MD5: 6659390116450b37d782a05b4c7d741f
SHA1: 5fe431cb97b39979375fd43ee1a3b2ab3d25736c
SHA256: 46a273efaf65b4c4fc1ee6439a074bdd92f354b305f7547482b60a5f7af9f8fd
SSDeep: 24576:OgKLbjICN0qL7TDQ61XrBtpO8NW7EDhQD:1K3jICyq/3711tpEIDSD
Size: 842658 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MEW11SEv12, MEW11SEv11, UPolyXv05_v6, Mew11SEv12Eng
Company: Premium Installer
Created at: 1970-01-01 03:00:00
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Process activity

The Trojan creates the following process(es):

wuauclt.exe:924
%original file name%.exe:708

The Trojan injects its code into the following process(es):

iexplore.exe:520

File activity

The process iexplore.exe:520 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\wt_js[1].htm (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ps[1].swf (8158 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\reg[1].swf (21501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cfmogu[2].htm (3223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\AClick[1].aspx (372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ren[1].swf (17009 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\z_stat[1].php (1121 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ren01[1].swf (57545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\pv_stat[1].htm (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\shequ[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery-1.7.1.min[1].js (16159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ad[1].htm (1835 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@51[1].txt (124 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\pv_stat[1].htm (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\spacegif[1].gif (60 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\inc[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\reg_btn[1].gif (1854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2[1].swf (18091 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (145 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\core[1].php (800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\swfobject[2].js (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\qdlm[1].htm (200 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1420 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\index[1].swf (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\qdlm[1].html (1384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\spacegif[2].gif (60 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\sub[1].png (13616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\dl_btn[1].gif (4104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fla1.tmp (201677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\pic1[1].gif (428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\swfobject[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\core[1].php (802 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\yxfyws_5.42[1].flv (207920 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\wtcookie[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\201403181447095327ebeda78ee_1290[1].swf (3043 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (157 bytes)
%System%\d3d9caps.tmp (1324 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\close[1].png (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\biddinx[1].js (555 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo[1].png (2099 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (135 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ad_2289[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (302 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ztgame[1].txt (1467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bg[1].swf (10204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Validform_v5.3.2_min[1].js (1676 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3[1].swf (19076 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\js_flow_cookie[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@biddingx[1].txt (160 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ztgame[2].txt (965 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (27080 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cookie[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\index[1].swf (819 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\2013.11.261[1].gif (15894 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CA43JCL7.htm (2713 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (310 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1956 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1[1].swf (24487 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\swfobject[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ztgame[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ztgame[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\AClick[1].aspx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014041520140416\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014041520140416 (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\qdlm[1].html (0 bytes)
%System%\d3d9caps.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cfmogu[1].htm (0 bytes)

The process wuauclt.exe:924 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)

The process %original file name%.exe:708 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\d3d9d.dll (3797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cfmogu[1].htm (1434 bytes)
%Documents and Settings%\%current user%\Application Data\E_UIEngine\90afea1eeb37be7a93471c36152ab43a\90afea1eeb37be7a93471c36152ab43a.jpg.data (28 bytes)
%Documents and Settings%\%current user%\Application Data\E_UIEngine\90afea1eeb37be7a93471c36152ab43a\90afea1eeb37be7a93471c36152ab43a.jpg (1924 bytes)
%System%\drivers\etc\hosts (1 bytes)

Registry activity

The process iexplore.exe:520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore]
"Type" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Type" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_03"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "iexplore.exe"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\iexplore]
"Count" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Type" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "iexplore.exe"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Count" = "14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"NodeSlots" = "02 02 02 02 02 02 02 02 02 02 02 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
"(Default)" = "Java Plug-in 1.3.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Time" = "DE 07 05 00 04 00 16 00 0D 00 2B 00 08 00 BE 01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014052220140523]
"CachePrefix" = ":2014052220140523:"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}\iexplore]
"Time" = "DE 07 05 00 04 00 16 00 0D 00 2B 00 10 00 05 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
"(Default)" = "{5852F5ED-8BF4-11D4-A245-0080C6F74284}"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014052220140523]
"CacheOptions" = "11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Count" = "14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Count" = "11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_02"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Window_Placement" = "2C 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"MRUListEx" = "01 00 00 00 02 00 00 00 00 00 00 00 03 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_09"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DE 07 05 00 04 00 16 00 0D 00 2B 00 09 00 12 01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014052220140523]
"CacheLimit" = "8192"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore]
"Count" = "18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Time" = "DE 07 05 00 04 00 16 00 0D 00 2B 00 08 00 45 03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6CED940B-3310-4568-885E-22B19ACF6715}\0000]
"Attach.ToDesktop" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Type" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\iexplore]
"Type" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1208111653"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_03"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}\iexplore]
"Count" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar]
"Locked" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Time" = "DE 07 05 00 04 00 16 00 0D 00 2B 00 08 00 CE 01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}\iexplore]
"Type" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DE 07 05 00 04 00 16 00 0D 00 2B 00 09 00 12 01"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 02 20 AA 39 CB CA 86 83 8F 02 51 F3 42 6C 18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_20"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\iexplore]
"Time" = "DE 07 05 00 04 00 16 00 0D 00 2B 00 0F 00 70 03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links]
"Order" = "08 00 00 00 02 00 00 00 00 02 00 00 01 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014052220140523]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014052220140523\"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_08"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore]
"Time" = "DE 07 05 00 04 00 16 00 0D 00 2B 00 13 00 38 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014052220140523]
"CacheRepair" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_09"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014041520140416]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\JavaPlugin.160_18]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:708 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Direct3D]
"LoadDebugRuntime" = "999999999"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 4E 94 60 84 74 37 B2 A4 EB D6 5F 94 A3 36 79"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

HOSTS file anomalies

The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 1222 bytes in size. The following strings are added to the hosts file listed below:

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www.cfmogu.com/	183.60.205.125
hxxp://www.cfmogu.com/index.html	183.60.205.125
hxxp://c.myzwqwe12.com/AShow.aspx?AID=9842	115.236.16.240
hxxp://c.myzwqwe12.com/AShow.aspx?AID=9756	115.236.16.240
hxxp://www.cfmogu.com/Ä¢¹½Í¼Æ¬.gif	183.60.205.125
hxxp://c.myzwqwe12.com/AP5Min.aspx?AID=9842&Auth=1D705CD055EE5F1D0364BD6792E625DFDAAD1B689B1A10C5A26BE28D348847F9&referer=http://www.cfmogu.com/&utz=1400766195833	115.236.16.240
hxxp://c.myzwqwe12.com/AClick.aspx?AID=1805&WebID=14516&DomainID=7292&APID=9756&Auth=090A76F473308619AC3B09A8313C747931A98B29ED5FB3F5F6AA397834CF6117&Url=&referer=http://www.cfmogu.com/	115.236.16.240
hxxp://c.myzwqwe12.com/pic/spacegif.gif	115.236.16.240
hxxp://c.myzwqwe12.com/pic/close.png	115.236.16.240
hxxp://c.split.cnzz.com/stat.php?id=4693566&show=pic1
hxxp://c.myzwqwe12.com/showcpm.htm?width=270&height=200&SCUrl=http://115.236.19.58/xm/2013.11.261.gif&gourl=http://z.myzwqwe12.com/CPVClick.aspx?AID=1805&PID=9756&Auth=6848383803FF6A60088BF788B8EDEFDD30479A1137F13890228D7904FF794C0D&Url=http%3a%2f%2fv.6.cn%2fevent%2fpromimg%2f%3fsrc%3dpming393	115.236.16.240
hxxp://c.myzwqwe12.com/pic/logo.png	115.236.16.240
hxxp://c.split.cnzz.com/core.php?web_id=4693566&show=pic1&t=z
hxxp://115.236.19.58/xm/2013.11.261.gif
hxxp://c01.i05.arnic.hadns.net/ad.html?cid=1012289&sid=214516
hxxp://c01.i05.arnic.hadns.net/public/js/jquery-1.7.1.min.js
hxxp://icon.cnzz.com/img/pic1.gif	42.156.162.7
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=429959359
hxxp://z10.cnzz.com/stat.htm?id=4693566&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=254291784-1400766198-&showp=1276x846&st=0&sin=&t=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined...&rnd=133267782
hxxp://pcookie.split.cnzz.com/app.gif?&cna= uwEDFD6L14CAcGK9Od9wnzc
hxxp://morecache.xdwscache.glb0.lxdns.com/qdlm.html?uid=14516
hxxp://c01.i05.arnic.hadns.net/public/js/inc.js?555
hxxp://morecache.xdwscache.glb0.lxdns.com/swfd/60/df/chuanqi75/index.swf
hxxp://c01.i05.arnic.hadns.net/public/js/cookie.js
hxxp://morecache.xdwscache.glb0.lxdns.com/swfd/60/df/chuanqi75/reg_btn.gif
hxxp://morecache.xdwscache.glb0.lxdns.com/swfd/60/df/chuanqi75/dl_btn.gif
hxxp://37.1234xw.com/ms.js?s=1&ext=MywyNiwzLDEzMiw5LDM2ODk|&uid=14516&tid=1	218.15.113.37
hxxp://morecache.xdwscache.glb0.lxdns.com/swfd/60/df/chuanqi75/dl_bg.gif
hxxp://c01.i05.arnic.hadns.net/public/js/ad/ad_2289.js?0.9451208923128649&_=1400766209896
hxxp://c01.i05.arnic.hadns.net/public/js/Validform_v5.3.2_min.js
hxxp://c01.i05.arnic.hadns.net/upload/flash/ad_185/index.swf
hxxp://c01.i05.arnic.hadns.net/index.php?m=log&a=adv_log&game_id=43&server_id=969&cid=1012289&mid=185&subsite_id=214516&url_from=
hxxp://c01.i05.arnic.hadns.net/upload/flash/ad_185/bg.swf
hxxp://c01.i05.arnic.hadns.net/public/images/ad/sub.png
hxxp://c01.i05.arnic.hadns.net/upload/flash/ad_185/ren.swf
hxxp://c01.i05.arnic.hadns.net/upload/flash/ad_185/ren01.swf
hxxp://c01.i05.arnic.hadns.net/upload/flash/ad_185/reg.swf
hxxp://c01.i05.arnic.hadns.net/upload/avatar/yxfyws_5.42.flv
hxxp://c01.i05.arnic.hadns.net/biddinx.js
hxxp://whisky.ana.biddingx.com/boot/0	114.111.161.34
hxxp://c.split.cnzz.com/z_stat.php?id=1000282987
hxxp://c.split.cnzz.com/core.php?web_id=1000282987&t=z
hxxp://z5.cnzz.com/stat.htm?id=1000282987&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=836364547-1400766227-&showp=1276x846&st=0&sin=&t=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined...&rnd=1644276684	42.156.140.18
hxxp://tg.51.com/market/game/shequ.htm?f_com=tgx2_14516	61.130.108.34
hxxp://pic.51img1.com/v3/op/gamenew.51.com/platform/act/51wt/apic_img/swfobject.js?file_v=20140103001
hxxp://tg.51.com/stat/pv_stat/?p_k=tst_4pb3_tgx2_14516&r=0.5220899396032759	61.130.108.34
hxxp://static.verycdn.net/game/upload_data/201403/201403181447095327ebeda78ee_1290.swf?v=3&s=5883
hxxp://game.51.com/act/51wt/html/wtcookie/?r=0.96495006612092	61.130.108.8
hxxp://static.verycdn.net/img5/flashlayer/537db8a053297/1.swf?v=3
hxxp://static.verycdn.net/img5/flashlayer/537db8a053297/3.swf?v=3
hxxp://static.verycdn.net/img5/flashlayer/537db8a053297/2.swf?v=3
hxxp://tg.51.com/tools/js_flow_cookie/?channel_alias=tgx2_14516&r=0.9753417893472274	61.130.108.34
hxxp://tg.51.com/tools/wt_js/?channel_alias=tgx2_14516&js_type=js_1&callback=wt_js_callback	61.130.108.34
hxxp://static.verycdn.net/img5/flashlayer/537db8a053297/ps.swf?v=3
hxxp://tg.51.com/stat/pv_stat/?p_k=swf2_4pb3_tgx2_14516&r=0.003688684537512199	61.130.108.34
hxxp://tg.51.com/stat/pv_stat/?p_k=swf1_4pb3_tgx2_14516&r=0.9135563757736314	61.130.108.34
hxxp://p.tuigoo.com/pic/close.png	115.236.16.240
hxxp://cdn.51img5.com/img5/flashlayer/537db8a053297/3.swf?v=3	113.140.42.93
hxxp://img.34wan.com/biddinx.js	218.6.23.37
hxxp://c.cnzz.com/core.php?web_id=1000282987&t=z	42.120.219.6
hxxp://t.yzppe.com/swfd/60/df/chuanqi75/index.swf	183.136.217.66
hxxp://pcookie.cnzz.com/app.gif?&cna= uwEDFD6L14CAcGK9Od9wnzc	42.120.219.171
hxxp://p1.pic.51img1.com/v3/op/gamenew.51.com/platform/act/51wt/apic_img/swfobject.js?file_v=20140103001	61.130.109.50
hxxp://img.34wan.com/upload/flash/ad_185/bg.swf	218.6.23.37
hxxp://c.cnzz.com/core.php?web_id=4693566&show=pic1&t=z	42.120.219.6
hxxp://hzs9.cnzz.com/stat.htm?id=4693566&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=254291784-1400766198-&showp=1276x846&st=0&sin=&t=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined...&rnd=133267782	42.156.140.23
hxxp://img.34wan.com/index.php?m=log&a=adv_log&game_id=43&server_id=969&cid=1012289&mid=185&subsite_id=214516&url_from=	218.6.23.37
hxxp://s6.cnzz.com/stat.php?id=4693566&show=pic1	1.99.192.15
hxxp://img.34wan.com/public/js/inc.js?555	218.6.23.37
hxxp://p.tuigoo.com/pic/spacegif.gif	115.236.16.240
hxxp://img.34wan.com/ad.html?cid=1012289&sid=214516	218.6.23.37
hxxp://cdn.51img5.com/img5/flashlayer/537db8a053297/1.swf?v=3	113.140.42.93
hxxp://z.myzwqwe12.com/AP5Min.aspx?AID=9842&Auth=1D705CD055EE5F1D0364BD6792E625DFDAAD1B689B1A10C5A26BE28D348847F9&referer=http://www.cfmogu.com/&utz=1400766195833	115.236.16.240
hxxp://img.34wan.com/upload/flash/ad_185/reg.swf	218.6.23.37
hxxp://t.yzppe.com/qdlm.html?uid=14516	183.136.217.66
hxxp://img.34wan.com/upload/flash/ad_185/ren.swf	218.6.23.37
hxxp://img.34wan.com/public/js/Validform_v5.3.2_min.js	218.6.23.37
hxxp://img.34wan.com/public/js/cookie.js	218.6.23.37
hxxp://img.34wan.com/upload/flash/ad_185/ren01.swf	218.6.23.37
hxxp://t.yzppe.com/swfd/60/df/chuanqi75/reg_btn.gif	183.136.217.66
hxxp://cdn.51img5.com/img5/flashlayer/537db8a053297/2.swf?v=3	113.140.42.93
hxxp://img.34wan.com/upload/flash/ad_185/index.swf	218.6.23.37
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=429959359	42.120.219.171
hxxp://cdn.51img5.com/img5/flashlayer/537db8a053297/ps.swf?v=3	113.140.42.93
hxxp://img.34wan.com/public/js/ad/ad_2289.js?0.9451208923128649&_=1400766209896	218.6.23.37
hxxp://img.34wan.com/upload/avatar/yxfyws_5.42.flv	218.6.23.37
hxxp://cdn.51img3.com/game/upload_data/201403/201403181447095327ebeda78ee_1290.swf?v=3&s=5883	113.140.42.83
hxxp://t.yzppe.com/swfd/60/df/chuanqi75/dl_btn.gif	183.136.217.66
hxxp://z.myzwqwe12.com/AClick.aspx?AID=1805&WebID=14516&DomainID=7292&APID=9756&Auth=090A76F473308619AC3B09A8313C747931A98B29ED5FB3F5F6AA397834CF6117&Url=&referer=http://www.cfmogu.com/	115.236.16.240
hxxp://p.tuigoo.com/pic/logo.png	115.236.16.240
hxxp://s23.cnzz.com/z_stat.php?id=1000282987	1.99.192.16
hxxp://js.tuigoo.com/pic/spacegif.gif	115.236.16.240
hxxp://img.34wan.com/public/js/jquery-1.7.1.min.js	218.6.23.37
hxxp://p.tuigoo.com/showcpm.htm?width=270&height=200&SCUrl=http://115.236.19.58/xm/2013.11.261.gif&gourl=http://z.myzwqwe12.com/CPVClick.aspx?AID=1805&PID=9756&Auth=6848383803FF6A60088BF788B8EDEFDD30479A1137F13890228D7904FF794C0D&Url=http%3a%2f%2fv.6.cn%2fevent%2fpromimg%2f%3fsrc%3dpming393	115.236.16.240
hxxp://img.34wan.com/public/images/ad/sub.png	218.6.23.37

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Outdated Windows Flash Version IE
ET POLICY Unsupported/Fake Windows NT Version 5.0

Traffic

GET /z_stat.php?id=1000282987 HTTP/1.1

Accept: */*

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s23.cnzz.com

Connection: Keep-Alive

Cookie: cna= uwEDFD6L14CAcGK9Od9wnzc

HTTP/1.1 200 OK

Server: Tengine

Date: Thu, 22 May 2014 13:43:47 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 22 May 2014 13:43:47 GMT

Expires: Thu, 22 May 2014 15:13:47 GMT
ef2..(function(){function l(){this.c="1000282987";this.R="z";this.N=""
;this.K="";this.M="";this.o="1400766227";this.P="z5.cnzz.com";this.L="
";this.s="CNZZDATA" this.c;this.r="_CNZZDbridge_" this.c;this.G="_cnzz
_CV" this.c;this.u="0";this.B={};this.a={};this.la()}function g(a,b){t
ry{var c=[];c.push("siteid=1000282987");.c.push("name=" d(a.name));c.p
ush("msg=" d(a.message));c.push("r=" d(h.referrer));c.push("page=" d(f
.location.href));c.push("agent=" d(f.navigator.userAgent));c.push("ex=
" d(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image
).src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(e){}}var h=do
cument,f=window,d=encodeURIComponent,k=decodeURIComponent,p=unescape,r
=escape,m="https:"===f.location.protocol?"https:":"http:",s=m "//c.cnz
z.com/core.php";l.prototype={la:function(){try{this.U(),.this.J(),this
.ia(),this.H(),this.m(),this.ga(),this.fa(),this.ja(),this.j(),this.ea
(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.qa(),f[this.
r]=f[this.r]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},oa:fun
ction(){try{var a=this;f._czc={push:function(){return a.C.apply(a,argu
ments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=f._czc;if
("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b  )
{var c=a[b];switch(c[0]){case "_setAccount":f._cz_account="[object Str
ing]"===.{}.toString.call(c[1])?c[1]:String(c[1]);break;case "_setAuto
Pageview":"boolean"===typeof c[1]&&(f._cz_autoPageview=c[1])}}}catch(e
){g(e,"cS failed")}},qa:function(){try{if("undefined"===typeof f._
<<< skipped >>>

GET /img5/flashlayer/537db8a053297/3.swf?v=3 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://cdn.51img3.com/game/upload_data/201403/201403181447095327ebeda78ee_1290.swf?v=3&s=5883

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.51img5.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache/1.3.37.sa

Content-Type: application/x-shockwave-flash

Content-Length: 89110

Last-Modified: Thu, 22 May 2014 08:43:12 GMT

Accept-Ranges: bytes

Cache-Control: max-age=86400

Date: Thu, 22 May 2014 08:50:11 GMT

Age: 17625

Powered-By-VeryCDN: HIT from ctc-bi-1-2-c1111, HIT from utn-yz-1-1-c1131

Connection: keep-alive
CWS.j...x....P\......w......]...w.....Kpww..Np.[p./...{..ys...W3..O...
.....W...;.....@x..$...t<.........8.Y..IH.y..........\]....=<<
;.<....-.Yyyy.Y...... .]..]M<..](.Bd.c.0w1u.vt.v.'.kl.vps....A.i
../Z{.&.3..9.......#3 ..._<.@|...&.......B.....lM\..T..,.]\.......s
2q.1....m....8...g...f...#...................B.......|..............tf
.`...d.ca.......w.3k......!....'-...**.....c.'..U.....v..r4gV3wqps65..
....(*..........J..10Y[......I.pI..K.H.....r...r.J.rIr....m.....l...nv
....`3.....\....lmi.'C..V6..Q.V)vqn...Xy.Dy$$Y%.E.y.%.y....P. Vsgkws3)
g.........._J...)._2.M_>..D&....._\..f...._d3........#..-...6..t..N
i3..e.........)...._....R....3S>..g;.W!.GG[kS....=.]..Lm<L...-..
......OCb.G.."..C.).=............2V.@......^../{......m........./....:
@....w.E....x.....>A.AA.....P......?ABB....O.....`..a.! ........X.(
..,,.......?/``........8..X.....@*j..<.J6N1)./4...Z...u.W.j.`W7..&g
t;|.......G...........WhXJjZzqs...0...YHxRFaic.........I....W.........
........$:[email protected]....^.r..5...w
v9...................8.e..9....9B8...?....\.....g.-.I._.E.a......q....
6#.E..B...................)..........!...\.pR.As...r.u..D..:..~....y.z
..X.3!..Q.x...1...Y..0...wJ......./.E..Vy..v.J......u..H...7..$b0...^.
#C.i......T;.i..H..i.....0.=.."7...-.....5..u.j.B..P........z..-.y....
.......sZK......e..C'0...FYW.us...9...T.V..=u....s..0W; .....e.s.{r...
.ge..4*..T......vW..UQij.\g.1..U.. ..3..............)...-j.3..J5n....2
.X.?..f]9.....7...y..l.....vVw{0..M.1.S.......^C............{..\``
<<< skipped >>>

GET /ad.html?cid=1012289&sid=214516 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:21 GMT

Content-Length: 3744

Content-Type: text/html

Last-Modified: Fri, 16 May 2014 08:09:01 GMT

Connection: Keep-Alive

Vary: Accept-Encoding

Server: nginx

Content-Encoding: gzip

X-Cache: DISK HIT from ctl-zj-205-089.fcd

Fw-Via: MEM HIT from ctl-fj-023-037.fcm
...........Z.o............c...Rl.r.6......(04.pE^It(.!).n. ..&}di....h
.`}lM.......I$;../.w..(Y....2..x..q...s..n.s.V........4..`.....v......
..hk...v...o.....Ev..l6..}/f^\|f;`......l 68....4.X......@.;...F.]....
._^.^.x........yk..........7v~....^....../.>.p.. ....~.d........V..
.X.x.e$.....E.\.....v6.....c.H..>>.S .2>.|..,.S..^ A.....=|;.
.q..q....~B.2.]..r}.......~|#.b.&g.......xfi....m...A..m...s......9../
Z... bf.....(.V.....z...I.v.....`P.....b..DqQ...|..u./...2..."3..`.s f
........c.~..c. ...h..,.m.A"..CA%.^T.X..90.....j.*.C.....{.y.TRr...x..
...N..L..K.h3..i..^..$BH..]..........g..f....'@...w.r..(..eN.......>
;X.|.V.....m.e.XJ<..s.$A.~......I.{.[1..^.N....K.r.&.r..Ku9H.?VoBL.
...4...ZT|.9q.....QX?t.A..:...h.E...V..w..<..b..Fc...... )V$.h ....
`D...d.6[Z.BS].Le.`.....>.MN..U..(.$l(.......0..:.....9.e.m........
..e%.I"S..2.....c..........e.K2...Y...,.........U.....I...R..a.rn...C.
_&.........3..I.H........0.=jI. ..'E[. .....[z.u.e.{}6......d.G....isL
.....f.i..."..:qP.61%.Yj.PY..}.Vr...>.d.<c......c...n.F...RLI..p
m.$&..b.D..vm.....wp.%.B..).ql.AA.....t..U.s..K.Nx8.J..'..=v.\@^....V.
qk.d&.B'@.....t..Y.~ ...F....~.h.=._....!...G... .....a.>.x....}...
k..<.IC..,h.V..5Eb..}..C...!.$v".`.\.C.8...@:..........gaa^.]h.n.?/
. ...C.iZ......L$Yj.4.JL.....m......r.$/xmT..Y.T.xv...I.....m...$Y....
3N...8.M...j...4...LA..Jp..>.....,.B...[p#26..Y.],.....s<}....dS
`.ga...ZM...............=.6U..0.......SmtX|.e....~...~.:N.Ln^.....O.$'
b.neN...S....,O6..#='....... .......F.............|...f...y ......
<<< skipped >>>

GET /public/js/jquery-1.7.1.min.js HTTP/1.1

Accept: */*

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:26 GMT

Content-Length: 37147

Content-Type: application/x-javascript

Last-Modified: Sat, 12 Apr 2014 05:38:19 GMT

Connection: Keep-Alive

Vary: Accept-Encoding

Server: nginx

Content-Encoding: gzip

X-Cache: DISK HIT from cnc-sd-153-136.fcd

Fw-Via: MEM HIT from ctl-fj-023-037.fcm
.............~.G....y...#.bqs..L..pd....m{Z.v...?X......j1.y..,......Y
.U....[/"j."..<~..w.ow........ut.w.FWG....&^,....t..W............
b..e..}...|h.Z..|}.............7..v.h....?...N.....0...f..N.w.M......k
.....P..V.NG....y..u.....w.G...C6....g...A.y.u........f......`.j6.....
...:..-......:.A..1_...fc.....l.i.f4?X..u..,.a\..t.....V6..../..a..p.n
:\O.c.O..u.....H^N..!.Y.....f..*M..7.....u.......bp.1....W6.9z....f.q.
nn{.?.\M...W./[email protected].........|.Lm.f..`2...2....w 3...#..0 .
.......l.:[email protected]:..?.....`....<...z.}h._f.Z...' ]  p.5;_O...N
..u..I.X7ye..'.V.Z.....|q.n...I.....A.V......."r..w{...l....~._..0....
r.Z..G...w..~.c........!il..1}.^..%g....?...A....[.............h.2..Vk
....axC.V,..C6.&...2....$...;....l..d.l........sz6~6=.......b.-=..M...
Ez./...%<[..& .j........O..........p.UJ>:.\..f.k.}|.Mr-,~.h]wfg.
.......{.D?.[.7..Ac.qp..;...%....T7...y......,4..u..Y.A...........}...
/..w.......o......]\f...?..;..[.....E.....~.?..'O.o.<...K.o|..s....
{.%d.qp..."...&k..........9........m...j=..'A...!.:A.... .lTY.1W.|u..|
.=.g...^Kn...B...............8. `ys....FG..t...X.N..&...N.vA...../..o.
.4.....P8.L...............{.f....rt7........h....~..............z>.
5....Ug.V.........:W....P....^.R.A\.4bx~u....../....{.\.>......~I..
..8.l._.La.C..[....4...... .....XT.l....._6........?x.......fO....eC.w
Q...|..*:...4.?......id.....q.dd......U...|.f...F....[I...F.....i..../
..p.9.7R......h..........T.6.O2A....'..t=...Hg$..A4.&.6...u6>.]....
..\A.N....;...}....._g3........ ...!|......2.V..:...}^......N..O..
<<< skipped >>>

GET /public/js/inc.js?555 HTTP/1.1

Accept: */*

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:27 GMT

Content-Length: 493

Content-Type: application/x-javascript

Last-Modified: Tue, 25 Feb 2014 09:20:13 GMT

Connection: Keep-Alive

Vary: Accept-Encoding

Server: nginx

Content-Encoding: gzip

Fw-Via: MISS from cnc-sd-109-195.fcd, MEM HIT from ctl-fj-023-037.fcm
...........T...0.=.R.!..I.l..W.....V.....4...[.. ._.....!.....I.-j....
73.o.l..k.EP.~...z...e|..Wl.....|f.(....Y...........Q.G..(d..A.y%sfz$.
......u..e..t].(..z<..u.|!.!E.b'*s....z./%.?..R!|C.q.3$......}.|...
...Mit.%...\..EI.....}.f]k..q|.Y `;..|... .g..KW..2.q. xR..^..*e.E..8T
-.i....g#...#...h..).....jp..nU.....fK...2Z.H...f.....g...b9....2...6.
4......z/.7...?~... .r..2...t..pPA...z.=4N...............u.5d.(^".=S..
p.j....k9b9.l./.)3nT......<.>...it.J.~BRQ..i4.R[gk...........t..
................


GET /public/js/cookie.js HTTP/1.1

Accept: */*

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:29 GMT

Content-Length: 553

Content-Type: application/x-javascript

Last-Modified: Wed, 19 Feb 2014 06:17:52 GMT

Connection: Keep-Alive

Vary: Accept-Encoding

Server: nginx

Content-Encoding: gzip

Fw-Via: DISK HIT from clt-zj-109-196.fcd, MEM HIT from ctl-fj-023-037.fcm
..........uTMo.0..W..p/k...U.C..Cz..m.K........1i....../C9.c...7......
kRp.L.T= $.,`y..K^...V.t..B..!..*..-..........2(...=](q......([email protected]_.
.`.`w1^D.....R...._.\.Y^r..?.JQq..H..@.. ...9......H~w{.[......b!P.KX.
.:..d.p..F#.....'.W..E.'[email protected]>kt.>}V./[email protected]
EyDV.-&.#..d._d..5.g..o...1.6.....h(H.....`x.S6.[S......lAtP.b.nM.a...
R..o..At.Fl...X.K.....7-g.'0..c..X..m%...LN.......!Y...k.V..FpZn....v;
oA......#^@..5.......Rq...DI..........SF.h..O4..^\JtM.......U....K....
.4Hc.v.1....K/Rs... {...V.ZeY...NC.... ....`...C.....yD4~......),....<
/font>....


GET /public/js/ad/ad_2289.js?0.9451208923128649&_=1400766209896 HTTP/1.1

x-requested-with: XMLHttpRequest

Accept-Language: en-us

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:30 GMT

Content-Length: 1010

Content-Type: application/x-javascript

Last-Modified: Thu, 22 May 2014 01:54:53 GMT

Connection: Keep-Alive

Vary: Accept-Encoding

Server: nginx

Content-Encoding: gzip

Fw-Via: DISK HIT from clt-zj-109-196.fcd, MEM HIT from ctl-fj-023-037.fcm
...........W.n.1.]7R.a(.&i!.....|.K..D!q....h2i.P7,."!..."X.......}...
.=.....6U..s..3........z....;..........p<*1#.i.t....g...g..?..b..b.
.Qo,.1.....>..ur.....G.........3c....>3..1t....(;.. i.g..U....DN
.L.0..%[email protected]@YB..:@.d...T.......-&T....>.675^t.V..4.......IL..4..`..
.~..`..'i*..#".4IK<....-E.4 Q..".L5<[email protected]]`...
.E.b.u...8.B.P!..P.v..........r.B.rt.......................'..]q.....x
t...6.W.].8.|...lM.N.R.p....u<. ...3!.6...5a&&.7...Yl.....th......F
.q.dx.X..j%X.V.am..gc.g.T..L.>.M].V.U ..(e..O.7...$..S..y.....R.-.Y
.... v..I/...qV..uo.k.....;.VD4.P..$.O.x.{.?........,.z.bd=..O...G.1C.
....)......C.$....Y...X..;....0B.K.h..o>........b&.....,.D.y.T.II..
.....2.U2W...^p...NpNCevn1... ..E.l.Rm4H.j......p.x.?.6\.y.....t...v..
..iz.6].$.sP..Vm....."...-.~...|..Z......i......o@...;..M...-G.n..v..H
..F.2....[..X. V6...Wz.6..m:3v#a...1.2.(...x..of.........n....m2......
...,.Y?....<.t!4q.p.J .....4s\D...f.(...a.....A....K...AH.F.7..!_..
.]:.r.........}..tF"{9...U.....Je].s.X...U._o....B....L1.......
.


GET /public/js/Validform_v5.3.2_min.js HTTP/1.1

Accept: */*

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:30 GMT

Content-Length: 6936

Content-Type: application/x-javascript

Last-Modified: Thu, 02 Jan 2014 12:41:00 GMT

Connection: Keep-Alive

Vary: Accept-Encoding

Server: nginx

Content-Encoding: gzip

Fw-Via: MISS from ctl-zj-109-197.fcd, MEM HIT from ctl-fj-023-037.fcm
...........\.o#.u.\.....K.,g..v....Ue.F.4....@)eA.#i...93$.%.l.<...
S.....#i...:-Z$~5.K..:../.w..w..........;..{...}.y..gj...]......6u....
..................$t....(t............W.a...u..n`. AX...Ss}.......<
..9....q.(.G.fs..........x=].......u.=.6..NX...Z........W_.W....G...3.
..>..3......z.<0.......m..y.....q8q.......[..;.}..............\.
.....z..?....>|.......k.v....[...._.../g...[g....[.?y..G...........
.H........... .dGE..>...9..??y...G... ...K.y.....eG..O......|..O..u
..an.o}.......e..../=y..g..............b...@...^...O....ki.........'.=
.8.W........t......G.{..[..:..Q...?{O".{.8..7..}.........w1..|..O..m..
7?..O..{...?....?>...........?....5.$\...[....r...C..w...z.!.....;.
..'.........O~...w.............b....z...u....C[.].N..3}s .....s.;~_./.
...t'^.....-..z=...&..q.= .L....C;>r......s0.r.g:....W...........}`
.|6.y......t..Yz.....'..c,...C|.......&~h.........bGb.# r...&.a.(.A...
GF{..8..L"[.I.xZ;`|....f.....x.a7vt.....S..MB.LH".1....d..q...kK\....V
..y..30..2......:pNG..E..c...B.KA......z`.. ...&.C7...s.....7.y`.V.Xb.
...?..=G,#0S....(e.&...79t....3.aT*|[............y.=H.A.k..........J;.
G.'..2../.nh.aywF{........R.}...X....u [email protected].
.. .b.}.Z,2.7.z........(6.=.%H..7. .Zk../.K.........{9..P6..#..... ..,
..{.d..d...l...F3.`.....-s........_..7.K..~...;Bwgwr........^.......~8
.n.......u...2..?O.. .Zg...{s^....7D......7.....2..'...C..5......._...
...x...[>b..........m..4......s....w...a.5...(...he....^..|...!.%..
8.......p.....1..h....<tb.=.PTY.C!.<s d".mh..DD......{[email protected].
<<< skipped >>>

GET /upload/flash/ad_185/index.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:32 GMT

Expires: Sat, 21 Jun 2014 13:43:32 GMT

Content-Length: 819

Accept-Ranges: bytes

Content-Type: application/x-shockwave-flash

Last-Modified: Wed, 07 May 2014 02:44:48 GMT

Cache-Control: max-age=2592000

Connection: Keep-Alive

ETag: "53699e20-333"

Server: nginx

X-Cache: DISK HIT from ctl-zj-205-074.fcd

Fw-Via: MEM HIT from ctl-fj-023-037.fcm
CWS.'...x..T.O.A...jW.....(~.....V.F.........Yz...n.r..H|..'./Q.....8.
w...<..;......l...v..??....G.?......._)./nr...Kjq..`3....X..B.Unn..
...x...-...`..y..P..*G..M.Mj.P....G.........U.$..rs...=........Q..o.*.
6......SU......!.U*..z..M.......l..]......<5..gO......:....Nu....q-
]...m.0...R.o{..8?......=.?=-....L...ll.*..C.I..~c.;..e.b.;..p........
..&>Z.d[.X..@v,....E.\.|..yc..kJ.|..8w.f...U..G.....y....tL......!U
../xMt}V.{...j......[..$4|..&...3.N.]..a...P. ..$j....rA..L.A*4.......
.dp..`....g.'.O.~.gs. .sdhC..9.....y ..@.!. ..;BF5...#[email protected]
......\....a .d.\&W... ..t4...{./......S.....dZ..4/h.7..~kH.....-M$2..
.d...Zg.o"...1lU$.<fc..cHd1......y.B.P.9e......H.1....9....S.o..n.d
s.S....QU1.....Sv...>.....!....?.tA.=._.....U........."...mN.{.....
$.}%.Nr....`.<Z.{..:..?K..".@...._.n..~..8..v1.g...u...IX....JP.ont>....


GET /index.php?m=log&a=adv_log&game_id=43&server_id=969&cid=1012289&mid=185&subsite_id=214516&url_from= HTTP/1.1

x-requested-with: XMLHttpRequest

Accept-Language: en-us

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:32 GMT

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Content-Type: text/html

Pragma: no-cache

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Connection: Close

Vary: Accept-Encoding

Server: nginx

X-Powered-By: PHP/5.3.17

Set-Cookie: PHPSESSID=3s1qihljeqklsj82nksu87d4a5; path=/; domain=.65.com

Fw-Via: MISS from ctl-zj-109-197.fcd, MISS from ctl-fj-023-037.fcm

GET /img/pic1.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cfmogu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: icon.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.3.0

Date: Thu, 22 May 2014 13:43:22 GMT

Content-Type: image/gif

Content-Length: 428

Last-Modified: Fri, 16 Jan 2009 08:10:47 GMT

Connection: keep-alive

Keep-Alive: timeout=5

Expires: Fri, 23 May 2014 13:43:22 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a.......f..3...33.......................................!..NETSCA
PE2.0.....!..Powered by AFEI.!.......,.............I........08bX....d.
n...CS.3......_..`..H..H\8....)...S.b.UX.....(...r.L....tb]&"......#..
.o.V.a..D..o.V.a..........D..o.V.a..........D...........!.......,.....
........I........08bX....d.n...CS.3......_..`..H..H\8....).:[email protected]...
x ..........D.| .#.u.a....n~D..[....n..........D..[...n..........D....
.......;HTTP/1.1 200 OK..Server: Tengine/1.3.0..Date: Thu, 22 May 2014
 13:43:22 GMT..Content-Type: image/gif..Content-Length: 428..Last-Modi
fied: Fri, 16 Jan 2009 08:10:47 GMT..Connection: keep-alive..Keep-Aliv
e: timeout=5..Expires: Fri, 23 May 2014 13:43:22 GMT..Cache-Control: m
ax-age=86400..Accept-Ranges: bytes..GIF89a.......f..3...33............
...........................!..NETSCAPE2.0.....!..Powered by AFEI.!....
...,.............I........08bX....d.n...CS.3......_..`..H..H\8....)...
S.b.UX.....(...r.L....tb]&"......#...o.V.a..D..o.V.a..........D..o.V.a
..........D...........!.......,.............I........08bX....d.n...CS.
3......_..`..H..H\8....).:[email protected] ..........D.| .#.u.a....n~D..[..
..n..........D..[...n..........D...........;..

GET /xm/2013.11.261.gif HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://p.tuigoo.com/showcpm.htm?width=270&height=200&SCUrl=http://115.236.19.58/xm/2013.11.261.gif&gourl=http://z.myzwqwe12.

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 115.236.19.58

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Length: 38379

Content-Type: image/gif

Last-Modified: Wed, 27 Nov 2013 01:42:51 GMT

Accept-Ranges: bytes

ETag: "98ad3afc11ebce1:79d"

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Date: Thu, 22 May 2014 13:43:23 GMT
GIF89a...........jQ..nonN...1v.H5(...............`..................d.
...s.P...&.....k..VkHUD//%%mVEiL5s.nN..................V.......-jto.-.
......wd..y...mroKrt0"..F.\..........wRLH....$......X.....q...........
....Oc4.yi.............c.........wl....h.....e....wT...dw4..j....1...}
.....v,KO..y.YL..R......@ .2C..C....$Xe............G...GO..Yl.........
..N............. ....(0....7B..................R:?............Tj......
..\=.7.......&..<...v.iV]./......mCW..i.....P.................Se`7-
I\a.......{p...r..V.....W.}................Qu......}<g....UN....-..
............... .`{.F.!...[...ay......}...............................
..............9.......................................................
.............................................................C.....\..
!..a`..._}R..Hº!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehi
HzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
dobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <
;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> &
lt;rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1
.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" x
mlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.
did:12278B547F56E311BDF0D3EE77448737" xmpMM:DocumentID="xmp.did:B9A0BE
11568111E396F2887EEF4C264B" xmpMM:InstanceID="xmp.iid:B9A0BE10568111E3
96F2887EEF4C264B" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> 
<xmpMM:DerivedFrom stRef:instanceID="xmp.iid:15278B547F56E311BD
<<< skipped >>>

GET /stat.htm?id=1000282987&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=836364547-1400766227-&showp=1276x846&st=0&sin=&t=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined...&rnd=1644276684 HTTP/1.1

Accept: */*

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: z5.cnzz.com

Connection: Keep-Alive

Cookie: cna= uwEDFD6L14CAcGK9Od9wnzc

HTTP/1.1 200 OK

Server: Tengine/1.4.1

Date: Thu, 22 May 2014 13:43:48 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Tue, 28 May 2013 02:57:17 GMT

Connection: close

Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..

GET /upload/flash/ad_185/bg.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://img.34wan.com/upload/flash/ad_185/index.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:33 GMT

Expires: Sat, 21 Jun 2014 13:43:33 GMT

Content-Length: 46513

Accept-Ranges: bytes

Content-Type: application/x-shockwave-flash

Last-Modified: Sun, 04 May 2014 09:28:52 GMT

Cache-Control: max-age=2592000

Connection: Keep-Alive

ETag: "53660854-b5b1"

Server: nginx

X-Cache: DISK HIT from ctl-zj-205-076.fcd

Fw-Via: MEM HIT from ctl-fj-023-037.fcm
CWS.....x....TS../.m.u...Jo..B......@(........U.V@!...J=....DJ...B....
.J("....p.}.w.=..7...~w.q.`..........k..r.Bqq... .... .\......^......\
{C{..!. ........1..l{.\.W..Q......r..8..7.._].........S...V.r.UQSVU...
......$\p..Fb.$Vj.$. =.$..PU....M.....u...{..].C..... . ./...z!.}....d
 .M\[email protected][email protected]...?-....PKW]..
.&.......]1....e .cR.......X.......W.uu.>....!...0~.?..x......$.s..
.....` !.s.h_(.?..i..h..h?...._..l.}=U`.~X....>\..X.k.W.~4..x......
.u.G{b..W.$.G.=.... #u......H.DCM.........)PK.D.....?..]11...0#5...}..
.*......m...i^..5...\1..?......%W....J..m..[?w...X...&.......9;$....'.
uy~D..G.xz..........'..........3..`T.a.......v.c.._.G.xb. .._.{.\g.M..
....<.7...u...c...:~.....'....:u._.....WH..o........='(%%  %.......
G;p....gN.z...|g........W>1>>~>>1i...&"}AR\\\..........
.........}.`...C.$..r.8.}`...p..8t`....r....G~9z.....>. ....CGN.<
;|.........>tQ....a.R.u^...........9F.....~.6G^..$.....Hi..x.......
W.....<............>........pi.:....{..{#\.......7.%......3p:.eY
...*.....h.l.....x.o..el..&.!"K..%......W.T.Q..uP.*R../nA.<.(}(w...
...K.....(..Z..L23.]........GmOPO.._..\...8.......DYjt#[email protected]...
.......P.,..&.1.o....P,E4U.6w...-K..._v.'.3..*b...:... ..>v.F...N..
...V.ma...).T...a.G;..^;b..C......x.=.........^*b........}...&..A.....
..`..1*.7.p.f1c...g.f.(u....!.....g].r..{W.5.p...H">f&.[...XL...'..
......}[.....]O,..l......~.J5.Z..l..\.'.......}aL....X....c;......f..h
.......V...j:6>.u5.....Hx.......k... .t?..;.HT........b...q..~K
<<< skipped >>>

GET /upload/flash/ad_185/ren01.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://img.34wan.com/upload/flash/ad_185/index.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:34 GMT

Expires: Sat, 21 Jun 2014 13:43:34 GMT

Content-Length: 192396

Accept-Ranges: bytes

Content-Type: application/x-shockwave-flash

Last-Modified: Sun, 04 May 2014 09:28:55 GMT

Cache-Control: max-age=2592000

Connection: Keep-Alive

ETag: "53660857-2ef8c"

Server: nginx

X-Cache: DISK HIT from ctl-zj-205-087.fcd

Fw-Via: MEM HIT from ctl-fj-023-037.fcm
CWS.f...x...eT.......Qh..i...........Z,....-..Z4....k.C../Np..,!..o=o.
.....Y.:.y5k....g.%.53..........^...Q.."{../.......T...\..^.<U.(A.7
n.....\[email protected]_......7.(n\w.....I. .........}.>...7
o<.;..).p.&..[w.?.w......7n..s.....{..^......fa...v.$,'[email protected]
.kDPDV.:.{.....ML....g..%......Q.<.........c....N......6.n.....K...
.>..q........7n.".u....w.n.....7_...x{.R...'..g....<.......i....
.~...pO...k.!.3.....z.....%.2..... s...._.?...w.......>....`5.....G
>;.....J.O.F......J............. g......:%..-19]]t@h\.X..`..H-..[o.
....{k,.....v..B.y....pu.d..........9......N...&tu7.';..?.R....a..._..
......E.Y1E..go..j..p....>.oY....e..... .!j.6..F..."y.T.DW.....<
. '.Y{&.Xc..*z...;.........Q....b..B.A#..h....9...Trh.e&....S.Z..c...^
....x.w.]W....ga...1....fe.D..PEWx.?.....Uo_.#..e.n.{7Yo..<........
........16K........w....&.)..........<.].q...4.ry.*.5D.H...t.;.....
.....-. :\....y.W...1..F.S.._...^....^>z..X.Z _.j......;......`....
.[..)a..Kb...6....kA..'n.8.......y...E..0|.l.\P...D.../u...{..0-EJ.h..
...FjX......."k..T1....9.6Yg...z.2?0....~....{.w.W:K... D..-....n[.{..
Q..I"....~nn........[jP.a..qTt6A.. Y.4#..Wv...K.U[-%.~'..:.gR.*...W.].
...J>........}.0.j.e...gYP.9ZxI......2..WJq...<..f....@.^..%.`v.
</.."U e..G.......w.G...a...2......[.X...........jt*2..G.2..XA....m
.Q...............IX....KH....|..N...y0.j/...A.b.....vL....u......)<
o.:.R...a.......E.]:;.f./v..Hb...."...B8.I.IY.8...0D"G..<...|..tpt.
/@.l'.^]..6v0......Ic.6...zd^=...b..y... X....s..d.....R.......P.b
<<< skipped >>>

GET /biddinx.js HTTP/1.1

Accept: */*

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:42 GMT

Content-Length: 555

Accept-Ranges: bytes

Content-Type: application/x-javascript

Last-Modified: Thu, 03 Apr 2014 02:45:50 GMT

Connection: Keep-Alive

ETag: "533ccb5e-22b"

Server: nginx

X-Cache: DISK HIT from cnc-sd-153-138.fcd

Fw-Via: MEM HIT from ctl-fj-023-037.fcm
window._CWiQ = window._CWiQ || [];..window.BX_CLIENT_ID = 34966;..(fun
ction() {..  var c = document.createElement('script')..  ,p = 'https:'
==document.location.protocol;..  c.type = 'text/javascript';..  c.asyn
c = true;..  c.src = (p?'hXXps://':'hXXp://') 'whisky.ana.biddingx.com
/boot/0';..  var h = document.getElementsByTagName('script')[0];..  h.
parentNode.insertBefore(c, h);..})();..$(function(){...//cid,gid,sid,m
id,cuid,game_name,num,m_name,c_name...$('.registerForm:eq(0)').submit(
function(){...._CWiQ.push(['_trackPdmp', c_name, 1]);...});..})HTTP/1.
1 200 OK..Date: Thu, 22 May 2014 13:43:42 GMT..Content-Length: 555..Ac
cept-Ranges: bytes..Content-Type: application/x-javascript..Last-Modif
ied: Thu, 03 Apr 2014 02:45:50 GMT..Connection: Keep-Alive..ETag: "533
ccb5e-22b"..Server: nginx..X-Cache: DISK HIT from cnc-sd-153-138.fcd..
Fw-Via: MEM HIT from ctl-fj-023-037.fcm..window._CWiQ = window._CWiQ |
| [];..window.BX_CLIENT_ID = 34966;..(function() {..  var c = document
.createElement('script')..  ,p = 'https:'==document.location.protocol;
..  c.type = 'text/javascript';..  c.async = true;..  c.src = (p?'http
s://':'hXXp://') 'whisky.ana.biddingx.com/boot/0';..  var h = document
.getElementsByTagName('script')[0];..  h.parentNode.insertBefore(c, h)
;..})();..$(function(){...//cid,gid,sid,mid,cuid,game_name,num,m_name,
c_name...$('.registerForm:eq(0)').submit(function(){...._CWiQ.push(['_
trackPdmp', c_name, 1]);...});..})..
<<< skipped >>>

GET /act/51wt/html/wtcookie/?r=0.96495006612092 HTTP/1.1

Accept: */*

Referer: hXXp://tg.51.com/market/game/shequ.htm?f_com=tgx2_14516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: game.51.com

Connection: Keep-Alive

Cookie: FO_RFLP=|aHR0cDovL3RnLjUxLmNvbS9tYXJrZXQvZ2FtZS9zaGVxdS5odG0/Zl9jb209dGd4Ml8xNDUxNg==|MjAxMDEwMQ==|fHx8|; FO_TUID=x0i4kH; foru=1400766230511gYlh6||game

HTTP/1.1 200 OK

Server: Apache/1.3.37.sa

Date: Thu, 22 May 2014 13:43:55 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: PHPSESSID=68201b5073519b9a57d3ce4f7c21a9dd; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: _51usi=Qr5g8i; path=/; domain=51.com

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: poup_c=-1; expires=Fri, 23-May-2014 13:43:55 GMT; path=/; domain=game.51.com

Content-Encoding: gzip
14........................0..HTTP/1.1 200 OK..Server: Apache/1.3.37.sa
..Date: Thu, 22 May 2014 13:43:55 GMT..Content-Type: text/html..Transf
er-Encoding: chunked..Connection: keep-alive..Set-Cookie: PHPSESSID=68
201b5073519b9a57d3ce4f7c21a9dd; path=/..Expires: Thu, 19 Nov 1981 08:5
2:00 GMT..Cache-Control: no-store, no-cache, must-revalidate, post-che
ck=0, pre-check=0..Pragma: no-cache..Set-Cookie: _51usi=Qr5g8i; path=/
; domain=51.com..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT
 DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: poup_c=-1; expires=
Fri, 23-May-2014 13:43:55 GMT; path=/; domain=game.51.com..Content-Enc
oding: gzip..14........................0..

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.cfmogu.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:15 GMT

Content-Length: 13506

Content-Type: text/html

Content-Location: hXXp://VVV.cfmogu.com/index.html

Last-Modified: Sat, 17 May 2014 16:00:31 GMT

Accept-Ranges: bytes

ETag: "ffdf1221e971cf1:d5f6"

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET
<link rel="shortcut icon" href="hXXp://VVV.cfmogu.com/.........ico"
 />..<title>CF........ CF.............. CF............ VVV.cf
mogu.com</title>..<meta name="keywords" content="CF....,CF...
.....,CF..........,CF............,CF..............,CF.............." /
>..<meta name="description" content="CF..............VVV.cfmogu.
com....................CF..................!" />..<script type='
text/javascript' charset='utf-8' src='hXXp://c.myzwqwe12.com/AShow.asp
x?AID=9842'></script>..<script type='text/javascript' char
set='utf-8' src='hXXp://c.myzwqwe12.com/AShow.aspx?AID=9756'></s
cript>..<style type="text/css"> ..<!--..body,td,th {...col
or: #333333;...font-family: ....;...font-size: 12px;..}..a {...font-fa
mily: ....;...font-size: 12px;..}..a:link {...text-decoration: none;..
.color: #275cb0;..}..a:visited {...text-decoration: none;...color: #27
5cb0;..}..a:hover {...text-decoration: none;...color: #FF0000;..}..a:a
ctive {...text-decoration: none;..}..body {...background-color: #FFFFF
F;...margin-top: 10px;..}...lffft {color:#000000;}...STYLE40 {font-siz
e: 14px; font-weight: bold; color: #275cb0; }...STYLE43 {color: #00000
0}...STYLE2 {color: #FF6600}...STYLE5 {color: #333333; }...STYLE56 {fo
nt-size: 14px; font-weight: bold; color: #0000FF; }...STYLE66 {...colo
r: #FFFF00;...font-weight: bold;...font-size: 14px;..}...STYLE67 {colo
r: #FF0000}..-->..</style>..<script type="text/JavaScript"
> ..<!--..function MM_findObj(n, d) { //v4.01..  var p,i,x; 
<<< skipped >>>

GET /Ä¢¹½Í¼Æ¬.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cfmogu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.cfmogu.com

Connection: Keep-Alive

HTTP/1.1 404 Not Found

Date: Thu, 22 May 2014 13:43:18 GMT

Content-Length: 83

Content-Type: text/html

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET
<html><head><title>Error</title></head>&
lt;body>........................</body></html>HTTP/1.1 
404 Not Found..Date: Thu, 22 May 2014 13:43:18 GMT..Content-Length: 83
..Content-Type: text/html..Server: Microsoft-IIS/6.0..X-Powered-By: AS
P.NET..<html><head><title>Error</title></he
ad><body>........................</body></html>..

GET /stat.php?id=4693566&show=pic1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cfmogu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s6.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Thu, 22 May 2014 13:43:18 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 22 May 2014 13:43:18 GMT

Expires: Thu, 22 May 2014 15:13:18 GMT
2598..(function(){function l(){this.c="4693566";this.R="z";this.N="pic
1";this.K="";this.M="";this.o="1400766198";this.P="hzs9.cnzz.com";this
.L="";this.s="CNZZDATA" this.c;this.r="_CNZZDbridge_" this.c;this.G="_
cnzz_CV" this.c;this.u="0";this.B={};this.a={};this.la()}function g(a,
b){try{var c=[];c.push("siteid=4693566");.c.push("name=" d(a.name));c.
push("msg=" d(a.message));c.push("r=" d(h.referrer));c.push("page=" d(
f.location.href));c.push("agent=" d(f.navigator.userAgent));c.push("ex
=" d(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Imag
e).src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(e){}}var h=d
ocument,f=window,d=encodeURIComponent,k=decodeURIComponent,p=unescape,
r=escape,m="https:"===f.location.protocol?"https:":"http:",s=m "//c.cn
zz.com/core.php";l.prototype={la:function(){try{this.U(),.this.J(),thi
s.ia(),this.H(),this.m(),this.ga(),this.fa(),this.ja(),this.j(),this.e
a(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.qa(),f[this
.r]=f[this.r]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},oa:fu
nction(){try{var a=this;f._czc={push:function(){return a.C.apply(a,arg
uments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=f._czc;i
f("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b  
){var c=a[b];switch(c[0]){case "_setAccount":f._cz_account="[object St
ring]"===.{}.toString.call(c[1])?c[1]:String(c[1]);break;case "_setAut
oPageview":"boolean"===typeof c[1]&&(f._cz_autoPageview=c[1])}}}catch(
e){g(e,"cS failed")}},qa:function(){try{if("undefined"===typeof f.
<<< skipped >>>

GET /img5/flashlayer/537db8a053297/1.swf?v=3 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://cdn.51img3.com/game/upload_data/201403/201403181447095327ebeda78ee_1290.swf?v=3&s=5883

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.51img5.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/0.7.66

Content-Type: application/x-shockwave-flash

Content-Length: 66946

Last-Modified: Thu, 22 May 2014 08:43:12 GMT

Accept-Ranges: bytes

Cache-Control: max-age=86400

Date: Thu, 22 May 2014 08:50:11 GMT

Age: 17625

Powered-By-VeryCDN: HIT from ctc-bi-1-2-c1111, HIT from utn-yz-1-1-c1131

Connection: keep-alive
[email protected] ].t........{......&M@zQP." ..A.....
.|....{.........}f..Y..wc.....0.....4.X...c.z".@)..].LS......Q..R....B
 .......H...........I.KJ..E.b....BE.0<.*..1h.a\.=.A..~...N...A....N
....OZ?...........x..Z\B.&..._..F..S.. ...G...............a0...| ..2b2
.Q.s... DJRFI..../ln....$LBZ.&#*.CI.....$`.09.........\....\....gg....
.......u..............?..%..E..mu..........4&.......A......0....n..<
;..?....~. '?.7]M...1OOW.uy9um.\SCC..%%!!...WG. ..p-YI)..-..v..6M..`_7
...gs...._\...8.........J.a.........?..p......,BC^CKJ.?X......[..}7W.@
......)....R...!.?2.K_...F&......\...............L...d...........?.iW.
.<...@...!W.q7...F..=............NA*Nh.....?............n.....%....
o.$..aP... ..._1R.}.....v.Z ...%...?.? .6..z.... ..........-..#..%.. .
...........e....Q.pA .....a...........H.....C....gb.[.9 `fz.zF&0D... .
.g.g.............q......D@._..H..t..p..B 7...HH..3.`..........H@.""...
E........"..........K...2u.`.....h.N.>0{...yS*0...Q.G.......4Ga....
[email protected].%..'.;@d...[."..;.%.......~....s....Y...O....
..2....E...>.."...$.Hmm.#}. ..U.C.r.5x}.N.,[email protected]..:..&.M
.4.1..&...TZ.e.....j.dU....u......3..r... ..A..ixt.>yc....k...B...f
"....C..4j{l..:.P......nI...s...'.?..1..2...VE..De......P......;.....2
e#...y...........je.. .Au........U....d ..kx.Jy.Y..*..=.....V..H]..%p.
....>L.e.... ..O>.Y...#...qU.7..V.....l.}...@...=Y...O. .*)@..W[
"...n......3v....H.'.q,t..@.._..Z..&......<..!6....>L...w..?...=
...........#1<;6..g.... V....O..z..9..=RQz1..,9.87..a.J.V.4`.i.
<<< skipped >>>

GET /img5/flashlayer/537db8a053297/2.swf?v=3 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://cdn.51img3.com/game/upload_data/201403/201403181447095327ebeda78ee_1290.swf?v=3&s=5883

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.51img5.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache/1.3.37.sa

Content-Type: application/x-shockwave-flash

Content-Length: 80182

Last-Modified: Thu, 22 May 2014 08:43:12 GMT

Accept-Ranges: bytes

Cache-Control: max-age=86400

Date: Thu, 22 May 2014 08:50:11 GMT

Age: 17627

Powered-By-VeryCDN: HIT from ctc-bi-1-2-c1111, HIT from utn-yz-1-1-c1131

Connection: keep-alive
CWS.S...x....TU].6..N..n.CwK.t#.HwH...H* ... .!)..)..............._...
..\s.k.9.Zkl... .......!.q.\..|.a................#/.N....../3... . ...
.93........................\........................9./.n.v...qd24.52e
2..fv3.c.1.0...w..s05t.uP.......E*ae..........#..........)#......). .?
....a.T...de..3.p0....Xx.xxA,OX.yYX...............?.A. .^.V^..?.......
.......wOR~......]y..<.....{;:)......U..L..M.m...M..)~.G^.W.......T
Z\..0YX...qIp..y.....<e...E.yDE8D$D8.r...=.........;[..8..f..`.....
..,.-....Xe.d.a.I..q.K.[.......z.%".#........._\M.,\LM$.l...`g..hz.)..
.....C|y-..0q.W...T.[3....oZ3.s ?!...0.OM........].&..U......$db.ljez.
..\...9.........I......... .....[cKWC.SF.........!%._.. ) .....`#.....
.....R...#1..!x....`........Ee.Q....6w.8.d......Iw.O.....x..&.....y}..
.;.'..H....~.....D....\M.B.h&.>...*....F...o......$`:.....@`.*?.F.o
o................X..8.,.....y. a..........*&.. 0.u!d......L@6X..=._...
0^-2_..;.6h}.....vE.. [email protected]'T....!......g..aa!.Q
B."...........P..../?....s.#0.C.*-.....c.._.}.......).,Q.7&}.`.P.C.ZXA
[email protected]'..0p...|...............W-..RM..N....../.h.'
.e.......... ....K..c...B.o..%~@......._........~...._.!.tZ.^..s..P...
;k......o9.X...a..#.....]v._......,o..8G.........[.w/....8....Mo.,w...
C......(..h. lM..P.C...wl[.qv....Z.......=............m..R...[o.o.....
<\.....ra .......$A[....%R.........V.V...@..[.jK.!..Z.Zc..P....)...
.vn<v|...RO.e9...wC.:..'..L`..........t..n....8.Uby..5...1.........
.`..h.T. ..Au3.b.....]...D.h...t0;..{v-dsd...":?.....^.z....<..
<<< skipped >>>

GET /img5/flashlayer/537db8a053297/ps.swf?v=3 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://cdn.51img3.com/game/upload_data/201403/201403181447095327ebeda78ee_1290.swf?v=3&s=5883

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.51img5.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/0.7.66

Content-Type: application/x-shockwave-flash

Content-Length: 45657

Last-Modified: Thu, 22 May 2014 08:43:12 GMT

Accept-Ranges: bytes

Cache-Control: max-age=86400

Date: Thu, 22 May 2014 08:50:11 GMT

Age: 17628

Powered-By-VeryCDN: HIT from ctc-bi-1-2-c1111, HIT from utn-yz-1-1-c1131

Connection: keep-alive
CWS.N...x....X.].?z....(!HJ3tIwJ.."1t7..M.HJ.0HKw.t..%(H7.pfP........9
..:.u.[.8{[email protected]._........D....4.e.=.l.]....4....B.
............`AAA.N....6........'...-.(...i.........=5.ml...z....[O;...
.wa76s0...:.qx.;r..99.~.FBR.PcW.g-..[Q........%.-g.s......-..&.5......
.5..X........F.(.'.........)(../....) ......,..U....................!.
sq.}.O...;.Y.{....YR.p.....[..?G..............Z^.P.......).aN.=;**B...
....P.iQD........./)..........%.9.e.....%....x.?..C.x.v0u....~.f.?....
?..9[YX!..7^y...8.>.$%...`..I.Y^.InN^...Y..^..._X..V.P3Yg...,8.;.@.
..I.#T.0..W.....)..>........?.....KV....,..&.'./.%........K..f.....
...I......%..8...i3..U.....9...r@m...\.U.>g.3S!s.g;cWQcGG[ Sc.C.O6.
K.S..cw(.9.=D8.2.-$..$(J.H. ........4M..Pj0..aM.!;J...?.}...e.d.....x9
.....4t,.4....8.10....8../..`#Z.p..p(....qp.b_..DH.h.]..#B.R."......G}
.....y....S......Q........y..PA4..>...t..P @...H.?.4t..*&..B.....PP
Q0....Q.P.Z.T..:>..!..u.0..&.....ShD.,.....sX1.......B:..)....X...O
f6..."..i.D.PP...*0>"^...:..|.s..uT..........I'....~tBZz...38...B|.
T|@.8.y......2.......G.UZ.7.'.......8....K.&4..<#..l.Rr=cm..R...^.O
@|..... ....,....sQ..(..G..2....5......_jG..m.....t.4B...y...s.r-f..5.
m....s...swx.b..y.[d.E...9...>....:..O0i\......Z..p..Q.1]........G@
!..0.jm..,U$\.4.WM..5f...3...D.(......wW.\~_rYWf..4.u..=..J......b..#.
/..%|L.#].Q1..U#a....Q....v2...w.m.9..&.Geq..Q...k..D.[.....?..T.Sv.3.
..F.Z5Zf.*..s..M......9%.....8b..h7......../lr.Z...q............E.2..Y
.e..(....Q.]..7\u.g....-}N.TpA.$.J.....k..v.......9%....M}.A..A...
<<< skipped >>>

GET /AShow.aspx?AID=9842 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cfmogu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.myzwqwe12.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache

Pragma: no-cache

Content-Type: text/html; charset=utf-8

Content-Encoding: gzip

Expires: -1

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

X-AspNet-Version: 2.0.50727

Set-Cookie: UnionADShow=1946; expires=Thu, 22-May-2014 16:43:08 GMT; path=/

X-Powered-By: ASP.NET

Date: Thu, 22 May 2014 13:43:07 GMT

Content-Length: 4133
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"..:...Y...W...~.:.E...|.....:_.
.m..?..s..'....-.e...................S...^~..a...5cz................w.
......-.F.......O../9......:'.w~1.k.....7.]..Yu5n..xVM..|...j.........
.>[email protected];.;.$/.\...._.K..~....f...... Ej4........~!u.
Q|..'.......U.4k.......~.....i..y..HLM....%^....?...E..........zT....U
~q.n......3...>A.O>.l.{.....ug..g~.;Dq.>.c.......G...I...R.C.
....;. ..r...C..&Dot...|....w....8b.4@|2.Wx...F...I?I..[..;...........
.-rj..QMg0.....G.....v....uN.A....6....u[.....p.S....]..U....~...C.T..
......]U..?gY.......!...o.....>[f..E.V.x........'.....~,._.........
_.>;.;n.........>.].....;.._.._(.~.~.M...>.?e.U93.......T>
.zu..=0..}t.M.......e^..m.3?s.'~.I]].....Vq...Gw....._......n>...6.
n:..E....]................$Fx^]..I...1....(......n.l7...........k.....
.(....o.u.>J.3..;..A.~..=a..{.IsN_........V...............^;B./...h
.4{.....f.-.A.u.!...6[.....o;t.....t..bE.Xb...6..V..osAr..h.&.........
..._../....0..../w.}....t>m.b..G..j.........).......bF......y^\.[.u
ZfM..'._.=}...g.?......{.............{.Ov.......q....~< .{..GG..J.G
. 6{.......u.....j...G....5..2?o..........7.&x......~<.{J......n?.j
..o.......S........C............Yq.h..Y.W ...h...~..y;$..U.H3V....EN.K
/..........4.......j.A.....o.@.\....^Q.f=Y..^...M.g..W>b.....YS{.|.
F.~.....c.. x.b..q.....o-.Kk....L.|A......=.P..6....|..=z.0....gl.....
.........o.....F.......9.....R.e...?..bY......`.........b<.f..j
<<< skipped >>>

GET /AShow.aspx?AID=9756 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cfmogu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.myzwqwe12.com

Connection: Keep-Alive

Cookie: UnionADShow=1946

HTTP/1.1 200 OK

Cache-Control: no-cache

Pragma: no-cache

Content-Type: text/html; charset=utf-8

Content-Encoding: gzip

Expires: -1

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

X-AspNet-Version: 2.0.50727

Set-Cookie: UnionADShow=1946|1805; expires=Thu, 22-May-2014 16:43:09 GMT; path=/

X-Powered-By: ASP.NET

Date: Thu, 22 May 2014 13:43:09 GMT

Content-Length: 2546
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"..:m.u.....]=.{ww..x.........w.
-..........>.._.......^....~0^\....]..{.i..{..'O.b.v.5.w......v.v..
.......?....v..........{..}z.......g.........>............v..<..
.;x......g.....<[email protected]....{.........~./.eK?Wu.(.....~........jQ,/
.=.g...u....O...........Y[TKm..~.M.=.............>..Y..?..=....!.v.
..?.....{.v.>.}x|r......{..N......?<x......gO.=.O.:........g...&
gt;`2|......A....|9.f.W..N...Z....a..Q.....~.E> .......{.v.........
.......i...WL.f^]MW...].........&.H. ....)}..D....u~..(?...W.AO.....2?
o?...k0........&m..l.S.Q..[..*...~....5.......g.}.^...b..>N../L..eq
..UM......2....N.....p.|........?.^.z.E../.%...9...X7y}|Ac....h.O.....
.D.Y.\....YYe...2...:[...n.|V....o.E^G?.@.^]T.].....}..G.....*./'?M...
...x......lr|.../..A.. .Gw.x}vzw..M.5.3.O?}.......w.c....p ..?.?......
....Za....O...J.M.?8x(..=.?.3.s..}...c.t.YA.\..}.>...=........|...{
....~.....N..<...h?.Yvp.~...o....w.N..^K..^K;.0]!CVa..Ye-..w...'..-
.?k?.....?...!?~L....u....yQ.y....E1{...>[d...:[6.$../.b..:o...j...
..l..[du.Huu....-...jy1j...U."o.....o.9.(........iN..F....)....T.&)#.}
R...g;w.`....qn...y.~@\.........h.....HM...>..............O..F.T_UM
[email protected].=J.v........C..Q.r...|.zw(Xv..O...j.j.h...G.....a,.X..v6i
.r..q.mG.......b@.>.s.N.uS.....(E......!L..~K....<..G...5..d....
..B.G...Gdt..Y....%.\..j...g..tv.5..X...P..1w.u....u.....H8Q.7.?....2`
....w...Kc..u!8.$>..vi)...t>...d..............Q.....p.8K....
<<< skipped >>>

GET /pic/spacegif.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cfmogu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p.tuigoo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 06 Sep 2011 15:04:12 GMT

Accept-Ranges: bytes

ETag: "0fe5c3ca66ccc1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 22 May 2014 13:43:11 GMT

Content-Length: 60
GIF89a.............!.......,............................S..;...
.


GET /showcpm.htm?width=270&height=200&SCUrl=http://115.236.19.58/xm/2013.11.261.gif&gourl=http://z.myzwqwe12.com/CPVClick.aspx?AID=1805&PID=9756&Auth=6848383803FF6A60088BF788B8EDEFDD30479A1137F13890228D7904FF794C0D&Url=http%3a%2f%2fv.6.cn%2fevent%2fpromimg%2f%3fsrc%3dpming393 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.cfmogu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p.tuigoo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Content-Encoding: gzip

Last-Modified: Wed, 31 Jul 2013 15:22:38 GMT

Accept-Ranges: bytes

ETag: "0b345ca18ece1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 22 May 2014 13:43:12 GMT

Content-Length: 2942
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"...O.<y...<M...L_~....I..
.....wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`..e.u.
......GG.q.._......,.g......4...~..6#\..v.....g..T.6_..o.W.G.T....6...
....t..M.~.n...>J..L[.e~.........&..:m..2...EV_..G;.w..D3..U{....eV
...U1k..g.E...M...9}........(.I.../....v...</..m..|N..........V[]T.
....lW?YTM.*......}..-.y.f..g..*}.....1A.C.o..F.....E/...e%s.._....q..
)....*.....g~&....;....u.L...G...=J...../9.%. hG......'.........0&.We.
<?o...W...R....3..M.J.`.W........p._T.9............^..Yu5./..CK^.._
..E`i...j.-....F........e..2[.....f/.:[4...ZV..o...q..4m..{g........~.
D~.........0-............'.p7^?....|.......wR....<........>...U3
..e.L.Un..~.. ...,.Wu...r..............GP.....W.X.K.n...........~.1>
;......|...x.M..\.9..c.!u~..G.......j]..............?)..........}...E.
.......~.6..j..n........Z.]....*........Q:..Y^..Cz)...=.x...%.......J[
.w..~:......n*....fok.]..Y[..l....n..c&...[.}........Y..{.4L[.sR'.Y.. 
......BX.........V.`y.............9..VJ.N....1 z]e5..{..?..Y~.........
W....vF{.....z....3b.k4..T...o/........=..._3....J..U..;$'........>
%.a..;..5...O#=..w.?].....~F..=......M....w......loCJ...~z{...|..g.}..
.W..u8.YsU..y.._..R?..4k..cC..i.....uO"KzaR..[.i.k...;....'....?n|Cg..
....^YU .........*............A._7..*37$.q...<k..............."..c.
....D.......b.i_..n|g.j..$....%7.o..7..c./._7.3%-..w....)f..........=.
....T.....wf9.^......c-No8..O..Ue.>.UE...i.c@/}..o.........O..6
<<< skipped >>>

GET /qdlm.html?uid=14516 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.cfmogu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t.yzppe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:27 GMT

Server: nginx

Content-Type: text/html

Last-Modified: Thu, 22 May 2014 06:18:33 GMT

Transfer-Encoding: chunked

Content-Encoding: gzip

X-Via: 1.1 sxdx60:5 (Cdn Cache Server V2.0)

Connection: keep-alive
e74.............Z{s.W..*....*iW.l'....8..I.../.<.. i.......x4C..d.2
t.Z(...R.%.1.....r.......wW.#...L....{.y....|j.. ;_.qU..A(n.r..sW..m..
y...w...?.s..hXu...Q.dA...m_}.0.Y6l..x<..M Nz..K.-........m...7.6..
[.0J.%XV...j3.J..........&_....q%.2.e....4<5p.L..lB..^.MR.9..[.h.[.
Y..r....O.|.............../~u|....._......}{.V..iv..........U..j....A.
.........z..$.E~...8i.s.z...Q.4.-[..B.........G"."Y.....ZM.<?....8.
.t...-..co.-:q......lO.h8...8..>N.H84........x,.,.# .I.....V...3..N
..H.p.n.......sl.6...e..I1.,......Q7.....#1.......Yp .".....c...,..5..
2Y!..D.f.a.f.Pv..VR.....<c...=..Z"[email protected].:Y...]h...I.......H`}.D
....h.i ..L.$.f"..j.}.=p.....E.]5....7q...~....D$..2..#.^.....,.I...w.
.nX..;J............# .n......#9./...[C.0*.]1.s.../.|.lT..g....FI$L.(..
.y}3...%..^..W^znqe.~.JG....c.2.e.J.\..J.r{2.1jv.9^4...Qx.....c.q#?...
..~.^..@./m..I....t!9...4W*Y?H-.jO....i&......TY...;..v.t.'."p....0.n.
j..<.-A.........If.w..p.Q..(..<i2.. yh.q..{.........>/.>..
.W.8......2. .....MG..e.!.....qa..P...A| .....a.b"`8^_..|a...%..s.T.Za
.a..J/Z.8.0'.H4C]..<y.t3..2K.l..l9.!9.G.|9.m.*.rX.].R;MH  .....^...
K....uq....J.A..... ..4?.G.......*..2.i..4.....9.l...Y...A..}...w....@
.%...............2...:.2L%.LnG...C*}.N...90.T>.efZV>d6s.........
.3fJ..a8P..b.h....*..u..f...Z]_...b.<.ZY[Y..jcM..[U. .V.@X..=..O.~8
>|>....}...`.vm........p..zq.....k....._Z}.E...B......,.s.t.....
.wm.?r....k6P..F.vW........~.........FN0KG.......T..S.}[email protected]....:Km..Q
.-.....G....Xf...~.Q.....V|x...N..... p.$y.y...`5V....... ..B^\]:.
<<< skipped >>>

GET /swfd/60/df/chuanqi75/index.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://t.yzppe.com/qdlm.html?uid=14516

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t.yzppe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 09:57:38 GMT

Server: nginx

Content-Type: application/x-shockwave-flash

Content-Length: 367

Last-Modified: Tue, 13 May 2014 06:49:23 GMT

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 sxdx57:9 (Cdn Cache Server V2.0)

Connection: keep-alive
CWS.X...x.}..N.0..O...?PZ..(ec`A0SD...@[email protected].!...W(.......
...t|.W......Y..C..Y,.g.C..}c..0H./....bx...$.7.......]..VT.h.O.??..d.
..c......"..D...'..C....(.....2.C...;..A/[email protected]...,[.0b.R
K..,..W!o......%.......0j..h.]&.3...)J..Y.......- ..U......$Vekl....-.
....W.......5].......S.........k..V?5..\.....G....6...^Q.i...!.'...k..
..%......BG._i4j.....


GET /swfd/60/df/chuanqi75/dl_btn.gif HTTP/1.1

Accept: */*

Referer: hXXp://t.yzppe.com/qdlm.html?uid=14516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t.yzppe.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 09:57:38 GMT

Server: nginx

Content-Type: image/gif

Content-Length: 8126

Last-Modified: Tue, 13 May 2014 06:49:23 GMT

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 sxdx58:7 (Cdn Cache Server V2.0)

Connection: keep-alive
GIF89a..1....ukcb[U973GA:u.....I2.VQL'..O?.[YU....p\.....|QKF@;6...O..
.....V...|sjjb[KJC.g.mjcVUR:EH.}v.{kscT............[VQ.....s..|ca\.K..
....=...0p.TOJKEA...w..............qc..1...!\\Y...{l\.....3..k4*'fR...
.s.....j\Lzpf.........`..Qx....a]Z,..|xr.......f..r...\j`V:2-]UN.sdMKJ
...bRB'W.EE?=...N..............c....r.I.....}.........pe^ZTOZRJ.....h.
..YPG....vk..0........p....zp`XQrnf..s$&!hVE.....LYRN...urjkbM........
............N.....E......aVN...0E bZQm.4qaP......rh`yhW......v.SbYD...
f]UweSig`[email protected]][^^U6@E]UI...lZG{[email protected]]MZNIh9.I
#.}q`..'.~m......]YKA@<UME.........F@I?IM_QN02.^P..................
v..'..VOOM....{f.........RRN..t.............wh........5..9.nB..l..?..S
_P>..$hXV.....*.......zj...........n..]..R..^..y..*.........a..p.9b
.............v..?!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehi
HzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
dobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> <
;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> &
lt;rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1
.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" x
mlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.
did:9420BAA834D8E311B1DDB545A2C1BCB7" xmpMM:DocumentID="xmp.did:26CEA6
F3DA6911E388D0DA8ABBE82612" xmpMM:InstanceID="xmp.iid:26CEA6F2DA6911E3
88D0DA8ABBE82612" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> &l
t;xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8062818E40DAE311ABC7
<<< skipped >>>

GET /public/images/ad/sub.png HTTP/1.1

Accept: */*

Referer: hXXp://img.34wan.com/ad.html?cid=1012289&sid=214516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:33 GMT

Expires: Sat, 21 Jun 2014 13:43:33 GMT

Content-Length: 32456

Accept-Ranges: bytes

Content-Type: image/png

Last-Modified: Tue, 07 Jan 2014 11:28:48 GMT

Cache-Control: max-age=2592000

Connection: Keep-Alive

ETag: "52cbe4f0-7ec8"

Server: nginx

Fw-Via: DISK HIT from ctl-zj-109-194.fcd, MEM HIT from ctl-fj-023-037.fcm
.PNG........IHDR.......f.....L~......sBIT....|.d.....pHYs..........o.d
....tEXtCreation Time.01/07/14;.!5....tEXtSoftware.Adobe Fireworks CS5
q..6.. .IDATx...w.\W}..=....w.]i..l.X.,w.......c...b .Bq 1.......'..Sl
.q...K.d.U.V..g.......;3. .......>.....[N.._/G.y.F........0.....!8U
S.<...y.......o.!.Z..;...[.......}2nL.m.<...&.....k..]_..>&.t
...0....CM.....p....z.>N5.7xV.....5.}.|.)....TX.......Q.......o..g.
!..g..V..@`..**sz..UZe..uM<...Z...$......B..w..)|.....z.;?.).J.?7.I
....R....}MzW.....Q....S.7....=.......I......&n'....*._x. 1..b..={9.q.
....hMT.....P.A..t.Zb.6..rJS.....-<..@(..!U.yq............X$..}U.C.
 K!..!GD.=(....0P.GJ.@yH!_'j.4.Zc.V....C..e.b.........-.H....*"_.P.E..
_y.....\@"&q...dy..|.8E......I...EL.D..._:....iF.b[.h..."...%|........
..a.!.......q.Ds.....1<0.g......-.R..j&..!$Z  ..r.N.^.{.......BHl.F
..i... fG.0..6.a..... ..`...T.D,..K..E.....X....B..c.A@......~y,......
....A..]. .p...X....;E.."~.#W........]t.......y>Zk|.%P.....)!......
.4&..TsU.)....OZ{.O..RN%...f.u.d0=J^.........".R..I{2..i .......1.Q.'.
JH..*|.........BhP..([email protected]...$.!W.D..N..uQ.(A$JS.&.."c...
8.x.X2...0m..%..(...,'o....5F......@...$J.H11...).@!*bNi.R.%.|.. .q...
B..P.w=.B..X.u<t.>.9%<.EiM......AP.........,).BS...4.B.*.)..J
.h..X.s.'..........PXZ....(]..JW9.*.A.Z..;l.....JOH....*@..b.hHin...-.
 .t'vS3Zk......&/...RLB.:...i....5..%d.3*....R.BP/..M..#B...D.`.......
.......Yq.h\C...&.,..,D,..k..&.......O qe.%..I...........M.H ....Y...M
 ..hI.M........M.-...$:...!.......v....T.:.d\(..W.S.*t!@.%.....p,.
<<< skipped >>>

GET /upload/flash/ad_185/ren.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://img.34wan.com/upload/flash/ad_185/index.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:34 GMT

Expires: Sat, 21 Jun 2014 13:43:34 GMT

Content-Length: 43262

Accept-Ranges: bytes

Content-Type: application/x-shockwave-flash

Last-Modified: Sun, 04 May 2014 09:28:54 GMT

Cache-Control: max-age=2592000

Connection: Keep-Alive

ETag: "53660856-a8fe"

Server: nginx

Fw-Via: MEM HIT from ctl-fj-023-037.fcm
CWS..9..x..}.@SI..{).D......!..(..$..... [email protected]............{.;...Y...
.....}..............-o7...#.rS>.J...../HTRR.....I.......$!..5i.?.c.
...Pp....(....".8..................\.bU.....ca..j.....IRkq..v.4.......
..YD{....!%...FDI..y...]P;......c'....i.d...[.O9.<..........;..b...
..Ei#..l./.r.._H....M<~:b`.?b..6.=.Z....._.......8.9e......~,|.J..l
o.X.......uL.~..~\....n.u...x....$O.NR...;.F.....o.v.....z....Q..-....
.C...y....>.j.!.....s...cK.....TW}....{`..)....\).........z>l|..
3.j.....-%x....O.:..~.A......sKZ.\....N.....#.3...a.o...1~.0r....K....
..n..NL....Ww..: .B..o.....5.6z....w.....1..tU.{/..=z.Z...z.s.|..4.z{.
_...~.;w.....}./.S....O...].m..6....;...K...k...r..X.%..../..~........
..y....&g=.'.Nu^......Mn....I;.M7...}E)..:...K.KM...8......_....kL.a..
.w..1b...[.?V.U..m..N]z.w...V..#...%.[. ........ ..|......^.mEI...o...
.....}7..x....../c..... [email protected]^.\..{..I...{..fg.....o'
..../..0z.p../.M........?...u...._.....G....N.....a...<my"..W\.....
.....{..........<h.....g..C.n....Yu..5..-.......s}D.[...4#U.....c.u
X.g..6.Z..nw.sK....N5..8........}=...hw.U9.7.v7.......;^g...l.......v.
u..l._..._.|ZI.#U.#w.w..o'.;v.d...-M... .x.=...s.....,....^....J.Y.m..
......9..{~.;.MZ...u..]..{}_...f.OM..NV..s.=..m..1M....Hz.jH.cR....e..
..6.j=....L.........]]......6[JV...XY.......]s.L...u...)..q]f...i/y.-.
...).n.~>.J.j......{._.t......w....r.....9..%..M..>&z..cI.W..P..
RZ.N.....N[Y..t.......8.H...z.....-....V..U...*..A....k...z....rS.eu..
.../5..#...xV..........l..7..vh.<y.{..`.'.x......4..syF.'......
<<< skipped >>>

GET /upload/flash/ad_185/reg.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://img.34wan.com/upload/flash/ad_185/index.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:35 GMT

Expires: Sat, 21 Jun 2014 13:43:35 GMT

Content-Length: 105827

Accept-Ranges: bytes

Content-Type: application/x-shockwave-flash

Last-Modified: Wed, 07 May 2014 02:44:40 GMT

Cache-Control: max-age=2592000

Connection: Keep-Alive

ETag: "53699e18-19d63"

Server: nginx

X-Cache: DISK HIT from cnc-sd-153-137.fcd

Fw-Via: MEM HIT from ctl-fj-023-037.fcm
CWS.5...x...eT.M.5<@..H......=.w.\..w..........Epw.$..k.I..~..|k}..
[email protected]......{H.........T......_..|[email protected].
.4ArI..>..{.....K.bpn....~.\.0 .F...j,...t'4..e..k..pR..E.[z...B.b.
{ b=...J...V.....~%.[.x...D...s.d.z.v!.Y..C...Z....8.b..,..rA........9
..v&c.........J$......gaK`..2I...l.}icE.0.9!x.U.{....I...pf.4_9W>..
.Q....<8.=3..I>..u..d...[#.......Z...._1..q.r[..p..0.s......}...
P....4.zu6...F..d..`.........5....*.2E..3.l!.!2...-..a....P...A.Y.....
.I......R..S.Op....ZdO...N.....sS....-n.P.....%..J0.{)`....=.7..w.u...
......:.c|..{5s....6.'.=..x...Z.|s,oi.......k.P..1lS. .<p.Hn..j...W
8-.).Z.:...F...0.h......N.....Ro|.y...1.B=3...M.z...`...v...GL.fP...9.
......f.>...(.i.L..$R...H.wtIX.8.-A.....u%3'C..N.\M.v....[..$nD...=
%..V.-..c^.tp....l.R..L........b.....b(...|....Z.q...Z.....y..[bV"}-.~
.....u,..=.......[..nE...]*.n..E6..?..YJ..........`.9@].`#c.i..tq..^..
P..;.2.%.C^.mwhS7..D....\..[....mK.....dB.O.........1E.............'..
..D.:.k.rth...g.:..!......~..L.s>[email protected]
..7$.......w........f.\......IX......Cu.z?).,..c.v.fQ\.l..a..a f.NY.5.
n...R..YkO4.7....F...e.../[email protected].......^J%i.Hm....b.~...]...!
.E....~.....G...[D....R.......Y..............7=....g....s........./..}
Pi).Zq.G)bmqv}...Q;x..Z.8Y6uT.......1..?...q7t..._1..7. 8.2.......W.g.
k,....{../. YI.I....U...0.................%.!9-.7?.. 5.).5 ;;..x.gg...
e...3..f...{........OC.OD.....-.k"..Vvn!~.nVRr|.n...?..x.XYY..........
.........@....@[email protected]@.F... .K.......m....Q.P.F.W.5 " c..#[email protected]|.
<<< skipped >>>

GET /upload/avatar/yxfyws_5.42.flv HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://img.34wan.com/upload/flash/ad_185/ren.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.34wan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:37 GMT

Content-Length: 4200821

Accept-Ranges: bytes

Content-Type: video/x-flv

Last-Modified: Sun, 04 May 2014 07:39:27 GMT

Connection: Keep-Alive

ETag: "5365eeaf-401975"

Server: nginx

Fw-Via: MEM HIT from ctl-fj-023-037.fcm
FLV.............$..........onMetaData.......duration.@39.. ....width.@
.........height.@[email protected].@2........
[email protected].@[email protected].@......
[email protected].@$........encoder.
..Lavf54.6.100..filesize.AP.]@........./... [email protected]@...
P...................h......6.....................qt...........p.......
...E....H..,. .#..x264 - core 125 - H.264/MPEG-4 AVC codec - Copyleft 
2003-2012 - hXXp://VVV.videolan.org/x264.html - options: cabac=1 ref=2
 deblock=1:0:0 analyse=0x1:0x131 me=hex subme=6 psy=1 psy_rd=1.00:0.00
 mixed_ref=1 me_range=16 chroma_me=1 trellis=0 8x8dct=0 cqm=0 deadzone
=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=2 lookahead_threads=1 
sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrai
ned_intra=0 bframes=2 b_pyramid=2 b_adapt=0 b_bias=0 direct=1 weightb=
1 open_gop=0 weightp=2 keyint=12 keyint_min=7 scenecut=40 intra_refres
h=0 rc_lookahead=18 rc=abr mbtree=1 bitrate=1399 ratetol=1.0 qcomp=0.6
0 qpmin=6 qpmax=51 qpstep=4 vbv_maxrate=10000 vbv_bufsize=10000 nal_hr
d=none ip_ratio=1.40 aq=1:1.00....n.e...O..`.1...yJ`_S.j&r..b..h[P....
....5.%C.q;. ........p.....pn....}O.E.n.s..."..[]b.....{...#;..`..0~.e
......6v.............~......\..........[..e/ ..yJ..!...1o.h.......z~.&
gt;...}. .g....^}......VP.R..E[R.'CjCr.......?d.5p...e.M........V.r..q
..F.L;.y..XGe.%........@;......M2.w.s..\..VF^.~)4.[..7..*..m4.........
E..S....q.6.6.f.P1`Z...4.....`V.X.R~.jz...V.n)[email protected]..;...
<<< skipped >>>

GET /index.html HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Accept: */*

Host: VVV.cfmogu.com

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:12 GMT

Content-Length: 13506

Content-Type: text/html

Content-Location: hXXp://VVV.cfmogu.com/index.html

Last-Modified: Sat, 17 May 2014 16:00:31 GMT

Accept-Ranges: bytes

ETag: "ffdf1221e971cf1:d5f6"

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET
<link rel="shortcut icon" href="hXXp://VVV.cfmogu.com/.........ico"
 />..<title>CF........ CF.............. CF............ VVV.cf
mogu.com</title>..<meta name="keywords" content="CF....,CF...
.....,CF..........,CF............,CF..............,CF.............." /
>..<meta name="description" content="CF..............VVV.cfmogu.
com....................CF..................!" />..<script type='
text/javascript' charset='utf-8' src='hXXp://c.myzwqwe12.com/AShow.asp
x?AID=9842'></script>..<script type='text/javascript' char
set='utf-8' src='hXXp://c.myzwqwe12.com/AShow.aspx?AID=9756'></s
cript>..<style type="text/css"> ..<!--..body,td,th {...col
or: #333333;...font-family: ....;...font-size: 12px;..}..a {...font-fa
mily: ....;...font-size: 12px;..}..a:link {...text-decoration: none;..
.color: #275cb0;..}..a:visited {...text-decoration: none;...color: #27
5cb0;..}..a:hover {...text-decoration: none;...color: #FF0000;..}..a:a
ctive {...text-decoration: none;..}..body {...background-color: #FFFFF
F;...margin-top: 10px;..}...lffft {color:#000000;}...STYLE40 {font-siz
e: 14px; font-weight: bold; color: #275cb0; }...STYLE43 {color: #00000
0}...STYLE2 {color: #FF6600}...STYLE5 {color: #333333; }...STYLE56 {fo
nt-size: 14px; font-weight: bold; color: #0000FF; }...STYLE66 {...colo
r: #FFFF00;...font-weight: bold;...font-size: 14px;..}...STYLE67 {colo
r: #FF0000}..-->..</style>..<script type="text/JavaScript"
> ..<!--..function MM_findObj(n, d) { //v4.01..  var p,i,x; 
<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.cfmogu.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 22 May 2014 13:43:14 GMT

Content-Length: 13506

Content-Type: text/html

Content-Location: hXXp://VVV.cfmogu.com/index.html

Last-Modified: Sat, 17 May 2014 16:00:31 GMT

Accept-Ranges: bytes

ETag: "ffdf1221e971cf1:d5f6"

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET
<link rel="shortcut icon" href="hXXp://VVV.cfmogu.com/.........ico"
 />..<title>CF........ CF.............. CF............ VVV.cf
mogu.com</title>..<meta name="keywords" content="CF....,CF...
.....,CF..........,CF............,CF..............,CF.............." /
>..<meta name="description" content="CF..............VVV.cfmogu.
com....................CF..................!" />..<script type='
text/javascript' charset='utf-8' src='hXXp://c.myzwqwe12.com/AShow.asp
x?AID=9842'></script>..<script type='text/javascript' char
set='utf-8' src='hXXp://c.myzwqwe12.com/AShow.aspx?AID=9756'></s
cript>..<style type="text/css"> ..<!--..body,td,th {...col
or: #333333;...font-family: ....;...font-size: 12px;..}..a {...font-fa
mily: ....;...font-size: 12px;..}..a:link {...text-decoration: none;..
.color: #275cb0;..}..a:visited {...text-decoration: none;...color: #27
5cb0;..}..a:hover {...text-decoration: none;...color: #FF0000;..}..a:a
ctive {...text-decoration: none;..}..body {...background-color: #FFFFF
F;...margin-top: 10px;..}...lffft {color:#000000;}...STYLE40 {font-siz
e: 14px; font-weight: bold; color: #275cb0; }...STYLE43 {color: #00000
0}...STYLE2 {color: #FF6600}...STYLE5 {color: #333333; }...STYLE56 {fo
nt-size: 14px; font-weight: bold; color: #0000FF; }...STYLE66 {...colo
r: #FFFF00;...font-weight: bold;...font-size: 14px;..}...STYLE67 {colo
r: #FF0000}..-->..</style>..<script type="text/JavaScript"
> ..<!--..function MM_findObj(n, d) { //v4.01..  var p,i,x; 
<<< skipped >>>

GET /app.gif?&cna= uwEDFD6L14CAcGK9Od9wnzc HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cfmogu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: pcookie.cnzz.com

HTTP/1.1 200 OK

Server: Tengine

Date: Thu, 22 May 2014 13:43:23 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna= uwEDFD6L14CAcGK9Od9wnzc; expires=Sun, 19-May-24 13:43:23 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: Te
ngine..Date: Thu, 22 May 2014 13:43:23 GMT..Content-Type: image/gif..C
ontent-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa A
DMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna= uwEDFD6L14CA
cGK9Od9wnzc; expires=Sun, 19-May-24 13:43:23 GMT; path=/; domain=.cnzz
.com..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache.
.Pragma: no-cache..GIF89a.............!.......,...........L..;..

GET /market/game/shequ.htm?f_com=tgx2_14516 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: tg.51.com

HTTP/1.1 200 OK

Server: Apache/1.3.37.sa

Date: Thu, 22 May 2014 13:43:50 GMT

Content-Type: text/html; charset=gb2312

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: PHPSESSID=e0664316d286f8309701f4c851f6db12; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: FO_RFLP=|aHR0cDovL3RnLjUxLmNvbS9tYXJrZXQvZ2FtZS9zaGVxdS5odG0/Zl9jb209dGd4Ml8xNDUxNg==|||; path=/; domain=51.com

Set-Cookie: FO_TUID=x0i4kH; path=/; domain=51.com

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: FO_RFLP=|aHR0cDovL3RnLjUxLmNvbS9tYXJrZXQvZ2FtZS9zaGVxdS5odG0/Zl9jb209dGd4Ml8xNDUxNg==|MjAxMDEwMQ==|fHx8|; path=/; domain=51.com

Set-Cookie: wtids20140522=4pb3; expires=Fri, 23-May-2014 13:43:50 GMT; path=/; domain=tg.51.com

Set-Cookie: foru=1400766230511gYlh6||game; path=/; domain=.51.com

Content-Encoding: gzip
c85.............Z...F......1..G.k....g...l. 6.....JV.]........3......r
.%9p@B".!..p......'.{Uv.....$|..~tU...W....{.:y...............w.?{z...
.....a<9....;.o=SL}...$L|........TE.q...c.\....b.8...F^&v...y...rW}
....1..<.....ytt$.#......7 ...r.`...*...z.BNC...&......rz...t.83.'.
[.~.]U1......h...o.........~........~.......}...~..../..3u..?.........
.O....`..><[email protected].... .>......2PH...
...\..W...q..*....q]?..^.{....vB.K/fi.>tX......x*=N.1.G.R.g.d.V....
...dU..$..8YU...$.[j....c.../...HtC.d9........&N.G..... ......."S.|G.3
..'V.X.........u..F..OY<7...=s....l.d..lrA.._$.S?........9...&.(..,
 ....9)..u..c..UJ..?X.X...fPH....0Xg.cv...8..N#..L'..........J....T...
...`...4v..$>g..4fs;...w=...=s_4Y..dd..}.o...F.iH&.u-S....<v..B&
......XX0.\.r.......!....G..#bid.....u?...l1]...)...Wq.0...9I*......":
..R...B?..=<&4GC....w...y.B....B..}..A..9.....*1.....>[email protected]
.1.....,uh.l^.....M...l.P.........If..:`.k.7.6....dzy..9<. ...i..??
.1..v.... w.......q .V.zx?G...U...c.....&.....Q3nD@...^V..7.U.&.o.P.7.
....s....{.4..5..0l.\8...C..\%...$u...c..rZ d.Ct>..............H...
.v.'...Q.c......#.......!..9<...N..h ......................_.V?SB.4
..c......a.9...s._e...Z....Z...L....C.j....r{w3B.;;.w_.S.'.[...k...7k.
.l.e.f#..........;1...T]..?.M.....pqM......v....?c1G...[@.X.PR..d.a.QZ
...c.... ..U..cE........[..cE..u.u..j...|.2....C>..]...(K5:\..8....
.3.W.Y..[.(.'..u.t%...6.\..>.l...;....l.f-<..!...q5b..8,.X;B.07.
..m^...3...HM.$g`..q?.-FQ'=8..P.Ko.<.B.:.^8).....>.%s.y.....
<<< skipped >>>

GET /tools/wt_js/?channel_alias=tgx2_14516&js_type=js_1&callback=wt_js_callback HTTP/1.1

Accept: */*

Referer: hXXp://tg.51.com/market/game/shequ.htm?f_com=tgx2_14516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: tg.51.com

Connection: Keep-Alive

Cookie: PHPSESSID=e0664316d286f8309701f4c851f6db12; wtids20140522=4pb3; FO_RFLP=|aHR0cDovL3RnLjUxLmNvbS9tYXJrZXQvZ2FtZS9zaGVxdS5odG0/Zl9jb209dGd4Ml8xNDUxNg==|MjAxMDEwMQ==|fHx8|; FO_TUID=x0i4kH; foru=1400766230511gYlh6||game; _51usi=Qr5g8i

HTTP/1.1 200 OK

Server: Apache/1.3.37.sa

Date: Thu, 22 May 2014 13:43:58 GMT

Content-Type: text/html; charset=gb2312

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Encoding: gzip
31............ /..*.ON..IJL...V.(..Q.RR.......Vj.......0..HTTP/1.1 200
 OK..Server: Apache/1.3.37.sa..Date: Thu, 22 May 2014 13:43:58 GMT..Co
ntent-Type: text/html; charset=gb2312..Transfer-Encoding: chunked..Con
nection: keep-alive..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Con
trol: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..
Pragma: no-cache..Content-Encoding: gzip..31............ /..*.ON..IJL.
..V.(..Q.RR.......Vj.......0......


GET /stat/pv_stat/?p_k=swf2_4pb3_tgx2_14516&r=0.003688684537512199 HTTP/1.1

Accept: */*

Referer: hXXp://tg.51.com/market/game/shequ.htm?f_com=tgx2_14516

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: tg.51.com

Connection: Keep-Alive

Cookie: PHPSESSID=e0664316d286f8309701f4c851f6db12; wtids20140522=4pb3; FO_RFLP=|aHR0cDovL3RnLjUxLmNvbS9tYXJrZXQvZ2FtZS9zaGVxdS5odG0/Zl9jb209dGd4Ml8xNDUxNg==|MjAxMDEwMQ==|fHx8|; FO_TUID=x0i4kH; foru=1400766230511gYlh6||game; _51usi=Qr5g8i; wt_ch_flow=tgx2

HTTP/1.1 200 OK

Server: Apache/1.3.37.sa

Date: Thu, 22 May 2014 13:44:05 GMT

Content-Type: text/html; charset=gb2312

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Encoding: gzip
36............ .O3.)I.....&..f5F..5fF.F5&.5&...5....!.'.....0..HTTP/1.
1 200 OK..Server: Apache/1.3.37.sa..Date: Thu, 22 May 2014 13:44:05 GM
T..Content-Type: text/html; charset=gb2312..Transfer-Encoding: chunked
..Connection: keep-alive..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cach
e-Control: no-store, no-cache, must-revalidate, post-check=0, pre-chec
k=0..Pragma: no-cache..Content-Encoding: gzip..36............ .O3.)I..
...&..f5F..5fF.F5&.5&...5....!.'.....0..

GET /tools/js_flow_cookie/?channel_alias=tgx2_14516&r=0.9753417893472274 HTTP/1.1

Accept: */*

Referer: hXXp://tg.51.com/market/game/shequ.htm?f_com=tgx2_14516

Accept-Language: en-us