 D5 F8 00 EA"
The process DealPlyLive.exe:3312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 70 67 F6 84 E7 8C 4D 04 A1 82 69 35 E0 45 0B"
[HKCU\Software\DealPlyLive\Update\proxy]
"source" = "IE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\DealPlyLive\Update]
"uid"
[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"
The process schtasks.exe:3400 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "46 43 A0 4D B0 DD 3C 18 48 0D D7 49 67 07 87 1D"
The process schtasks.exe:3372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 1C 5C 07 0B 7C 12 C9 BA 91 22 D0 00 1A 45 52"
The process desktopy.exe:572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 11 E6 46 AD E3 9F EF A4 C7 20 B3 94 7C 76 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1362895428"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "desktopy.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
The process iexplore.exe:1412 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Type" = "3"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_27"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Type" = "3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 31 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Count" = "13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_16"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CachePrefix" = ":2013111120131112:"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\СÑылки]
"Order" = "08 00 00 00 02 00 00 00 C2 01 00 00 01 00 00 00"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_14"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"NodeSlots" = "02 02 02 02 02 02 02 02 02 02 02 02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
"(Default)" = "Java Plug-in 1.3.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_18"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 08 00 53 02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_17"
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
"(Default)" = "{5852F5ED-8BF4-11D4-A245-0080C6F74284}"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_02"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Count" = "13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_26"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Count" = "13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CacheLimit" = "8192"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_02"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Window_Placement" = "2C 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"MRUListEx" = "01 00 00 00 00 00 00 00 02 00 00 00 03 00 00 00"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_09"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 09 00 62 02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
"(Default)" = "Java Plug-in 1.6.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_27"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 09 00 33 02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Type" = "3"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CacheRepair" = "0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_03"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_06"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CacheOptions" = "11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Internet Explorer\Toolbar]
"Locked" = "1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_10"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 08 00 82 02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_18"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 09 00 62 02"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 31 65 B0 57 DF 8F 19 EB 65 46 1A 20 F9 CA EB"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Избранное"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012013111120131112\"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_09"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\JavaPlugin.160_18]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013093020131001]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process desktopy_1.exe:1068 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\desktopy.ru]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Главное меню\Программы"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 30 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCR\desktopy]
"(Default)" = "URL:desktopy Protocol"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Главное меню"
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKCU\Software\desktopy.ru]
"first run" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Документы\ÐœÐ¾Ñ Ð¼ÑƒÐ·Ñ‹ÐºÐ°"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCR\desktopy\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe -a %1"
[HKCR\desktopy]
"URL Protocol" = ""
[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FE622EA7B33CA46519AB39736A66B8F6E41FF157]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 53 66 EA 0C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\Мои документы\Мои риÑунки"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktopy.ru]
"DisplayName" = "desktopy.ru"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Главное меню"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Документы\Мои видеозапиÑи"
"CommonPictures" = "%Documents and Settings%\All Users\Документы\Мои риÑунки"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 3E F3 F6 03 1B A4 71 FF EC 1A BB 6B 58 F9 E3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktopy.ru]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru\uninstall.exe"
[HKCU\Software\desktopy.ru]
"key" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data\desktopy.ru]
"desktopy.exe" = "Desktopy.ru wallpaper saver"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"desktopy" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe is_autoruned"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
"FE622EA7B33CA46519AB39736A66B8F6E41FF157"
The process uninst.exe:2548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\DealPly]
"OriginalCommand" = "/S /OPTIMIZE /PARTNER=dpmnt /CHANNEL=3470 /i"
"VersionFull" = "4.8.7.3"
"FirefoxXpiPath" = "%Program Files%\DealPly\DealPly.xpi"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"EstimatedSize" = "1312"
[HKCU\Software\DealPly]
"Partner" = "dpmnt"
"InstallDir" = "%Program Files%\DealPly"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"NoRepair" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\DealPlyLive\Update\Clients\{7fd0cf91-965a-4732-bb60-f2dad1824a0f}]
"pv" = "1.0.0.1"
[HKLM\SOFTWARE\DealPly]
"VersionInt" = "4873"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Главное меню"
[HKCU\Software\DealPly]
"InstallDateHuman" = "11/11/2013 04:15:48"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"DisplayIcon" = "%Program Files%\DealPly\uninst.exe,0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"Publisher" = "DealPly Technologies Ltd."
[HKCU\Software\DealPly]
"ChromeCrxPath" = "%Program Files%\DealPly\DealPly.crx"
[HKLM\SOFTWARE\DealPly]
"InstallId" = "v24873227192535853216202013111104154816"
"InstallStatus" = "OK"
"VersionFull" = "4.8.7.3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Internet Explorer\Approved Extensions]
"{9cf699ca-2174-4ed8-bec1-ba82095edce0}" = "51 66 7A 6C 4C 1D 3B 1B DA 81 E4 83 44 76 B0 02"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\DealPly]
"InstallId" = "v24873227192535853216202013111104154816"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Документы\ÐœÐ¾Ñ Ð¼ÑƒÐ·Ñ‹ÐºÐ°"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
[HKLM\SOFTWARE\DealPly]
"OriginalOptimize" = "1"
"OriginalCommand" = "/S /OPTIMIZE /PARTNER=dpmnt /CHANNEL=3470 /i"
"Partner" = "dpmnt"
[HKCU\Software\DealPly]
"OriginalOptimize" = "1"
[HKLM\SOFTWARE\DealPly]
"FirefoxXpiPath" = "%Program Files%\DealPly\DealPly.xpi"
"InstallDateHuman" = "11/11/2013 04:15:48"
[HKCU\Software\DealPly]
"InstallDateMachine" = "20131111041548"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\Мои документы\Мои риÑунки"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"URLInfoAbout" = "http://support.dealply.com/"
[HKLM\SOFTWARE\DealPly]
"Channel" = "dpmnt3470"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"NoModify" = "1"
[HKLM\SOFTWARE\DealPly]
"ChromeCrxPath" = "%Program Files%\DealPly\DealPly.crx"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"DisplayVersion" = "4.8.7.3"
[HKCU\Software\DealPly]
"InstallStatus" = "OK"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Главное меню"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Документы\Мои видеозапиÑи"
"CommonPictures" = "%Documents and Settings%\All Users\Документы\Мои риÑунки"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 89 FC F2 C4 70 F5 4E 33 B3 43 4C 01 A0 99 E2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
[HKLM\SOFTWARE\DealPly]
"SampleGroup" = "6"
"InstallDateMachine" = "20131111041548"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Главное меню\Программы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"UninstallString" = "%Program Files%\DealPly\uninst.exe /uninstall"
[HKCU\Software\DealPly]
"Channel" = "dpmnt3470"
[HKLM\SOFTWARE\DealPly]
"IeDllPath" = "%Program Files%\DealPly\DealPlyIE.dll"
"InstallDir" = "%Program Files%\DealPly"
[HKCU\Software\DealPly]
"VersionInt" = "4873"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"HelpLink" = "http://www.dealply.com/"
[HKCU\Software\DealPly]
"SampleGroup" = "6"
"IeDllPath" = "%Program Files%\DealPly\DealPlyIE.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"DisplayName" = "DealPly (remove only)"
The process regsvr32.exe:2604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 D2 04 99 4C 16 56 2A 9B BA 78 F9 11 F1 A8 43"
[HKCR\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}\InProcServer32]
"(Default)" = "%Program Files%\DealPly\DealPlyIE.dll"
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}]
"(Default)" = "DealPly Shopping"
It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9cf699ca-2174-4ed8-bec1-ba82095edce0}]
"NoExplorer" = "1"
The process regsvr32.exe:2700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 78 5C F1 B1 F7 1F 04 8C 43 1E 61 79 58 28 05"
The process msiexec.exe:2480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Version" = "16973847"
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"AuthorizedLUAApp" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"WindowsInstaller" = "1"
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"InstanceType" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"EstimatedSize" = "40"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA]
"93BAD29AC2E44034A96BCB446EB8552E" = "02:\SOFTWARE\Google\Update\MsiStubRun"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Language" = "1033"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Media]
"1" = ";"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Publisher" = "DealPly Technologies Ltd"
"InstallSource" = "%Program Files%\DealPlyLive\Update\1.3.23.0\"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Size" = ""
"InstallLocation" = ""
"WindowsInstaller" = "1"
"InstallDate" = "20131111"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"SystemComponent" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\Features]
"Complete" = "0a5PL!)GT?sf9ax}}Y{_"
[HKCR\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F]
"93BAD29AC2E44034A96BCB446EB8552E" = ""
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"PackageName" = "DealPlyLiveHelper.msi"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"UninstallString" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"HelpLink" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"DisplayName" = "Google Update Helper"
"InstallDate" = "20131111"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"AuthorizedCDFPrefix" = ""
"URLInfoAbout" = ""
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Language" = "1033"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress]
"(Default)" = "%WinDir%\Installer\6cfc28.ipi"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\Patches]
"AllPatches" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Size" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Шаблоны"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"ModifyPath" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
"HelpTelephone" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Readme" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"AuthorizedCDFPrefix" = ""
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"AdvertiseFlags" = "388"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"VersionMinor" = "3"
"Comments" = ""
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"ProductName" = "Google Update Helper"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"EstimatedSize" = "40"
"InstallSource" = "%Program Files%\DealPlyLive\Update\1.3.23.0\"
"DisplayName" = "Google Update Helper"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"DisplayVersion" = "1.3.23.0"
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"PackageCode" = "4CD9CAE01899C854FB28EAE19B4E15A0"
[HKLM\SOFTWARE\Google\Update]
"MsiStubRun" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F]
"93BAD29AC2E44034A96BCB446EB8552E" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Readme" = ""
"LocalPackage" = "%WinDir%\Installer\6cfc29.msi"
"URLInfoAbout" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Version" = "16973847"
"ModifyPath" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"URLUpdateInfo" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Contact" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Contact" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"HelpTelephone" = ""
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 F0 EE 89 2A FC CD CD AE CE 04 8E C1 C5 0B 69"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"URLUpdateInfo" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"VersionMinor" = "3"
[HKCR\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E]
"Complete" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"VersionMajor" = "1"
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Version" = "16973847"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Publisher" = "DealPly Technologies Ltd"
"SystemComponent" = "1"
"DisplayVersion" = "1.3.23.0"
"UninstallString" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"HelpLink" = ""
"Language" = "1033"
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"LastUsedSource" = "n;1;%Program Files%\DealPlyLive\Update\1.3.23.0\"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Comments" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"VersionMajor" = "1"
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Clients" = ":"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"InstallLocation" = ""
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"1" = "%Program Files%\DealPlyLive\Update\1.3.23.0\"
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Assignment" = "1"
The Trojan deletes the following registry key(s):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress]
The process %original file name%.exe:1980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Избранное"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Главное меню"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Мои документы"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Главное меню\Программы\Ðвтозагрузка"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Документы\ÐœÐ¾Ñ Ð¼ÑƒÐ·Ñ‹ÐºÐ°"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Рабочий Ñтол"
"Common Startup" = "%Documents and Settings%\All Users\Главное меню\Программы\Ðвтозагрузка"
"Common Documents" = "%Documents and Settings%\All Users\Документы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\Мои документы\Мои риÑунки"
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
"Start Menu" = "%Documents and Settings%\%current user%\Главное меню"
"My Music" = "%Documents and Settings%\%current user%\Мои документы\ÐœÐ¾Ñ Ð¼ÑƒÐ·Ñ‹ÐºÐ°"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Документы\Мои видеозапиÑи"
"CommonPictures" = "%Documents and Settings%\All Users\Документы\Мои риÑунки"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 6C 98 FE 13 8F 92 47 39 8A 86 82 3F 0D F7 62"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Главное меню\Программы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Рабочий Ñтол"
"Programs" = "%Documents and Settings%\%current user%\Главное меню\Программы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Избранное"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
Network activity (URLs)
| URL | IP |
|---|---|
| hxxp://dl.easy-free.ru/amonetisoft (Malicious) |  95.211.162.11 |
| hxxp://ils-front-balancer2-400693425.us-east-1.elb.amazonaws.com/download.php?version=1.1.5.26&campid=3470&instid[appname]=software&instid[appsetupurl]=&instid[cmdline]=&instid[appimageurl]=&prefix=software&instid[thankyoupage]= |  |
| hxxp://ils-front-balancer2-400693425.us-east-1.elb.amazonaws.com/index.php | |
| hxxp://dyno3mlj15jgv.cloudfront.net/amipb.js | |
| hxxp://ils-front-balancer2-400693425.us-east-1.elb.amazonaws.com/finalize.php | |
| hxxp://stream.get-tune.net/mail/221656480/162844801/1385287990/0c775fc1cccdd90d/Jason_Derulo_ft._2_Chainz_-_Talk_Dirty_(get-tune.net).mp3 |  185.3.143.36 |
| hxxp://s3-1.amazonaws.com/v4873/dp.exe | |
| hxxp://d11ftuwdwpx4fl.cloudfront.net/Desktopy/desktopy_1.exe | |
| hxxp://d11ftuwdwpx4fl.cloudfront.net/updater/Updater.exe | |
| hxxp://www.soft365.com/hpnt/new/amt_dosearches.exe | 208.43.232.118 |
| hxxp://desktopy.ru/landing/setiecookie/ | 178.132.200.134 |
| hxxp://desktopy.ru/themes/main/css/setcook.css | |
| hxxp://desktopy.ru/themes/main/i/success_02.jpg | |
| hxxp://desktopy.ru/themes/main/i/success_01.jpg | |
| hxxp://desktopy.ru/themes/main/i/logo_huge.png | |
| hxxp://desktopy.ru/themes/main/i/green_arrow.png | |
| hxxp://chromede.com/inf/getzip?ptid=amt_dosearches&ver=3.0.2.2951&type=bnd | |
| hxxp://chromede.com/files/zip/amt_dosearches_3.0.2.2951.bnd.zip | |
| hxxp://chromede.com/inf/getzip?ptid=amt_dosearches&ver=3.0.2.2951&type=third | |
| hxxp://chromede.com/files/zip/amt_dosearches_3.0.2.2951.3rd.zip | |
| hxxp://xa.xingcloud.com/v4/sof-newgdp/VMwareXVirtualXIDEXHardXDrive_00000000000000000001?action=xa.geoip&update0=ref,amt&update1=nation,en&update2=language,en&update3=version,10.2.1.2652&update4=ref1,eGdp | 65.255.35.148 |
| hxxp://xa.xingcloud.com/v4/sof-newgdp/VMwareXVirtualXIDEXHardXDrive_00000000000000000001?action=visit&update0=ref,amt&update1=nation,en&update2=language,en&update3=version,10.2.1.2652&update4=ref1,eGdp | |
| hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
| hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab | |
| hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt | |
| hxxp://crl.usertrust.com/AddTrustExternalCARoot.crl |  178.255.83.2 |
| hxxp://crl.usertrust.com/UTN-USERFirst-Object.crl | |
| hxxp://crl.usertrust.com/COMODOCodeSigningCA2.crl | |
| cdn.cdndp.com | 207.171.163.3 |
| amon.gambling-slots.ru | 54.243.61.26 |
| cdn1.honestdownload.com | 54.230.98.18 |
| crl.comodoca.com | 178.255.83.2 |
| www.download.windowsupdate.com | 23.3.90.249 |
| www.soledownload.com | 54.243.61.26 |
| www.chromede.com | 174.36.200.174 |
| cdn3.honestdownload.com | 54.230.98.178 |
| crl.thawte.com | |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
desktopy-plugins.exe:1728
amt_dosearches.exe:1476
Updater.exe:1184
Updater.exe:888
dp.exe:2456
software__3470_il4326946.exe:972
DealPlyUpdateVer.exe:3440
Baofeng.exe:752
Baofeng.exe:2268
eGdpSvc.exe:2536
eGdpSvc.exe:2424
fileseta.exe:604
DealPlyLive.exe:2276
DealPlyLive.exe:3660
DealPlyLive.exe:2228
DealPlyLive.exe:3104
DealPlyLive.exe:3124
DealPlyLive.exe:3004
DealPlyLive.exe:3524
DealPlyLive.exe:3312
schtasks.exe:3400
schtasks.exe:3372
iexplore.exe:1412
desktopy_1.exe:1068
uninst.exe:2548
regsvr32.exe:2604
regsvr32.exe:2700
%original file name%.exe:1980 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\desktopy\uninstall.exe (47270 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\widgets.dat (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\desktopy.oex (992 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\nszD.tmp (516 bytes)
C:\sqlite3.dll (597460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\System.dll (11264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\Processes.dll (36669 bytes)
C:\desktopyHelper.exe (120899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opera.patch.txt (365 bytes)
C:\xromDesk.exe (633607 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\wuid-7a532543-ed74-7a4b-be21-84042bfde73b\prefs.dat (486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\UpDate.dll (109056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\conf (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\1.1.7.8.crx (430850 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\eGdpSvc.exe (1771688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\DataBase (1174544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.json (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\package1.zip (3666594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.db (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\Baofeng.exe (132992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\ep.zip (55601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\package2.zip (4483456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rfsE.tmp (1 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe (291880 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.xml (6311 bytes)
%WinDir%\Tasks\AmiUpdXp.job (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rfsF.tmp (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon128.png (11786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crxls\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage (3072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults\preferences\defaults.js (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\manifest.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyIE.dll (165920 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon16.png (998 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome.manifest (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdate.exe (143960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\o-update\DealPlyLive.exe (718880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\install.rdf (1036 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.crx (51066 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\uninst.exe (958464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\background.js (94750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\icon.ico (15086 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon48.png (3885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\images\icon32.png (2465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.xpi (4126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateVer.exe (174136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\dealplyshopping.xul (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateRun.exe (130744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh5.tmp (305132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh6.tmp (463568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh3.tmp (3071721 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\index[1].htm (16431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ami2.tmp.ico (766 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh4.tmp (250644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\desktop.ini (67 bytes)
D:\Jason_Derulo_ft._2_Chainz_-_Talk_Dirty_(get-tune.net).mp3 (2998641 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\amipb[1].js (31191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh7.tmp (1544092 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\UpDate.dll (92672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\1.1.7.8.crx (414466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\Baofeng.exe (116608 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\ЗапуÑтить обозреватель Internet Explorer.lnk (1011 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\amt_dosearches.json (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\conf (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\DataBase (1125392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\package1.zip (1392290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\ep.zip (39217 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\Internet Explorer.lnk (999 bytes)
%Documents and Settings%\All Users\Application Data\eSafe\log\eGdpSvc.LOG (670 bytes)
%Documents and Settings%\All Users\Application Data\eSafe\eGdpSvc.exe (3414168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (61440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\guig.dll (20480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-fsa.cmd (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\setup_temp.gea (10336 bytes)
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (1104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab14.tmp (48483 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll (32288 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll (40992 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\psuser.dll (158240 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 (128 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll (36896 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D (132 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll (158240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe (61984 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (241696 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll (37408 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll (33312 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll (33312 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll (35360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar13.tmp (146652 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab16.tmp (54009 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404 (126 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll (55328 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll (39456 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll (48160 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll (29728 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab12.tmp (48483 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (54009 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll (46624 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll (29728 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll (46112 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll (818208 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404 (53259 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi (40960 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D (494 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 (75433 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll (50208 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll (46112 bytes)
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineCore.job (886 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar15.tmp (146652 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll (32288 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\DealPlyLive.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll (48672 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll (36384 bytes)
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineUA.job (890 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll (34336 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll (30240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll (38432 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll (30240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar17.tmp (160255 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll (42528 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll (46624 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll (32288 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll (38432 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (116 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll (32800 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (122 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe (61984 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-BR.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_it.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ro.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_iw.dll (33312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHandler.exe (148000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bg.dll (40992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\npGoogleUpdate3.dll (241696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sl.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_id.dll (30240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_de.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sv.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lv.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hi.dll (46624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_el.dll (42528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ko.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hu.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_cs.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sr.dll (39456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_gu.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT11.tmp (7520256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ms.dll (30240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fa.dll (36384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_da.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psuser.dll (158240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_et.dll (29728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bn.dll (46624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sw.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_uk.dll (38432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ru.dll (38432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_am.dll (35360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ta.dll (50208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_tr.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_te.dll (48160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ml.dll (55328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lt.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_no.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psmachine.dll (158240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-PT.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ur.dll (37408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ja.dll (36896 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hr.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en-GB.dll (29728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_is.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_mr.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sk.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ar.dll (34336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveOnDemand.exe (61984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveBroker.exe (61984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLive.exe (148000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_kn.dll (48672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_vi.dll (33312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-CN.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_th.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fr.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pl.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fi.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_nl.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-TW.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ca.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHelper.msi (40960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fil.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es-419.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdate.dll (1342496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es.dll (32800 bytes)
%WinDir%\Tasks\DealPlyUpdate.job (288 bytes)
%Documents and Settings%\%current user%\Cookies\test@desktopy[2].txt (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\green_arrow[1].png (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\logo_huge[1].png (22860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\setiecookie[1].htm (2624 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013111120131112\index.dat (32768 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (24576 bytes)
%Documents and Settings%\%current user%\Cookies\test@desktopy[1].txt (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\setcook[1].css (859 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\success_01[1].jpg (43768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\success_02[1].jpg (64525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm9.tmp (399709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktopy-plugins[1].exe (761152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\System.dll (11264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktopy[1].exe (827392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\inetc.dll (25600 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy-plugins.exe (761152 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\uninstall.exe (106170 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\desktopy.ru\desktopy.lnk (878 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe (827392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Рабочий Ñтол\desktopy.lnk (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\ShellExecAsUser.dll (7168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DealPlyUpdateVer.exe (108600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome.manifest (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\manifest.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images\icon32.png (2465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences\defaults.js (42 bytes)
%Program Files%\DealPly\DealPly.crx (51066 bytes)
%Program Files%\DealPly\DealPlyUpdateVer.exe (108600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\logs\uninst.log (2181 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\install.rdf (1036 bytes)
%Program Files%\DealPly\uninst.exe (892928 bytes)
%Program Files%\DealPly\DealPlyIE.dll (100384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\dealplyshopping.xul (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon128.png (11786 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\DealPly\DealPly Help.url (121 bytes)
%Program Files%\DealPly\DealPlyUpdate.exe (78424 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\background.js (94750 bytes)
%Program Files%\DealPly\icon.ico (15086 bytes)
%Program Files%\DealPly\DealPly.xpi (4126 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\DealPly\Uninstall DealPly.lnk (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon16.png (998 bytes)
%Documents and Settings%\%current user%\Главное меню\Программы\DealPly\DealPly.url (117 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon48.png (3885 bytes)
%Program Files%\DealPly\DealPlyUpdateRun.exe (92704 bytes)
%System%\config\SYSTEM (53248 bytes)
%System%\config\system.LOG (10240 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (17920 bytes)
%WinDir%\Installer\6cfc25.msi (43520 bytes)
%WinDir%\Installer\6cfc28.ipi (22228 bytes)
%WinDir%\Installer\MSI18.tmp (1587 bytes)
%WinDir%\Installer\6cfc29.msi (73239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\guig.dll (20480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\software__3470_il4326946.exe (371540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.txt (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.exe (86191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\setup_temp.gea (4386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-sf.cmd (42 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"desktopy" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe is_autoruned" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.
