Trojan.Win32.Swrort.3_3b94046b3e

by malwarelabrobot on August 30th, 2014 in Malware Descriptions.

Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 3b94046b3ef119e1bda6d85fe2ffbee9
SHA1: 3e250720544d48667c2e7260f37c9b22522b26e0
SHA256: 22b9c7a9533129dcb824c38c50fc7e931dceea839ec1b6da824ab03eec5b0c0a
SSDeep: 98304:gCVjiwyYhKs/W0cODgCTU5wf lttxOtthh60QJYi jC ALyQOlYJSpK8cGIO95gx:njKYhlcATU5wWlpy69D j5AOaWrPW
Size: 6072720 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: Marine Aquarium Lite
Created at: 2014-03-13 22:23:23
Analyzed on: WindowsXP ESX SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

57srchmn.exe:168
0000052cT8SETUP.EXE:1628
57brmon.exe:1652
57HighIn.exe:2000
57barsvc.exe:392
57barsvc.exe:1596
57barsvc.exe:1064
mscorsvw.exe:1912
AppIntegrator.exe:1568
AppIntegrator.exe:192
%original file name%.exe:1324

The Trojan injects its code into the following process(es):

TPIManagerConsole.exe:1772

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process 0000052cT8SETUP.EXE:1628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\MarineAquarium3Free_57\bar\1.bin\57feedmg.dll (139 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll (139 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\installKeys.js (206 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\INSTALL.RDF (2 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\BOOTSTRAP.JS (20 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe (55 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\CrExtP57.exe (7972 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57medint.exe (12 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\CHROME.MANIFEST (1 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk.dll (101 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR.DLL (303 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bar.dll (6313 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\FF-NativeMessagingDispatcher.dll (250 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57mlbtn.dll (96 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\AppIntegrator64.exe (1766 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57hkstub.dll (59 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1896 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk64.dll (119 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57srchmr.dll (83 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57tpinst.dll (179 bytes)
%System%\config\SOFTWARE.LOG (52713 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57regfft.dll (81 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe (88 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\TPIMANAGERCONSOLE.EXE (78 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57htmlmu.dll (202 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57idle.dll (61 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57auxstb64.dll (65 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EXTPEX.DLL (104 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8HTML.DLL (188 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8TICKER.DLL (168 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57auxstb.dll (55 bytes)
%System%\config\system (4001 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (1564 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57reghk.dll (75 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\Hpg64.dll (1719 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57Plugin.dll (108 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (7592 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATORSTUB.DLL (250 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR64.DLL (1633 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57brmon.exe (61 bytes)
%System%\config\SYSTEM.LOG (6681 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATOR.EXE (1702 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57brstub64.dll (74 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll (48 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57script.dll (100 bytes)
%Program Files%\MarineAquarium3Free_57\bar\Settings\s_pid.dat (6 bytes)
%Program Files%\MarineAquarium3Free_57\bar\gen1\COMMON.T8S (1 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL (15 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bprtct.dll (115 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\DPNMNGR.DLL (289 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\VERIFY.DLL (66 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57regiet.dll (83 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EPMSUP.DLL (77 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57brmon64.exe (71 bytes)
%System%\config (200 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\AppIntegratorStub64.dll (290 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skplay.exe (55 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57httpct.dll (144 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\EXEMANAGER.DLL (1767 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\LOGO.BMP (10 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57datact.dll (160 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57brstub.dll (63 bytes)
%System%\config\software (33739 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\UNIFIEDLOGGING.DLL (316 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE (206 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\chrome\57ffxtbr.jar (1829 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll (202 bytes)
%Program Files%\MarineAquarium3Free_57\bar\IE9Mesg\COMMON.T8S (1727 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57highin.exe (12 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (5640 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\MarineAquarium3Free_57\bar\Message\COMMON.T8S (103 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57ieovr.dll (73 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8RES.DLL (197 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL (17 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\CREXT.DLL (7386 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57radio.dll (210 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EXTEX.DLL (98 bytes)

The process TPIManagerConsole.exe:1772 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\{9FC7E018-D91C-417B-BDE2-F4FF1940B1B1}.exe (385458 bytes)

The process %original file name%.exe:1324 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\0000052cT8SETUP.EX_ (42363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0000052cT8SETUP.EXE (212337 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\0000052cT8SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0000052cT8SETUP.EXE (0 bytes)

Registry activity

The process 57srchmn.exe:168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 E8 4D 56 75 14 17 6E 52 FB 30 28 E9 D5 FB BE"

The process 0000052cT8SETUP.EXE:1628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TypeLib\{FB84548C-47C9-4323-820B-9E46B50E9947}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"Maximized" = "1"

[HKCR\TypeLib\{DBC4BE0B-800C-4075-9521-A9F6B00D6982}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{3f9c1414-58f0-4fbb-9ee6-ab948b604ebd}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57datact.dll"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\TypeLib]
"(Default)" = "{fdb8f0c7-adf7-4a45-b762-fe8ef4970dbd}"

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}]
"(Default)" = "ISessionData"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\MiscStatus]
"(Default)" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}]
"(Default)" = "ITemplateBarMenu"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ecd011be-bc4c-45dd-85bc-70e5f36806d9}]
"AppName" = "57medint.exe"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}]
"(Default)" = "ITemplateBarSettings"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"un" = "Marine Aquarium Lite"
"RegHookPath" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57reghk"

[HKCR\TypeLib\{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\405"

[HKCR\MarineAquarium3Free_57.ScriptButton\CLSID]
"(Default)" = "{94c67622-4e77-495a-9457-c8064c92a228}"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\ProgID]
"(Default)" = "MarineAquarium3Free_57.HTMLPanel.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\TypeLib\{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin\MimeTypes\application/x-marineaquarium3free_57plugin]
"Suffixes" = "57"

[HKCR\CLSID\{7706dcce-fed8-4ed7-80b2-5f88c33ee317}]
"(Default)" = "HttpControl Class"

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}]
"(Default)" = "Marine Aquarium Lite Third Party Installer"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin\CurVer]
"(Default)" = "MarineAquarium3Free_57.PseudoTransparentPlugin.1"

[HKCR\TypeLib\{DBC4BE0B-800C-4075-9521-A9F6B00D6982}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\MarineAquarium3Free_57.MultipleButton.1]
"(Default)" = ""

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}]
"(Default)" = "ITemplateBarControl"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.ToolbarProtector]
"(Default)" = "ProtectorControl Class"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}]
"(Default)" = "Skin Settings"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
"Version" = "1.1.1.1"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{67C605D7-71E7-40B7-AF78-8E382E039E8B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}]
"(Default)" = "ITemplateBarButtonRect"

[HKLM\SOFTWARE\MarineAquarium3Free_57\SkinTools]
"PlayerPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SkPlay.exe"

[HKCR\TypeLib\{199350AF-34C3-496F-A764-F4BF91CF2835}\1.0]
"(Default)" = "BARFEEDTYPELIB_NAME"

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}\TypeLib]
"(Default)" = "{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}"

[HKCR\TypeLib\{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\MarineAquarium3Free_57.HTMLMenu\CurVer]
"(Default)" = "MarineAquarium3Free_57.HTMLMenu.1"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.FeedManager"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bprtct.dll"

[HKCR\TypeLib\{A29BA259-04A2-426B-949F-D486E674DF9B}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\625"

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}\TypeLib]
"(Default)" = "{199350AF-34C3-496F-A764-F4BF91CF2835}"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1807"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b6e803d8-1514-4aa2-a53e-358400dfbb94}]
"Policy" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b6e803d8-1514-4aa2-a53e-358400dfbb94}]
"AppName" = "CrExtP57.exe"

[HKCR\TypeLib\{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f4d12989-af1c-4363-bfcf-b9ad96d18b0f}]
"Policy" = "3"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{67C605D7-71E7-40B7-AF78-8E382E039E8B}]
"(Default)" = "IRadioSettings"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"PartnerPixelNotSet" = ""

[HKCR\TypeLib\{A29BA259-04A2-426B-949F-D486E674DF9B}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\TypeLib\{DBC4BE0B-800C-4075-9521-A9F6B00D6982}\1.0]
"(Default)" = "TEMPLATEHTMLMenuLib"

[HKCR\TypeLib\{199350AF-34C3-496F-A764-F4BF91CF2835}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"UninstallString" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57highin.exe 57bar.dll,O uninstalltype=IE"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}\TypeLib]
"Version" = "1.0"

[HKCR\MarineAquarium3Free_57.RadioSettings.1]
"(Default)" = ""

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}\ProgID]
"(Default)" = "MarineAquarium3Free_57.ScriptButton.1"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller.1\CLSID]
"(Default)" = "{dd4285fa-3345-4b73-92e5-4de464edc3b2}"

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}\TypeLib]
"(Default)" = "{2F868090-A282-4C80-AC30-F743C9BECADF}"

[HKCR\CLSID\{f6e8add0-7744-4d57-8ab7-1ca4c6e0d0a0}\ProgID]
"(Default)" = "MarineAquarium3Free_57.Radio.1"

[HKCR\CLSID\{77225af4-00ff-49de-94ae-7818936b6631}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\MarineAquarium3Free_57.ToolbarProtector.1]
"(Default)" = "ProtectorControl Class"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"UninstallFFString" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57highin.exe 57bar.dll,O uninstalltype=FF"

[HKCR\MarineAquarium3Free_57.FeedManager.1\CLSID]
"(Default)" = "{f153e08e-19e7-4ece-bb2b-afe06394c6ea}"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}]
"(Default)" = "Popup Menu Plugin"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{dd4285fa-3345-4b73-92e5-4de464edc3b2}]
"(Default)" = ""

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}]
"(Default)" = "BARFEEDMANAGER_INTERFACE"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}\ProgID]
"(Default)" = "MarineAquarium3Free_57.HTMLMenu.1"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKCU\Software\Classes\CLSID\{327f75ed-061b-4339-8cc6-5dd45ad1396d}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}]
"(Default)" = "HTMLPANELEVENTS_INTERFACE"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{77225af4-00ff-49de-94ae-7818936b6631}]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}\TypeLib]
"(Default)" = "{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"lidate" = "2014-08-29T01:51:20Z"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b6e803d8-1514-4aa2-a53e-358400dfbb94}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}\TypeLib]
"Version" = "1.0"

[HKCR\MarineAquarium3Free_57.RadioSettings\CurVer]
"(Default)" = "MarineAquarium3Free_57.RadioSettings.1"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\TypeLib]
"(Default)" = "{09e63ba3-09c7-4d20-9e4b-2ebad3be5b50}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}]
"(Default)" = "MarineAquarium3Free_57 HTML"

[HKCR\TypeLib\{FB84548C-47C9-4323-820B-9E46B50E9947}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1506"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ecd011be-bc4c-45dd-85bc-70e5f36806d9}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}]
"(Default)" = "IIEInstalledToolbars"

[HKCR\TypeLib\{09252FA9-17BA-453C-9890-644AACE70B2B}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1003"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C0FD73B4-C692-4061-B36F-BC15B111314C}]
"(Default)" = ""

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\TypeLib]
"(Default)" = "{00c5edb1-1261-41eb-8fee-9c0c2cd98058}"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}]
"(Default)" = ""

[HKCR\TypeLib\{FB84548C-47C9-4323-820B-9E46B50E9947}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"RegisteredWithFirefox" = "1"

[HKCR\MarineAquarium3Free_57.HTMLMenu.1]
"(Default)" = "MarineAquarium3Free_57 HTML Menu"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{074d3229-0a22-491b-b9dd-ff3171d75f25}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"Visible" = "1"

[HKCR\MarineAquarium3Free_57.SettingsPlugin.1\CLSID]
"(Default)" = "{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f4d12989-af1c-4363-bfcf-b9ad96d18b0f}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\MarineAquarium3Free_57.Radio.1\CLSID]
"(Default)" = "{f6e8add0-7744-4d57-8ab7-1ca4c6e0d0a0}"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}\TypeLib]
"(Default)" = "{199350AF-34C3-496F-A764-F4BF91CF2835}"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"au" = "1"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller\CurVer]
"(Default)" = "MarineAquarium3Free_57.ThirdPartyInstaller.1"

[HKCR\TypeLib\{2F868090-A282-4C80-AC30-F743C9BECADF}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
"Description" = "Marine Aquarium Lite Plugin"

[HKCR\TypeLib\{2F868090-A282-4C80-AC30-F743C9BECADF}\1.0]
"(Default)" = "DataCtrl 1.0 Type Library"

[HKCR\MarineAquarium3Free_57.ScriptButton\CurVer]
"(Default)" = "MarineAquarium3Free_57.ScriptButton.1"

[HKCR\CLSID\{536e7ae2-c94c-4256-b035-8ec24e6245dd}\TypeLib]
"(Default)" = "{a29ba259-04a2-426b-949f-d486e674df9b}"

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57script.dll"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\TypeLib]
"(Default)" = "{d458d0d1-08f3-4dc9-9c67-ade048ae0ef9}"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}\TypeLib]
"Version" = "1.0"

[HKCR\MarineAquarium3Free_57.MultipleButton\CLSID]
"(Default)" = "{ad750e83-1c56-4196-90e3-e5a0f3c5421c}"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\ProgID]
"(Default)" = "MarineAquarium3Free_57.PseudoTransparentPlugin.1"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\MiscStatus]
"(Default)" = "0"

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.ScriptButton"

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}\TypeLib]
"(Default)" = "{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}"

[HKCR\Interface\{67C605D7-71E7-40B7-AF78-8E382E039E8B}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}]
"(Default)" = "HTMLPANEL_INTERFACE"

[HKCR\CLSID\{f6e8add0-7744-4d57-8ab7-1ca4c6e0d0a0}]
"(Default)" = ""

[HKCR\MarineAquarium3Free_57.HTMLPanel\CLSID]
"(Default)" = "{eda1dca1-c71d-46e7-b504-6cefd21ee60d}"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}\TypeLib]
"(Default)" = "{2F868090-A282-4C80-AC30-F743C9BECADF}"

[HKCR\CLSID\{3f9c1414-58f0-4fbb-9ee6-ab948b604ebd}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{09252FA9-17BA-453C-9890-644AACE70B2B}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\MarineAquarium3Free_57.SettingsPlugin.1]
"(Default)" = ""

[HKCR\CLSID\{77225af4-00ff-49de-94ae-7818936b6631}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}\1.0]
"(Default)" = "TYPELIB_NAME"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"dir" = "%Program Files%\MarineAquarium3Free_57\bar\"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\ProgID]
"(Default)" = "MarineAquarium3Free_57.ThirdPartyInstaller.1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c1c3d4a-dcff-443d-a49f-4abb6af151af}]
"AppName" = "57SrchMn.exe"

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\MiscStatus]
"(Default)" = "0"

[HKCR\TypeLib\{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller\CLSID]
"(Default)" = "{dd4285fa-3345-4b73-92e5-4de464edc3b2}"

[HKCR\CLSID\{77225af4-00ff-49de-94ae-7818936b6631}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.RadioSettings"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin.1\CLSID]
"(Default)" = "{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators64]
"HPG64.DLL" = ""

[HKCR\CLSID\{07189b84-b33b-4a1e-9b32-ad203c983c20}]
"(Default)" = "Marine Aquarium Lite"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\TypeLib]
"(Default)" = "{00c5edb1-1261-41eb-8fee-9c0c2cd98058}"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}]
"(Default)" = "IDataCtrl"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{77225af4-00ff-49de-94ae-7818936b6631}\ProgID]
"(Default)" = "MarineAquarium3Free_57.RadioSettings.1"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\MiscStatus]
"(Default)" = "0"

[HKCR\MarineAquarium3Free_57.HTMLPanel\CurVer]
"(Default)" = "MarineAquarium3Free_57.HTMLPanel.1"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}]
"(Default)" = "Pseudo Transparent Plugin"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\PROGRA~1\MARINE~1\bar\1.bin]
"57brmon.exe" = "VER_DESCRIPTION"

[HKCR\MarineAquarium3Free_57.ScriptButton.1]
"(Default)" = ""

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{7706dcce-fed8-4ed7-80b2-5f88c33ee317}\TypeLib]
"(Default)" = "{83783d62-ec4a-4cdd-acb3-b2a4bf184959}"

[HKCR\TypeLib\{09252FA9-17BA-453C-9890-644AACE70B2B}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{7706dcce-fed8-4ed7-80b2-5f88c33ee317}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}\1.0]
"(Default)" = "Skin 1.0 Type Library"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"hpwl" = ".mywebsearch.com,.google.com,.yahoo.com,.bing.com,.msn.com"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.PseudoTransparentPlugin"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}]
"(Default)" = "BARFEED_INTERFACE"

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}\ProgID]
"(Default)" = "MarineAquarium3Free_57.MultipleButton.1"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{536e7ae2-c94c-4256-b035-8ec24e6245dd}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.HTMLPanel"

[HKCR\MarineAquarium3Free_57.MultipleButton\CurVer]
"(Default)" = "MarineAquarium3Free_57.MultipleButton.1"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Firefox]
"UninstallString" = "rundll32 %Program Files%\MarineAquarium3Free_57\bar\1.bin\57Bar.dll,O mindsparktoolbarkey=MarineAquarium3Free_57 uninstalltype=FF"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\TypeLib]
"(Default)" = "{199350af-34c3-496f-a764-f4bf91cf2835}"

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}]
"(Default)" = "IHttpControlEvents"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.HTMLMenu"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}]
"(Default)" = "SKINWINDOW_INTERFACE"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}\TypeLib]
"(Default)" = "{2F868090-A282-4C80-AC30-F743C9BECADF}"

[HKCR\TypeLib\{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = ""

[HKCR\CLSID\{f6e8add0-7744-4d57-8ab7-1ca4c6e0d0a0}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57radio.dll"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators64]
"AssistMonitor64.dll" = ""

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c1c3d4a-dcff-443d-a49f-4abb6af151af}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f4d12989-af1c-4363-bfcf-b9ad96d18b0f}]
"AppName" = "AppIntegrator.exe"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"od" = "1"

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"ok" = "1"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57feedmg.dll"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}]
"(Default)" = "ProtectorControl Class"

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}]
"(Default)" = "IDisableAddonRebuttal"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin\CLSID]
"(Default)" = "{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}"

[HKCR\TypeLib\{2F868090-A282-4C80-AC30-F743C9BECADF}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\CLSID\{07189b84-b33b-4a1e-9b32-ad203c983c20}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f90c885b-332c-4379-965c-3ef665f369dc}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}\TypeLib]
"(Default)" = "{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}"

[HKCR\MarineAquarium3Free_57.HTMLMenu]
"(Default)" = "MarineAquarium3Free_57 HTML Menu"

[HKCR\CLSID\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}\1.0]
"(Default)" = "Toolbar 1.0 Type Library"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.ScriptButton.1\CLSID]
"(Default)" = "{94c67622-4e77-495a-9457-c8064c92a228}"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
"Path" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll"

[HKCR\MarineAquarium3Free_57.ToolbarProtector\CurVer]
"(Default)" = "MarineAquarium3Free_57.ToolbarProtector.1"

[HKCR\MarineAquarium3Free_57.FeedManager\CurVer]
"(Default)" = "MarineAquarium3Free_57.FeedManager.1"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\ProgID]
"(Default)" = "MarineAquarium3Free_57.SettingsPlugin.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin.1]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"CrExtP57.exe" = "0"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{A29BA259-04A2-426B-949F-D486E674DF9B}\1.0]
"(Default)" = "DialogHook 1.0 Type Library"

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"Publisher" = "Mindspark Interactive Network"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}]
"(Default)" = ""

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"pl" = "9"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"DisplayName" = "Marine Aquarium Lite Internet Explorer Toolbar"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
"vendor" = "MarineAquarium3Free_57"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\MiscStatus\1]
"(Default)" = "131473"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c1c3d4a-dcff-443d-a49f-4abb6af151af}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"PID" = "^0D"

[HKCR\MarineAquarium3Free_57.RadioSettings]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e9e780cc-8821-4b00-b4f9-f4c4f82be2c7}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}]
"(Default)" = ""

[HKCR\MarineAquarium3Free_57.SettingsPlugin]
"(Default)" = ""

[HKCR\TypeLib\{DBC4BE0B-800C-4075-9521-A9F6B00D6982}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1604"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators]
"AssistMonitor.dll" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR.DLL"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}\TypeLib]
"(Default)" = "{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}"

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{f6e8add0-7744-4d57-8ab7-1ca4c6e0d0a0}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.Radio"

[HKCR\MarineAquarium3Free_57.SettingsPlugin\CurVer]
"(Default)" = "MarineAquarium3Free_57.SettingsPlugin.1"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.SettingsPlugin"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"URLInfoAbout" = "http://support.mindspark.com/"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.ToolbarProtector"

[HKCR\CLSID\{77225af4-00ff-49de-94ae-7818936b6631}\Version]
"(Default)" = "1.0"

[HKCR\MarineAquarium3Free_57.FeedManager\CLSID]
"(Default)" = "{f153e08e-19e7-4ece-bb2b-afe06394c6ea}"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.Radio\CLSID]
"(Default)" = "{f6e8add0-7744-4d57-8ab7-1ca4c6e0d0a0}"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"tiec" = "208976"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\ProgID]
"(Default)" = "MarineAquarium3Free_57.ToolbarProtector.1"

[HKCR\TypeLib\{199350AF-34C3-496F-A764-F4BF91CF2835}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1104"

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}\TypeLib]
"(Default)" = "{FB84548C-47C9-4323-820B-9E46B50E9947}"

[HKCR\CLSID\{77225af4-00ff-49de-94ae-7818936b6631}\TypeLib]
"(Default)" = "{09252fa9-17ba-453c-9890-644aace70b2b}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"HelpLink" = "http://support.mindspark.com/"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\Version]
"(Default)" = "1.0"

[HKCR\TypeLib\{A29BA259-04A2-426B-949F-D486E674DF9B}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"UninstallString" = "rundll32 %Program Files%\MarineAquarium3Free_57\bar\1.bin\57Bar.dll,O mindsparktoolbarkey=MarineAquarium3Free_57 uninstalltype=IE"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}\TypeLib]
"(Default)" = "{DBC4BE0B-800C-4075-9521-A9F6B00D6982}"

[HKCR\MarineAquarium3Free_57.HTMLPanel.1]
"(Default)" = "MarineAquarium3Free_57 HTML Panel"

[HKCR\Interface\{67C605D7-71E7-40B7-AF78-8E382E039E8B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{074d3229-0a22-491b-b9dd-ff3171d75f25}]
"(Default)" = "Toolbar BHO"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}]
"(Default)" = "IProtectorControl"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"sr" = "0"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}]
"(Default)" = "_IThirdPartyInstallerEvents"

[HKCR\CLSID\{3f9c1414-58f0-4fbb-9ee6-ab948b604ebd}]
"(Default)" = "DataCtrl Class"

[HKCR\CLSID\{7706dcce-fed8-4ed7-80b2-5f88c33ee317}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57httpct.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ecd011be-bc4c-45dd-85bc-70e5f36806d9}]
"Policy" = "3"

[HKCR\CLSID\{77225af4-00ff-49de-94ae-7818936b6631}\MiscStatus]
"(Default)" = "0"

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{327f75ed-061b-4339-8cc6-5dd45ad1396d}" = ""

[HKCR\MarineAquarium3Free_57.Radio]
"(Default)" = ""

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}]
"(Default)" = "IThirdPartyInstaller"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.ThirdPartyInstaller"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}]
"(Default)" = "SKINSETTINGS_INTERFACE"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}\TypeLib]
"(Default)" = "{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}"

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}\TypeLib]
"(Default)" = "{A29BA259-04A2-426B-949F-D486E674DF9B}"

[HKCR\MarineAquarium3Free_57.FeedManager.1]
"(Default)" = ""

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}\TypeLib]
"(Default)" = "{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}"

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}]
"(Default)" = "ITemplateHTMLMenu"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.MultipleButton"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.ScriptButton]
"(Default)" = ""

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"PluginPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\"

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}]
"(Default)" = "IIEInstalledToolbar"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}]
"(Default)" = "_ITemplateBarSettingsEvents"

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{07189b84-b33b-4a1e-9b32-ad203c983c20}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bar.dll"

[HKCR\MarineAquarium3Free_57.HTMLMenu\CLSID]
"(Default)" = "{C0FD73B4-C692-4061-B36F-BC15B111314C}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"ua" = "0"

[HKCR\TypeLib\{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\626"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}\TypeLib]
"(Default)" = "{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\Version]
"(Default)" = "1.0"

[HKCU\Software\Classes\CLSID\{327f75ed-061b-4339-8cc6-5dd45ad1396d}]
"(Default)" = ""

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}]
"(Default)" = "PSEUDOTRANSPARENT_INTERFACE"

[HKCR\MarineAquarium3Free_57.ToolbarProtector.1\CLSID]
"(Default)" = "{3ca77147-e5a4-43ba-80b2-efa3245f8d88}"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\CLSID\{77225af4-00ff-49de-94ae-7818936b6631}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57radio.dll"

[HKCR\TypeLib\{09252FA9-17BA-453C-9890-644AACE70B2B}\1.0]
"(Default)" = "RADIOLib"

[HKCR\MarineAquarium3Free_57.MultipleButton.1\CLSID]
"(Default)" = "{ad750e83-1c56-4196-90e3-e5a0f3c5421c}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators]
"AssistMonitor.dll" = ""

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{FB84548C-47C9-4323-820B-9E46B50E9947}\1.0]
"(Default)" = "HTML 1.0 Type Library"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}]
"(Default)" = "SEARCHSCOPE_INTERFACE"

[HKCR\TypeLib\{199350AF-34C3-496F-A764-F4BF91CF2835}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\MarineAquarium3Free_57.ToolbarProtector\CLSID]
"(Default)" = "{3ca77147-e5a4-43ba-80b2-efa3245f8d88}"

[HKCR\TypeLib\{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"DeletedCustomizations" = "1"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"nk" = "0"
"nd" = "0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e9e780cc-8821-4b00-b4f9-f4c4f82be2c7}]
"AppName" = "57SlSrch.exe"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\MarineAquarium3Free_57.FeedManager]
"(Default)" = ""

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}\TypeLib]
"(Default)" = "{DBC4BE0B-800C-4075-9521-A9F6B00D6982}"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}\TypeLib]
"(Default)" = "{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}"

[HKCR\TypeLib\{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}\1.0]
"(Default)" = "HttpControl 1.0 Type Library"

[HKCR\CLSID\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}]
"(Default)" = "Search Assistant BHO"

[HKCR\MarineAquarium3Free_57.RadioSettings.1\CLSID]
"(Default)" = "{77225af4-00ff-49de-94ae-7818936b6631}"

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57mlbtn.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f90c885b-332c-4379-965c-3ef665f369dc}]
"AppName" = "57SkPlay.exe"

[HKCR\TypeLib\{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\905"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\MarineAquarium3Free_57.Radio.1]
"(Default)" = ""

[HKCR\MarineAquarium3Free_57.MultipleButton]
"(Default)" = ""

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Classes\CLSID\{327f75ed-061b-4339-8cc6-5dd45ad1396d}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}\TypeLib]
"(Default)" = "{FB84548C-47C9-4323-820B-9E46B50E9947}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"Build" = "194.6550"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}]
"(Default)" = "MarineAquarium3Free_57 HTML Menu"

[HKCR\MarineAquarium3Free_57.HTMLMenu.1\CLSID]
"(Default)" = "{C0FD73B4-C692-4061-B36F-BC15B111314C}"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57tpinst.dll"

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}]
"(Default)" = ""

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}]
"(Default)" = "POPUPMENU_INTERFACE"

[HKCR\MarineAquarium3Free_57.HTMLPanel.1\CLSID]
"(Default)" = "{eda1dca1-c71d-46e7-b504-6cefd21ee60d}"

[HKCR\CLSID\{536e7ae2-c94c-4256-b035-8ec24e6245dd}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk.dll"

[HKCR\TypeLib\{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}\1.0]
"(Default)" = "ToolbarProtector 1.0 Type Library"

[HKCR\CLSID\{074d3229-0a22-491b-b9dd-ff3171d75f25}\InprocServer32]
"(Default)" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57bar.dll"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 3C E2 21 7F 5E 1D E4 CC 67 E4 A1 B9 F3 50 61"

[HKCR\MarineAquarium3Free_57.RadioSettings\CLSID]
"(Default)" = "{77225af4-00ff-49de-94ae-7818936b6631}"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"CurInstall" = "1"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller.1]
"(Default)" = "Marine Aquarium Lite Third Party Installer"

[HKCR\CLSID\{3f9c1414-58f0-4fbb-9ee6-ab948b604ebd}\TypeLib]
"(Default)" = "{2f868090-a282-4c80-ac30-f743c9becadf}"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
"Path" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}]
"(Default)" = "IHttpControl"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin\MimeTypes\application/x-marineaquarium3free_57plugin]
"Description" = "Marine Aquarium Lite Plugin"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}\TypeLib]
"(Default)" = "{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}"

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{07189b84-b33b-4a1e-9b32-ad203c983c20}" = ""

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\ProgID]
"(Default)" = "MarineAquarium3Free_57.FeedManager.1"

[HKCR\TypeLib\{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller]
"(Default)" = "Marine Aquarium Lite Third Party Installer"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll"

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{67C605D7-71E7-40B7-AF78-8E382E039E8B}\TypeLib]
"(Default)" = "{09252FA9-17BA-453C-9890-644AACE70B2B}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"57SrcAs.dll" = "0"

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8HTML.DLL"

[HKCR\TypeLib\{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}]
"(Default)" = "ITemplatePopupMenu"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\TypeLib]
"(Default)" = "{00c5edb1-1261-41eb-8fee-9c0c2cd98058}"

[HKCR\CLSID\{f6e8add0-7744-4d57-8ab7-1ca4c6e0d0a0}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{2F868090-A282-4C80-AC30-F743C9BECADF}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1406"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\TypeLib]
"(Default)" = "{fb84548c-47c9-4323-820b-9e46b50e9947}"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e9e780cc-8821-4b00-b4f9-f4c4f82be2c7}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKCR\MarineAquarium3Free_57.Radio\CurVer]
"(Default)" = "MarineAquarium3Free_57.Radio.1"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"ID" = "8F38C495-E729-4ED1-96C9-9399E1DC69F2"

[HKCR\CLSID\{536e7ae2-c94c-4256-b035-8ec24e6245dd}]
"(Default)" = "Disable Addon Rebuttal Control"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57htmlmu.dll"

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\Settings\SmileyCentralBtn]
"HTMLMenuPosDeleted" = "1"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}]
"(Default)" = ""

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bar.dll"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"SettingsDir" = "%Program Files%\MarineAquarium3Free_57\bar\Settings\"

[HKCR\MarineAquarium3Free_57.SettingsPlugin\CLSID]
"(Default)" = "{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f90c885b-332c-4379-965c-3ef665f369dc}]
"Policy" = "3"

[HKCR\TypeLib\{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\100"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}\TypeLib]
"(Default)" = "{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}\TypeLib]
"Version" = "1.0"

[HKCR\MarineAquarium3Free_57.HTMLPanel]
"(Default)" = "MarineAquarium3Free_57 HTML Panel"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}]
"(Default)" = "_IDataCtrlEvents"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}]
"(Default)" = ""

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Marine Aquarium Lite Home Page Guard 32 bit" = "C:\PROGRA~1\MARINE~1\bar\1.bin\AppIntegrator.exe"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Marine Aquarium Lite Search Scope Monitor" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57srchmn.exe /m=2 /w /h"

"MarineAquarium3Free_57 Browser Plugin Loader" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57brmon.exe"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074d3229-0a22-491b-b9dd-ff3171d75f25}]
"(Default)" = ""

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Marine Aquarium Lite" = "rundll32 C:\PROGRA~1\MARINE~1\bar\1.bin\57bar.dll,S"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators]
[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin\MimeTypes]
[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin\MimeTypes\application/x-marineaquarium3free_57plugin]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"ConfigDateStamp"

"pid2"
"un"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Marine Aquarium Lite Plugin"

"Marine Aquarium Lite Home Page Guard 32 bit"

"Marine Aquarium Lite Search Scope Monitor"

The process 57brmon.exe:1652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 4B 3E E2 93 29 4A C7 86 FF 17 06 DE 6C 48 B2"

The process TPIManagerConsole.exe:1772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF E3 0B A0 5A 3C 42 1A 81 91 79 B6 38 5A FE FE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 57HighIn.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 B8 3C 0E B0 F4 A5 F8 75 60 22 B5 4C 25 1B 69"

The process 57barsvc.exe:392 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "46 0E F8 17 09 0E 1C 2B B0 68 6F 27 0D 09 B7 EE"

The process 57barsvc.exe:1596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 02 1E D9 E6 F1 3E F5 DA F9 59 56 34 A2 53 10"

The process 57barsvc.exe:1064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CD 75 EB 98 D2 20 09 AF E8 19 1E 37 61 A3 48 54"

The process mscorsvw.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "2340000"

The process AppIntegrator.exe:1568 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E0 64 14 9A E9 E9 47 26 65 DE 7E 8C B9 A3 CC C3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process AppIntegrator.exe:192 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B B6 3C 3E 38 B1 DC 15 6D 4D 4D D6 7E 45 3B E9"

The process %original file name%.exe:1324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE 1D AF A6 A4 94 22 69 FF 36 26 74 1D BE 6F 80"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"nodns" = "0"
"ie9disable" = "1"
"ffTabs" = "0"
"hpp" = "0"

[HKCU\Software\MarineAquarium3Free_57\Events\EventData]
"00000000_5" = "01 00 00 00 9F DC FF 53 00 00 00 00 00 00 00 00"
"00000000_7" = "01 00 00 00 9F DC FF 53 00 00 00 00 00 00 00 00"
"00000000_6" = "01 00 00 00 9F DC FF 53 00 00 00 00 00 00 00 00"

Dropped PE files

MD5 File path
bf28f98daf8826b65923273d3e406930 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57Plugin.dll
31f0fd888f41c6e4b05a8a26a6257bbb c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll
466af3fbfdd028b3d90238425c367b7e c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe
bef81913920b66f99cce1b8b94d2335d c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57auxstb.dll
a842b26aee3d1312bda37096c8490b39 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57auxstb64.dll
96a060cf33a2c42617cf13224a47db07 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57bar.dll
54d6bc524f1fb026d6eb569581e38885 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe
eb8ced3dac43ca1bf66d78481df2a8f1 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57bprtct.dll
2c0a45683112082493b1fb3c09c60184 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57brmon.exe
4ba7d9e73d47039bd34396ceb679318f c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57brmon64.exe
e46963ec2bc3d0ed27a61f0697544196 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57brstub.dll
f04c0efeafa8302e5b52d13cb0916ed3 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57brstub64.dll
5fea0081f2bf39ac0bef44e86b52c4dc c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57datact.dll
9c59c1140075060c08e93b39c0ed94b4 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57dlghk.dll
b8efb8d32dc96ed0d473dcd3a5e58ed8 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57dlghk64.dll
a738286620be77bec9ca13b389864d96 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57feedmg.dll
aa82a2d20c3525f0b850ec67dab2a448 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57highin.exe
e0d399dfb42ca6a24c40b4d38d0db3a3 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57hkstub.dll
4c7b28b8ae8013d8359f2d0a316e5d3e c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57htmlmu.dll
ebbf5d6394bed262727f72dc321789c2 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57httpct.dll
97190b606220d99b1f2c1dc8be34ad90 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57idle.dll
aedf3f97b88562ce2d5128c9422718c1 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57ieovr.dll
bb601f008cda03b0cdc8188d084d9960 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57medint.exe
212f000542b3526744f6444cddf66c33 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57mlbtn.dll
99314afe1aa7f154766c7b10b1b7e90d c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57radio.dll
05e7f2c19ae83dd990a6960a19755752 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57regfft.dll
b92c71d0ba7098f565520266e6b987d9 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57reghk.dll
b927852e2e860edbc4d2ec2b436cfaba c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57regiet.dll
74376b99e024766343eb5c18dd06040a c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57script.dll
2fd72a0a4fc75b4371f22252e443b245 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57skin.dll
f59ea63eaa060998c359fcbfdbc8c7d7 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57skplay.exe
9f1f27aaedca28c35f7ec1484c53b6e5 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57srchmr.dll
cf0646bb879911192c833e314e0afc57 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57tpinst.dll
660d435be4a48b8d941e5dcf30ac1974 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATOR.EXE
d5d454ca320d6f9128c1e8231d8118c1 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATORSTUB.DLL
e5d70d21eb26491111de57256319e340 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR.DLL
8584203f010ab90bfde264a7c0879413 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR64.DLL
f68778b356218f4cbfd5c2c19419c0a0 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\AppIntegrator64.exe
755ef214e8e5c2b5736c2e0fac4fe561 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\AppIntegratorStub64.dll
adc32dbe2fa1caae9c213bbfb6b02a9b c:\Program Files\MarineAquarium3Free_57\bar\1.bin\CREXT.DLL
c9fecbc3ec683b4b60cf45ebae9abfcd c:\Program Files\MarineAquarium3Free_57\bar\1.bin\CrExtP57.exe
5fe1c74f008496c30bbaf7689cd2fb74 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\DPNMNGR.DLL
eb09437e0e2ddd52045904fa59e2b545 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\EXEMANAGER.DLL
196a5d0149f1fb1aa393d4850d46f0c5 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\FF-NativeMessagingDispatcher.dll
629badd33fbba164acff36bc5a932460 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\Hpg64.dll
affa3ec97bc51e1cf55871cb3f6dc23c c:\Program Files\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll
fd7ee723718078825bc79e360e4f04d3 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8EPMSUP.DLL
5db285aa198bf18c4974c36308cac1d4 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8EXTEX.DLL
929d9ac6f8685c3d4a7124d8ec1aa485 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8EXTPEX.DLL
edf1686c822889284c49fceaf35f55ec c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8HTML.DLL
3d63bdadb6e2eec3c63493438dbf05d8 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8RES.DLL
888774ec0b5329e16b1d525c2a855801 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8TICKER.DLL
c7b067742f170d0fb409283c90117a47 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\TPIMANAGERCONSOLE.EXE
738237d7f25abb8874ab383e04cc8d61 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\UNIFIEDLOGGING.DLL
2cd291d761752e1abf80f05e0199a907 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\VERIFY.DLL
0e57218f3c13b9cc91a0869a064176e8 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
c895957b79fbd05f9c580666c4def142 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
fe0e9832decb6f345555837972eb244b c:\Program Files\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Marine Aquarium Lite
Product Name: Marine Aquarium Lite
Product Version: 2, 0, 5, 6
Legal Copyright: Copyright (c) 2009 - 2014
Legal Trademarks:
Original Filename: 57Setup.exe
Internal Name: 57Setup
File Version: 2, 0, 5, 6
File Description: Marine Aquarium Lite
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 9526 12288 3.73248 23e1e31f199faca739ebf0e2fc51fc03
.rdata 16384 8916 12288 1.85489 be69a4da1284a8f8aead1623ea97e0ec
.data 28672 3166 4096 1.70086 bfc2ef6e73b8ccf2c246a172e3a8609c
.rsrc 32768 6031864 6033408 5.544 94ad4e21edfd0bc208c1b6ac63c3c46a

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://a1255.g.akamai.net/images/nocache/vicinio/executable-packages/MarineAquariumLite/1389714302414/MarineAquariumWrapper.exe
hxxp://ak.imgfarm.com/images/nocache/vicinio/executable-packages/MarineAquariumLite/1389714302414/MarineAquariumWrapper.exe 184.84.243.224


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /images/nocache/vicinio/executable-packages/MarineAquariumLite/1389714302414/MarineAquariumWrapper.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ak.imgfarm.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 14 Jan 2014 15:45:22 GMT
ETag: "1254474-542f68-4eff0148856a8"
Accept-Ranges: bytes
Content-Length: 5517160
Cache-Control: max-age=295779218
Expires: Sat 02 Apr 1977 17:15:00 GMT
Pragma: no-cache
Content-Type: application/x-msdownload
Date: Fri, 29 Aug 2014 06:51:43 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........2...\...\.
..\..'....\..'....\.......\...]...\..'....\..'....\..'....\.Rich..\...
......PE..L......R.................X...........).......p....@.........
.................P......ggT...@.................................<..
.d........n............T.`....0.......................................
...@............p..x............................text....W.......X.....
............. ..`.rdata.......p...0...\..............@[email protected]....
[email protected]..................@[email protected]
[email protected].................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U...X......... [email protected].
SVW.}[email protected]@.P..hq@........`........V......SP.......Pp@..
..W..;.}[email protected][email protected]...
@..4.......P...p@......./ub......<Tt"<Wt.<tt.<wuL......P..
...u>.......6......P.....~(......:u....~....P......P......P........
[email protected]@[email protected];[email protected].
[email protected]@........u....M._..^3.[.........V..W3.h..
[email protected].....<[email protected]
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

AppIntegrator.exe_1568:

.text
`.rdata
@.data
.rsrc
@.reloc
QWQj.QPQh
xSSSh
FTPjKS
FtPj;S
C.PjRV
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
SHELL32.dll
MaxPolicyElementKey
AppIntegrator.cpp
IAC::AppIntegrator::Application::SetupWindowsHook
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\SDKs\boost1.46.1\boost/exception/detail/exception_ptr.hpp
()$^.* ?[]|\-{},:=!
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\AppIntegrator.pdb
KERNEL32.dll
MsgWaitForMultipleObjects
SetWindowsHookExW
UnhookWindowsHookEx
USER32.dll
ADVAPI32.dll
ole32.dll
USERENV.dll
VERSION.dll
GetCPInfo
RegCloseKey
RegOpenKeyExW
SHLWAPI.dll
.?AV?$bind_t@V?$vector@V?$basic_option@D@program_options@boost@@V?$allocator@V?$basic_option@D@program_options@boost@@@std@@@std@@V?$mf1@V?$vector@V?$basic_option@D@program_options@boost@@V?$allocator@V?$basic_option@D@program_options@boost@@@std@@@std@@Vcmdline@detail@program_options@boost@@AAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@_mfi@boost@@V?$list2@V?$value@PAVcmdline@detail@program_options@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@5@@_bi@boost@@
zcÁ
.?AV?$_Impl_no_alloc2@U?$_Callable_obj@V<lambda10>@?A0x74a94c0a@AppIntegrator@IAC@@$0A@@tr1@std@@_NABVCRegKey@ATL@@PB_W@tr1@std@@
.?AV?$_Impl_base2@_NABVCRegKey@ATL@@PB_W@tr1@std@@
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
5(5,50545
;#<3<]<~<
3%4X4
3&4.464>4~4
0%1U1z1
4%5S5
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
nKERNEL32.DLL
WUSER32.DLL
e\AppIntegratorStub.dll
Error calling SetWindowsHookEx
Error: %S
Error: 0x%0x
\StringFileInfo\XX\OriginalFilename
TraceLog.cfg
@^(. ?)\=(. ?)$
).csv
t8res.dll
.ExecutableToIntegratorSharedMemory
C:\PROGRA~1\MARINE~1\bar\1.bin\AppIntegrator.exe
C:\PROGRA~1\MARINE~1\bar\1.bin
1.0.7.183
AppIntegrator64.exe

57brmon.exe_1652:

.text
`.rdata
@.data
.rsrc
@.reloc
operator
GetProcessWindowStation
SetProcessShutdownParameters
t8res.dll
brstub.dll
9E107788-A2C8-4ff7-A5E6-8052455B4AED
19D1D781-6DA9-4781-BC16-9017E355E2F9
67DE0C3F-8D3D-4347-808F-D4CE05C7A6B8
advapi32.dll
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\t8brmon.pdb
KERNEL32.dll
UnhookWindowsHookEx
SetWindowsHookExA
USER32.dll
SHLWAPI.dll
GetCPInfo
C:\PROGRA~1\MARINE~1\bar\1.bin\57brmon.exe
C:\PROGRA~1\MARINE~1\bar\1.bin\t8res.dll
<assemblyIdentity version="1.0.0.0"
<requestedExecutionLevel
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KERNEL32.DLL
WUSER32.DLL
kernel32.dll
VER_EXE_FILENAME
VER_EXE_FILENAME.exe

57HighIn.exe_2000:

.text
`.rdata
@.data
.rsrc
@.reloc
SHLWAPI.dll
KERNEL32.dll
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\t8HighIn.pdb
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
t8HighIn.exe

TPIManagerConsole.exe_1772:

.text
`.rdata
@.data
.rsrc
@.reloc
GetProcessWindowStation
operator
advapi32.dll
Software\Policies\Google\Chrome\ExtensionInstallForcelist
D06D001F-4B7D-4A11-84F8-7BCD6212C14E_mtx
_DDE0BB24-8F8C-44e9-B962-8289B302DEF9
C:\code\p4\david.paxson_dp6127437787DT\Projects\Installers\TPIManager\Release\TPIManagerConsole.pdb
KERNEL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
GetCPInfo
57tpinst.dll
MarineAquarium3Free_57 Chrome Extension
DependencyManager.dll
DPNMNGR.DLL
hXXp://ak.imgfarm.com/images/nocache/vicinio/executable-packages/MarineAquariumLite/1389714302414/MarineAquariumWrapper.exe
5517160
${reg[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1:DisplayIcon]}
${reg[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1:QuietUninstallString]}
${reg[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1:DisplayIcon]}
${reg[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1:QuietUninstallString]}
.?AVCExternalInstallersKeyParser@@
%Program Files%\MarineAquarium3Free_57\bar\1.bin\TPIManagerConsole.exe
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
00U0
?#?(?7?^?
; ;$;(;,;0;4;8;<;@;
mscoree.dll
nKERNEL32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
1.0.0.1
TPIManagerConsole.exe


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    57srchmn.exe:168
    0000052cT8SETUP.EXE:1628
    57brmon.exe:1652
    57HighIn.exe:2000
    57barsvc.exe:392
    57barsvc.exe:1596
    57barsvc.exe:1064
    mscorsvw.exe:1912
    AppIntegrator.exe:1568
    AppIntegrator.exe:192
    %original file name%.exe:1324

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57feedmg.dll (139 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll (139 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\installKeys.js (206 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\INSTALL.RDF (2 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\BOOTSTRAP.JS (20 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe (55 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\CrExtP57.exe (7972 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57medint.exe (12 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\CHROME.MANIFEST (1 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk.dll (101 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR.DLL (303 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57bar.dll (6313 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\FF-NativeMessagingDispatcher.dll (250 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57mlbtn.dll (96 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\AppIntegrator64.exe (1766 bytes)
    %Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57hkstub.dll (59 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML (491 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1896 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk64.dll (119 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57srchmr.dll (83 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57tpinst.dll (179 bytes)
    %System%\config\SOFTWARE.LOG (52713 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57regfft.dll (81 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe (88 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\TPIMANAGERCONSOLE.EXE (78 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57htmlmu.dll (202 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57idle.dll (61 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57auxstb64.dll (65 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EXTPEX.DLL (104 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8HTML.DLL (188 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8TICKER.DLL (168 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57auxstb.dll (55 bytes)
    %System%\config\system (4001 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57reghk.dll (75 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\Hpg64.dll (1719 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57Plugin.dll (108 bytes)
    %Documents and Settings%\%current user%\NTUSER.DAT.LOG (7592 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATORSTUB.DLL (250 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR64.DLL (1633 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57brmon.exe (61 bytes)
    %System%\config\SYSTEM.LOG (6681 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATOR.EXE (1702 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57brstub64.dll (74 bytes)
    %Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll (48 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57script.dll (100 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\Settings\s_pid.dat (6 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\gen1\COMMON.T8S (1 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL (15 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57bprtct.dll (115 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\DPNMNGR.DLL (289 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\VERIFY.DLL (66 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57regiet.dll (83 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EPMSUP.DLL (77 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57brmon64.exe (71 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\AppIntegratorStub64.dll (290 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57skplay.exe (55 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57httpct.dll (144 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\EXEMANAGER.DLL (1767 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\LOGO.BMP (10 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57datact.dll (160 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57brstub.dll (63 bytes)
    %System%\config\software (33739 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\UNIFIEDLOGGING.DLL (316 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE (206 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\chrome\57ffxtbr.jar (1829 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll (202 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\IE9Mesg\COMMON.T8S (1727 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57highin.exe (12 bytes)
    %Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
    %Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\Message\COMMON.T8S (103 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57ieovr.dll (73 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8RES.DLL (197 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL (17 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\CREXT.DLL (7386 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57radio.dll (210 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EXTEX.DLL (98 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\{9FC7E018-D91C-417B-BDE2-F4FF1940B1B1}.exe (385458 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\0000052cT8SETUP.EX_ (42363 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\0000052cT8SETUP.EXE (212337 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Marine Aquarium Lite Home Page Guard 32 bit" = "C:\PROGRA~1\MARINE~1\bar\1.bin\AppIntegrator.exe"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Marine Aquarium Lite Search Scope Monitor" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57srchmn.exe /m=2 /w /h"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MarineAquarium3Free_57 Browser Plugin Loader" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57brmon.exe"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Marine Aquarium Lite" = "rundll32 C:\PROGRA~1\MARINE~1\bar\1.bin\57bar.dll,S"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now