Trojan.Win32.Llac.dmdm (Kaspersky), Trojan.Win32.Generic!SB.0 (VIPRE), Worm.Win32.Rebhip!IK (Emsisoft), Trojan.Win32.IEDummy.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, WormRebhip.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Worm, VirTool, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 5868c42fdb6ab69cb5f2ecc47592cd24
SHA1: 89367b4adad85e0aabb16b410e1c595d6ca310cc
SHA256: 5d6e01dc4523329df4ecd74bfbd20bd009dca951b9e1977a8c5a57400060ade5
SSDeep: 24576:SGx1/tK3UbMoX GltnhxBu0Hylg1WcMW4iZOkl/:ppLX CQc9MaOm
Size: 907776 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 1992-06-20 01:22:17
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Trojan creates the following process(es):
cscript.exe:1940
5868c42fdb6ab69cb5f2ecc47592cd24.exe:1616
The Trojan injects its code into the following process(es):
OneHitCF SynBoz 4.0.exe:1680
iexplore.exe:612
iexplore.exe:360
File activity
The process OneHitCF SynBoz 4.0.exe:1680 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (3119 bytes)
C:\aim (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\gpt[2].js (1503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\synbozmodz.blogspot[1] (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAGX67WT.1382723735&ga_sid=1382723735&ga_hid=1235532956&ga_fc=true (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\widget118[1].css (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\json2[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\widgetIE67006[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\icon18_wrench_allbkg[1].png (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\google_follow[1].png (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[1].txt (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\325[1].png (323 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\displayAd[1].js (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\flashwrite_1_2[1].js (801 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\abg[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\layers023[1].js (1525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\gpt[1].js (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@google[1].txt (383 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[2].txt (419 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\plusone[2].js (1065 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@whos.amung[1].txt (173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\j[1].ad (920 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@media6degrees[1].txt (1359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\analytics[1].js (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cb=gapi[1].loaded_0 (1755 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\myip2gz[2].css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\whatismyipaddress[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\synbozmodz.blogspot[1].htm (1004 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\layersIE6005[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\2023635439-widget_css_2_bundle[1].css (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\4163410827-ieretrofit[1].js (1122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ad_choices_en[1].png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\authorization[1].css (21 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (3329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\osd[2].js (1145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\layer3[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\j[1].ad (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\osd[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\dc[1].js (1701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\sh140[1].htm (1718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tags[1].js (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@media6degrees[2].txt (1482 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoToMyPC_88x31[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\facebook[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\authorization[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\twitter[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\social[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1-g2m_MaySet_v4_160_600[1].swf (1729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\myip-logo-wide[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\4103944743-widgets[1].js (1560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\flashwrite_1_2[1].js (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\paging_dot[1].png (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\pubads_impl_28[1].js (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\displayAd[2].js (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\addthis_widget[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\plusone[1].js (1406 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\myip2gz[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAEVANCF.1382723735&ga_sid=1382723735&ga_hid=1235532956&ga_fc=true (12 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@whatismyipaddress[2].txt (3517 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\menu[1].png (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ad_choices_i[1].png (365 bytes)
C:\Possion.ini (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\getmap[1].gif (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\abg[2].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\widgetbig058[1].css (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tags[1].js (578 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (30264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\layers020[1].css (3342 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\pp800x600[1].htm (616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\core107[1].js (3720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\widget058_32x32[1].gif (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\widget015_32x32_top[1].gif (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@whatismyipaddress[1].txt (4006 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\arrows[1].gif (231 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tags[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\myip2gz[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@media6degrees[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAGX67WT.1382723735&ga_sid=1382723735&ga_hid=1235532956&ga_fc=true (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\j[1].ad (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@whatismyipaddress[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\abg[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\j[1].ad (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\displayAd[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@media6degrees[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\gpt[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@whatismyipaddress[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\plusone[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\flashwrite_1_2[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\osd[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\authorization[1].css (0 bytes)
The process cscript.exe:1940 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\teste.txt (2 bytes)
The process iexplore.exe:612 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\conversion[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\rum[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\searchGrad[1].jpg (934 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\4-classesLogo[1].png (682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\common[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAEF8LIJ.htm (712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\st_back[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\body[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CA67O1MB.gif (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tribute-box[1].htm (264 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@casalemedia[2].txt (10254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\medium[1].css (530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\5-2-2-2-2-parcel[1].jpg (1765 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@match[2].txt (339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Stext[1].gif (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\flashwrite_1_2[1].js (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tribute_covers[1].gif (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\;ord=2881842586[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ADTECH;loc=100;target=_blank;alias=tribute_ROS_202x90_1;size=202x90;grp=103;misc=1382723762074;aduho= 180;[1] (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tracking_id[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@match[1].txt (148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tagextensions_base[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\willforte_118x118[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\styleswitcher[1].js (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\johnnyjackson_118x118[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\pu800x600[1].htm (786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ga[1].js (1687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\basic[1].css (135 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[1].js (14 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@myroitracking[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\d_bottom_bg[1].png (167 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (60704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tribute-lb[1].htm (393 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\flashwrite_1_2[2].js (801 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mookie1[1].txt (651 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\holder[1].php (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\logo_fb2[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762 (860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\scarlettjoseph_118x118[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\en_tran[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nr-100[2].js (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\fetch[1].cp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lMenuBigN[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\btn[1].gif (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\sandrabullock_118x118[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\adfly_2[2].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Ad4265259St1Sz4482Sq22723993V1Id18[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\holder[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\large[1].css (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAQF4TAV.gif (35 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@forms.aweber[1].txt (154 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\113471544[1].htm (714 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\print[1].css (272 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribute[1].txt (895 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lidar[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\d_top_bg[1].png (156 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@serving-sys[1].txt (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Ltext[1].gif (91 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@criteo[2].txt (450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAEF0XQZ.swf (7012 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribute[2].txt (1070 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ca[1] (21580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA32DO1D.bs (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\MovieMailSignUp[1].gif (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (3715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\starchats[1] (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stBig[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.6.1.min[1].js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\adfly_2[1].css (787 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\2F?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&random=48698528&ip (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1market[1].htm (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adtechus[1].txt (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\headerBack2[1].gif (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\show_ads[2].js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ahl6532[1].gif (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@serving-sys[2].txt (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\show_ads[1].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\view20[1].js (3624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\arrow[1].gif (87 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@clicksor[1].txt (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\match[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\screen[1].css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\print[2].css (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA8LQ1XU.htm (513 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\medium[1].css (175 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\magazine[1].gif (189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\danielradcliffe_118x118[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ADTECH;loc=100;target=_blank;alias=tribute_starchat_160x600_1;size=160x600;grp=103;misc=1382723763058;aduho= 180;[1] (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAB2LG9B.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\basic[2].css (189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA892FCD.php (460 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mathtag[1].txt (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tribute-box[1].htm (397 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rtbidder[1].txt (287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tribute-sky[1].htm (393 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tribute-sky[1].htm (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ovies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352& (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\osd[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (2022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\0c0[1].png (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\main_bg[1].png (177 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@casalemedia[1].txt (9722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\small[1].css (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\common[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ADTECH;cfp=1;rndc=1382740312;loc=100;target=_blank;alias=tribute_starchat_728x90_1;size=728x90;grp=103;misc=1382723760980;aduho= 180;[1] (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\twitter[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\header_back[1].gif (497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[2].js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads_impl[1].js (2802 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tribute-lb[1].htm (261 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@clicksor[2].txt (305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lidar[2].js (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\gobtn[1].gif (489 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\beacon[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\;ord=2881842586[1] (507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\displays[1].htm (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads_impl[2].js (1915 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1@x23[1].htm (712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1060234624[1].htm (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\iframe[1].htm (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\pu[1].htm (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\eolas[1].js (381 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\casaleJTag[1].js (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\starchats[1].htm (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\styleswitcher[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adsrvr[1].txt (1022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\QeHwR[1].htm (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.6.1.min[2].js (2770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\displays[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\view20[2].js (2425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[3].js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\large[1].css (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rum[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tribute_title[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rum[1].gif (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\hMenuN[1].gif (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@criteo[1].txt (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\conversion[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nr-100[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA2FKVRO.php (335 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tracking_id[1].php (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\small[1].css (395 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mookie1[2].txt (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\113471544[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\headerBack1[1].gif (207 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (4346 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mat_boy_Cornerheart_ShorterFormPol_SAvsgeo_ageradio_150953_082313_NoY_728x90[1].swf (19825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\osd[2].js (1145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ADTECH;loc=100;target=_blank;alias=tribute_starchat_300x250_1;size=300x250;grp=103;misc=1382723762480;aduho= 180;[1] (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\screen[1].css (1161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\beacon[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adsrvr[2].txt (828 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bkg_tile[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\Mtext[1].gif (142 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CA67O1MB.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\rum[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\screen[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA8LQ1XU.htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\common[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\medium[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\basic[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\starchats[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAB2LG9B.htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adsrvr[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rum[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ca[1] (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@casalemedia[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA892FCD.php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\large[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAQF4TAV.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@serving-sys[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rum[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\print[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\osd[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\osd[2].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mookie1[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@criteo[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1060234624[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\conversion[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nr-100[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@casalemedia[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\small[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA2FKVRO.php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\show_ads[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.6.1.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tracking_id[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribute[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@match[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA32DO1D.bs (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[2].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225\index.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads_impl[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\styleswitcher[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lidar[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\flashwrite_1_2[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\;ord=2881842586[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\adfly_2[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAEF8LIJ.htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1@x23[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\beacon[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\displays[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\show_ads[2].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\match[1].gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribute[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adsrvr[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@serving-sys[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tracking_id[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\view20[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mookie1[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@clicksor[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\holder[1].php (0 bytes)
The process iexplore.exe:360 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%System%\OneHitCF SynBoz 4.0.exe (3683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XxX.xXx (21640 bytes)
%Documents and Settings%\%current user%\Application Data\logs.dat (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UuU.uUu (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\teste.vbs (1477 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\UuU.uUu (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XxX.xXx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\teste.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\teste.vbs (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XX--XX--XX.txt (0 bytes)
The process 5868c42fdb6ab69cb5f2ecc47592cd24.exe:1616 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%System%\Windows\explorer.exe (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XX--XX--XX.txt (3918 bytes)
Registry activity
The process OneHitCF SynBoz 4.0.exe:1680 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "OneHitCF SynBoz 4.0.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1382120550"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 EE 88 BA AF 76 8D 87 FD 91 5F 91 09 0E 74 48"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
The process cscript.exe:1940 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BA 98 19 79 D2 58 A2 06 7C 7A D2 E5 00 1E E5 D9"
The process iexplore.exe:612 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013102520131026]
"CachePrefix" = ":2013102520131026:"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore]
"Type" = "1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Type" = "3"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_27"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Type" = "3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "iexplore.exe"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Count" = "7"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_04"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_14"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"NodeSlots" = "02 02 02 02 02 02 02 02 02 02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
"(Default)" = "Java Plug-in 1.3.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_18"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Time" = "DD 07 0A 00 05 00 19 00 11 00 37 00 18 00 9C 02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_17"
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
"(Default)" = "{5852F5ED-8BF4-11D4-A245-0080C6F74284}"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_02"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Count" = "7"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Count" = "4"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013102520131026]
"CacheOptions" = "11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_02"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Window_Placement" = "2C 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"MRUListEx" = "01 00 00 00 00 00 00 00 03 00 00 00 02 00 00 00"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "8"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_09"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DD 07 0A 00 05 00 19 00 11 00 37 00 1A 00 1F 02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_07"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013102520131026]
"CacheLimit" = "8192"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
"(Default)" = "Java Plug-in 1.6.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_27"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore]
"Count" = "12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Time" = "DD 07 0A 00 05 00 19 00 11 00 37 00 19 00 53 01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Type" = "3"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_26"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_18"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1208111653"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_03"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "8"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_21"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_06"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_30"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Internet Explorer\Toolbar]
"Locked" = "1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_10"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_08"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Time" = "DD 07 0A 00 05 00 19 00 11 00 37 00 18 00 CA 02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_14"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013102520131026]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012013102520131026\"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_18"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_23"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_16"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_29"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_04"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_28"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DD 07 0A 00 05 00 19 00 11 00 37 00 1A 00 1F 02"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 5B B0 B3 79 63 21 DF 8E 6F C6 B0 4C 78 44 E6"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_20"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_05"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_09"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_13"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_17"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_11"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_07"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_19"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_25"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links]
"Order" = "08 00 00 00 02 00 00 00 00 02 00 00 01 00 00 00"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_22"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_01"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_27"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_03"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_02"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_24"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_14"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_08"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore]
"Time" = "DD 07 0A 00 05 00 19 00 11 00 38 00 05 00 A8 00"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_28"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013102520131026]
"CacheRepair" = "0"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_12"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_15"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_06"
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_09"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013030120130302]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021820130225]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130218]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\JavaPlugin.160_18]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
The process iexplore.exe:360 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 34 86 B2 86 CF 0E CF 9C DC 12 06 0C D9 E4 58"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"OneHitCF SynBoz 4.0.exe" = "qwe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"cscript.exe" = "Microsoft (R) Console Based Script Host"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Crossfire]
"NewIdentification" = "Crossfire"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%\Windows]
"explorer.exe" = "explorer"
[HKCU\Software\Crossfire]
"FirstExecution" = "25/10/2013 -- 20:55"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The process 5868c42fdb6ab69cb5f2ecc47592cd24.exe:1616 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 B9 DE B4 3A 64 8E 00 2F 8C F7 09 1D 52 A6 9F"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2W1R800W-5T4Y-4FLS-1RP5-35MJ1M52FVC4}]
"StubPath" = "%System%\Windows\explorer.exe Restart"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies" = "%System%\Windows\explorer.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"Policies" = "%System%\Windows\explorer.exe"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"HKCU" = "%System%\Windows\explorer.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HKLM" = "%System%\Windows\explorer.exe"
Network activity (URLs)
| URL | IP |
|---|---|
| hxxp://photos-ugc.l.googleusercontent.com/-ciZMmLWUD88/UOkAP9N3fFI/AAAAAAAAB0M/CFT3e7uvK-I/s1600/1.gif | |
| hxxp://www-google-analytics.l.google.com/analytics.js | |
| hxxp://54.230.88.227/images/menu.png | |
| hxxp://blogger.l.google.com/img/icon18_wrench_allbkg.png | |
| hxxp://whos.amung.us/swidget/synbozmodz.png | 67.202.94.93 |
| hxxp://mq-openmqapi.egslb.aol.com/staticmap/v4/getmap?size=300,250&imagetype=gif&type=map&zoom=5¢er=45.5,-73.5833&key=Fmjtd|luu2n90zlu,8l=o5-hazlq | |
| hxxp://poponclick.com/pp800x600.js?id=vinacf | 193.218.154.195 |
| hxxp://widgets.amung.us/small/03/325.png | 173.192.170.82 |
| hxxp://partnerad.l.doubleclick.net/gampad/ads?gdfp_req=1&correlator=1698235988169874&output=json_html&callback=window.parent.googletag.impl.pubads.setAdContentsBySlotForAsync&impl=fifs&json_a=1&iu_parts=1007765,WIMIA-HomePage-Left,WIMIA-Homepage-Top&enc_prev_ius=/0/1,/0/2&prev_iu_szs=160x600,728x90&cookie_enabled=1&lmt=1382723745&dt=1382723745074&cc=100&ea=0&biw=913&bih=437&oid=3&osd=1&oe=windows-1252&gut=v2&ifi=1&u_tz=180&u_java=true&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&flash=11.6.602.168&url=http://whatismyipaddress.com/&adks=2334559965,1455291831&vrg=28&vrp=28&ga_vid=356725601.1382723735&ga_sid=1382723735&ga_hid=1235532956&ga_fc=true | |
| hxxp://198.41.186.34/static/image/logo_fb2.png | |
| hxxp://www-google-analytics.l.google.com/ga.js | |
| hxxp://198.41.186.34/static/image/ahl6532.gif | |
| hxxp://198.41.186.34/static/image/skip_ad/en_tran.png | |
| hxxp://198.41.186.34/static/image/d_top_bg.png | |
| hxxp://198.41.186.34/holder.php | |
| hxxp://198.41.186.34/static/image/d_bottom_bg.png | |
| hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.5&utms=1&utmn=1942523631&utmhn=adf.ly&utme=8(User)9(4223618)&utmcs=utf-8&utmsr=1024x768&utmvp=788x467&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdF.ly - shrink your URLs and get paid!&utmhid=560257147&utmr=-&utmp=/QeHwR&utmht=1382723749527&utmac=UA-6469700-9&utmcc=__utma=255621336.1326934239.1382723749.1382723749.1382723749.1;+__utmz=255621336.1382723749.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qQ~ | |
| hxxp://198.41.186.34/1market.php?p=N4DgYT0ONlTRRjhMIxicwTiYZ0CYIm6YNzjYMD3ZNmjNYm5MLhCJJGuZIkjNoTyMOmDhUj1IM6zIUCsdIimwZisIYxXINioOIijMo2xcLiCwJitIbt2NJjpIb6GIUiiYOjjJBy9e | |
| hxxp://ins-011.inscname.net/nr-100.js | |
| hxxp://beacon-3.newrelic.com/1/92a411bc23?a=2344945,2334836&qt=0&ap=15&dc=19687&fe=21734&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&v=42&jsonp=NREUM.setToken | 50.31.164.176 |
| hxxp://forms.aweber.com/form/44/113471544.htm | 207.106.239.74 |
| hxxp://forms.aweber.com/images/forms/make-it-rain/body.jpg | |
| hxxp://forms.aweber.com/form/displays.htm?id=jIzMLOyMrCws | |
| hxxp://forms.aweber.com/images/auto/gradient/button/0c0.png | |
| hxxp://beacon-3.newrelic.com/1/92a411bc23?a=2344945,2334836&qt=0&ap=17&dc=15&fe=453&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&v=42 | |
| hxxp://poponclick.com/pu800x600.php?id=dmluYWNm&affid=23136 | |
| hxxp://blogger.l.google.com/static/v1/widgets/4103944743-widgets.js | |
| hxxp://cs163.wac.edgecastcdn.net/js/300/addthis_widget.js | |
| hxxp://partnerad.l.doubleclick.net/pagead/osd.js | |
| hxxp://s0-2mdn-net.l.google.com/879366/flashwrite_1_2.js | |
| hxxp://tags.expo9.exponential.com/tags/WhatIsMyIPAddress/Canada/tags.js | 204.11.109.160 |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/core107.js | |
| hxxp://s0-2mdn-net.l.google.com/3647256/1-g2m_MaySet_v4_160_600.swf | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/widget118.css | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/widgetIE67006.css | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/sh140.html | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/layers023.js | |
| hxxp://a1294.w20.akamai.net/b?c1=7&c2=2000001&c3=1&rn=1rfzc7g&c7=http://whatismyipaddress.com&c8=What Is My IP Address? Lookup IP, Hide IP, Change IP, Trace IP and more...&cv=1.7 | |
| hxxp://m.addthisedge.com/live/red_lojson/300lo.json?4nqm7q&si=526ab0aa06f8ab7e&uid=526ab0ab409f22a2&pub=whatismyipaddress&rev=124341&jsl=32&ln=en&pc=men&vpc=&dp=whatismyipaddress.com&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0<=1407&cdn=0&lnlc=us&whcs=1&tl=c=1047,m=1047,i=1093,xm=2484,xp=2500&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.ad.hrr&chr=windows-1252&mk=my ip,ip,address,my,what,is,find,get,show,locate,change,location,how,do,i,ip address,proxy,server,anonymous,hide,conceal,stealth,surf,web,anonymizer,anonymize,changer,privacy,geolocation,geolocate | |
| hxxp://a.tribalfusion.com/displayAd.js?dver=0.4&th=6964238882 | 204.11.109.62 |
| hxxp://poponclick.com/pu.php?id=dmluYWNm&affid=23136&authcode=WndOa1psNGtaUDRsQXdSNEFQNGtaUXBoWm10aFptdD0=&rt=1&uadiff=0&flid=1&os=0 | |
| hxxp://partnerad.l.doubleclick.net/pagead/js/r20131022/r20110914/abg.js | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/widgetbig058.css | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/json2.js | |
| hxxp://sb1-nj.wpix.dynectmedia6degrees.com/orbserv/hbpix?pixId=3886&pcv=58&ptid=100&tpv=00&tpu=526ab0ab409f22a2&curl=http://whatismyipaddress.com/ | |
| hxxp://a.tribalfusion.com/j.ad?flashVer=9&ver=1.25&th=6964238882&tagKey=281869759&site=whatismyipaddress&adSpace=canada¢er=1&env=display&size=728x90,468x60&busted=1&url=http://whatismyipaddress.com/&f=1&p=3692233&a=1&rnd=3696880 | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/layersIE6005.css | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/layers020.css | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/widget015_32x32_top.gif | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/widget058_32x32.gif | |
| hxxp://sb1-nj.wpix.dynectmedia6degrees.com/orbserv/hbpix?ptid=100&curl=hxxp://whatismyipaddress.com/&tpv=00&tpu=526ab0ab409f22a2&pcv=58&pixId=3886&cckz=true | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/images000/arrows.gif | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/images000/follow/png/24/facebook.png | |
| hxxp://198.41.186.34/callback/8f13ddba2cfd63bf4a7124e98846454a | |
| hxxp://partnerad.l.doubleclick.net/pagead/images/ad_choices_i.png | |
| hxxp://m.addthisedge.com/red/usync?pid=11118&puid=3774w8eex01n&ssrc=3 | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/images000/follow/png/24/google_follow.png | |
| hxxp://partnerad.l.doubleclick.net/pagead/images/ad_choices_en.png | |
| hxxp://cs163.wac.edgecastcdn.net/static/r07/images000/follow/png/24/twitter.png | |
| hxxp://blogger.l.google.com/1kt/simple/paging_dot.png | |
| hxxp://poponclick.com/click2.php | |
| hxxp://serw.clicksor.com/newServing/go.php?nid=1&cpx=cpv&uid=31149920332183&pid=317996&sid=524199&spid=23136&kw=channel:General&af=7&rf=0&curl=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352 | 199.21.148.98 |
| hxxp://serw.clicksor.com/newServing/go.php?nid=1&cpx=cpv&uid=31149920332183&pid=317996&sid=524199&spid=23136&kw=channel:General&af=7&rf=0&curl=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&chkjs=11222747 19 | |
| hxxp://serw.myroitracking.com/newServing/tracking_id.php?d=serw.clicksor.com&r=http://serw.clicksor.com/newServing/tracking_id.php?b=1&>ruid=1 (ET RBN Known Russian Business Network IP (98) ) | 199.21.148.123 |
| hxxp://serw.clicksor.com/newServing/tracking_id.php?b=1&UID=13827403116265&TRSTR=1&RTID= | |
| hxxp://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352 | 72.28.81.146 |
| hxxp://www.tribute.ca/scripts/jquery-1.6.1.min.js | |
| hxxp://www.tribute.ca/css/basic.css | |
| hxxp://www.tribute.ca/css/medium.css | |
| hxxp://www.tribute.ca/css/large.css | |
| hxxp://www.tribute.ca/css/small.css | |
| hxxp://www.tribute.ca/scripts/styleswitcher.js | |
| hxxp://www.tribute.ca/css/print.css | |
| hxxp://www.tribute.ca/css/screen.css?v=1 | |
| hxxp://www.tribute.ca/scripts/common.js | |
| hxxp://www.tribute.ca/images/bkg_tile.jpg | |
| hxxp://www.tribute.ca/images/tribute_title.gif | |
| hxxp://www.tribute.ca/images/header_back.gif | |
| hxxp://www.tribute.ca/images/Stext.gif | |
| hxxp://www.tribute.ca/images/Mtext.gif | |
| hxxp://www.tribute.ca/images/hMenuN.gif | |
| hxxp://www.tribute.ca/images/Ltext.gif | |
| hxxp://www.tribute.ca/images/MovieMailSignUp.gif | |
| hxxp://adserver-sb-wc.adtechus.com/addyn/3.0/5401.1/2407427/0/-1/ADTECH;loc=100;target=_blank;alias=tribute_starchat_728x90_1;size=728x90;grp=103;misc=1382723760980;aduho= 180; | |
| hxxp://adserver-sb-wc.adtechus.com/addyn/3.0/5401.1/2407427/0/-1/ADTECH;cfp=1;rndc=1382740312;loc=100;target=_blank;alias=tribute_starchat_728x90_1;size=728x90;grp=103;misc=1382723760980;aduho= 180; | |
| hxxp://partnerad.l.doubleclick.net/pagead/show_ads.js | |
| hxxp://partnerad.l.doubleclick.net/pagead/js/r20131022/r20130906/show_ads_impl.js | |
| hxxp://adserver-sb-wc.adtechus.com/addyn/3.0/5401.1/2407427/0/-1/ADTECH;loc=100;target=_blank;alias=tribute_ROS_202x90_1;size=202x90;grp=103;misc=1382723762074;aduho= 180; | |
| hxxp://partnerad.l.doubleclick.net/pagead/ads?client=ca-pub-8411839569344365&output=html&h=90&slotname=9267001829&adk=3036661660&w=728&lmt=1382723761&ea=0&flash=11.6.602.168&url=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&dt=1382723761418&shv=r20131022&cbv=r20130906&saldr=sb&correlator=1382723761480&frm=20&ga_vid=1618622910.1382723762&ga_sid=1382723762&ga_hid=890915376&ga_fc=0&u_tz=180&u_his=3&u_java=1&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&dff=arial&dfs=12&adx=371&ady=89&biw=772&bih=553&eid=86860104&oid=3&osd=1&vis=0&fu=0&ifi=1&dtd=640 | |
| hxxp://www.tribute.ca/images/starchat/johnnyjackson_118x118.jpg | |
| hxxp://www.tribute.ca/images/starchat/willforte_118x118.jpg | |
| hxxp://www.tribute.ca/images/main_bg.png | |
| hxxp://www.tribute.ca/images/starchat/sandrabullock_118x118.jpg | |
| hxxp://a627.g.akamai.net/images/299/Ad4265259St1Sz4482Sq22723993V1Id18.jpg | |
| hxxp://www.tribute.ca/images/starchat/scarlettjoseph_118x118.jpg | |
| hxxp://www.tribute.ca/images/starchat/danielradcliffe_118x118.jpg | |
| hxxp://www.tribute.ca/ads/fallback/tribute-lb.htm | |
| hxxp://www.tribute.ca/images/searchGrad.jpg | |
| hxxp://adserver-sb-wc.adtechus.com/addyn/3.0/5401.1/2407428/0/-1/ADTECH;loc=100;target=_blank;alias=tribute_starchat_300x250_1;size=300x250;grp=103;misc=1382723762480;aduho= 180; | |
| hxxp://www.tribute.ca/images/headerBack1.gif | |
| hxxp://www.tribute.ca/images/headerBack2.gif | |
| hxxp://a883.g.akamai.net/casaleJTag.js | |
| hxxp://partnerad.l.doubleclick.net/pagead/ads?client=ca-pub-8411839569344365&output=html&h=250&slotname=9075497086&adk=1538311856&w=300&lmt=1382723762&ea=0&flash=11.6.602.168&url=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&dt=1382723762777&shv=r20131022&cbv=r20130906&saldr=sb&prev_slotnames=9267001829&correlator=1382723761480&frm=20&ga_vid=1618622910.1382723762&ga_sid=1382723762&ga_hid=890915376&ga_fc=0&u_tz=180&u_his=3&u_java=1&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&dff=arial&dfs=12&adx=627&ady=555&biw=772&bih=553&eid=86860104&oid=3&osd=1&vis=0&fu=0&ifi=2&dtd=109 | |
| hxxp://www.tribute.ca/images/gobtn.gif | |
| hxxp://www.tribute.ca/images/tribute_covers.gif | |
| hxxp://www.tribute.ca/images/twitter.gif | |
| hxxp://www.tribute.ca/images/st_back.gif | |
| hxxp://a883.g.akamai.net/j?s=130958&a=2&id=160503294&p=11&v=2&inif=1&l=0&t=0&w=1024&h=740&z=-180&u=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352 | |
| hxxp://adserver-sb-wc.adtechus.com/addyn/3.0/5401.1/2407426/0/-1/ADTECH;loc=100;target=_blank;alias=tribute_starchat_160x600_1;size=160x600;grp=103;misc=1382723763058;aduho= 180; | |
| hxxp://www.tribute.ca/images/stBig.gif | |
| hxxp://www.tribute.ca/images/arrow.gif | |
| hxxp://www.tribute.ca/images/lMenuBigN.gif | |
| hxxp://www.tribute.ca/images/btn.gif | |
| hxxp://a883.g.akamai.net/j?s=130958&a=2&id=160503294&p=11&v=2&inif=1&l=0&t=0&w=1024&h=740&z=-180&u=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&C=1 | |
| hxxp://www.tribute.ca/ads/fallback/tribute-box.htm | |
| hxxp://www.tribute.ca/images/magazine.gif | |
| hxxp://partnerad.l.doubleclick.net/pagead/ads?client=ca-pub-8411839569344365&output=html&h=600&slotname=6252315962&adk=968003010&w=160&lmt=1382723763&ea=0&flash=11.6.602.168&url=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&dt=1382723763261&shv=r20131022&cbv=r20130906&saldr=sb&prev_slotnames=9267001829,9075497086&correlator=1382723761480&frm=20&ga_vid=1618622910.1382723762&ga_sid=1382723762&ga_hid=890915376&ga_fc=0&u_tz=180&u_his=3&u_java=1&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&dff=arial&dfs=12&adx=863&ady=188&biw=772&bih=553&eid=86860104&oid=3&osd=1&vis=0&fu=0&ifi=3&dtd=78 | |
| hxxp://www.tribute.ca/ads/fallback/tribute-sky.htm | |
| hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.4.5&utms=1&utmn=1279609785&utmhn=www.tribute.ca&utmcs=utf-8&utmsr=1024x768&utmvp=772x553&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Starchats and Celebrity Interviews | Tribute.ca&utmhid=890915376&utmr=-&utmp=/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&utmht=1382723763621&utmac=UA-282074-1&utmcc=__utma=106396572.1832232676.1382723763.1382723763.1382723763.1;+__utmz=106396572.1382723763.1.1.utmcsr=clix|utmccn=movies2|utmcmd=cpv;&utmu=qB~ | |
| hxxp://a883.g.akamai.net/j?s=130958&a=4&id=160675321&p=11&v=2&inif=1&l=0&t=0&w=1024&h=740&z=-180&u=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352 | |
| hxxp://a883.g.akamai.net/j?s=130958&a=5&id=160691210&p=11&v=2&inif=1&l=0&t=0&w=1024&h=740&z=-180&u=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352 | |
| hxxp://partnerad.l.doubleclick.net/pagead/conversion.js | |
| hxxp://match.adlegend.com/iframe?spacedesc=2130238_1142063_728x90_1135057_2130238&target=_blank&@CPSC@=hxxp://c.casalemedia.com/c/0/36417/1ff8e/526af15a/VVVjMFlVRnVxNk1BQUMtNHBTQUFBQUJG/cd473622efc9e3542f37a8e1c0a138cd/ | |
| hxxp://dis.criteo.com/pump/match.aspx?c=19&uid=UUc0YUFuq6MAAC-4pSAAAABF&127 | 74.119.117.94 |
| hxxp://ttd-uswest-match-adsrvr-org-454816348.us-west-1.elb.amazonaws.c/track/cmf/casale?cm_dsp_id=39&cm_callback_url=http://r.casalemedia.com/rum&cm_user_id=UUc0YUFuq6MAAC-4pSAAAABF | |
| hxxp://partnerad.l.doubleclick.net/pagead/viewthroughconversion/1060234624/?random=1382723763839&cv=7&fst=1382723763839&num=1&fmt=1&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=3&u_tz=180&u_nplug=0&u_nmime=0&url=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&frm=0 | |
| hxxp://a1294.w20.akamai.net/beacon.js | |
| hxxp://ttd-uswest-match-adsrvr-org-454816348.us-west-1.elb.amazonaws.c/track/cmb/casale?cm_dsp_id=39&cm_callback_url=http://r.casalemedia.com/rum&cm_user_id=UUc0YUFuq6MAAC-4pSAAAABF | |
| hxxp://www.google.com/ads/user-lists/1060234624/?fmt=1&num=1&cv=7&frm=0&url=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&random=48698528 | 173.194.43.83 |
| hxxp://usefb.adsrvr.org/bid/feedback/casale?iid=f80f02b0-8cae-4b92-a0f7-03d36045bce9&aid=0A95586C3FACA701&wp=0.49&puid=UUc0YUFuq6MAAC-4pSAAAABF&tdid=&pid=6bb3z2wb&ag=cpbezhb&crid=vnvgmm8d&fq=0&td_s=www.tribute.ca&rcats=lki&mcat=&mste=&mfld=2&mssi=&mfsi=khhdyvi&uhow=137&agsa=0x449EB5C1&rgco=Canada&rgre=Quebec&rgme=0&rgci=Montréal&svbttd=1&dt=PC&osf=Windows&os=WindowsXP&br=Other&rlangs=en&mlang=&svpid=&dur= | 209.15.224.6 |
| hxxp://match.adlegend.com/eolas.js | |
| hxxp://pixel-origin.mathtag.com/sync/img?mt_exid=15&redir=http://r.casalemedia.com/rum?cm_dsp_id=3&external_user_id=[MM_UUID] | |
| hxxp://s0-2mdn-net.l.google.com/adi/N3285.casalemedia/B2343920.439;sz=300x250;click0=hxxp://c.casalemedia.com/c/0/3322f/1ff8e/526af15b/VVVjMFlVRnVxNk1BQUMtNHBTQUFBQUJG/defa5ce227725d4cefee749ec9ebc30c/;ord=2881842586 | |
| hxxp://adchoices-icon-cde-1968696106.us-east-1.elb.amazonaws.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0511td160x600&c=tradedesk01cont2&w=160&h=600&plc=tr | |
| hxxp://dm.de.mookie1.com/2/B3DM/2010DM/1@x23? | 208.71.121.207 |
| hxxp://partnerad.l.doubleclick.net/pixel?google_nid=casale_media&google_cm&google_sc | |
| hxxp://rtb-west1.p.veruta.com/adserver/cookiematch?pnid=3000010 | |
| hxxp://pixel-origin.mathtag.com/sync/img?mt_exid=15&redir=http://r.casalemedia.com/rum?cm_dsp_id=3&external_user_id=[MM_UUID]&mm_bnc | |
| hxxp://dm.de.mookie1.com/2/B3DM/2010DM/1@x23?_RM_OAX_REDIR_ | |
| hxxp://bs.eyeblaster.akadns.net/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=8069115&PluID=0&w=160&h=600&ord=%n&ucm=true&ncu=http://insight.adsrvr.org/track/clk?imp=f80f02b0-8cae-4b92-a0f7-03d36045bce9&ag=cpbezhb&crid=vnvgmm8d&fq=0&td_s=www.tribute.ca&rcats=lki&mcat=&mste=&mfld=2&mssi=&mfsi=khhdyvi&sv=casale&uhow=137&agsa=0x449EB5C1&rgco=Canada&rgre=Quebec&rgme=0&rgci=Montr%C3%A9al&dt=PC&osf=Windows&os=WindowsXP&br=Other&svpid=&dur=&rlangs=en&mlang=&r=hxxp://www.investorsgroup.com/en/default.aspx$$%c$$ | |
| hxxp://gslb.rtbidder.net/match?p=26 | |
| hxxp://a1294.w20.akamai.net/b?c1=2&c2=6035720&c3=&c4=&c5=&c6=&c15=&ns__t=1382723764418&ns_c=windows-1252&c8=Starchats and Celebrity Interviews | Tribute.ca&c7=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&c9= | |
| hxxp://www.google.ca/ads/user-lists/1060234624/?fmt=1&num=1&cv=7&frm=0&url=http://www.tribute.ca/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&random=48698528&ipr=y | 173.194.43.95 |
| hxxp://e867.g.akamaiedge.net/rum?cm_dsp_id=39&external_user_id=8b1ccd06-f780-4c3c-b229-d81d884ecb98&expiration=1385332315 | |
| hxxp://e867.g.akamaiedge.net/rum?cm_dsp_id=45&external_user_id=CAESEPTEAm35nrxEFDluprCy_0o&google_cver=1 | |
| hxxp://e867.g.akamaiedge.net/rum?cm_dsp_id=42&expiration=1385332316 | |
| hxxp://match.adlegend.com/xl/PROD/17469/creatives/mat_boy_Cornerheart_ShorterFormPol_SAvsgeo_ageradio_150953_082313_NoY_728x90.dir/mat_boy_Cornerheart_ShorterFormPol_SAvsgeo_ageradio_150953_082313_NoY_728x90.swf | |
| hxxp://e867.g.akamaiedge.net/rum?cm_dsp_id=3&external_user_id=a692526a-f15b-4b00-b1b4-ecf65e48d36b | |
| hxxp://match.adlegend.com/xl/PROD/TrackingTags/tagextensions_base.js | |
| hxxp://e867.g.akamaiedge.net/rum?cm_dsp_id=43&external_user_id=526af15cdf78532df2198631 | |
| hxxp://t.mookie1.com/rsp?dnv=785145131&rurl=//t.mookie1.com/t/v1/imp?guid=[MOOKIE] | 208.71.122.1 |
| hxxp://t.mookie1.com/rsp/cc?dnv=785145131&rurl=//t.mookie1.com/t/v1/imp?guid=[MOOKIE] | |
| hxxp://t.mookie1.com/t/v1/imp?guid=2392637519679581 | |
| hxxp://s0-2mdn-net.l.google.com/1420759/cls_edu_PAgeRng18ParcelSCNBd45K_RetFAiQ_DDCAStudGBSFA_1013_300x250.swf?ct=CA&st=QC&city=2402&dma=0&zp=&bw=3&clickTag=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BwSUmW_FqUoWiPK_hwQGPpIDQDgAAAAAQASAAOABQ2YzEzgVYn5riGmD9kKaB8AOCAQljYS1nb29nbGWyAQ53d3cudHJpYnV0ZS5jYcgBCdoBMmh0dHA6Ly93d3cudHJpYnV0ZS5jYS9hZHMvZmFsbGJhY2svdHJpYnV0ZS1ib3guaHRtqAMB4AQCmgUYCPG0EhDA8r4bGJLIkIEBIJ-a4hoox4Y02gUCCAGgBh_gBtfbVg&num=0&sig=AOD64_3xfhlRvbAjPqyuT8dpyMN89e5A6w&client=&adurl=http://c.casalemedia.com/c/0/3322f/1ff8e/526af15b/VVVjMFlVRnVxNk1BQUMtNHBTQUFBQUJG/defa5ce227725d4cefee749ec9ebc30c/http://degrees.classesusa.com/schools/%3Fpkey1%3D%26pkey2%3D%26pkey3%3D%26sourceid%3D57653568-270803986-56024257%26moid%3D20621 | |
| hxxp://partnerad.l.doubleclick.net/pagead/js/lidar.js | |
| hxxp://partnerad.l.doubleclick.net/activeview?id=lidar2&v=79&adk=1&p=0,0,250,300&tos=0,0,0,0,0&mtos=0,0,0,0,0&rs=5&avi=BuoNEW_FqUoWiPK_hwQGPpIDQDgAAAAAQATgByAEJ4AQCoAYf&tp=&r=i&ts=0&bs=-12245933,-12245933&bos=-12245933,-12245933&ps=-12245933,-12245933&ss=1024,768&tt=0&pt=219&deb=1-1-1-0-1-0&iframe_loc=http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.439;sz=300x250;click0=http://c.casalemedia.com/c/0/3322f/1ff8e/526af15b/VVVjMFlVRnVxNk1BQUMtNHBTQUFBQUJG/defa5ce227725d4cefee749ec9ebc30c/;ord=2881842586&is=300,250&url=http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.439;sz=300x250;click0=http://c.casalemedia.com/c/0/3322f/1ff8e/526af15b/VVVjMFlVRnVxNk1BQUMtNHBTQUFBQUJG/defa5ce227725d4cefee749ec9ebc30c/;ord=2881842586&referrer=http://www.tribute.ca/ads/fallback/tribute-box.htm | |
| hxxp://adchoices-icon-cde-1968696106.us-east-1.elb.amazonaws.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0511td160x600&w=160&h=600&plc=tr&c=tradedesk01cont2&js=2 | |
| hxxp://s0-2mdn-net.l.google.com/1420759/5-2-2-2-2-parcel.jpg | |
| hxxp://match.adlegend.com/xl/PROD/TrackingTags/fetch.cp?cache=no-cache&default=default_pl_cr.js&file=/1090759/PlacementTags/2130238.js | |
| hxxp://s0-2mdn-net.l.google.com/1420759/4-classesLogo.png | |
| match.rtbidder.net | 64.27.99.250 |
| 2.bp.blogspot.com | 173.194.43.74 |
| cm.g.doubleclick.net | 173.194.43.89 |
| adserver.adtechus.com | 207.200.74.32 |
| img1.blogblog.com | 74.125.142.191 |
| choices.truste.com | 50.17.220.9 |
| js-agent.newrelic.com | 192.33.31.101 |
| cspix.media6degrees.com | 204.2.197.201 |
| s0.2mdn.net | 173.194.43.91 |
| s7.addthis.com | 72.21.91.196 |
| js.casalemedia.com | 23.0.165.66 |
| r.casalemedia.com | 23.194.147.167 |
| b.scorecardresearch.com | 204.93.46.187 |
| www.blogblog.com | 74.125.142.191 |
| googleads.g.doubleclick.net | 173.194.43.90 |
| s1.2mdn.net | 173.194.43.91 |
| pagead2.googlesyndication.com | 173.194.43.77 |
| su.addthis.com | 64.215.255.40 |
| www.googleadservices.com | 173.194.43.89 |
| media.match.com | 204.12.68.73 |
| apis.google.com | 173.194.43.68 |
| m.addthis.com | 206.165.250.92 |
| bs.serving-sys.com | 63.241.108.124 |
| casale-rtb.p.veruta.com | 66.151.146.200 |
| open.mapquestapi.com | 205.188.201.176 |
| sync.mathtag.com | 74.121.139.103 |
| ad.doubleclick.net | 173.194.43.92 |
| aka-cdn-ns.adtechus.com | 198.173.2.49 |
| as.casalemedia.com | 23.0.165.66 |
| match.adsrvr.org | 184.169.151.26 |
| pubads.g.doubleclick.net | 173.194.43.89 |
| www.google-analytics.com | 173.194.43.78 |
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
cscript.exe:1940
5868c42fdb6ab69cb5f2ecc47592cd24.exe:1616 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (3119 bytes)
C:\aim (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\gpt[2].js (1503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\synbozmodz.blogspot[1] (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAGX67WT.1382723735&ga_sid=1382723735&ga_hid=1235532956&ga_fc=true (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\widget118[1].css (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\json2[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\widgetIE67006[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\icon18_wrench_allbkg[1].png (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\google_follow[1].png (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[1].txt (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\325[1].png (323 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\displayAd[1].js (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\flashwrite_1_2[1].js (801 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\abg[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\layers023[1].js (1525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\gpt[1].js (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@google[1].txt (383 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[2].txt (419 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\plusone[2].js (1065 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@whos.amung[1].txt (173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\j[1].ad (920 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@media6degrees[1].txt (1359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\analytics[1].js (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cb=gapi[1].loaded_0 (1755 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\myip2gz[2].css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\whatismyipaddress[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\synbozmodz.blogspot[1].htm (1004 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\layersIE6005[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\2023635439-widget_css_2_bundle[1].css (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\4163410827-ieretrofit[1].js (1122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ad_choices_en[1].png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\authorization[1].css (21 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (3329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\osd[2].js (1145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\layer3[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\j[1].ad (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\osd[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\dc[1].js (1701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\sh140[1].htm (1718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tags[1].js (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@media6degrees[2].txt (1482 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoToMyPC_88x31[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\facebook[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\authorization[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\twitter[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\social[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1-g2m_MaySet_v4_160_600[1].swf (1729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\myip-logo-wide[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\4103944743-widgets[1].js (1560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\flashwrite_1_2[1].js (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\paging_dot[1].png (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\pubads_impl_28[1].js (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\displayAd[2].js (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\addthis_widget[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\plusone[1].js (1406 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\myip2gz[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAEVANCF.1382723735&ga_sid=1382723735&ga_hid=1235532956&ga_fc=true (12 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@whatismyipaddress[2].txt (3517 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\menu[1].png (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ad_choices_i[1].png (365 bytes)
C:\Possion.ini (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\getmap[1].gif (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\abg[2].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\widgetbig058[1].css (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tags[1].js (578 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (30264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\layers020[1].css (3342 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\pp800x600[1].htm (616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\core107[1].js (3720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\widget058_32x32[1].gif (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\widget015_32x32_top[1].gif (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@whatismyipaddress[1].txt (4006 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\arrows[1].gif (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\teste.txt (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\conversion[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\rum[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\searchGrad[1].jpg (934 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\4-classesLogo[1].png (682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\common[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAEF8LIJ.htm (712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\st_back[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\body[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CA67O1MB.gif (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tribute-box[1].htm (264 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@casalemedia[2].txt (10254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\medium[1].css (530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\5-2-2-2-2-parcel[1].jpg (1765 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@match[2].txt (339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Stext[1].gif (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tribute_covers[1].gif (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\;ord=2881842586[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ADTECH;loc=100;target=_blank;alias=tribute_ROS_202x90_1;size=202x90;grp=103;misc=1382723762074;aduho= 180;[1] (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tracking_id[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@match[1].txt (148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tagextensions_base[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\willforte_118x118[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\styleswitcher[1].js (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\johnnyjackson_118x118[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\pu800x600[1].htm (786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ga[1].js (1687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\basic[1].css (135 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[1].js (14 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@myroitracking[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\d_bottom_bg[1].png (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tribute-lb[1].htm (393 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\flashwrite_1_2[2].js (801 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mookie1[1].txt (651 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\holder[1].php (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\logo_fb2[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\/movies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762 (860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\scarlettjoseph_118x118[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\en_tran[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nr-100[2].js (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\fetch[1].cp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lMenuBigN[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\btn[1].gif (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\sandrabullock_118x118[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\adfly_2[2].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Ad4265259St1Sz4482Sq22723993V1Id18[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\holder[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\large[1].css (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAQF4TAV.gif (35 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@forms.aweber[1].txt (154 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\113471544[1].htm (714 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\print[1].css (272 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribute[1].txt (895 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lidar[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\d_top_bg[1].png (156 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@serving-sys[1].txt (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Ltext[1].gif (91 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@criteo[2].txt (450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAEF0XQZ.swf (7012 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribute[2].txt (1070 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ca[1] (21580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA32DO1D.bs (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\MovieMailSignUp[1].gif (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (3715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\starchats[1] (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stBig[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.6.1.min[1].js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\adfly_2[1].css (787 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\2F?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352&random=48698528&ip (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1market[1].htm (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adtechus[1].txt (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\headerBack2[1].gif (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\show_ads[2].js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ahl6532[1].gif (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@serving-sys[2].txt (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\show_ads[1].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\view20[1].js (3624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\arrow[1].gif (87 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@clicksor[1].txt (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\match[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\screen[1].css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\print[2].css (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA8LQ1XU.htm (513 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\medium[1].css (175 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\magazine[1].gif (189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\danielradcliffe_118x118[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ADTECH;loc=100;target=_blank;alias=tribute_starchat_160x600_1;size=160x600;grp=103;misc=1382723763058;aduho= 180;[1] (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAB2LG9B.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\basic[2].css (189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA892FCD.php (460 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mathtag[1].txt (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tribute-box[1].htm (397 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rtbidder[1].txt (287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tribute-sky[1].htm (393 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tribute-sky[1].htm (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ovies/starchats/?utm_source=clix&utm_medium=cpv&utm_campaign=movies2&view=1-1-524199-101413-16997369-139369--1382740308-31149920332183-17762352& (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\osd[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (2022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\0c0[1].png (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\main_bg[1].png (177 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@casalemedia[1].txt (9722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\small[1].css (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\common[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ADTECH;cfp=1;rndc=1382740312;loc=100;target=_blank;alias=tribute_starchat_728x90_1;size=728x90;grp=103;misc=1382723760980;aduho= 180;[1] (333 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\twitter[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\header_back[1].gif (497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[2].js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads_impl[1].js (2802 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tribute-lb[1].htm (261 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@clicksor[2].txt (305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lidar[2].js (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\gobtn[1].gif (489 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\beacon[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\displays[1].htm (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\show_ads_impl[2].js (1915 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1@x23[1].htm (712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1060234624[1].htm (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\iframe[1].htm (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\pu[1].htm (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\eolas[1].js (381 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\casaleJTag[1].js (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\starchats[1].htm (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\styleswitcher[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adsrvr[1].txt (1022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\QeHwR[1].htm (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.6.1.min[2].js (2770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\displays[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\view20[2].js (2425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_ads[3].js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\large[1].css (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rum[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tribute_title[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rum[1].gif (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\hMenuN[1].gif (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@criteo[1].txt (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\conversion[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nr-100[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA2FKVRO.php (335 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tracking_id[1].php (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\small[1].css (395 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mookie1[2].txt (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\113471544[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\headerBack1[1].gif (207 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (4346 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mat_boy_Cornerheart_ShorterFormPol_SAvsgeo_ageradio_150953_082313_NoY_728x90[1].swf (19825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\osd[2].js (1145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ADTECH;loc=100;target=_blank;alias=tribute_starchat_300x250_1;size=300x250;grp=103;misc=1382723762480;aduho= 180;[1] (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\screen[1].css (1161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\beacon[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adsrvr[2].txt (828 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bkg_tile[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\Mtext[1].gif (142 bytes)
%System%\OneHitCF SynBoz 4.0.exe (3683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XxX.xXx (21640 bytes)
%Documents and Settings%\%current user%\Application Data\logs.dat (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UuU.uUu (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\teste.vbs (1477 bytes)
%System%\Windows\explorer.exe (6841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XX--XX--XX.txt (3918 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"HKCU" = "%System%\Windows\explorer.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HKLM" = "%System%\Windows\explorer.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.