Trojan.Win32.Swrort.3_f52abd9261

by malwarelabrobot on September 27th, 2014 in Malware Descriptions.

Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: f52abd926194da114fb8703da7a71991
SHA1: a6bbeb6edba55ddb6a0b2cdc31e07837bb01cb54
SHA256: e3dfdf47038954374b90f9ce287d427eb7bfdff637c5dc92239ef09c83b9c500
SSDeep: 98304:ZA2/LJphkvEqQJPoR/J2EwRm41fRJBFAuXmzoMVGMFkF yDHaDxS:ZRLhfqQ R/wEH4FRJBFfXcoO4 yLoxS
Size: 5822864 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: Marine Aquarium Lite
Created at: 2014-07-01 20:38:05
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

57srchmn.exe:148
MALiteSetup.tmp:1576
{4403D69A-6179-433D-BF9D-FEB28B4AEAA4}.exe:1492
TPIManagerConsole.exe:492
57HighIn.exe:1524
%original file name%.exe:1712
MALiteSetup.exe:284
57barsvc.exe:1984
57barsvc.exe:440
57barsvc.exe:1296
irsetup.exe:232
000006b0T8SETUP.EXE:1880

The Trojan injects its code into the following process(es):

AppIntegrator.exe:1184

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process MALiteSetup.tmp:1576 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-OUBPA.tmp\_isetup\_RegDLL.tmp (4 bytes)
%Program Files%\SereneScreen\Marine Aquarium Lite\unins000.dat (2064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-OUBPA.tmp\_isetup\_shfoldr.dll (23 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\SereneScreen\Marine Aquarium Lite\SereneScreen Marine Aquarium Lite.lnk (706 bytes)
%Program Files%\SereneScreen\Marine Aquarium Lite\www.SereneScreen.com.url (310 bytes)
%Program Files%\SereneScreen\Marine Aquarium Lite\is-GHQT0.tmp (7150 bytes)
%System%\is-T9QHL.tmp (53142 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\SereneScreen\Marine Aquarium Lite\SereneScreen Marine Aquarium on the Web.lnk (981 bytes)
%Program Files%\SereneScreen\Marine Aquarium Lite\is-8T546.tmp (35 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Marine Aquarium Lite.lnk (706 bytes)
%Program Files%\SereneScreen\Marine Aquarium Lite\is-9PVP6.tmp (195 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\SereneScreen\Marine Aquarium Lite\Prolific Publishing on the Web.lnk (1 bytes)
%Documents and Settings%\%current user%\Desktop\SereneScreen Marine Aquarium Lite.lnk (688 bytes)
%Program Files%\SereneScreen\Marine Aquarium Lite\is-IN9RC.tmp (180 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-OUBPA.tmp\_isetup\_RegDLL.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-OUBPA.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-OUBPA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-OUBPA.tmp\_isetup (0 bytes)

The process {4403D69A-6179-433D-BF9D-FEB28B4AEAA4}.exe:1492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (0 bytes)

The process TPIManagerConsole.exe:492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX37VSTM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IN2PA7MP\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (137 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\A32DQXCP\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6P0F0LGB\desktop.ini (67 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\{4403D69A-6179-433D-BF9D-FEB28B4AEAA4}.exe (997461 bytes)

The Trojan deletes the following file(s):

%Program Files%\MarineAquarium3Free_57\bar\1.bin\{4403D69A-6179-433D-BF9D-FEB28B4AEAA4}.exe (0 bytes)

The process %original file name%.exe:1712 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\000006b0T8SETUP.EX_ (39950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000006b0T8SETUP.EXE (188805 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\000006b0T8SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000006b0T8SETUP.EXE (0 bytes)

The process MALiteSetup.exe:284 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-JLINT.tmp\MALiteSetup.tmp (3790 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-JLINT.tmp\MALiteSetup.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JLINT.tmp (0 bytes)

The process irsetup.exe:232 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.PNG (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\Wow64.lmd (665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MarineAquarium Setup Log.txt (260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\MALiteSetup.exe (33812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1137 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\Wow64.lmd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.PNG (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\MALiteSetup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRW1.tmp (0 bytes)

The process 000006b0T8SETUP.EXE:1880 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\MarineAquarium3Free_57\bar\1.bin\57feedmg.dll (145 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll (144 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\installKeys.js (206 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\INSTALL.RDF (2 bytes)
%Program Files%\MarineAquarium3Free_57\bar\assists\COMMON.T8S (138 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\BOOTSTRAP.JS (20 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe (55 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\CrExtP57.exe (5442 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57medint.exe (12 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\CHROME.MANIFEST (1 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\HPG.DLL (237 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR.DLL (225 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\HKFXMGR.DLL (1629 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\FF-NativeMessagingDispatcher.dll (1724 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\AppIntegrator64.exe (258 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57hkstub.dll (59 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1896 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk.dll (121 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\TOOLBARGUARD64.DLL (251 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk64.dll (147 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57srchmr.dll (87 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57tpinst.dll (179 bytes)
%System%\config\SOFTWARE.LOG (34537 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57regfft.dll (85 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe (90 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\TPIMANAGERCONSOLE.EXE (78 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57htmlmu.dll (214 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57idle.dll (62 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EXTPEX.DLL (108 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8HTML.DLL (202 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8TICKER.DLL (171 bytes)
%System%\config\system (3482 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (1564 bytes)
C:\$Directory (200 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\Hpg64.dll (220 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57Plugin.dll (83 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (4896 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_enable\ARBITER.DLL (12 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATORSTUB.DLL (197 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR64.DLL (246 bytes)
%System%\config\SYSTEM.LOG (5289 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATOR.EXE (225 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57mlbtn.dll (98 bytes)
%Program Files%\MarineAquarium3Free_57\bar\Settings\s_pid.dat (6 bytes)
%Program Files%\MarineAquarium3Free_57\bar\gen1\COMMON.T8S (1 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL (15 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bprtct.dll (121 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\DPNMNGR.DLL (218 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57datact.dll (171 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_enable\ARBITER64.DLL (12 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57regiet.dll (87 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EPMSUP.DLL (79 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57script.dll (104 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\HKFXMGR64.DLL (1730 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\AppIntegratorStub64.dll (213 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skplay.exe (55 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57httpct.dll (151 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bar.dll (5442 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\LOGO.BMP (10 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_enable\CONFIG.XML (6 bytes)
%System%\config\software (28647 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE (207 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\chrome\57ffxtbr.jar (1829 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll (212 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\TOOLBARGUARD.DLL (240 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57highin.exe (13 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (2112 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\VERIFY.DLL (70 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\MarineAquarium3Free_57\bar\Message\COMMON.T8S (100 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8RES.DLL (196 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL (17 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\CREXT.DLL (6422 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\57reghk.dll (80 bytes)
%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EXTEX.DLL (102 bytes)

Registry activity

The process 57srchmn.exe:148 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 A1 35 42 15 92 20 FF 0B 42 D5 71 32 C6 3F 46"

The process MALiteSetup.tmp:1576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"Publisher" = "Prolific Publishing, Inc."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"DisplayName" = "SereneScreen Marine Aquarium Lite"
"Inno Setup: User" = "%CurrentUserName%"
"MinorVersion" = "0"
"Inno Setup: Icon Group" = "SereneScreen"
"Inno Setup: App Path" = "%Program Files%\SereneScreen\Marine Aquarium Lite"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"DisplayIcon" = "%System%\MarineAquariumLite.exe"
"URLUpdateInfo" = "http://www.SereneScreen.com"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\SereneScreen\MarineAquariumLite]
"EXE" = "%System%\MarineAquariumLite.exe"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{936872f0-5423-11e1-b86c-0800200c9a66}]
"AppName" = "MarineAquariumLite.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"DisplayVersion" = "3.0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{936872f0-5423-11e1-b86c-0800200c9a66}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"MajorVersion" = "3"
"Inno Setup: Selected Tasks" = "desktopicon,quicklaunchicon"

[HKCU\Control Panel\Desktop]
"ScreenSaveTimeOut" = "120"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"InstallDate" = "20140926"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"URLInfoAbout" = "http://www.ProlificPublishingInc.com"
"Inno Setup: Setup Version" = "5.3.11 (a)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"InstallLocation" = "%Program Files%\SereneScreen\Marine Aquarium Lite\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Control Panel\Desktop]
"ScreenSaveActive" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"NoRepair" = "1"
"UninstallString" = "%Program Files%\SereneScreen\Marine Aquarium Lite\unins000.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"Inno Setup: Language" = "en"
"QuietUninstallString" = "%Program Files%\SereneScreen\Marine Aquarium Lite\unins000.exe /SILENT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Control Panel\Desktop]
"SCRNSAVE.EXE" = "MarineAquariumLite.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"Readme" = ".\Readme.txt"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{936872f0-5423-11e1-b86c-0800200c9a66}]
"AppPath" = "%System%"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CD F7 6A 86 7A 21 23 A4 B0 63 04 A7 20 C9 10 BC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"NoModify" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"Inno Setup: Deselected Tasks" = ""
"HelpLink" = "http://www.SereneScreen.com"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]

The process {4403D69A-6179-433D-BF9D-FEB28B4AEAA4}.exe:1492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 EE 99 1F FB 0E 55 8B D0 ED 80 29 DD 51 72 56"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0]
"irsetup.exe" = "Setup Application"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process TPIManagerConsole.exe:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 9F 08 47 09 CC 6E A8 33 01 CF 64 8B 8E 46 15"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\MarineAquarium3Free_57\Dependencies]
"dependencymanagerpath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\DPNMNGR.DLL"

[HKLM\SOFTWARE\MarineAquarium3Free_57\Dependencies\MarineAquarium]
"uninstall" = "0"
"FriendlyName" = "Marine Aquarium Lite"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 57HighIn.exe:1524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 52 AA AA 09 75 19 AB 8D D5 84 FE D8 08 3D 9E"

The process %original file name%.exe:1712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A6 AB 3E BF 78 17 45 FE 5A E7 85 85 0C EE AC F5"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"nodns" = "0"
"ffTabs" = "0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"OToIData" = "001"

[HKCU\Software\MarineAquarium3Free_57\Events\EventData]
"00000000_5" = "01 00 00 00 47 B7 25 54 00 00 00 00 00 00 00 00"
"00000000_7" = "01 00 00 00 47 B7 25 54 00 00 00 00 00 00 00 00"
"00000000_6" = "01 00 00 00 47 B7 25 54 00 00 00 00 00 00 00 00"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"OToIData"

The process MALiteSetup.exe:284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 0C BB 42 E9 5E DA D3 32 33 64 01 C3 B8 34 36"

The process 57barsvc.exe:1984 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F AC 3C 49 40 15 E6 C0 9C 5F A2 DF 42 E1 93 FC"

The process 57barsvc.exe:440 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 1C BA 6E E1 C7 9C 52 27 2D DE 60 8B B5 81 EB"

The process 57barsvc.exe:1296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 8C EE 1B 4F 62 72 79 96 13 E8 A7 27 D6 A7 03"

The process AppIntegrator.exe:1184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E6 DD 4C 8E A2 E0 65 98 16 17 6F 4E B5 81 36 87"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process irsetup.exe:232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"DisplayName" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Marine Aquarium Lite_is1]
"UninstallString" = "%Program Files%\SereneScreen\Marine Aquarium Lite\unins000.exe /SILENT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A 24 3B B3 CB B4 F0 3A A4 E1 FE BC 7C 5D 1D 81"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 000006b0T8SETUP.EXE:1880 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TypeLib\{FB84548C-47C9-4323-820B-9E46B50E9947}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"Maximized" = "1"

[HKCR\TypeLib\{DBC4BE0B-800C-4075-9521-A9F6B00D6982}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{3f9c1414-58f0-4fbb-9ee6-ab948b604ebd}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57datact.dll"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\TypeLib]
"(Default)" = "{fdb8f0c7-adf7-4a45-b762-fe8ef4970dbd}"

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}]
"(Default)" = "ISessionData"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\MiscStatus]
"(Default)" = "0"

[HKCR\TypeLib\{199350AF-34C3-496F-A764-F4BF91CF2835}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}]
"(Default)" = "ITemplateBarMenu"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ecd011be-bc4c-45dd-85bc-70e5f36806d9}]
"AppName" = "57medint.exe"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"un" = "Marine Aquarium Lite"
"RegHookPath" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57reghk"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.ScriptButton\CLSID]
"(Default)" = "{94c67622-4e77-495a-9457-c8064c92a228}"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\ProgID]
"(Default)" = "MarineAquarium3Free_57.HTMLPanel.1"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}\TypeLib]
"(Default)" = "{2F868090-A282-4C80-AC30-F743C9BECADF}"

[HKCR\TypeLib\{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin\MimeTypes\application/x-marineaquarium3free_57plugin]
"Suffixes" = "57"

[HKCR\CLSID\{7706dcce-fed8-4ed7-80b2-5f88c33ee317}]
"(Default)" = "HttpControl Class"

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}]
"(Default)" = "Marine Aquarium Lite Third Party Installer"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin\CurVer]
"(Default)" = "MarineAquarium3Free_57.PseudoTransparentPlugin.1"

[HKCR\TypeLib\{DBC4BE0B-800C-4075-9521-A9F6B00D6982}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}]
"(Default)" = "ITemplateBarControl"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.ToolbarProtector]
"(Default)" = "ProtectorControl Class"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}]
"(Default)" = "Skin Settings"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
"Version" = "1.1.1.1"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin\CLSID]
"(Default)" = "{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}"

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\SkinTools]
"PlayerPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SkPlay.exe"

[HKCR\TypeLib\{199350AF-34C3-496F-A764-F4BF91CF2835}\1.0]
"(Default)" = "BARFEEDTYPELIB_NAME"

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}\TypeLib]
"(Default)" = "{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}"

[HKCR\TypeLib\{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\MarineAquarium3Free_57.HTMLMenu\CurVer]
"(Default)" = "MarineAquarium3Free_57.HTMLMenu.1"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.FeedManager"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bprtct.dll"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators]
"57DlgHk.dll" = ""

[HKCR\TypeLib\{A29BA259-04A2-426B-949F-D486E674DF9B}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\625"

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}\TypeLib]
"(Default)" = "{199350AF-34C3-496F-A764-F4BF91CF2835}"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1807"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b6e803d8-1514-4aa2-a53e-358400dfbb94}]
"Policy" = "3"

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}\TypeLib]
"(Default)" = "{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b6e803d8-1514-4aa2-a53e-358400dfbb94}]
"AppName" = "CrExtP57.exe"

[HKCR\TypeLib\{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\Version]
"(Default)" = "1.0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f4d12989-af1c-4363-bfcf-b9ad96d18b0f}]
"Policy" = "3"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"PartnerPixelNotSet" = ""

[HKCR\TypeLib\{A29BA259-04A2-426B-949F-D486E674DF9B}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\TypeLib\{DBC4BE0B-800C-4075-9521-A9F6B00D6982}\1.0]
"(Default)" = "TEMPLATEHTMLMenuLib"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"UninstallString" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57highin.exe 57bar.dll,O uninstalltype=IE"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}\ProgID]
"(Default)" = "MarineAquarium3Free_57.ScriptButton.1"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller.1\CLSID]
"(Default)" = "{dd4285fa-3345-4b73-92e5-4de464edc3b2}"

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}\TypeLib]
"(Default)" = "{2F868090-A282-4C80-AC30-F743C9BECADF}"

[HKCR\MarineAquarium3Free_57.ToolbarProtector.1]
"(Default)" = "ProtectorControl Class"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"UninstallFFString" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57highin.exe 57bar.dll,O uninstalltype=FF"

[HKCR\MarineAquarium3Free_57.FeedManager.1\CLSID]
"(Default)" = "{f153e08e-19e7-4ece-bb2b-afe06394c6ea}"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}]
"(Default)" = "Popup Menu Plugin"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}]
"(Default)" = "BARFEEDMANAGER_INTERFACE"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}\ProgID]
"(Default)" = "MarineAquarium3Free_57.HTMLMenu.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{dd4285fa-3345-4b73-92e5-4de464edc3b2}]
"(Default)" = ""

[HKCU\Software\Classes\CLSID\{327f75ed-061b-4339-8cc6-5dd45ad1396d}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}]
"(Default)" = "HTMLPANELEVENTS_INTERFACE"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\MiscStatus\1]
"(Default)" = "131473"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}\TypeLib]
"(Default)" = "{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"lidate" = "2014-09-26T18:58:01Z"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b6e803d8-1514-4aa2-a53e-358400dfbb94}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\MiscStatus]
"(Default)" = "0"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\TypeLib]
"(Default)" = "{09e63ba3-09c7-4d20-9e4b-2ebad3be5b50}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}]
"(Default)" = "MarineAquarium3Free_57 HTML"

[HKCR\TypeLib\{FB84548C-47C9-4323-820B-9E46B50E9947}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1506"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ecd011be-bc4c-45dd-85bc-70e5f36806d9}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}]
"(Default)" = "IIEInstalledToolbars"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C0FD73B4-C692-4061-B36F-BC15B111314C}]
"(Default)" = ""

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\TypeLib]
"(Default)" = "{00c5edb1-1261-41eb-8fee-9c0c2cd98058}"

[HKCR\CLSID\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}]
"(Default)" = ""

[HKCR\TypeLib\{FB84548C-47C9-4323-820B-9E46B50E9947}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.HTMLMenu.1]
"(Default)" = "MarineAquarium3Free_57 HTML Menu"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{074d3229-0a22-491b-b9dd-ff3171d75f25}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"Visible" = "1"

[HKCR\MarineAquarium3Free_57.SettingsPlugin.1\CLSID]
"(Default)" = "{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f4d12989-af1c-4363-bfcf-b9ad96d18b0f}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}\TypeLib]
"(Default)" = "{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}\TypeLib]
"(Default)" = "{199350AF-34C3-496F-A764-F4BF91CF2835}"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"au" = "1"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{2F868090-A282-4C80-AC30-F743C9BECADF}\1.0\FLAGS]
"(Default)" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
"Description" = "Marine Aquarium Lite Plugin"

[HKCR\TypeLib\{2F868090-A282-4C80-AC30-F743C9BECADF}\1.0]
"(Default)" = "DataCtrl 1.0 Type Library"

[HKCR\MarineAquarium3Free_57.ScriptButton\CurVer]
"(Default)" = "MarineAquarium3Free_57.ScriptButton.1"

[HKCR\CLSID\{536e7ae2-c94c-4256-b035-8ec24e6245dd}\TypeLib]
"(Default)" = "{a29ba259-04a2-426b-949f-d486e674df9b}"

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57script.dll"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\TypeLib]
"(Default)" = "{d458d0d1-08f3-4dc9-9c67-ade048ae0ef9}"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}\TypeLib]
"Version" = "1.0"

[HKCR\MarineAquarium3Free_57.MultipleButton\CLSID]
"(Default)" = "{ad750e83-1c56-4196-90e3-e5a0f3c5421c}"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\ProgID]
"(Default)" = "MarineAquarium3Free_57.PseudoTransparentPlugin.1"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.ScriptButton"

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}\TypeLib]
"(Default)" = "{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}]
"(Default)" = "HTMLPANEL_INTERFACE"

[HKCR\MarineAquarium3Free_57.HTMLPanel\CLSID]
"(Default)" = "{eda1dca1-c71d-46e7-b504-6cefd21ee60d}"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller\CurVer]
"(Default)" = "MarineAquarium3Free_57.ThirdPartyInstaller.1"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators]
"ToolbarGuard.dll" = ""

[HKCR\CLSID\{3f9c1414-58f0-4fbb-9ee6-ab948b604ebd}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\MarineAquarium3Free_57.SettingsPlugin.1]
"(Default)" = ""

[HKCR\TypeLib\{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}\1.0]
"(Default)" = "TYPELIB_NAME"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"dir" = "%Program Files%\MarineAquarium3Free_57\bar\"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\ProgID]
"(Default)" = "MarineAquarium3Free_57.ThirdPartyInstaller.1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c1c3d4a-dcff-443d-a49f-4abb6af151af}]
"AppName" = "57SrchMn.exe"

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\MiscStatus]
"(Default)" = "0"

[HKCR\TypeLib\{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller\CLSID]
"(Default)" = "{dd4285fa-3345-4b73-92e5-4de464edc3b2}"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin.1\CLSID]
"(Default)" = "{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"HomePage" = "http://home.tb.ask.com/index.jhtml?n=780C9D4D&p2=^0D&ptb=9EC3E279-4882-4C2C-8E9B-01E0604F6A1F"

[HKCR\CLSID\{07189b84-b33b-4a1e-9b32-ad203c983c20}]
"(Default)" = "Marine Aquarium Lite"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\TypeLib]
"(Default)" = "{00c5edb1-1261-41eb-8fee-9c0c2cd98058}"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}]
"(Default)" = "IDataCtrl"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\MiscStatus]
"(Default)" = "0"

[HKCR\MarineAquarium3Free_57.HTMLPanel\CurVer]
"(Default)" = "MarineAquarium3Free_57.HTMLPanel.1"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\MarineAquarium3Free_57.ScriptButton.1]
"(Default)" = ""

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{7706dcce-fed8-4ed7-80b2-5f88c33ee317}\TypeLib]
"(Default)" = "{83783d62-ec4a-4cdd-acb3-b2a4bf184959}"

[HKCR\CLSID\{7706dcce-fed8-4ed7-80b2-5f88c33ee317}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}\1.0]
"(Default)" = "Skin 1.0 Type Library"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"ua" = "0"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.PseudoTransparentPlugin"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}]
"(Default)" = "BARFEED_INTERFACE"

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}\ProgID]
"(Default)" = "MarineAquarium3Free_57.MultipleButton.1"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{536e7ae2-c94c-4256-b035-8ec24e6245dd}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.HTMLPanel"

[HKCR\MarineAquarium3Free_57.MultipleButton\CurVer]
"(Default)" = "MarineAquarium3Free_57.MultipleButton.1"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Firefox]
"UninstallString" = "rundll32 %Program Files%\MarineAquarium3Free_57\bar\1.bin\57Bar.dll,O mindsparktoolbarkey=MarineAquarium3Free_57 uninstalltype=FF"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e9e780cc-8821-4b00-b4f9-f4c4f82be2c7}]
"Policy" = "3"

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}]
"(Default)" = "IHttpControlEvents"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.HTMLMenu"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}]
"(Default)" = "SKINWINDOW_INTERFACE"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}\TypeLib]
"(Default)" = "{2F868090-A282-4C80-AC30-F743C9BECADF}"

[HKCR\TypeLib\{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.SettingsPlugin]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e9e780cc-8821-4b00-b4f9-f4c4f82be2c7}]
"AppName" = "57SlSrch.exe"

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = ""

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c1c3d4a-dcff-443d-a49f-4abb6af151af}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f4d12989-af1c-4363-bfcf-b9ad96d18b0f}]
"AppName" = "AppIntegrator.exe"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"od" = "1"

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"ok" = "1"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57feedmg.dll"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}]
"(Default)" = "ProtectorControl Class"

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}]
"(Default)" = "IDisableAddonRebuttal"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\TypeLib\{2F868090-A282-4C80-AC30-F743C9BECADF}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\CLSID\{07189b84-b33b-4a1e-9b32-ad203c983c20}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f90c885b-332c-4379-965c-3ef665f369dc}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}\TypeLib]
"(Default)" = "{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}"

[HKCR\MarineAquarium3Free_57.HTMLMenu]
"(Default)" = "MarineAquarium3Free_57 HTML Menu"

[HKCR\CLSID\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}\1.0]
"(Default)" = "Toolbar 1.0 Type Library"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}]
"(Default)" = "ITemplateBarButtonRect"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\TypeLib]
"(Default)" = "{00c5edb1-1261-41eb-8fee-9c0c2cd98058}"

[HKCR\MarineAquarium3Free_57.ScriptButton.1\CLSID]
"(Default)" = "{94c67622-4e77-495a-9457-c8064c92a228}"

[HKCR\TypeLib\{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\405"

[HKCR\MarineAquarium3Free_57.ToolbarProtector\CurVer]
"(Default)" = "MarineAquarium3Free_57.ToolbarProtector.1"

[HKCR\MarineAquarium3Free_57.FeedManager\CurVer]
"(Default)" = "MarineAquarium3Free_57.FeedManager.1"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\ProgID]
"(Default)" = "MarineAquarium3Free_57.SettingsPlugin.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin.1]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\TypeLib]
"(Default)" = "{fb84548c-47c9-4323-820b-9e46b50e9947}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"CrExtP57.exe" = "0"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{107C2EDD-3388-452B-A6B8-2AAD8EF816B6}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{A29BA259-04A2-426B-949F-D486E674DF9B}\1.0]
"(Default)" = "DialogHook 1.0 Type Library"

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"Publisher" = "Mindspark Interactive Network"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\PROGRA~1\MARINE~1\bar\1.bin]
"AppIntegrator.exe" = "Mindspark Toolbar Platform"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}]
"(Default)" = ""

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"pl" = "9"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"DisplayName" = "Marine Aquarium Lite Internet Explorer Toolbar"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
"vendor" = "MarineAquarium3Free_57"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\MiscStatus\1]
"(Default)" = "131473"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c1c3d4a-dcff-443d-a49f-4abb6af151af}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"PID" = "^0D"

[HKCR\MarineAquarium3Free_57.MultipleButton.1\CLSID]
"(Default)" = "{ad750e83-1c56-4196-90e3-e5a0f3c5421c}"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\TypeLib]
"(Default)" = "{199350af-34c3-496f-a764-f4bf91cf2835}"

[HKCR\MarineAquarium3Free_57.MultipleButton.1]
"(Default)" = ""

[HKCR\TypeLib\{DBC4BE0B-800C-4075-9521-A9F6B00D6982}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1604"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.ToolbarProtector"

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.SettingsPlugin\CurVer]
"(Default)" = "MarineAquarium3Free_57.SettingsPlugin.1"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.SettingsPlugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"URLInfoAbout" = "http://support.mindspark.com/"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}\TypeLib]
"(Default)" = "{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}"

[HKCR\MarineAquarium3Free_57.FeedManager\CLSID]
"(Default)" = "{f153e08e-19e7-4ece-bb2b-afe06394c6ea}"

[HKCR\Interface\{6F776034-C1E7-41CB-B099-839FCA62E732}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"tiec" = "208976"

[HKCR\CLSID\{3ca77147-e5a4-43ba-80b2-efa3245f8d88}\ProgID]
"(Default)" = "MarineAquarium3Free_57.ToolbarProtector.1"

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}]
"(Default)" = "SKINSETTINGS_INTERFACE"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ecd011be-bc4c-45dd-85bc-70e5f36806d9}]
"Policy" = "3"

[HKCR\TypeLib\{FB84548C-47C9-4323-820B-9E46B50E9947}\1.0]
"(Default)" = "HTML 1.0 Type Library"

[HKCR\TypeLib\{A29BA259-04A2-426B-949F-D486E674DF9B}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"UninstallString" = "rundll32 %Program Files%\MarineAquarium3Free_57\bar\1.bin\57Bar.dll,O mindsparktoolbarkey=MarineAquarium3Free_57 uninstalltype=IE"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}\TypeLib]
"(Default)" = "{DBC4BE0B-800C-4075-9521-A9F6B00D6982}"

[HKCR\MarineAquarium3Free_57.HTMLPanel.1]
"(Default)" = "MarineAquarium3Free_57 HTML Panel"

[HKCR\CLSID\{074d3229-0a22-491b-b9dd-ff3171d75f25}]
"(Default)" = "Toolbar BHO"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}]
"(Default)" = "IProtectorControl"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"sr" = "0"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}]
"(Default)" = "_IThirdPartyInstallerEvents"

[HKCR\CLSID\{3f9c1414-58f0-4fbb-9ee6-ab948b604ebd}]
"(Default)" = "DataCtrl Class"

[HKCR\CLSID\{7706dcce-fed8-4ed7-80b2-5f88c33ee317}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57httpct.dll"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\MiscStatus]
"(Default)" = "0"

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{327f75ed-061b-4339-8cc6-5dd45ad1396d}" = ""

[HKCR\TypeLib\{199350AF-34C3-496F-A764-F4BF91CF2835}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1104"

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}]
"(Default)" = "IThirdPartyInstaller"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.ThirdPartyInstaller"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}\TypeLib]
"(Default)" = "{FB84548C-47C9-4323-820B-9E46B50E9947}"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}\TypeLib]
"(Default)" = "{A29BA259-04A2-426B-949F-D486E674DF9B}"

[HKCR\MarineAquarium3Free_57.FeedManager.1]
"(Default)" = ""

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}\TypeLib]
"(Default)" = "{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}"

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}]
"(Default)" = "ITemplateHTMLMenu"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}\VersionIndependentProgID]
"(Default)" = "MarineAquarium3Free_57.MultipleButton"

[HKCR\Interface\{71AC0D70-4274-4B53-8101-26F7249EAFE4}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\MarineAquarium3Free_57.ScriptButton]
"(Default)" = ""

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"PluginPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators]
"HPG.dll" = ""

[HKCR\Interface\{F62FBB9B-25D9-41C5-97C0-7ED7AFBF2410}]
"(Default)" = "IIEInstalledToolbar"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}]
"(Default)" = "_ITemplateBarSettingsEvents"

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{07189b84-b33b-4a1e-9b32-ad203c983c20}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bar.dll"

[HKCR\MarineAquarium3Free_57.HTMLMenu\CLSID]
"(Default)" = "{C0FD73B4-C692-4061-B36F-BC15B111314C}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"hpwl" = ".mywebsearch.com,.google.com,.yahoo.com,.bing.com,.msn.com"

[HKCR\TypeLib\{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\626"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}\TypeLib]
"(Default)" = "{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}]
"(Default)" = ""

[HKCU\Software\Classes\CLSID\{327f75ed-061b-4339-8cc6-5dd45ad1396d}]
"(Default)" = ""

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}]
"(Default)" = "PSEUDOTRANSPARENT_INTERFACE"

[HKCR\MarineAquarium3Free_57.ToolbarProtector.1\CLSID]
"(Default)" = "{3ca77147-e5a4-43ba-80b2-efa3245f8d88}"

[HKCR\Interface\{DA60568C-C30E-4680-ADEA-89BF1DD050EA}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{C71EA797-7B15-438B-894A-9AB54D752430}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{A91067AB-9AC6-4607-B9F2-FB62228195EF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"nd" = "0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators]
"AssistMonitor.dll" = ""

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{3E3BEAE8-5B73-4AA4-8191-6AAD3E17D7CC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MarineAquarium3Free_57bar Uninstall Internet Explorer]
"HelpLink" = "http://support.mindspark.com/"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}]
"(Default)" = "SEARCHSCOPE_INTERFACE"

[HKCR\TypeLib\{199350AF-34C3-496F-A764-F4BF91CF2835}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\MarineAquarium3Free_57.ToolbarProtector\CLSID]
"(Default)" = "{3ca77147-e5a4-43ba-80b2-efa3245f8d88}"

[HKCR\TypeLib\{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"DeletedCustomizations" = "1"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"nk" = "0"

[HKCR\MarineAquarium3Free_57.HTMLPanel]
"(Default)" = "MarineAquarium3Free_57 HTML Panel"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"InstallingUser" = "S-1-5-21-1844237615-1960408961-1801674531-1003"

[HKCR\MarineAquarium3Free_57.PseudoTransparentPlugin]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\MarineAquarium3Free_57.FeedManager]
"(Default)" = ""

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}\TypeLib]
"(Default)" = "{DBC4BE0B-800C-4075-9521-A9F6B00D6982}"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}\TypeLib]
"(Default)" = "{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}"

[HKCR\TypeLib\{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}\1.0]
"(Default)" = "HttpControl 1.0 Type Library"

[HKCR\CLSID\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}]
"(Default)" = "Search Assistant BHO"

[HKCR\Interface\{E9E780CC-8821-4B00-B4F9-F4C4F82BE2C7}]
"(Default)" = "ITemplateBarSettings"

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{ad750e83-1c56-4196-90e3-e5a0f3c5421c}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57mlbtn.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f90c885b-332c-4379-965c-3ef665f369dc}]
"AppName" = "57SkPlay.exe"

[HKCR\TypeLib\{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\905"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\MarineAquarium3Free_57.MultipleButton]
"(Default)" = ""

[HKCR\Interface\{C9FA2928-5ED3-47AD-996C-997F6A9003EA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Classes\CLSID\{327f75ed-061b-4339-8cc6-5dd45ad1396d}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}\TypeLib]
"(Default)" = "{FB84548C-47C9-4323-820B-9E46B50E9947}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"Build" = "146.25877"

[HKCR\Interface\{1E66D651-C63F-4B5A-8DBB-4C093647BF9B}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{E1700B22-E107-4EC6-943E-5FBBADF213B3}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}]
"(Default)" = "MarineAquarium3Free_57 HTML Menu"

[HKCR\MarineAquarium3Free_57.HTMLMenu.1\CLSID]
"(Default)" = "{C0FD73B4-C692-4061-B36F-BC15B111314C}"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57tpinst.dll"

[HKCR\CLSID\{94c67622-4e77-495a-9457-c8064c92a228}]
"(Default)" = ""

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}]
"(Default)" = "POPUPMENU_INTERFACE"

[HKCR\MarineAquarium3Free_57.HTMLPanel.1\CLSID]
"(Default)" = "{eda1dca1-c71d-46e7-b504-6cefd21ee60d}"

[HKCR\CLSID\{536e7ae2-c94c-4256-b035-8ec24e6245dd}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk.dll"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"oldhpp" = "0"

[HKCR\TypeLib\{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}\1.0]
"(Default)" = "ToolbarProtector 1.0 Type Library"

[HKCR\CLSID\{074d3229-0a22-491b-b9dd-ff3171d75f25}\InprocServer32]
"(Default)" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57bar.dll"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 54 39 78 24 BC CE E3 42 FB B9 28 6A D4 1C A4"

[HKCR\Interface\{6A1F6969-2069-4036-A0AB-07D4628DF5A1}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"CurInstall" = "1"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller.1]
"(Default)" = "Marine Aquarium Lite Third Party Installer"

[HKCR\CLSID\{3f9c1414-58f0-4fbb-9ee6-ab948b604ebd}\TypeLib]
"(Default)" = "{2f868090-a282-4c80-ac30-f743c9becadf}"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin]
"Path" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll"

[HKCR\Interface\{D5CEC7EB-7D25-47BF-AA42-5DB03938509F}]
"(Default)" = "IHttpControl"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"hpp" = "0"

[HKCR\Interface\{3C4E958B-177E-4B3A-A998-4B0263A9564D}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKLM\SOFTWARE\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin\MimeTypes\application/x-marineaquarium3free_57plugin]
"Description" = "Marine Aquarium Lite Plugin"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"RegisteredWithFirefox" = "1"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Integrators]
"57SrcAs.dll" = ""

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AD6CED5C-457E-43DC-BD4B-D5ED0B87FAB4}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\Interface\{C17F2CA9-F618-4D8C-9C7E-78F9779D3FAA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{07189b84-b33b-4a1e-9b32-ad203c983c20}" = ""

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}\ProgID]
"(Default)" = "MarineAquarium3Free_57.FeedManager.1"

[HKCR\TypeLib\{83783D62-EC4A-4CDD-ACB3-B2A4BF184959}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\MarineAquarium3Free_57.ThirdPartyInstaller]
"(Default)" = "Marine Aquarium Lite Third Party Installer"

[HKCR\CLSID\{e55ebb8c-fb31-4a98-a514-4ecc5fd9c634}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll"

[HKCR\Interface\{D521D7CC-1EDA-4F50-905D-7C5B084230F7}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar\Switches]
"57SrcAs.dll" = "0"

[HKCR\Interface\{0A4376DD-C64A-4499-86BA-54578FD3BE3E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{eda1dca1-c71d-46e7-b504-6cefd21ee60d}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\T8HTML.DLL"

[HKCR\TypeLib\{00C5EDB1-1261-41EB-8FEE-9C0C2CD98058}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}]
"(Default)" = "ITemplatePopupMenu"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\Version]
"(Default)" = "1.0"

[HKCR\TypeLib\{2F868090-A282-4C80-AC30-F743C9BECADF}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\1406"

[HKCR\CLSID\{cc721fc9-8900-4e3d-a4be-359e6af8e9bb}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e9e780cc-8821-4b00-b4f9-f4c4f82be2c7}]
"AppPath" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin"

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}\TypeLib]
"(Default)" = "{FDB8F0C7-ADF7-4A45-B762-FE8EF4970DBD}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"ID" = "9EC3E279-4882-4C2C-8E9B-01E0604F6A1F"

[HKCR\CLSID\{536e7ae2-c94c-4256-b035-8ec24e6245dd}]
"(Default)" = "Disable Addon Rebuttal Control"

[HKCR\CLSID\{C0FD73B4-C692-4061-B36F-BC15B111314C}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57htmlmu.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}]
"(Default)" = ""

[HKCR\Interface\{D4517E61-49A5-4712-B487-950FEC8DB4B9}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\MarineAquarium3Free_57\Settings\SmileyCentralBtn]
"HTMLMenuPosDeleted" = "1"

[HKCR\CLSID\{f153e08e-19e7-4ece-bb2b-afe06394c6ea}]
"(Default)" = ""

[HKCR\CLSID\{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57bar.dll"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"SettingsDir" = "%Program Files%\MarineAquarium3Free_57\bar\Settings\"

[HKCR\MarineAquarium3Free_57.SettingsPlugin\CLSID]
"(Default)" = "{d35349a7-84d1-4a70-8536-e9c1f77dcf5b}"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\InprocServer32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f90c885b-332c-4379-965c-3ef665f369dc}]
"Policy" = "3"

[HKCR\TypeLib\{D458D0D1-08F3-4DC9-9C67-ADE048AE0EF9}\1.0\0\win32]
"(Default)" = "%Program Files%\MarineAquarium3Free_57\bar\1.bin\t8res.dll\100"

[HKCR\Interface\{F1FD4F87-D0FD-4A5C-90A7-9A7696FFAEC0}\TypeLib]
"(Default)" = "{09E63BA3-09C7-4D20-9E4B-2EBAD3BE5B50}"

[HKCR\Interface\{2BEA8EF6-4B9D-43DF-9C32-5B91B65E3E58}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{f90c885b-332c-4379-965c-3ef665f369dc}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{F4D12989-AF1C-4363-BFCF-B9AD96D18B0F}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{638B87E0-5EF3-45FA-ACB8-2C7C67958665}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{C8D39FE3-DCB1-4E94-9192-A176FC1F19BB}]
"(Default)" = "_IDataCtrlEvents"

[HKCR\CLSID\{dd4285fa-3345-4b73-92e5-4de464edc3b2}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{5777FB26-1203-4D16-A47F-24B3FF5E0476}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1FB1AF91-D5A5-46AC-990D-D57E53C85E70}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}]
"(Default)" = ""

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Marine Aquarium Lite Search Scope Monitor" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57srchmn.exe /m=2 /w /h"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074d3229-0a22-491b-b9dd-ff3171d75f25}]
"(Default)" = ""

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Marine Aquarium Lite AppIntegrator 32-bit" = "C:\PROGRA~1\MARINE~1\bar\1.bin\AppIntegrator.exe"

"Marine Aquarium Lite" = "rundll32 C:\PROGRA~1\MARINE~1\bar\1.bin\57bar.dll,S"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"

[HKLM\SOFTWARE\MarineAquarium3Free_57\bar]
"pid2"
"ConfigDateStamp"
"un"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Marine Aquarium Lite Search Scope Monitor"

Dropped PE files

MD5 File path
313460fa38c68768ec6bd38f795c4636 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57Plugin.dll
779662595f6b51bb86f96eccc230f13c c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll
3c93215de9cc97c60b1892ad8dbe4411 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe
21ae5618ae49640455d80de92a741ec7 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57bar.dll
b3dae11b5316528e6853a94d39e141e3 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe
af8c7080961317cac447e67700994ca4 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57bprtct.dll
6953cf1fd63ee9198a5fb6c365e0945d c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57datact.dll
80f1bbb9dda5d7d20358a89a28a5f251 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57dlghk.dll
920dcbae5836293e750eb01db436f26e c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57dlghk64.dll
69b288297ea754cea5b71956c023a7e7 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57feedmg.dll
1c86678ebf794d7c48ac6e2a663d4d46 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57highin.exe
259b188c17120d2ef9d18157e6f48919 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57hkstub.dll
3277a89130679dae008092ccdd41e38c c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57htmlmu.dll
27133aaae9b940a1b3a9944ffbf18c06 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57httpct.dll
913a5f893b78b675cd44dc717e89c4ec c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57idle.dll
df5ce0e2d96d747ed9fd82d6128cd393 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57medint.exe
76cfb8166a80ffbfc4a06aecd34b6225 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57mlbtn.dll
6d305157b71047492823aa863084f088 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57regfft.dll
d2afbb79efdb9acea481fc2e6b79d67d c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57reghk.dll
24f53c8a074e9e032d8547fe1e159346 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57regiet.dll
5d08b5c3cc87b48281dddd12216b6e22 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57script.dll
fedb7ed64a20fc2aaa6c09869e3b0998 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57skin.dll
96f758be1ee0d60e164b22b797e6eec8 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57skplay.exe
29e27800a11bbaa06e857da4bde64eec c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57srchmr.dll
cf0646bb879911192c833e314e0afc57 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\57tpinst.dll
b6940fe9d6fc34ef59f1028ae6018fe1 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATOR.EXE
cc497b6397bf8e3cf1550df4b9cee39b c:\Program Files\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATORSTUB.DLL
28df17d03fb2cc24b06d9a56be8701ec c:\Program Files\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR.DLL
e8bcea8410248511f0cff7530297d4b0 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR64.DLL
143d634f4f93155d3a4d430c2cf60d11 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\AppIntegrator64.exe
dbf0a4be10e5a7a5815845a3394f5ec7 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\AppIntegratorStub64.dll
43ad3c8b42d0e87d0e61e94602e50f37 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\CREXT.DLL
92bac85f49bbd97e53fd94fac848736d c:\Program Files\MarineAquarium3Free_57\bar\1.bin\CrExtP57.exe
b61deef118eb941a8063e6d2ad31415a c:\Program Files\MarineAquarium3Free_57\bar\1.bin\DPNMNGR.DLL
a36c8e9a6cdca2c18cb2e550562cd882 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\FF-NativeMessagingDispatcher.dll
2f738b52cab5a1722ba7d250c24fbf4c c:\Program Files\MarineAquarium3Free_57\bar\1.bin\HKFXMGR.DLL
12561f359a0665b4ef531a06b42e1178 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\HKFXMGR64.DLL
211572b1a80337431576521c82bf0ab6 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\HPG.DLL
3e2dafd1255ee62ffab9a00f926c1f0a c:\Program Files\MarineAquarium3Free_57\bar\1.bin\Hpg64.dll
af689b0f09dde27d1a50d7a2963eafae c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8EPMSUP.DLL
85aa773c5b3fe1b2fc4db60bfcb0e6f9 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8EXTEX.DLL
64d6eb8eb2882837bc4f29ce02e1a6f9 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8EXTPEX.DLL
b1dd705f66a0aac955be5b5003d87852 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8HTML.DLL
8ffeb236fe7a2e6261931a26d801a712 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8RES.DLL
7dca62cf49f4f29fb2a4002bf9a3a17c c:\Program Files\MarineAquarium3Free_57\bar\1.bin\T8TICKER.DLL
8199bfbaf45163fc6ac4a3360fe239c3 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\TOOLBARGUARD.DLL
7aaf4b9657c26a93da0e6e2d5ba11372 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\TOOLBARGUARD64.DLL
84e027a6d36c6f8ce0626bd03c65e47d c:\Program Files\MarineAquarium3Free_57\bar\1.bin\TPIMANAGERCONSOLE.EXE
d245830ad93d799bbca6dc055045d8c0 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\VERIFY.DLL
b0ffe041fb0c9fb55e1fc9394354d459 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
649fba6a4b539b295f19e736a311101d c:\Program Files\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
12bc7c0af14464243f5794a4a06f537f c:\Program Files\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
f26bd34edd1beacc23aa126de231cac1 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\assists\ie_enable\ARBITER.DLL
b3d3b34968fb171bb79c20123a455ac9 c:\Program Files\MarineAquarium3Free_57\bar\1.bin\assists\ie_enable\ARBITER64.DLL
aa9a671de609ea1df67bff830612e120 c:\Program Files\SereneScreen\Marine Aquarium Lite\unins000.exe
0a019d7541cb33bd9b88d6e95e4d07e6 c:\WINDOWS\system32\MarineAquariumLite.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Marine Aquarium Lite
Product Name: Marine Aquarium Lite
Product Version: 2, 0, 5, 6
Legal Copyright: Copyright (c) 2009 - 2014
Legal Trademarks:
Original Filename: 57Setup.exe
Internal Name: 57Setup
File Version: 2, 0, 5, 6
File Description: Marine Aquarium Lite
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 7790 8192 4.27339 e28848bc1d5d86f7e6683c7388b6f4e3
.rdata 12288 8748 12288 1.8146 54d4345e14337da28a15cecee7310cba
.data 24576 2126 4096 1.25261 bd3b98bd12a6d75e5000fdd5f5af2920
.rsrc 28672 5786104 5787648 5.38582 0fd62953c7da1c1794ffb03704cd92f2

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://a1255.g.akamai.net/images/nocache/vicinio/executable-packages/MarineAquariumLite/1389714302414/MarineAquariumWrapper.exe
hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl
hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl
hxxp://e6845.ce.akamaiedge.net/ThawteTimestampingCA.crl
hxxp://e6845.ce.akamaiedge.net/tss-ca-g2.crl
hxxp://ak.imgfarm.com/images/nocache/vicinio/executable-packages/MarineAquariumLite/1389714302414/MarineAquariumWrapper.exe 213.155.152.232
hxxp://crl.verisign.com/pca3-g5.crl 23.43.133.163
hxxp://ts-crl.ws.symantec.com/tss-ca-g2.crl 23.43.133.163
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl 23.43.133.163
hxxp://crl.thawte.com/ThawteTimestampingCA.crl 23.43.133.163
anx.mindspark.com 74.113.233.187


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /CSC3-2010.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2010-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "92724de4a63c65c53d0f3276a2dea0fc:1411722613"
Last-Modified: Fri, 26 Sep 2014 09:10:13 GMT
Date: Fri, 26 Sep 2014 18:57:30 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0....0.......0...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Sign
ing 2010 [email protected]
0730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&..
.130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s.
.130227010252Z0!...J.....Q..Y.[.....110404153956Z0!...d...=..q!_...g9.
.130729145216Z0!...d....Y.......o...140711083257Z0!...l.....h2<.H..
....120329152211Z0!...q.9...`H.*.Y.C...120525202212Z0!...s...TM.......
0...121221080842Z0!...t..,.. ...eL.....130314222305Z0!...y..r.HW.v....
.w..140423054643Z0!..../u.......A..5...101214165045Z0!.....0.Xc...%...
iM..121102230226Z0!.......S.a&.X5t.E]..111206083350Z0!....c.(....B.[M8
3...140108164517Z0!....A.Sv.....f,.....110609003155Z0!.....z......!.ID
{]..101228182208Z0!....b^......{d.J'...130102154110Z0!.......n........
'u..140521222808Z0!......0..........I..130912181631Z0!....6e...~..T...
....130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u..
....130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v.........
.n..120724160733Z0!....P;.Y..d...c.(...120209181451Z0!.....].bb[.....!
....140328205453Z0!.....a...L`..IV.....130402103508Z0!......fFW.z.....
@T..130117000242Z0!...........].{7.....120730000000Z0!...".......Z.V.,
.e..121031192224Z0!...'....[.1......g..130318195659Z0!...,GI.jH.|...J.
....120518121623Z0!...<%a.=.d.......O..120424164254Z0!...@.....
<<< skipped >>>


GET /tss-ca-g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: ts-crl.ws.symantec.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "384143cb01fcb1bdacbffbc7522dd739:1411722702"
Last-Modified: Fri, 26 Sep 2014 09:11:42 GMT
Date: Fri, 26 Sep 2014 18:57:31 GMT
Content-Length: 477
Connection: keep-alive
Content-Type: application/pkix-crl
0...0.....0...*.H........0^1.0...U....US1.0...U....Symantec Corporatio
n100...U...'Symantec Time Stamping Services CA - G2..140926090109Z..14
1006090109Z.00.0...U.#..0..._..n\..t...}.?..L...0...U.......\0...*.H..
.................,;.4N..7.....#UU..M......n.6.S...{* ..IS.v..s.....f.l
e.ST....jJ.JX)(0].s.0ax...|].......W.p.....lN......y|.jD.1.1.U...vR..m
..z.l...H....XE.#...sCr.J.v.....!....0o..jDe..).UUD..W....#@(b.g].9Y^.
:;.....|...h...u....#..n...2.........../c..0.G ....h..._#HTTP/1.1 200 
OK..Server: Apache..ETag: "384143cb01fcb1bdacbffbc7522dd739:1411722702
"..Last-Modified: Fri, 26 Sep 2014 09:11:42 GMT..Date: Fri, 26 Sep 201
4 18:57:31 GMT..Content-Length: 477..Connection: keep-alive..Content-T
ype: application/pkix-crl..0...0.....0...*.H........0^1.0...U....US1.0
...U....Symantec Corporation100...U...'Symantec Time Stamping Services
 CA - G2..140926090109Z..141006090109Z.00.0...U.#..0..._..n\..t...}.?.
.L...0...U.......\0...*.H...................,;.4N..7.....#UU..M......n
.6.S...{* ..IS.v..s.....f.le.ST....jJ.JX)(0].s.0ax...|].......W.p.....
lN......y|.jD.1.1.U...vR..m..z.l...H....XE.#...sCr.J.v.....!....0o..jD
e..).UUD..W....#@(b.g].9Y^.:;.....|...h...u....#..n...2.........../c..
0.G ....h..._#..



GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"
Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT
Date: Fri, 26 Sep 2014 18:57:30 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..140922000000Z..141231235959Z0...*.H.............
O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.
Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-
..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.
t....LV.uD....B..z...~I .6..aR[..(..q............HTTP/1.1 200 OK..Serv
er: Apache..ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"..Last-
Modified: Tue, 23 Sep 2014 23:20:16 GMT..Date: Fri, 26 Sep 2014 18:57:
30 GMT..Content-Length: 533..Connection: keep-alive..Content-Type: app
lication/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriS
ign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Publ
ic Primary Certification Authority - G5..140922000000Z..141231235959Z0
...*.H.............O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#....
.Y.Ht..}.n..* ...b.Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/..
.}.......z.Q..qP_.-..~......!.UBW...ER..6....:.p...[...../..h...9.J(..
<.;i.......?c.I.t....LV.uD....B..z...~I .6..aR[..(..q..............
<<< skipped >>>


GET /images/nocache/vicinio/executable-packages/MarineAquariumLite/1389714302414/MarineAquariumWrapper.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ak.imgfarm.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 14 Jan 2014 15:45:22 GMT
ETag: "1254474-542f68-4eff0148856a8"
Accept-Ranges: bytes
Content-Length: 5517160
Cache-Control: max-age=293316492
Expires: Sat 02 Apr 1977 17:15:00 GMT
Pragma: no-cache
Content-Type: application/x-msdownload
Date: Fri, 26 Sep 2014 18:57:09 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........2...\...\.
..\..'....\..'....\.......\...]...\..'....\..'....\..'....\.Rich..\...
......PE..L......R.................X...........).......p....@.........
.................P......ggT...@.................................<..
.d........n............T.`....0.......................................
...@............p..x............................text....W.......X.....
............. ..`.rdata.......p...0...\..............@[email protected]....
[email protected]..................@[email protected]
[email protected].................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U...X......... [email protected].
SVW.}[email protected]@.P..hq@........`........V......SP.......Pp@..
..W..;.}[email protected][email protected]...
@..4.......P...p@......./ub......<Tt"<Wt.<tt.<wuL......P..
...u>.......6......P.....~(......:u....~....P......P......P........
[email protected]@[email protected];[email protected].
[email protected]@........u....M._..^3.[.........V..W3.h..
[email protected].....<[email protected]
<<< skipped >>>


GET /ThawteTimestampingCA.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.thawte.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "075003e67d35591a801778336e66e994:1411607711"
Last-Modified: Thu, 25 Sep 2014 01:15:11 GMT
Date: Fri, 26 Sep 2014 18:57:30 GMT
Content-Length: 341
Connection: keep-alive
Content-Type: application/pkix-crl
0..Q0..0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U..
..Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U..
..Thawte Timestamping CA..140922000000Z..141231235959Z0...*.H.........
......z ...H.....h.......>V......<...Y*.4..m.P{w.yN.*..rH....o7.
_..B.H..$O......D(..Or..E..e3....XR.#!1.5j.h..p......<.#..:.FI..l?.
HTTP/1.1 200 OK..Server: Apache..ETag: "075003e67d35591a801778336e66e9
94:1411607711"..Last-Modified: Thu, 25 Sep 2014 01:15:11 GMT..Date: Fr
i, 26 Sep 2014 18:57:30 GMT..Content-Length: 341..Connection: keep-ali
ve..Content-Type: application/pkix-crl..0..Q0..0...*.H........0..1.0..
.U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte
1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA..1409
22000000Z..141231235959Z0...*.H...............z ...H.....h.......>V
......<...Y*.4..m.P{w.yN.*..rH....o7._..B.H..$O......D(..Or..E..e3.
...XR.#!1.5j.h..p......<.#..:.FI..l?...

The Trojan connects to the servers at the folowing location(s):

57HighIn.exe_1524:

.text
`.rdata
@.data
.rsrc
@.reloc
SHLWAPI.dll
KERNEL32.dll
E:\TeamCity\BuildAgent1\work\87ecef1f770f3834\Projects\ChromeExtAPI_Dev1\Build.TT\Release.x86\t8HighIn.pdb
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
1.0.7.205
t8HighIn.exe
2.5.15.0

AppIntegrator.exe_1184:

.text
`.rdata
@.data
.rsrc
@.reloc
operator
GetProcessWindowStation
SHELL32.dll
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
MaxPolicyElementKey
AppIntegrator.cpp
IAC::AppIntegrator::Application::SetupWindowsHook
C   Exception thrown in %s: %s
ATL Exception thrown in %s: 0xX
Unknown exception thrown in %s
RegOpenKeyTransactedW
E:\TeamCity\BuildAgent1\work\87ecef1f770f3834\Projects\ChromeExtAPI_Dev1\Build.TT\Release.x86\AppIntegrator.pdb
KERNEL32.dll
MsgWaitForMultipleObjects
SetWindowsHookExW
UnhookWindowsHookEx
USER32.dll
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
ADVAPI32.dll
ole32.dll
SHRegOpenUSKeyW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHLWAPI.dll
USERENV.dll
VERSION.dll
GetProcessHeap
GetCPInfo
AppIntegrator.exe
zcÁ
.?AV?$_Impl_no_alloc2@U?$_Callable_obj@V<lambda14>@?A0x0f892900@AppIntegrator@IAC@@$0A@@tr1@std@@_NABVCRegKey@ATL@@PB_W@tr1@std@@
.?AV?$_Impl_no_alloc1@U?$_Callable_obj@V<lambda5>@?A0x0f892900@AppIntegrator@IAC@@$0A@@tr1@std@@KAAV?$_Vector_const_iterator@V?$_Vector_val@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V?$allocator@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@std@@@std@@@3@@tr1@std@@
.?AV?$_Impl_base2@_NABVCRegKey@ATL@@PB_W@tr1@std@@
.?AV?$_Impl_base1@KAAV?$_Vector_const_iterator@V?$_Vector_val@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V?$allocator@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@std@@@std@@@std@@@tr1@std@@
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
3 3$3(34383<3
< <$<(<,<0<
2$2<2@2`2
6,686@6`6
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KERNEL32.DLL
WUSER32.DLL
ieframe.dll
Already running! %s
The %s event cannot be created (%u)
\AppIntegratorStub.dll
Error calling GetProcAddress %u
Error calling SetWindowsHookEx %u
Failed to enable heap terminate-on-corruption with LastError %u
Error: %S
Error: 0x%0x
TraceLogUnitTest.exe
TraceLog.cfg
).csv
\StringFileInfo\XX\OriginalFilename
@t8res.dll
Advapi32.dll
C:\PROGRA~1\MARINE~1\bar\1.bin\AppIntegrator.exe
C:\PROGRA~1\MARINE~1\bar\1.bin
@C:\PROGRA~1\MARINE~1\bar\1.bin\AppIntegrator.exe
1.0.7.205
2.5.15.0


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    57srchmn.exe:148
    MALiteSetup.tmp:1576
    {4403D69A-6179-433D-BF9D-FEB28B4AEAA4}.exe:1492
    TPIManagerConsole.exe:492
    57HighIn.exe:1524
    %original file name%.exe:1712
    MALiteSetup.exe:284
    57barsvc.exe:1984
    57barsvc.exe:440
    57barsvc.exe:1296
    irsetup.exe:232
    000006b0T8SETUP.EXE:1880

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temp\is-OUBPA.tmp\_isetup\_RegDLL.tmp (4 bytes)
    %Program Files%\SereneScreen\Marine Aquarium Lite\unins000.dat (2064 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-OUBPA.tmp\_isetup\_shfoldr.dll (23 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\SereneScreen\Marine Aquarium Lite\SereneScreen Marine Aquarium Lite.lnk (706 bytes)
    %Program Files%\SereneScreen\Marine Aquarium Lite\www.SereneScreen.com.url (310 bytes)
    %Program Files%\SereneScreen\Marine Aquarium Lite\is-GHQT0.tmp (7150 bytes)
    %System%\is-T9QHL.tmp (53142 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\SereneScreen\Marine Aquarium Lite\SereneScreen Marine Aquarium on the Web.lnk (981 bytes)
    %Program Files%\SereneScreen\Marine Aquarium Lite\is-8T546.tmp (35 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Marine Aquarium Lite.lnk (706 bytes)
    %Program Files%\SereneScreen\Marine Aquarium Lite\is-9PVP6.tmp (195 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\SereneScreen\Marine Aquarium Lite\Prolific Publishing on the Web.lnk (1 bytes)
    %Documents and Settings%\%current user%\Desktop\SereneScreen Marine Aquarium Lite.lnk (688 bytes)
    %Program Files%\SereneScreen\Marine Aquarium Lite\is-IN9RC.tmp (180 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX37VSTM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IN2PA7MP\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (137 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\A32DQXCP\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6P0F0LGB\desktop.ini (67 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\{4403D69A-6179-433D-BF9D-FEB28B4AEAA4}.exe (997461 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\000006b0T8SETUP.EX_ (39950 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\000006b0T8SETUP.EXE (188805 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-JLINT.tmp\MALiteSetup.tmp (3790 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.PNG (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\Wow64.lmd (665 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\MarineAquarium Setup Log.txt (260 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\MALiteSetup.exe (33812 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1137 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57feedmg.dll (145 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll (144 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\installKeys.js (206 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\INSTALL.RDF (2 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\assists\COMMON.T8S (138 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\BOOTSTRAP.JS (20 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe (55 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\CrExtP57.exe (5442 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57medint.exe (12 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\CHROME.MANIFEST (1 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\HPG.DLL (237 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR.DLL (225 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\HKFXMGR.DLL (1629 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\FF-NativeMessagingDispatcher.dll (1724 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\AppIntegrator64.exe (258 bytes)
    %Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57hkstub.dll (59 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1896 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk.dll (121 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\TOOLBARGUARD64.DLL (251 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57dlghk64.dll (147 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57srchmr.dll (87 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57tpinst.dll (179 bytes)
    %System%\config\SOFTWARE.LOG (34537 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57regfft.dll (85 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe (90 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\TPIMANAGERCONSOLE.EXE (78 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57htmlmu.dll (214 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57idle.dll (62 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EXTPEX.DLL (108 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8HTML.DLL (202 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8TICKER.DLL (171 bytes)
    %System%\config\system (3482 bytes)
    C:\$Directory (200 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\Hpg64.dll (220 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57Plugin.dll (83 bytes)
    %Documents and Settings%\%current user%\NTUSER.DAT.LOG (4896 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_enable\ARBITER.DLL (12 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATORSTUB.DLL (197 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\ASSISTMONITOR64.DLL (246 bytes)
    %System%\config\SYSTEM.LOG (5289 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\APPINTEGRATOR.EXE (225 bytes)
    %Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57mlbtn.dll (98 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\Settings\s_pid.dat (6 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\gen1\COMMON.T8S (1 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL (15 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57bprtct.dll (121 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\DPNMNGR.DLL (218 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57datact.dll (171 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_enable\ARBITER64.DLL (12 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57regiet.dll (87 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EPMSUP.DLL (79 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57script.dll (104 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\HKFXMGR64.DLL (1730 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\AppIntegratorStub64.dll (213 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57skplay.exe (55 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57httpct.dll (151 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57bar.dll (5442 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\LOGO.BMP (10 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_enable\CONFIG.XML (6 bytes)
    %System%\config\software (28647 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE (207 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\chrome\57ffxtbr.jar (1829 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57skin.dll (212 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\TOOLBARGUARD.DLL (240 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57highin.exe (13 bytes)
    %Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\VERIFY.DLL (70 bytes)
    %Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\Message\COMMON.T8S (100 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8RES.DLL (196 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL (17 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\CREXT.DLL (6422 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\57reghk.dll (80 bytes)
    %Program Files%\MarineAquarium3Free_57\bar\1.bin\T8EXTEX.DLL (102 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Marine Aquarium Lite Search Scope Monitor" = "C:\PROGRA~1\MARINE~1\bar\1.bin\57srchmn.exe /m=2 /w /h"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Marine Aquarium Lite AppIntegrator 32-bit" = "C:\PROGRA~1\MARINE~1\bar\1.bin\AppIntegrator.exe"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Marine Aquarium Lite" = "rundll32 C:\PROGRA~1\MARINE~1\bar\1.bin\57bar.dll,S"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now