Skip to main content

Virus.Win32.Expiro_eb41d0156c


Trojan.Win32.Alureon.FD, Trojan.Win32.IEDummy.FD, Virus.Win32.Expiro.FD, VirusExpiro.YR (Lavasoft MAS)Behaviour: Trojan, Virus

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: eb41d0156cf86c257e85fd700cb0fb38

SHA1: 5dfb825240047aee014255c83ffbd7d7da457ad3

SHA256: 7eba62a09a310f11813dec5bbb9ede76bf7fbe6001c071ec034749215ac5d878

SSDeep: 24576:G6cLn BBMOwSBF4ETkTb49EJ6QsN0IUwarlUpLi4t08R:G6cLn 7TwSBF4ETkTb4WJHG9i0R

Size: 1077760 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: AirInstaller

Created at: 2013-10-01 04:06:24

Summary: Virus. A program that recursively replicates a possibly evolved copy of itself.

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Virus creates the following process(es):

GoogleToolbarManager_08875ABF44579E20.exe:496
GoogleToolbarManager_08875ABF44579E20.exe:1252
GoogleToolbarManager_08875ABF44579E20.exe:3388
GoogleUpdate.exe:392
GoogleUpdate.exe:3608
GoogleUpdate.exe:3740
GoogleUpdate.exe:420
verclsid.exe:3912
eb41d0156cf86c257e85fd700cb0fb38.exe:1692
infocard.exe:968
GoogleUpdaterService_B33FC4DD36A473C6.exe:4084
GoogleUpdateSetup_5CC4B0F53D73AD88.exe:1060
GoogleToolbarNotifier.exe:2120
GoogleToolbarNotifier.exe:2008
GoogleToolbarNotifier.exe:4028
GoogleUpdaterService.exe:2056
GoogleUpdaterService.exe:1440
svchost.exe:1096
mscorsvw.exe:1940
cidaemon.exe:1072
SearchWithGoogleUpdate_C993F490EED40C1B.exe:1684
DW20.EXE:1792

The Virus injects its code into the following process(es):

sessmgr.exe:356
cisvc.exe:1764
wmiapsrv.exe:1320
iexplore.exe:3452
msiexec.exe:1804

File activity

The process GoogleToolbarManager_08875ABF44579E20.exe:496 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\GoogleToolbarInstaller1.log (6203 bytes)
%Documents and Settings%\All Users\Application Data\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML (12 bytes)

The process GoogleToolbarManager_08875ABF44579E20.exe:1252 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\GoogleToolbarInstaller1.log (55375 bytes)
%Program Files%\Google\Google Toolbar\GoogleToolbarUser_32.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 (341 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 (413 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821 (204 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 (26 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821 (148 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 (172 bytes)
%Program Files%\Google\Google Toolbar\GoogleToolbarHelper_signed.msi (28 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 (228 bytes)
%Program Files%\Google\Google Toolbar\GoogleToolbar_32.dll (673 bytes)
%Program Files%\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp (125 bytes)

The process GoogleToolbarManager_08875ABF44579E20.exe:3388 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\GoogleToolbarInstaller1.log (2450 bytes)

The process GoogleUpdate.exe:392 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%Program Files%\Google\Update\1.3.21.107\goopdateres_am.dll (24 bytes)
%Program Files%\Google\Update\1.3.21.107\GoogleCrashHandler64.exe (1281 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ar.dll (26 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ca.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_cs.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_da.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_lv.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_es-419.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_is.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_uk.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_en.dll (27 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ms.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ta.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\GoogleCrashHandler.exe (673 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_nl.dll (30 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_de.dll (31 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_zh-CN.dll (21 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_bg.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_pt-PT.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_id.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\psmachine.dll (673 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ml.dll (31 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_sr.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ko.dll (23 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_te.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_en-GB.dll (27 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_mr.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_pt-BR.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_fr.dll (30 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_zh-TW.dll (21 bytes)
%Program Files%\Google\Update\1.3.21.107\GoogleUpdateHelper.msi (25 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_et.dll (27 bytes)
%Program Files%\Google\Update\1.3.21.107\psuser.dll (673 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_pl.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_el.dll (30 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_vi.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_hi.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_bn.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\GoogleUpdateSetup.exe (5441 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ja.dll (23 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_hu.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\GoogleUpdate.exe (601 bytes)
%Program Files%\Google\Update\GoogleUpdate.exe (601 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ru.dll (28 bytes)
%WinDir%\Tasks\GoogleUpdateTaskMachineUA.job (880 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_th.dll (27 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_fil.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_gu.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_sw.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\GoogleUpdateBroker.exe (59 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_es.dll (30 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_sv.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_tr.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_fi.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_hr.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ur.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdate.dll (5873 bytes)
%Program Files%\Google\Update\1.3.21.107\npGoogleUpdate3.dll (3361 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_sl.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_iw.dll (25 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_kn.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_sk.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_ro.dll (29 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_it.dll (30 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_no.dll (29 bytes)
%WinDir%\Tasks\GoogleUpdateTaskMachineCore.job (876 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_lt.dll (28 bytes)
%Program Files%\Google\Update\1.3.21.107\goopdateres_fa.dll (27 bytes)

The process cisvc.exe:1764 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%Program Files%\Wireshark\plugins\0.99.6a (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test.pml (30805 bytes)
C:\ (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtF.tmp (11518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp (8 bytes)
C:\System Volume Information\catalog.wci\propstor.bk2 (160048 bytes)
C:\System Volume Information\catalog.wci\propstor.bk1 (19488 bytes)
C:\System Volume Information\catalog.wci\00000002.ps2 (65 bytes)
%System%\imapi.exe (4545 bytes)
C:\System Volume Information\catalog.wci\00000002.ps1 (65 bytes)
C:\System Volume Information\catalog.wci\CiST0000.000 (8160 bytes)
C:\System Volume Information\catalog.wci\CiST0000.001 (44 bytes)
C:\System Volume Information\catalog.wci\CiST0000.002 (44 bytes)
%WinDir%\Microsoft.NET\Framework (96 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5 (4 bytes)
C:\System Volume Information\catalog.wci\cicat.hsh (12 bytes)
C:\System Volume Information\catalog.wci\CiP10000.000 (5280 bytes)
C:\System Volume Information\catalog.wci\CiP10000.001 (16 bytes)
C:\System Volume Information\catalog.wci\CiP10000.002 (20 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
%System%\smlogsvc.vir (3715 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe (5441 bytes)
D:\fs_snap.exe (4185 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.002 (8 bytes)
%System%\mnmsrvc.vir (1866 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.exe (7971 bytes)
%System%\drivers (32 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.001 (8 bytes)
C:\System Volume Information\catalog.wci\CiPT0000.000 (1680 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727 (768 bytes)
%Program Files%\Wireshark\snmp\mibs\.index (4 bytes)
%System%\dmadmin.vir (3850 bytes)
C:\System Volume Information\catalog.wci\INDEX.002 (20 bytes)
%Documents and Settings%\%current user% (4 bytes)
C:\System Volume Information\catalog.wci\INDEX.000 (3840 bytes)
C:\System Volume Information\catalog.wci\INDEX.001 (20 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe (7433 bytes)
%Program Files%\Wireshark\snmp\mibs (32 bytes)
%System%\dmadmin.exe (5441 bytes)
%Program Files%\WinPcap\rpcapd.vir (3720 bytes)
%System%\config\AppEvent.Evt (1072 bytes)
%WinDir%\WinSxS (108 bytes)
%System%\vssvc.vir (3915 bytes)
C:\Perl (4 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_9EEB5F5999E77426.dll (7385 bytes)
%System%\tlntsvr.vir (3699 bytes)
%System%\imapi.vir (3776 bytes)
%WinDir% (1252 bytes)
C:\$Directory (2448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GoogleToolbarInstaller2.log (204 bytes)
C:\System Volume Information\catalog.wci\CiCL0001.000 (480 bytes)
C:\PROGRAM FILES (8 bytes)
%System%\config (16 bytes)
%System%\wbem (1828 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SearchWithGoogleUpdate_C993F490EED40C1B.exe[1].lz (3073 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_63C8ABC94752CFD5.dll (5768 bytes)
%System%\locator.exe (4185 bytes)
%System%\tlntsvr.exe (4185 bytes)
C:\System Volume Information\catalog.wci\CiVP0000.000 (240 bytes)
%Documents and Settings% (4 bytes)
C:\System Volume Information\catalog.wci (8 bytes)
C:\System Volume Information\catalog.wci\cicat.fid (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (15807 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (1040 bytes)
%WinDir%\Temp\Perflib_Perfdata_7a8.dat (8 bytes)
%System%\msiexec.exe (4185 bytes)
%WinDir%\REGISTRATION (4 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbarUser_32_4814EB429669E41D.exe (1425 bytes)
D:\fs_snap.vir (3693 bytes)
%System% (22680 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.vir (7386 bytes)
%Program Files%\COMMON FILES (4 bytes)
%WinDir%\Prefetch\PROCMON.EXE-375B9EC2.pf (106 bytes)
%System%\locator.vir (3701 bytes)
%Program Files%\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe (11518 bytes)
%Program Files%\Common Files\VMware\Drivers (4 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe (673 bytes)
%Program Files%\WIRESHARK (16 bytes)
%Documents and Settings%\%current user%\Local Settings (8 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.000 (4560 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.001 (16 bytes)
C:\System Volume Information\catalog.wci\CiSP0000.002 (16 bytes)
%WinDir%\Microsoft.NET (4 bytes)
%Program Files%\WinPcap\rpcapd.exe (4185 bytes)
%System%\msiexec.vir (3704 bytes)
C:\System Volume Information\catalog.wci\CiSL0001.000 (240 bytes)
C:\System Volume Information\catalog.wci\CiP20000.002 (20 bytes)
C:\System Volume Information\catalog.wci\CiP20000.001 (16 bytes)
C:\System Volume Information\catalog.wci\CiP20000.000 (5280 bytes)
%Program Files%\Google\Google Toolbar\Component (8 bytes)
C:\System Volume Information\catalog.wci\CiFLfffd.000 (480 bytes)
C:\$ConvertToNonresident (4 bytes)
%System%\mnmsrvc.exe (3361 bytes)
%System%\vssvc.exe (5873 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation (4 bytes)
%Documents and Settings%\%current user%\Cookies (96 bytes)

The Virus deletes the following file(s):

%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.vir (0 bytes)
%System%\tlntsvr.vir (0 bytes)
%System%\dmadmin.vir (0 bytes)
%Program Files%\WinPcap\rpcapd.vir (0 bytes)
%System%\smlogsvc.vir (0 bytes)
%System%\imapi.vir (0 bytes)
%System%\locator.vir (0 bytes)
%System%\mnmsrvc.vir (0 bytes)
D:\fs_snap.vir (0 bytes)
%System%\msiexec.vir (0 bytes)
%System%\vssvc.vir (0 bytes)
C:\System Volume Information\catalog.wci\00000001.ps1 (0 bytes)
C:\System Volume Information\catalog.wci\00000001.ps2 (0 bytes)

The process eb41d0156cf86c257e85fd700cb0fb38.exe:1692 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

D:\wincheck.exe (15278 bytes)
%System%\osk.exe (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt7.tmp (35473 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 (164 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe (275 bytes)
%Program Files%\Outlook Express\msimn.vir (3686 bytes)
%Program Files%\Google\Google Toolbar\Component\cmpE.tmp (2291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarManager_08875ABF44579E20.exe[1].lz (55846 bytes)
%Program Files%\Outlook Express\wab.vir (3672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtF.tmp (48894 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
%System%\narrator.exe (4185 bytes)
%System%\magnify.exe (4185 bytes)
%System%\vssvc.vir (3915 bytes)
%System%\osk.vir (3841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarDynamic_32_63C8ABC94752CFD5.dll[1].lz (156759 bytes)
D:\wincheck.vir (15021 bytes)
%System%\scardsvr.vir (3721 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt3.tmp (97034 bytes)
%Program Files%\Outlook Express\wab.exe (4185 bytes)
%Program Files%\Windows Media Player\wmplayer.exe (4185 bytes)
%System%\wbem\wmiapsrv.vir (3752 bytes)
%System%\utilman.exe (4185 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_9EEB5F5999E77426.dll (4163 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (3361 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.vir (1858 bytes)
%Program Files%\Google\Google Toolbar\Component\cmpA.tmp (419 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\wsr30zt32.dll (80 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 (898 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (4185 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp10.tmp (8669 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtD.tmp (48673 bytes)
%Program Files%\Windows Media Player\wmplayer.vir (3699 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp6.tmp (4163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarDynamic_mui_en_9EEB5F5999E77426.dll[1].lz (33506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtB.tmp (7960 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp2.tmp (275 bytes)
%System%\magnify.vir (3698 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp8.tmp (4211 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.vir (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt1.tmp (7236 bytes)
%System%\netdde.vir (3737 bytes)
%System%\cisvc.vir (1839 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbarUser_32_4814EB429669E41D.exe (419 bytes)
%Program Files%\Outlook Express\msimn.exe (4185 bytes)
%System%\clipsrv.exe (3361 bytes)
%System%\wbem\wmiapsrv.exe (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GoogleToolbarInstaller2.log (53187 bytes)
%System%\clipsrv.vir (1867 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbar_32_3170DC3FD4082D05.dll (275 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe (2291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt5.tmp (31315 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt9.tmp (15721 bytes)
%System%\sessmgr.exe (4545 bytes)
%System%\scardsvr.exe (4185 bytes)
%Program Files%\Google\Google Toolbar\Component\cmpC.tmp (275 bytes)
%System%\utilman.vir (3676 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbar_32_3170DC3FD4082D05.dll[1].lz (7082 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SearchWithGoogleUpdate_C993F490EED40C1B.exe[1].lz (69126 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp4.tmp (19145 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%System%\smlogsvc.exe (4185 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_63C8ABC94752CFD5.dll (19145 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbar.7.5.4601.54.manifest.xml (36 bytes)
%System%\config\software (42885 bytes)
%System%\config\SOFTWARE.LOG (46617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleUpdateSetup_5CC4B0F53D73AD88.exe[1].lz (128601 bytes)
%System%\sessmgr.vir (3767 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
%System%\narrator.vir (3679 bytes)
%Program Files%\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe (8669 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.vir (3686 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (8657 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarUser_32_4814EB429669E41D.exe[1].lz (12658 bytes)
%System%\mobsync.exe (4545 bytes)
%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe (4211 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (111 bytes)
%System%\cisvc.exe (3361 bytes)
%System%\netdde.exe (4545 bytes)
%System%\mobsync.vir (3769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleUpdaterService_B33FC4DD36A473C6.exe[1].lz (6302 bytes)

The Virus deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt7.tmp (0 bytes)
%Program Files%\Outlook Express\msimn.vir (0 bytes)
%Program Files%\Google\Google Toolbar\Component\cmpE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarManager_08875ABF44579E20.exe[1].lz (0 bytes)
%Program Files%\Outlook Express\wab.vir (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtF.tmp (0 bytes)
%System%\mobsync.vir (0 bytes)
%System%\osk.vir (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarDynamic_32_63C8ABC94752CFD5.dll[1].lz (0 bytes)
D:\wincheck.vir (0 bytes)
%System%\scardsvr.vir (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt3.tmp (0 bytes)
%System%\wbem\wmiapsrv.vir (0 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.vir (0 bytes)
%Program Files%\Google\Google Toolbar\Component\cmpA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtD.tmp (0 bytes)
%Program Files%\Windows Media Player\wmplayer.vir (0 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarDynamic_mui_en_9EEB5F5999E77426.dll[1].lz (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtB.tmp (0 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp2.tmp (0 bytes)
%System%\magnify.vir (0 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt1.tmp (0 bytes)
%System%\netdde.vir (0 bytes)
%System%\cisvc.vir (0 bytes)
%System%\sessmgr.vir (0 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp10.tmp (0 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.vir (0 bytes)
%System%\clipsrv.vir (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt9.tmp (0 bytes)
%Program Files%\Google\Google Toolbar\Component\cmpC.tmp (0 bytes)
%System%\utilman.vir (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbar_32_3170DC3FD4082D05.dll[1].lz (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SearchWithGoogleUpdate_C993F490EED40C1B.exe[1].lz (0 bytes)
%Program Files%\Google\Google Toolbar\Component\cmp4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleUpdateSetup_5CC4B0F53D73AD88.exe[1].lz (0 bytes)
%System%\narrator.vir (0 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.vir (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarUser_32_4814EB429669E41D.exe[1].lz (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleUpdaterService_B33FC4DD36A473C6.exe[1].lz (0 bytes)

The process GoogleUpdaterService_B33FC4DD36A473C6.exe:4084 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%Program Files%\Google\Common\Google Updater\GoogleUpdaterService.exe (194 bytes)

The process GoogleUpdateSetup_5CC4B0F53D73AD88.exe:1060 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%Program Files%\GUM11.tmp\goopdateres_gu.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_es-419.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_pt-PT.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_ja.dll (23 bytes)
%Program Files%\GUM11.tmp\goopdateres_lv.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_da.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_ms.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_ml.dll (31 bytes)
%Program Files%\GUM11.tmp\goopdateres_ro.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_fa.dll (27 bytes)
%Program Files%\GUM11.tmp\goopdateres_ur.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_en.dll (27 bytes)
%Program Files%\GUM11.tmp\goopdateres_bg.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_hu.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_zh-CN.dll (21 bytes)
%Program Files%\GUM11.tmp\goopdateres_cs.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_no.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_it.dll (30 bytes)
%Program Files%\GUM11.tmp\GoogleUpdateHelper.msi (25 bytes)
%Program Files%\GUM11.tmp\goopdateres_id.dll (28 bytes)
%Program Files%\GUM11.tmp\npGoogleUpdate3.dll (1126 bytes)
%Program Files%\GUM11.tmp\goopdateres_fr.dll (30 bytes)
%Program Files%\GUM11.tmp (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_uk.dll (28 bytes)
%Program Files%\GUM11.tmp\psmachine.dll (157 bytes)
%Program Files%\GUM11.tmp\goopdateres_th.dll (27 bytes)
%Program Files%\GUM11.tmp\goopdateres_en-GB.dll (27 bytes)
%Program Files%\GUM11.tmp\goopdateres_vi.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_fil.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_ta.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_es.dll (30 bytes)
%Program Files%\GUM11.tmp\goopdateres_zh-TW.dll (21 bytes)
%Program Files%\GUM11.tmp\goopdateres_sk.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_el.dll (30 bytes)
%Program Files%\GUM11.tmp\goopdateres_pl.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_ca.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_fi.dll (28 bytes)
%Program Files%\GUM11.tmp\GoogleCrashHandler.exe (180 bytes)
%Program Files%\GUM11.tmp\GoogleUpdateBroker.exe (59 bytes)
%Program Files%\GUM11.tmp\goopdateres_lt.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_mr.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdate.dll (1990 bytes)
%Program Files%\GUM11.tmp\goopdateres_tr.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_sr.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_is.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_te.dll (29 bytes)
%Program Files%\GUM11.tmp\GoogleCrashHandler64.exe (233 bytes)
%Program Files%\GUM11.tmp\goopdateres_kn.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_bn.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_am.dll (24 bytes)
%Program Files%\GUM11.tmp\goopdateres_sl.dll (29 bytes)
%Program Files%\GUM11.tmp\psuser.dll (157 bytes)
%Program Files%\GUM11.tmp\goopdateres_nl.dll (30 bytes)
%Program Files%\GUM11.tmp\goopdateres_iw.dll (25 bytes)
%Program Files%\GUM11.tmp\goopdateres_hr.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_de.dll (31 bytes)
%Program Files%\GUM11.tmp\goopdateres_pt-BR.dll (29 bytes)
%Program Files%\GUM11.tmp\goopdateres_ru.dll (28 bytes)
%Program Files%\GUM11.tmp\GoogleUpdateSetup.exe (5441 bytes)
%Program Files%\GUM11.tmp\goopdateres_et.dll (27 bytes)
%Program Files%\GUM11.tmp\goopdateres_ko.dll (23 bytes)
%Program Files%\GUM11.tmp\goopdateres_hi.dll (28 bytes)
%Program Files%\GUM11.tmp\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files%\GUT12.tmp (25429 bytes)
%Program Files%\GUM11.tmp\goopdateres_ar.dll (26 bytes)
%Program Files%\GUM11.tmp\GoogleUpdate.exe (116 bytes)
%Program Files%\GUM11.tmp\goopdateres_sv.dll (28 bytes)
%Program Files%\GUM11.tmp\goopdateres_sw.dll (29 bytes)

The Virus deletes the following file(s):

%Program Files%\GUM11.tmp\goopdateres_gu.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_es-419.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_pt-PT.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ja.dll (0 bytes)
%Program Files%\GUT12.tmp (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_lv.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_da.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ms.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ml.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ro.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_fa.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ur.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_en.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_bg.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_hu.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_zh-CN.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_cs.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_no.dll (0 bytes)
%Program Files%\GUM11.tmp\GoogleUpdateHelper.msi (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_id.dll (0 bytes)
%Program Files%\GUM11.tmp\npGoogleUpdate3.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_fr.dll (0 bytes)
%Program Files%\GUM11.tmp (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_uk.dll (0 bytes)
%Program Files%\GUM11.tmp\psmachine.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_th.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_en-GB.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_vi.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_fil.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ta.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_es.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_zh-TW.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_sk.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_el.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_pl.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ca.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_fi.dll (0 bytes)
%Program Files%\GUM11.tmp\GoogleCrashHandler.exe (0 bytes)
%Program Files%\GUM11.tmp\GoogleUpdateBroker.exe (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_lt.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_mr.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdate.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_tr.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_sr.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_is.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_te.dll (0 bytes)
%Program Files%\GUM11.tmp\GoogleCrashHandler64.exe (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_kn.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_bn.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_am.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_sl.dll (0 bytes)
%Program Files%\GUM11.tmp\psuser.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_nl.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_iw.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_hr.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_de.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_pt-BR.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ru.dll (0 bytes)
%Program Files%\GUM11.tmp\GoogleUpdateSetup.exe (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_et.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ko.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_hi.dll (0 bytes)
%Program Files%\GUM11.tmp\GoogleUpdateOnDemand.exe (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_ar.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_it.dll (0 bytes)
%Program Files%\GUM11.tmp\GoogleUpdate.exe (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_sv.dll (0 bytes)
%Program Files%\GUM11.tmp\goopdateres_sw.dll (0 bytes)

The process mscorsvw.exe:1940 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%WinDir%\Microsoft.NET\Framework\v2.0.50727\ngen_service.log (2124 bytes)

The process iexplore.exe:3452 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\done[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tour-instant[1].jpg (2312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\maia[2].css (1919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\js-utils[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\google_logo_41[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\x[1].png (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAZMSV75.html&frm=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=1567062956&ipr=y (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAYN0ZL6.gif (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAABGTEN.htm (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tour-instant-th[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\conversion[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\gtabs[1].js (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA5FSXUB.htm (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tour-plus[1].jpg (6004 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (5784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAZFTYJD.htm (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\core[1].js (1977 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\conversion[2].js (2783 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\autotrack[1].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tour-plus-th[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ie[2].txt (1980 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\conversion[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\js-utils[1].js (915 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ie[1].txt (1778 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tour-translate-th[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tour-tools[1].jpg (5768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\conversion[1].js (1455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tour-tools-th[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ga[1].js (1687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\doubletrack[1].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\activityi;src=2542116;type=searc340;cat=tbx;ord=2769598177398[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAI7S52B.gif (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tour-translate[1].jpg (4776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\css[1].css (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\activityi;src=2542116;type=searc340;cat=tbx;ord=2769598177398[1].0034 (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\css[1] (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ie9overlay-arrow[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\maia[1].css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot (1994 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\maia[1].css (2 bytes)

The Virus deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAYN0ZL6.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAI7S52B.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ie[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\css[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\js-utils[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\conversion[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ie[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAABGTEN.htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\conversion[1].js (0 bytes)

The process msiexec.exe:1804 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%WinDir%\Installer\c6f90.ipi (200 bytes)
%System%\config\SOFTWARE.LOG (35182 bytes)
%System%\config\software (34240 bytes)
%WinDir%\Installer\c6f88.msi (12001 bytes)
%WinDir%\Installer\c6f8b.ipi (200 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (7120 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (5324 bytes)
%WinDir%\Installer\c6f8c.msi (200 bytes)
%WinDir%\Installer\c6f8d.msi (16081 bytes)
%WinDir%\Installer\c6f91.msi (200 bytes)
%WinDir%\Installer\MSI14.tmp (49 bytes)
%WinDir%\Installer\MSI13.tmp (49 bytes)

The Virus deletes the following file(s):

%WinDir%\Installer\c6f90.ipi (0 bytes)
%WinDir%\Installer\c6f8d.msi (0 bytes)
%Documents and Settings%\%current user%\My Documents\My Pictures (0 bytes)
%WinDir%\Installer\c6f8c.msi (0 bytes)
%WinDir%\Installer\c6f88.msi (0 bytes)
%WinDir%\Installer\c6f8b.ipi (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools (0 bytes)
D:\MSIc6f8a.tmp (0 bytes)
D:\MSIc6f8f.tmp (0 bytes)
C:\MSIc6f8e.tmp (0 bytes)
C:\MSIc6f89.tmp (0 bytes)
%WinDir%\Installer\c6f91.msi (0 bytes)
%WinDir%\Installer\MSI14.tmp (0 bytes)
%WinDir%\Installer\MSI13.tmp (0 bytes)

The process SearchWithGoogleUpdate_C993F490EED40C1B.exe:1684 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (150 bytes)
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url (128 bytes)
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll (49 bytes)
%Program Files%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (39 bytes)
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (5442 bytes)

The process DW20.EXE:1792 makes changes in a file system.


The Virus creates and/or writes to the following file(s):

%WinDir%\Temp\BE317.tmp (318457 bytes)
%WinDir%\pchealth\ERRORREP\QSIGNOFF\dwq.snt (0 bytes)
%WinDir%\pchealth\ERRORREP\QSIGNOFF\D0F52.txt (2 bytes)
%WinDir%\Temp\BDB28.dmp (210159 bytes)
%WinDir%\Temp\dw.log (78 bytes)
%WinDir%\pchealth\ERRORREP\QSIGNOFF\D0F52.cab (37274 bytes)

The Virus deletes the following file(s):

%WinDir%\Temp\BE317.tmp (0 bytes)
%WinDir%\Temp\BDB28.dmp (0 bytes)

Registry activity

The process GoogleToolbarManager_08875ABF44579E20.exe:496 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF A2 11 15 96 AD 06 A4 A1 F5 9C AF 2D DA 77 4E"

[HKLM\SOFTWARE\Google\Google Toolbar\Component\NonManifest\%Documents and Settings%\All Users\Application Data\Google\Custom Buttons]
"toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML" = "1"

[HKLM\SOFTWARE\Google\Google Toolbar\Component\Used]
"GoogleToolbarDynamic_mui_en.dll" = "1"

The process GoogleToolbarManager_08875ABF44579E20.exe:1252 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"UninstallString" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /uninstall"

[HKLM\SOFTWARE\Google\Google Toolbar\Component]
"PrimaryInstallDone" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"NoModify" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppPath" = "%Program Files%\Google\Google Toolbar"

[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
"(Default)" = "Google Toolbar Helper"

[HKLM\SOFTWARE\Google\Google Toolbar\Branding]
"id" = "C9EE5DC8F5FA1EFE945EFABF3076D4332C052eUPDL"

[HKLM\SOFTWARE\Google\Google Toolbar\Branding]
"InstallType" = "3"

[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"(Default)" = "%Program Files%\Google\Google Toolbar\GoogleToolbar_32.dll"

[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"NoRepair" = "1"

[HKLM\SOFTWARE\Google\Google Toolbar\GoogleUpdate]
"InstallTimestamp" = "1382005763"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Publisher" = "Google Inc."

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayIcon" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"InstallLocation" = "%Program Files%\Google\Google Toolbar\"

[HKLM\SOFTWARE\Google\Google Toolbar\Branding]
"brand" = "GUEA"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppName" = "GoogleToolbarUser_64.exe"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetDefaultSearch" = "3"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"WelcomePage" = "http://toolbar.google.com/tbredir?r=di&l=en&v=7.5&tbbrand="

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"ToastOfferTime" = "0"

[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"(Default)" = "%Program Files%\Google\Google Toolbar\GoogleToolbar_32.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayName" = "Google Toolbar for Internet Explorer"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"{14C626CA-ACAB-46e5-8A99-53C9E11CCCA0}_enabled" = "0"

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"AuthorizedLUAApp" = "1"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ButtonPageRank" = "0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppName" = "GoogleToolbarUser_32.exe"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = "00"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetPageRank" = "2"

[HKLM\SOFTWARE\Google\Google Toolbar]
"test" = "41"

[HKLM\SOFTWARE\Google\Google Toolbar\Component\Used]
"SearchWithGoogleUpdate.exe" = "1"

[HKLM\SOFTWARE\Google\Google Toolbar\Component\Used]
"GoogleToolbarManager.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"Policy" = "3"

[HKLM\SOFTWARE\Google\Google Toolbar\GoogleUpdate]
"InstallResult" = "mi;0x0"

[HKLM\SOFTWARE\Google\Google Toolbar\Installations]
"1382005774" = "v=7.5.4601.54&tbbrand=GUEA&i=0"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"RbbsBreak" = "1"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"SystemPatchLevel" = "1"

[HKLM\SOFTWARE\Google\Google Toolbar\Branding]
"installtime" = "1382005763"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"BrowseByName" = "0"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_0" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:0"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_1" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:1"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_2" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:2"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_3" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:3"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_4" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:4"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_5" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:5"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_6" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:6"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_7" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:7"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_8" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:8"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.4601.54_9" = "%Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe /execute:9"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppPath" = "%Program Files%\Google\Google Toolbar"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Enable Browser Extensions" = "yes"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"GTB7.5" = ""

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AD 83 5E 3C A2 4C C8 F7 05 1A 48 8F 74 D7 CA D4"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"UsageStatsEnabled" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Compatibility Flags" = "1024"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"name" = "Google Toolbar"

[HKLM\SOFTWARE\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"brand" = "GUEA"

[HKLM\SOFTWARE\Google\Google Toolbar\Component\Used]
"GoogleUpdaterService.exe" = "1"

[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetHomePage" = "2"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"DisableBrowseByName" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"MinorVersion" = "5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"MajorVersion" = "7"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"EnableUsageStats" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayVersion" = "7.5.4601.54"

[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"(Default)" = "Google Toolbar"

[HKLM\SOFTWARE\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"InstallTime" = "1382005717"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"EulaAccepted" = "0"

The Virus deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}]

The Virus deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"lang"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Vendor"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"UseIe64"

[HKCU\Software\Google\Google Toolbar\4.0]
"Update"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"WelcomePage"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"RefreshIE"

The process GoogleToolbarManager_08875ABF44579E20.exe:3388 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 7A 17 AF 69 08 8B 4C CD BF 95 41 00 52 66 09"

[HKLM\SOFTWARE\Google\Google Toolbar\Component\Used]
"GoogleToolbarManager.exe" = "1"

[HKLM\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"pv" = "7.5.4601.54"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"BringIeToForeground" = "1"

The Virus deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"UseIe64"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"WelcomePage"

The process GoogleUpdate.exe:392 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKCR\Google.Update3WebControl.3\CLSID]
"(Default)" = "{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}"

[HKCR\Google.OneClickCtrl.9]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppName" = "GoogleUpdateBroker.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"InstallTime" = "1382005762"

[HKCR\Google.Update3WebControl.3]
"(Default)" = "Google Update Plugin"

[HKCR\Google.OneClickCtrl.9\CLSID]
"(Default)" = "{C442AC41-9200-4770-8CC0-7CDB4F245C55}"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"ProductName" = "Google Update"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"AppPath" = "%Program Files%\Google\Update\1.3.21.107"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\ProgID]
"(Default)" = "Google.OneClickCtrl.9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description" = "Google Update"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Path" = "%Program Files%\Google\Update\1.3.21.107\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Google\Update]
"version" = "1.3.21.107"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\ProgID]
"(Default)" = "Google.Update3WebControl.3"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\npGoogleUpdate3.dll"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description" = "Google Update"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Vendor" = "Google Inc."

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Google\Update]
"GoogleUpdate.exe" = "Google Installer"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.update3webcontrol.3]
"CLSID" = "{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"(Default)" = "Google Update Plugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.21.107"

[HKCR\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.21.107"

[HKCR\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Google\Update]
"DelayUninstall" = "1"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Vendor" = "Google Inc."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"brand" = "GGOT"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 01 94 F2 23 0F 48 17 62 0E 06 FE CA 27 15 3F"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Version" = "9"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppPath" = "%Program Files%\Google\Update"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"ProductName" = "Google Update"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Google\Update]
"UninstallCmdLine" = "%Program Files%\Google\Update\GoogleUpdate.exe /uninstall"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Version" = "3"

[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Path" = "%Program Files%\Google\Update\1.3.21.107\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"AppName" = "GoogleUpdate.exe"

[HKLM\SOFTWARE\Google\Update]
"path" = "%Program Files%\Google\Update\GoogleUpdate.exe"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
"Policy" = "3"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.9]
"CLSID" = "{C442AC41-9200-4770-8CC0-7CDB4F245C55}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
"Policy" = "3"

[HKLM\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"name" = "Google Update"

The Virus deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update]
"uid"

[HKLM\SOFTWARE\Google\Update]
"LastChecked"

[HKLM\SOFTWARE\Google\Update]
"ui"

[HKLM\SOFTWARE\Google\Update\network\secure]
"c"

[HKLM\SOFTWARE\Google\Update]
"eulaaccepted"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Google\Update\network\secure]
"sk"

[HKLM\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableCount"

[HKLM\SOFTWARE\Google\Update]
"old-uid"

[HKLM\SOFTWARE\Google\Update]
"mi"

The process GoogleUpdate.exe:3608 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]
"(Default)" = "{B3D28DBD-0DFA-40E4-8071-520767BADC7E}"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\GoogleUpdateBroker.exe"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-3000"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods]
"(Default)" = "13"

[HKCR\GoogleUpdate.CredentialDialogMachine.1.0\CLSID]
"(Default)" = "{25461599-633D-42B1-84FB-7CD68D026E53}"

[HKCR\Google.OneClickProcessLauncherMachine]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-1004"

[HKCR\Interface\{C6398F88-69CE-44AC-B6A7-1D3E2AA46679}]
"(Default)" = "IAppWeb"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\GoogleUpdateBroker.exe"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID]
"(Default)" = "GoogleUpdate.CredentialDialogMachine.1.0"

[HKCR\GoogleUpdate.Update3WebMachine\CurVer]
"(Default)" = "GoogleUpdate.Update3WebMachine.1.0"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}]
"(Default)" = "IProgressWndEvents"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID]
"(Default)" = "GoogleUpdate.CoreMachineClass.1"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID]
"(Default)" = "GoogleUpdate.ProcessLauncher.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebMachine.1.0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"CLSID" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-3000"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.ProcessLauncher"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}]
"(Default)" = "IGoogleUpdate3"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CredentialDialogMachine"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}]
"(Default)" = "IGoogleUpdate"

[HKCR\GoogleUpdate.CoreMachineClass.1\CLSID]
"(Default)" = "{9B2340A0-4068-43D6-B404-32E27217859D}"

[HKCR\GoogleUpdate.CoreMachineClass\CurVer]
"(Default)" = "GoogleUpdate.CoreMachineClass.1"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-1004"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-1004"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID]
"(Default)" = "GoogleUpdate.CoCreateAsync.1.0"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}]
"(Default)" = "IOneClickProcessLauncher"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}]
"(Default)" = "IAppBundle"

[HKCR\CLSID\{CDEB181C-FD59-489A-95C0-461BA3904F57}\InprocHandler32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\psmachine.dll"

[HKCR\GoogleUpdate.CoreMachineClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}]
"(Default)" = "IJobObserver"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\GoogleUpdate.CoreMachineClass\CLSID]
"(Default)" = "{9B2340A0-4068-43D6-B404-32E27217859D}"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods]
"(Default)" = "5"

[HKCR\Google.OneClickProcessLauncherMachine\CurVer]
"(Default)" = "Google.OneClickProcessLauncherMachine.1.0"

[HKCR\GoogleUpdate.Update3WebMachineFallback\CLSID]
"(Default)" = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback\CLSID]
"(Default)" = "{B3D28DBD-0DFA-40E4-8071-520767BADC7E}"

[HKCR\CLSID\{2207031B-6E14-47D2-9175-55F66D764021}\InProcServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\psmachine.dll"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}]
"(Default)" = "ICoCreateAsyncStatus"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods]
"(Default)" = "24"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}]
"(Default)" = "CoCreateAsync"

[HKCR\GoogleUpdate.CoreMachineClass]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-3000"

[HKCR\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{2207031B-6E14-47D2-9175-55F66D764021}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"Enabled" = "1"

[HKCR\CLSID\{2207031B-6E14-47D2-9175-55F66D764021}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\GoogleUpdate.CoCreateAsync\CLSID]
"(Default)" = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\GoogleUpdate.Update3WebMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods]
"(Default)" = "10"

[HKCR\GoogleUpdate.CredentialDialogMachine.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\psmachine.dll"

[HKCR\GoogleUpdate.ProcessLauncher\CurVer]
"(Default)" = "GoogleUpdate.ProcessLauncher.1.0"

[HKCR\GoogleUpdate.Update3WebMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{C6398F88-69CE-44AC-B6A7-1D3E2AA46679}\NumMethods]
"(Default)" = "14"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods]
"(Default)" = "4"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine.1.0\CLSID]
"(Default)" = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\Google.OneClickProcessLauncherMachine\CLSID]
"(Default)" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods]
"(Default)" = "41"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 32 A9 FE F7 57 6B E6 1F E6 9B 27 DC 68 91 0B"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\GoogleUpdateBroker.exe"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-1004"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}]
"(Default)" = "IGoogleUpdate3WebSecurity"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}]
"(Default)" = "IRegistrationUpdateHook"

[HKCR\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback.1.0"

[HKCR\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}]
"(Default)" = "ICurrentState"

[HKCR\Interface\{D999CE21-98B3-4894-BACB-A49A1D50848F}\NumMethods]
"(Default)" = "40"

[HKCR\GoogleUpdate.Update3WebMachine.1.0\CLSID]
"(Default)" = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoreMachineClass"

[HKCR\GoogleUpdate.CredentialDialogMachine\CLSID]
"(Default)" = "{25461599-633D-42B1-84FB-7CD68D026E53}"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}]
"(Default)" = "IPackage"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\VersionIndependentProgID]
"(Default)" = "Google.OneClickProcessLauncherMachine"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\GoogleUpdate.ProcessLauncher.1.0]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}]
"(Default)" = "IGoogleUpdateCore"

[HKCR\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods]
"(Default)" = "9"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\GoogleUpdateOnDemand.exe"

[HKCR\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods]
"(Default)" = "4"

[HKCR\GoogleUpdate.Update3WebMachineFallback]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\GoogleUpdate.CoCreateAsync\CurVer]
"(Default)" = "GoogleUpdate.CoCreateAsync.1.0"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}]
"(Default)" = "IAppVersion"

[HKCR\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods]
"(Default)" = "10"

[HKCR\GoogleUpdate.CredentialDialogMachine\CurVer]
"(Default)" = "GoogleUpdate.CredentialDialogMachine.1.0"

[HKCR\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"(Default)" = "Google Update Core Class"

[HKCR\Google.OneClickProcessLauncherMachine.1.0]
"(Default)" = "Google.OneClickProcessLauncher"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\GoogleUpdate.Update3WebMachineFallback\CurVer]
"(Default)" = "GoogleUpdate.Update3WebMachineFallback.1.0"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoCreateAsync"

[HKCR\GoogleUpdate.CredentialDialogMachine]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\GoogleUpdate.CoCreateAsync.1.0]
"(Default)" = "CoCreateAsync"

[HKCR\Interface\{D999CE21-98B3-4894-BACB-A49A1D50848F}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\Interface\{C6398F88-69CE-44AC-B6A7-1D3E2AA46679}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\Google.OneClickProcessLauncherMachine.1.0\CLSID]
"(Default)" = "{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}"

[HKCR\GoogleUpdate.Update3WebMachineFallback.1.0\CLSID]
"(Default)" = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\GoogleUpdateOnDemand.exe"

[HKCR\GoogleUpdate.Update3WebMachine\CLSID]
"(Default)" = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods]
"(Default)" = "24"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}]
"(Default)" = "IAppVersionWeb"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebMachine"

[HKCR\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]
"IconReference" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-1004"

[HKCR\GoogleUpdate.ProcessLauncher]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.Update3WebMachineFallback.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}]
"(Default)" = "IGoogleUpdate3Web"

[HKCR\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\GoogleUpdateBroker.exe"

[HKCR\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation]
"Enabled" = "1"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation]
"Enabled" = "1"

[HKCR\CLSID\{CDEB181C-FD59-489A-95C0-461BA3904F57}\InprocHandler32]
"ThreadingModel" = "Both"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}]
"(Default)" = "IAppBundleWeb"

[HKCR\GoogleUpdate.CoCreateAsync]
"(Default)" = "CoCreateAsync"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32]
"(Default)" = "%Program Files%\Google\Update\1.3.21.107\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachineFallback"

[HKCR\Interface\{D999CE21-98B3-4894-BACB-A49A1D50848F}]
"(Default)" = "IApp"

[HKCR\GoogleUpdate.CoCreateAsync.1.0\CLSID]
"(Default)" = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine"

[HKCR\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.ProcessLauncher.1.0\CLSID]
"(Default)" = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-3000"

[HKCR\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}]
"LocalizedString" = "@%Program Files%\Google\Update\1.3.21.107\goopdate.dll,-3000"

[HKCR\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}]
"(Default)" = "IProcessLauncher"

[HKCR\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32]
"(Default)" = "{2207031B-6E14-47D2-9175-55F66D764021}"

[HKCR\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}]
"(Default)" = "ICoCreateAsync"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}]
"Policy" = "3"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\GoogleUpdate.ProcessLauncher\CLSID]
"(Default)" = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}"

[HKCR\GoogleUpdate.OnDemandCOMClassMachine\CLSID]
"(Default)" = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}"

[HKCR\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}]
"(Default)" = "ICredentialDialog"

[HKCR\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\ProgID]
"(Default)" = "Google.OneClickProcessLauncherMachine.1.0"

[HKCR\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}]
"(Default)" = "IBrowserHttpRequest2"

The Virus deletes the following registry key(s):

[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32]
[HKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}]
[HKCR\CLSID\{CDEB181C-FD59-489A-95C0-461BA3904F57}]
[HKCR\CLSID\{CDEB181C-FD59-489A-95C0-461BA3904F57}\InprocHandler32]

The Virus deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\network\secure]
"sk"

[HKLM\SOFTWARE\Google\Update\network\secure]
"c"

The process GoogleUpdate.exe:3740 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F 1F 35 28 78 1E 85 46 0F DA C3 89 D9 E3 C3 4C"

[HKCU\Software\Google\Update\proxy]
"source" = "direct"

The Virus deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Update\network\secure]
"sk"

[HKLM\SOFTWARE\Google\Update\network\secure]
"c"

The process GoogleUpdate.exe:420 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKCR\GoogleUpdate.Update3WebSvc\CurVer]
"(Default)" = "GoogleUpdate.Update3WebSvc.1.0"

[HKCR\GoogleUpdate.Update3COMClassService]
"(Default)" = "Update3COMClass"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\GoogleUpdate.Update3COMClassService\CLSID]
"(Default)" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.CoreClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\GoogleUpdate.Update3WebSvc\CLSID]
"(Default)" = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"

[HKCR\GoogleUpdate.Update3COMClassService.1.0\CLSID]
"(Default)" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.Update3WebSvc.1.0\CLSID]
"(Default)" = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID]
"(Default)" = "GoogleUpdate.Update3WebSvc.1.0"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc"

[HKCR\GoogleUpdate.Update3COMClassService.1.0]
"(Default)" = "Update3COMClass"

[HKCR\AppID\GoogleUpdate.exe]
"AppID" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"(Default)" = "ServiceModule"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"LocalService" = "gupdatem"

[HKCR\GoogleUpdate.Update3WebSvc.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\GoogleUpdate.Update3WebSvc]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3COMClassService"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"(Default)" = "Update3COMClass"

[HKCR\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"(Default)" = "ServiceModule"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.CoreClass"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"ServiceParameters" = "/comsvc"

[HKCR\GoogleUpdate.CoreClass\CurVer]
"(Default)" = "GoogleUpdate.CoreClass.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 6A 18 57 A1 59 24 CD A8 7E 37 A5 EF 26 5C 60"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID]
"(Default)" = "GoogleUpdate.Update3COMClassService.1.0"

[HKCR\GoogleUpdate.CoreClass]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID]
"(Default)" = "GoogleUpdate.Update3WebSvc"

[HKCR\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"LocalService" = "gupdate"

[HKCR\GoogleUpdate.CoreClass.1\CLSID]
"(Default)" = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

[HKCR\GoogleUpdate.Update3COMClassService\CurVer]
"(Default)" = "GoogleUpdate.Update3COMClassService.1.0"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
"AppID" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID]
"(Default)" = "GoogleUpdate.CoreClass.1"

[HKCR\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"AppID" = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc.1.0\CLSID]
"(Default)" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"ServiceParameters" = "/comsvc"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc\CLSID]
"(Default)" = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"

[HKCR\GoogleUpdate.OnDemandCOMClassSvc\CurVer]
"(Default)" = "GoogleUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\GoogleUpdate.CoreClass\CLSID]
"(Default)" = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

The Virus deletes the following registry key(s):

[HKCR\AppID\GoogleUpdate.exe]

The process sessmgr.exe:356 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC D2 E4 A6 A8 B8 6C 68 09 FC E9 09 0B 40 C5 6F"

The process verclsid.exe:3912 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 61 98 46 78 C2 DA F5 68 13 37 F3 E9 59 55 62"

The process cisvc.exe:1764 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKCR\EngUSWrdBrk.EngUSWrdBrk]
"(Default)" = "EngUSWrdBrk Class"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"(Default)" = "%System%\query.dll"

[HKCR\MSIDXS]
"(Default)" = "Microsoft OLE DB Provider for Indexing Service"

[HKCR\IXSSO.Query\CurVer]
"(Default)" = "IXSSO.Query.3"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\ProgID]
"(Default)" = "EngUKWrdBrk.EngUKWrdBrk.1"

[HKCR\IXSSO.Util.2\CLSID]
"(Default)" = "{0C16C27E-A6E7-11D0-BFC3-0020F8008024}"

[HKCR\CLSID\{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
"(Default)" = "MSIDXS"

[HKCR\CLSID\{c1243ca0-bf96-11cd-b579-08002b30bfeb}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{98de59a0-d175-11cd-a7bd-00006b827d94}]
"(Default)" = "Microsoft Office Persistent Handler"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\ProgID]
"(Default)" = "ItlItlWrdBrk.ItlItlWrdBrk.1"

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}]
"(Default)" = "Microsoft Index Server Administration Object"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\VersionIndependentProgID]
"(Default)" = "FrnFrnWrdBrk.FrnFrnWrdBrk"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
"(Default)" = "Microsoft.ISScopeAdm"

[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\.htw\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\.css\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{AA205A4D-681F-11D0-A243-08002B36FCA4}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{9478f640-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{6d36ce10-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "Italian_Italian Stemmer"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Neutral]
"WBreakerClass" = "{369647e0-17b0-11ce-9950-00aa004bbb1f}"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\VersionIndependentProgID]
"(Default)" = "EngUSWrdBrk.EngUSWrdBrk"

[HKCR\CLSID\{01c6b350-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{00020811-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{860d28d0-8bf4-11ce-be59-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_US]
"StemmerClass" = "{eeed4c20-7f1b-11ce-be57-00aa0051fe20}"

[HKCR\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors]
"(Default)" = "Extended Error Service"

[HKCR\.stm\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\IXSSO.Query.2]
"(Default)" = "Indexing Service Query SSO V2."

[HKCR\CLSID\{5645C8C0-E277-11CF-8FDA-00AA00A14F93}]
"(Default)" = "NNTP filter"

[HKCR\CLSID\{5645C8C0-E277-11CF-8FDA-00AA00A14F93}\PersistentHandler]
"(Default)" = "{5645C8C1-E277-11CF-8FDA-00AA00A14F93}"

[HKCR\.xlc\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}]
"(Default)" = "Indexing Service Utility SSO V2."

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"(Default)" = "%System%\ciodm.dll"

[HKCR\ItlItlWrdBrk.ItlItlWrdBrk.1]
"(Default)" = "ItlItlWrdBrk Class"

[HKCR\MSIDXS ErrorLookup\Clsid]
"(Default)" = "{F9AE8981-7E52-11d0-8964-00C04FD611D7}"

[HKCR\CLSID\{C04EFA90-E221-11D2-985E-00C04F575153}\InProcServer32]
"(Default)" = "%System%\query.dll"

[HKCR\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{510a4910-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "German_German Stemmer"

[HKCR\CLSID\{95ad72f0-44ce-11d0-ae29-00aa004b9986}]
"(Default)" = "Indexing Service Snapin"

[HKCR\IXSSO.Query.3]
"(Default)" = "Indexing Service Query SSO V3."

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
"(Default)" = "Microsoft.ISAdm.1"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}]
"(Default)" = "FrnFrnWrdBrk Class"

[HKCR\IXSSO.Util]
"(Default)" = "Indexing Service Utility SSO V2."

[HKCR\MSIDXS\Clsid]
"(Default)" = "{F9AE8980-7E52-11d0-8964-00C04FD611D7}"

[HKCR\CLSID\{6d36ce10-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"(Default)" = "%System%\ciodm.dll"

[HKCR\CLSID\{00020C01-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}]
"(Default)" = "Plain Text persistent handler"

[HKCR\CLSID\{b0516ff0-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "Spanish_Modern Stemmer"

[HKCR\Microsoft Internet News Message\CLSID]
"(Default)" = "{5645C8C0-E277-11CF-8FDA-00AA00A14F93}"

[HKCR\CLSID\{e0ca5340-4534-11cf-b952-00aa0051fe20}\InprocServer32]
"(Default)" = "nlhtml.dll"

[HKCR\IXSSO.Query\CLSID]
"(Default)" = "{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}\InProcServer32]
"(Default)" = "%System%\ixsso.dll"

[HKCR\Interface\{F4EB8260-8DDA-11D1-B3AA-00A0C9063796}]
"(Default)" = "IFilterStatus"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\ProgID]
"(Default)" = "EngUSWrdBrk.EngUSWrdBrk.1"

[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}]
"(Default)" = "Indexing Service Query SSO V3."

[HKCR\CLSID\{f07f3920-7b8c-11cf-9be8-00aa004b9986}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\.odc\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\German_German]
"StemmerClass" = "{510a4910-7f1c-11ce-be57-00aa0051fe20}"

[HKCR\CLSID\{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{66b37110-8bf2-11ce-be59-00aa0051fe20}]
"(Default)" = "Dutch_Dutch Word Breaker"

[HKCR\CLSID\{eeed4c20-7f1b-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{EA7BAE71-FB3B-11CD-A903-00AA00510EA3}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}]
"(Default)" = "Italian_Italian Word Breaker"

[HKCR\IXSSO.Query.2\CLSID]
"(Default)" = "{A4463024-2B6F-11D0-BFBC-0020F8008024}"

[HKCR\CLSID\{f07f3920-7b8c-11cf-9be8-00aa004b9986}\InprocServer32]
"(Default)" = "OffFilt.dll"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\CLSID\{5645C8C4-E277-11CF-8FDA-00AA00A14F93}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{5645C8C2-E277-11CF-8FDA-00AA00A14F93}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\French_French]
"StemmerClass" = "{2a6eb050-7f1c-11ce-be57-00aa0051fe20}"

[HKCR\.htm\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}]
"(Default)" = "Null filter"

[HKCR\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\Microsoft.ISScopeAdm]
"(Default)" = "Microsoft Index Server Scope Administration Object"

[HKCR\.pot\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{c1243ca0-bf96-11cd-b579-08002b30bfeb}]
"(Default)" = "Plain Text filter"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\German_German]
"WBreakerClass" = "{9b08e210-e51b-11cd-bc7f-00aa003db18e}"

[HKCR\CLSID\{AA205A4D-681F-11D0-A243-08002B36FCA4}\InprocServer32]
"ThreadingModel" = "Both"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Swedish_Default]
"Locale" = "1053"

[HKCR\CLSID\{5645C8C3-E277-11CF-8FDA-00AA00A14F93}\PersistentHandler]
"(Default)" = "{5645C8C4-E277-11CF-8FDA-00AA00A14F93}"

[HKCR\CLSID\{369647e0-17b0-11ce-9950-00aa004bbb1f}]
"(Default)" = "Neutral Word Breaker"

[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}\ProgID]
"(Default)" = "IXSSO.Query.2"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\ProgID]
"(Default)" = "SpnMdrWrdBrk.SpnMdrWrdBrk.1"

[HKCR\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{00020810-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\French_French]
"WBreakerClass" = "{59e09848-8099-101b-8df3-00000b65c3b5}"

[HKCR\EngUKWrdBrk.EngUKWrdBrk.1]
"(Default)" = "EngUKWrdBrk Class"

[HKCR\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{2a6eb050-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "French_French Stemmer"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
"(Default)" = "MSIDXS Error Lookup"

[HKCR\CLSID\{C04EFA90-E221-11D2-985E-00C04F575153}]
"(Default)" = "PSFactoryBuffer"

[HKCR\CLSID\{59e09848-8099-101b-8df3-00000b65c3b5}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Spanish_Modern]
"WBreakerClass" = "{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}"

[HKCR\Microsoft.ISCatAdm.1]
"(Default)" = "Microsoft Index Server Catalog Administration Object"

[HKCR\Microsoft Internet Mail Message]
"(Default)" = "Internet E-Mail Message"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
"(Default)" = "MSIDXS ErrorLookup"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}]
"(Default)" = "MSIDXS"

[HKCR\CLSID\{1E9685E6-DB6D-11d0-BB63-00C04FC2F410}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{95ad72f0-44ce-11d0-ae29-00aa004b9986}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{9478f640-7f1c-11ce-be57-00aa0051fe20}]
"(Default)" = "Swedish_Default Stemmer"

[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk.1\CLSID]
"(Default)" = "{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Italian_Italian]
"StemmerClass" = "{6d36ce10-7f1c-11ce-be57-00aa0051fe20}"

[HKCR\ItlItlWrdBrk.ItlItlWrdBrk]
"(Default)" = "ItlItlWrdBrk Class"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Italian_Italian]
"Locale" = "1040"

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Microsoft.ISCatAdm\CurVer]
"(Default)" = "Microsoft.ISCatAdm.1"

[HKCR\IXSSO.Query]
"(Default)" = "Indexing Service Query SSO V3."

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\InprocServer32]
"(Default)" = "%System%\query.dll"

[HKCR\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32]
"(Default)" = "%System%\mimefilt.dll"

[HKCR\CLSID\{e0ca5340-4534-11cf-b952-00aa0051fe20}]
"(Default)" = "HTML filter"

[HKCR\.htx\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_UK]
"StemmerClass" = "{d99f7670-7f1a-11ce-be57-00aa0051fe20}"

[HKLM\System\CurrentControlSet\Control\Server Applications]
"{95AD72F0-44CE-11D0-AE29-00AA004B9986}" = "Indexing Service"

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\VersionIndependentProgID]
"(Default)" = "ISSimpleCommandCreator"

[HKCR\CLSID\{510a4910-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk.1\CLSID]
"(Default)" = "{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}"

[HKCR\CLSID\{b0516ff0-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{9b08e210-e51b-11cd-bc7f-00aa003db18e}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
"(Default)" = "MSIDXSErrorLookup"

[HKCR\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{c1243ca0-bf96-11cd-b579-08002b30bfeb}"

[HKCR\EngUKWrdBrk.EngUKWrdBrk.1\CLSID]
"(Default)" = "{363F1015-FD5F-4ba8-AC58-29634F378A42}"

[HKCR\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk.1]
"(Default)" = "SpnMdrWrdBrk Class"

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"About" = "{95ad72f0-44ce-11d0-ae29-00aa004b9986}"

[HKCR\CLSID\{95ad72f0-44ce-11d0-ae29-00aa004b9986}\InprocServer32]
"(Default)" = "CIAdmin.dll"

[HKCR\EngUSWrdBrk.EngUSWrdBrk.1]
"(Default)" = "EngUSWrdBrk Class"

[HKCR\.asp\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{6d36ce10-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\ProgID]
"(Default)" = "ISSimpleCommandCreator.1"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}]
"(Default)" = "ItlItlWrdBrk Class"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 CC 7C 77 65 1E 9A F4 B0 9F 4F AC 9C FF BA C5"

[HKCR\Microsoft.ISAdm.1]
"(Default)" = "Microsoft Index Server Administration Object"

[HKCR\CLSID\{b0516ff0-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Italian_Italian]
"WBreakerClass" = "{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}"

[HKCR\CLSID\{9478f640-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"Version" = "1.0"

[HKCR\CLSID\{2a6eb050-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk\CurVer]
"(Default)" = "SpnMdrWrdBrk.SpnMdrWrdBrk.1"

[HKCR\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
"(Default)" = "Content Index ISearch Creator Object"

[HKCR\.eml]
"(Default)" = "Microsoft Internet Mail Message"

[HKCR\.ascx\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\Interface\{F4EB8260-8DDA-11D1-B3AA-00A0C9063796}\ProxyStubClsid32]
"(Default)" = "{C04EFA90-E221-11D2-985E-00C04F575153}"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\VersionIndependentProgID]
"(Default)" = "ItlItlWrdBrk.ItlItlWrdBrk"

[HKCR\CLSID\{00022603-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{01c6b350-12c7-11ce-bd31-00aa004bbb1f}]
"(Default)" = "Swedish_Default Word Breaker"

[HKCR\CLSID\{2A488070-6FD9-11D0-A808-00A0C906241A}]
"(Default)" = "File System Client DocStore Locator Object"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{00022602-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\.aspx\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{d99f7670-7f1a-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ProgID]
"(Default)" = "MSIDXS.1"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Swedish_Default]
"StemmerClass" = "{9478f640-7f1c-11ce-be57-00aa0051fe20}"

[HKCR\CLSID\{59e09848-8099-101b-8df3-00000b65c3b5}]
"(Default)" = "French_French Word Breaker"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}]
"(Default)" = "SpnMdrWrdBrk Class"

[HKCR\Microsoft.ISAdm.1\CLSID]
"(Default)" = "{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\Microsoft.ISScopeAdm\CurVer]
"(Default)" = "Microsoft.ISScopeAdm.1"

[HKCR\CLSID\{9b08e210-e51b-11cd-bc7f-00aa003db18e}]
"(Default)" = "German_German Word Breaker"

[HKCR\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\PersistentHandler]
"(Default)" = "{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKCR\EngUSWrdBrk.EngUSWrdBrk.1\CLSID]
"(Default)" = "{80A3E9B0-A246-11D3-BB8C-0090272FA362}"

[HKCR\.html\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\SpnMdrWrdBrk.SpnMdrWrdBrk]
"(Default)" = "SpnMdrWrdBrk Class"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{5645C8C3-E277-11CF-8FDA-00AA00A14F93}]
"(Default)" = "NNTP filter"

[HKCR\CLSID\{EA7BAE70-FB3B-11CD-A903-00AA00510EA3}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\.nws]
"(Default)" = "Microsoft Internet News Message"

[HKCR\Microsoft.ISScopeAdm.1\CLSID]
"(Default)" = "{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\.xls\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\ItlItlWrdBrk.ItlItlWrdBrk.1\CLSID]
"(Default)" = "{91870674-DE84-4313-B07D-A387415BB4F5}"

[HKCR\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}]
"(Default)" = "Null persistent handler"

[HKCR\CLSID\{860d28d0-8bf4-11ce-be59-00aa0051fe20}]
"(Default)" = "Dutch_Dutch Stemmer"

[HKCR\EngUSWrdBrk.EngUSWrdBrk\CurVer]
"(Default)" = "EngUSWrdBrk.EngUSWrdBrk.1"

[HKCR\.hta\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
"(Default)" = "Microsoft.ISScopeAdm.1"

[HKCR\CLSID\{e0ca5340-4534-11cf-b952-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Microsoft.ISCatAdm.1\CLSID]
"(Default)" = "{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\.doc\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\IXSSO.Util\CLSID]
"(Default)" = "{0C16C27E-A6E7-11D0-BFC3-0020F8008024}"

[HKCR\CLSID\{66b37110-8bf2-11ce-be59-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk.1]
"(Default)" = "FrnFrnWrdBrk Class"

[HKCR\Microsoft.ISScopeAdm\CLSID]
"(Default)" = "{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\CLSID\{d99f7670-7f1a-11ce-be57-00aa0051fe20}]
"(Default)" = "English_UK Stemmer"

[HKCR\Microsoft.ISAdm\CLSID]
"(Default)" = "{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}"

[HKCR\CLSID\{AA205A4D-681F-11D0-A243-08002B36FCA4}]
"(Default)" = "File System Client Filter Object"

[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}\ProgID]
"(Default)" = "IXSSO.Util"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\CLSID\{C04EFA90-E221-11D2-985E-00C04F575153}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\IXSSO.Util.2]
"(Default)" = "Indexing Service Utility SSO V2."

[HKCR\Microsoft.ISScopeAdm.1]
"(Default)" = "Microsoft Index Server Scope Administration Object"

[HKCR\.hhc\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"(Default)" = "%System%\ciodm.dll"

[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}\InProcServer32]
"(Default)" = "%System%\ixsso.dll"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Spanish_Modern]
"Locale" = "3082"

[HKCR\.xlt\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\VersionIndependentProgID]
"(Default)" = "EngUKWrdBrk.EngUKWrdBrk"

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"Provider" = "Microsoft Corporation"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
"(Default)" = "Microsoft.ISCatAdm"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_US]
"Locale" = "1033"

[HKCR\CLSID\{eeed4c20-7f1b-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{F4EB8260-8DDA-11D1-B3AA-00A0C9063796}\NumMethods]
"(Default)" = "7"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Dutch_Dutch]
"WBreakerClass" = "{66b37110-8bf2-11ce-be59-00aa0051fe20}"

[HKCR\CLSID\{0C16C27E-A6E7-11D0-BFC3-0020F8008024}\InProcServer32]
"(Default)" = "%System%\ixsso.dll"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}]
"(Default)" = "EngUKWrdBrk Class"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Neutral]
"Locale" = "0"

[HKCR\CLSID\{5645C8C1-E277-11CF-8FDA-00AA00A14F93}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{5645C8C2-E277-11CF-8FDA-00AA00A14F93}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\German_German]
"Locale" = "1031"

[HKCR\CLSID\{0285b5c0-12c7-11ce-bd31-00aa004bbb1f}]
"(Default)" = "Spanish_Modern Word Breaker"

[HKCR\EngUKWrdBrk.EngUKWrdBrk]
"(Default)" = "EngUKWrdBrk Class"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\VersionIndependentProgID]
"(Default)" = "SpnMdrWrdBrk.SpnMdrWrdBrk"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\ProgID]
"(Default)" = "FrnFrnWrdBrk.FrnFrnWrdBrk.1"

[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}]
"(Default)" = "EngUSWrdBrk Class"

[HKCR\CLSID\{01c6b350-12c7-11ce-bd31-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\EngUKWrdBrk.EngUKWrdBrk\CurVer]
"(Default)" = "EngUKWrdBrk.EngUKWrdBrk.1"

[HKCR\Microsoft.ISCatAdm]
"(Default)" = "Microsoft Index Server Catalog Administration Object"

[HKCR\CLSID\{2a6eb050-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk\CurVer]
"(Default)" = "FrnFrnWrdBrk.FrnFrnWrdBrk.1"

[HKCR\CLSID\{98de59a0-d175-11cd-a7bd-00006b827d94}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{f07f3920-7b8c-11cf-9be8-00aa004b9986}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Dutch_Dutch]
"StemmerClass" = "{860d28d0-8bf4-11ce-be59-00aa0051fe20}"

[HKCR\.xlb\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{eec97550-47a9-11cf-b952-00aa0051fe20}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{e0ca5340-4534-11cf-b952-00aa0051fe20}"

[HKCR\.htt\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCR\CLSID\{00020900-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}]
"(Default)" = "Microsoft Index Server Scope Administration Object"

[HKCR\.dot\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
"(Default)" = "Microsoft.ISAdm"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
"(Default)" = "Microsoft.ISCatAdm.1"

[HKCR\CLSID\{59e09848-8099-101b-8df3-00000b65c3b5}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{00020820-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}\ProgID]
"(Default)" = "IXSSO.Query"

[HKCR\CLSID\{2A488070-6FD9-11D0-A808-00A0C906241A}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}]
"(Default)" = "Microsoft Index Server Catalog Administration Object"

[HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{476e6449-aaff-11d0-b944-00c04fd8d5b0}\Dynamic Extensions]
"{95AD72F0-44CE-11D0-AE29-00AA004B9986}" = "Indexing Service Snapin"

[HKCR\CLSID\{369647e0-17b0-11ce-9950-00aa004bbb1f}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{fd86b5d0-12c6-11ce-bd31-00aa004bbb1f}\InprocServer32]
"(Default)" = "infosoft.dll"

[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}]
"(Default)" = "IndexServer Simple Command Creator"

[HKCR\IXSSO.Util\CurVer]
"(Default)" = "IXSSO.Util.2"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Dutch_Dutch]
"Locale" = "1043"

[HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{476e6449-aaff-11d0-b944-00c04fd8d5b0}\Extensions\NameSpace]
"{95AD72F0-44CE-11D0-AE29-00AA004B9986}" = "Indexing Service Snapin"

[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\.pps\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\MSIDXS ErrorLookup]
"(Default)" = "Microsoft OLE DB Error Lookup for Indexing Service"

[HKCR\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{eeed4c20-7f1b-11ce-be57-00aa0051fe20}]
"(Default)" = "English_US Stemmer"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"(Default)" = "%System%\query.dll"

[HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{5401E3E9-F5F6-11D1-B4F7-00C04FC2DB8D}]
"(Default)" = "Indexing Service Root Subtree"

[HKCR\CLSID\{f07f3920-7b8c-11cf-9be8-00aa004b9986}]
"(Default)" = "Microsoft Office Filter"

[HKCR\FrnFrnWrdBrk.FrnFrnWrdBrk]
"(Default)" = "FrnFrnWrdBrk Class"

[HKCR\CLSID\{00020821-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}]
"(Default)" = "Content Index Null Stemmer"

[HKCR\CLSID\{369647e0-17b0-11ce-9950-00aa004bbb1f}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{1E9685E6-DB6D-11d0-BB63-00C04FC2F410}]
"(Default)" = "Content Index Framework Control Object"

[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\OLE DB Provider]
"(Default)" = "Microsoft OLE DB Provider for Indexing Service"

[HKCR\CLSID\{2A488070-6FD9-11D0-A808-00A0C906241A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{9b08e210-e51b-11cd-bc7f-00aa003db18e}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\InprocServer32]
"(Default)" = "%System%\LangWrbk.dll"

[HKCR\CLSID\{66b37110-8bf2-11ce-be59-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\.ppt\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\ProgID]
"(Default)" = "MSIDXSErrorLookup.1"

[HKCR\ItlItlWrdBrk.ItlItlWrdBrk\CurVer]
"(Default)" = "ItlItlWrdBrk.ItlItlWrdBrk.1"

[HKCR\Microsoft Internet Mail Message\CLSID]
"(Default)" = "{5645C8C3-E277-11CF-8FDA-00AA00A14F93}"

[HKCR\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{A4463024-2B6F-11D0-BFBC-0020F8008024}]
"(Default)" = "Indexing Service Query SSO V2."

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"NameString" = "Indexing Service"

[HKCR\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
"(Default)" = "{c3278e90-bea7-11cd-b579-08002b30bfeb}"

[HKCR\IXSSO.Query.3\CLSID]
"(Default)" = "{EAFDF8B3-3BE5-4E05-BF86-1E486B2FEF9D}"

[HKCR\CLSID\{c1243ca0-bf96-11cd-b579-08002b30bfeb}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{00020906-0000-0000-C000-000000000046}\PersistentHandler]
"(Default)" = "{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKCR\Microsoft.ISCatAdm\CLSID]
"(Default)" = "{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\English_UK]
"Locale" = "2057"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\French_French]
"Locale" = "1036"

[HKCR\CLSID\{1E9685E6-DB6D-11d0-BB63-00C04FC2F410}\InprocServer32]
"(Default)" = "query.dll"

[HKCR\CLSID\{eec97550-47a9-11cf-b952-00aa0051fe20}]
"(Default)" = "HTML File persistent handler"

[HKCR\.xsl\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKCR\CLSID\{d99f7670-7f1a-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{510a4910-7f1c-11ce-be57-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\InprocServer32]
"ThreadingModel" = "Free"

[HKCR\CLSID\{860d28d0-8bf4-11ce-be59-00aa0051fe20}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\MMC\SnapIns\{95AD72F0-44CE-11D0-AE29-00AA004B9986}]
"NodeType" = "{5401E3E9-F5F6-11D1-B4F7-00C04FC2DB8D}"

[HKCR\Microsoft.ISAdm]
"(Default)" = "Microsoft Index Server Administration Object"

[HKCR\Microsoft Internet News Message]
"(Default)" = "Internet News Message"

[HKCR\.xml\PersistentHandler]
"(Default)" = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Spanish_Modern]
"StemmerClass" = "{b0516ff0-7f1c-11ce-be57-00aa0051fe20}"

[HKLM\System\CurrentControlSet\Control\ContentIndex\Language\Swedish_Default]
"WBreakerClass" = "{01c6b350-12c7-11ce-bd31-00aa004bbb1f}"

[HKCR\Microsoft.ISAdm\CurVer]
"(Default)" = "Microsoft.ISAdm.1"

The Virus deletes the following registry key(s):

[HKCR\MSIDXS ErrorLookup\Clsid]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}]
[HKCR\MSIDXS\Clsid]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\InprocServer32]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\Programmable]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\ProgID]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\InprocServer32]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\InprocServer32]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\InprocServer32]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\VersionIndependentProgID]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\ProgID]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\Programmable]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
[HKCR\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\VersionIndependentProgID]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\ProgID]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors\{F9AE8981-7E52-11d0-8964-00C04FD611D7}]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ProgID]
[HKCR\CLSID\{3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\ProgID]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\VersionIndependentProgID]
[HKCR\MSIDXS ErrorLookup]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\VersionIndependentProgID]
[HKCR\CLSID\{80A3E9B0-A246-11D3-BB8C-0090272FA362}\InprocServer32]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A1-652A-11D1-B4D4-00C04FC2DB8D}\ProgID]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\InprocServer32]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\ExtendedErrors]
[HKCR\CLSID\{363F1015-FD5F-4ba8-AC58-29634F378A42}\InprocServer32]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\VersionIndependentProgID]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\ProgID]
[HKCR\CLSID\{F14E6B48-FBCA-4d32-BD79-7829D4F7E43B}\ProgID]
[HKCR\MSIDXS]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}\VersionIndependentProgID]
[HKCR\CLSID\{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}\Programmable]
[HKCR\CLSID\{F9AE8981-7E52-11d0-8964-00C04FD611D7}\InprocServer32]
[HKCR\CLSID\{F9AE8980-7E52-11d0-8964-00C04FD611D7}\OLE DB Provider]
[HKCR\CLSID\{C7B6C04A-CBB5-11d0-BB4C-00C04FC2F410}\ProgID]
[HKCR\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}]

The process eb41d0156cf86c257e85fd700cb0fb38.exe:1692 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1609" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"2103" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"1406" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1406" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1609" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1609" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"2103" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"2103" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Google\Google Toolbar\Component]
"CurrentVersion" = "7.5.4601.54"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"2103" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"FailedInstallPing" = "http://clients1.google.com/tools/pso/ping?as=tbin&gu=mi;0x0&mode=3&sin=1&ein=0&version=7.5.4601.54&brand=GUEA&hl=en&tbiv=7.5.4601.54&time=1382005794&fitime=1382005794&browser=6.0.2900.5512&osver=5.1&ossp=3.0&osarch=32&ext=EXE&id=C9EE5DC8F5FA1EFE945EFABF3076D4332C052eUPDL"

[HKLM\SOFTWARE\Google\Google Toolbar]
"test" = "31193"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1406" = "0"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"FirstInstallTime" = "1382005794"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"1609" = "0"

[HKLM\SOFTWARE\Google\Google Toolbar\Component]
"NextVersion" = "7.5.4601.54"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"2103" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 3C 9B 74 8C AE 65 E5 83 DD 7C FD 5B A8 AC 39"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1406" = "0"

[HKLM\SOFTWARE\Google\Google Toolbar\Branding]
"ein" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1609" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1406" = "0"

[HKLM\SOFTWARE\Google\Google Toolbar\Branding]
"sin" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Virus modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Virus deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Google\Google Toolbar\Component]
"PrimaryInstallDone"

[HKCU\Software\Google\Google Toolbar]
"LastInstallError"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Google\Google Toolbar\Component]
"NextVersion"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process infocard.exe:968 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 7B 76 2B C8 A3 E6 45 26 65 FC AB 20 93 FD 9A"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"

The process GoogleUpdaterService_B33FC4DD36A473C6.exe:4084 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB 68 01 EA 18 F9 C4 66 12 DA 5E F1 01 95 EE 66"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Common\Google Updater\apps\tbie]
"auto" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Common\Google Updater]
"path" = "%Program Files%\Google\Common\Google Updater\GoogleUpdaterService.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Common\Google Updater]
"version" = "2.4.2617.4952"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process GoogleUpdateSetup_5CC4B0F53D73AD88.exe:1060 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 C3 4D BF 24 BD 5A E4 CB 79 DA 04 18 74 9E F5"

The process GoogleToolbarNotifier.exe:2120 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"HideUI_Throttled" = "0"

[HKCU\Software\Google\GoogleToolbarNotifier]
"iemc" = "1"

[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"DetectChange_DS" = "0"

[HKCU\Software\Google\GoogleToolbarNotifier]
"UpdateURL" = "http://clients1.google.com/tools/swg2/update"

[HKCU\Software\Google\GoogleToolbarNotifier]
"KeepDS" = "2280758659"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Google\GoogleToolbarNotifier]
"FirstRun" = "0"

[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"Icon_Click" = "0"

[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"UserAllowChange_DS" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ShowUI_TrayIcon" = "0"

[HKCU\Software\Google\Google Toolbar\4.0]
"UpdateResult" = "98"

[HKCU\Software\Google\GoogleToolbarNotifier]
"DefaultLanguage" = "en"

[HKCU\Software\Google\GoogleToolbarNotifier]
"ts" = "1382005775"

[HKCU\Software\Google\GoogleToolbarNotifier]
"AppPath" = "%Program Files%\Google\GoogleToolbarNotifier"

[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ShowUI_Popup" = "0"

[HKCU\Software\Google\GoogleToolbarNotifier]
"InstalledVersion" = "5.7.9012.1008"

[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"LastReportTime" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EA E8 E8 95 90 B4 A8 07 8B BC E6 7C AF 26 0B DC"

[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"scShowTrayIcon" = "ffffffff"

[HKCU\Software\Google\GoogleToolbarNotifier]
"UsageStat" = "1"

[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ModifyUI_UserIntent" = "0"

[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"Bubble_Click" = "0"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Extc" = "1"

[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"scKeepDS" = "87f19d83"

The Virus deletes the following value(s) in system registry:

[HKCU\Software\Google\GoogleToolbarNotifier]
"WantProductRestart"

[HKCU\Software\Google\GoogleToolbarNotifier]
"SuspendedDS"

[HKCU\Software\Google\GoogleToolbarNotifier]
"ts"

[HKCU\Software\Google\GoogleToolbarNotifier]
"DSPSuspended"

The process GoogleToolbarNotifier.exe:2008 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID]
"(Default)" = "ProtectorExe.ProtectorHost.1"

[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\ProtectorExe.ProtectorHost.1\CLSID]
"(Default)" = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"

[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}]
"(Default)" = "IProtectorLib7"

[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}]
"(Default)" = "IProtector11"

[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"

[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}]
"(Default)" = "IProtector8"

[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\VersionIndependentProgID]
"(Default)" = "protector_dll.Protector"

[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"Version" = "1a.0"

[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0]
"(Default)" = "protector_dllLib"

[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}]
"(Default)" = "protector_dll"

[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}]
"(Default)" = "IProtector9"

[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]
"(Default)" = "ProtectorExe"

[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}]
"(Default)" = "IProtectorLib8"

[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\protector_dll.ProtectorLib.1]
"(Default)" = "ProtectorLib Class"

[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppName" = "GoogleToolbarNotifier.exe"

[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"Version" = "1a.0"

[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"(Default)" = "ProtectorLib Class"

[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"Version" = "1a.0"

[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorLib"

[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}]
"(Default)" = "IProtector10"

[HKCR\protector_dll.ProtectorBho.1\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"

[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\protector_dll.ProtectorLib\CurVer]
"(Default)" = "protector_dll.ProtectorLib.1"

[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"

[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}]
"(Default)" = "IProtector5"

[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"Version" = "1a.0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppPath" = "%Program Files%\Google\GoogleToolbarNotifier"

[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID]
"(Default)" = "protector_dll.ProtectorLib.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 1B 6E C7 24 B1 13 93 22 52 2A 7B 55 21 16 8D"

[HKCR\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\ProgID]
"(Default)" = "protector_dll.Protector.1"

[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}]
"(Default)" = "IProtector3"

[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"Version" = "1a.0"

[HKCR\AppID\ProtectorExe.EXE]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"

[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"

[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"(Default)" = "Google Toolbar Notifier BHO"

[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\protector_dll.ProtectorBho]
"(Default)" = "Google Toolbar Notifier BHO"

[HKCR\AppID\protector_dll.DLL]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"

[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}]
"(Default)" = "IProtectorLib2"

[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}]
"(Default)" = "IProtector2"

[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}]
"(Default)" = "IProtectorLib6"

[HKCR\protector_dll.Protector\CLSID]
"(Default)" = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}"

[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\ProtectorExe.ProtectorHost]
"(Default)" = "ProtectorHost Class"

[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}]
"(Default)" = "IProtector4"

[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\HELPDIR]
"(Default)" = ""

[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\protector_dll.ProtectorBho.1]
"(Default)" = "Google Toolbar Notifier BHO"

[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}]
"(Default)" = "IProtectorLib3"

[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"(Default)" = "ProtectorHost Class"

[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}]
"(Default)" = "IProtectorHost"

[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\protector_dll.ProtectorLib.1\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"

[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}]
"(Default)" = "IProtectorLib4"

[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}]
"(Default)" = "IProtector"

[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}]
"(Default)" = "IProtector6"

[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"Version" = "1a.0"

[HKCR\ProtectorExe.ProtectorHost.1]
"(Default)" = "ProtectorHost Class"

[HKCR\protector_dll.Protector\CurVer]
"(Default)" = "protector_dll.Protector.1"

[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"Depend" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll"

[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}]
"(Default)" = "IProtectorHost2"

[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]
"RunAs" = "Interactive User"

[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}]
"(Default)" = "IProtectorLib5"

[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKCR\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"Policy" = "3"

[HKCR\protector_dll.ProtectorBho\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"

[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\protector_dll.ProtectorBho\CurVer]
"(Default)" = "protector_dll.ProtectorBho.1"

[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\ProtectorExe.ProtectorHost\CurVer]
"(Default)" = "ProtectorExe.ProtectorHost.1"

[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\0\win32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"

[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}]
"(Default)" = "IProtector12"

[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"Version" = "1a.0"

[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\protector_dll.Protector.1]
"(Default)" = "Protector Class"

[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorBho"

[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\protector_dll.Protector]
"(Default)" = "Protector Class"

[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}]
"(Default)" = "IProtectorLib"

[HKCR\protector_dll.ProtectorLib\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"

[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
"(Default)" = "protector_dll.ProtectorBho.1"

[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]
"(Default)" = "Protector Class"

[HKCR\protector_dll.Protector.1\CLSID]
"(Default)" = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}"

[HKCR\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\ProtectorExe.ProtectorHost\CLSID]
"(Default)" = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"

[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}]
"(Default)" = "IProtector7"

[HKCR\protector_dll.ProtectorLib]
"(Default)" = "ProtectorLib Class"

[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID]
"(Default)" = "ProtectorExe.ProtectorHost"

[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"Version" = "1a.0"

[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"Version" = "1a.0"

The process GoogleToolbarNotifier.exe:4028 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 96 71 B8 D8 DD 98 3C 6C 99 A2 64 F9 55 E8 16"

[HKCU\Software\Google\GoogleToolbarNotifier]
"DefaultLanguage" = "en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process GoogleUpdaterService.exe:2056 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 F8 6B F7 EE 82 C6 68 B2 F1 F2 CA 80 D5 F5 EB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Google\Common\Google Updater\apps\swg]
"auto" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process GoogleUpdaterService.exe:1440 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\HELPDIR]
"(Default)" = ""

[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"

[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"

[HKCR\GUSchedulerCtl.UpdaterScheduler]
"(Default)" = "Google Updater Scheduler class"

[HKCR\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]
"(Default)" = "Google Silent Updater class"

[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\VersionIndependentProgID]
"(Default)" = "GUServiceCtl.SilentUpdater"

[HKCR\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"

[HKCR\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\LocalServer32]
"(Default)" = "%Program Files%\Google\Common\Google Updater\GoogleUpdaterService.exe"

[HKCR\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32]
"(Default)" = "%Program Files%\Google\Common\Google Updater\GoogleUpdaterService.exe"

[HKCR\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]
"(Default)" = "Google Updater Scheduler class"

[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\GUServiceCtl.SilentUpdater]
"(Default)" = "Google Silent Updater class"

[HKCR\GUServiceCtl.SilentUpdater\CLSID]
"(Default)" = "{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}"

[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"

[HKCR\GUSchedulerCtl.UpdaterScheduler.1\CLSID]
"(Default)" = "{B53B7061-6584-46AA-A033-D610EB10BD9B}"

[HKCR\GUServiceCtl.SilentUpdater\CurVer]
"(Default)" = "GUServiceCtl.SilentUpdater.1"

[HKCR\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\ProgID]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler.1"

[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}]
"(Default)" = "IUpdaterScheduler"

[HKCR\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"

[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"LocalService" = "gusvc"

[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"(Default)" = "gusvc"

[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0]
"(Default)" = "Google Updater Service 1.0 Type Library"

[HKCR\GUServiceCtl.SilentUpdater.1\CLSID]
"(Default)" = "{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}"

[HKCR\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID]
"(Default)" = "GUServiceCtl.SilentUpdater.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 54 85 36 26 7B DD 40 02 16 19 15 49 A9 40 26"

[HKCR\GUServiceCtl.SilentUpdater.1]
"(Default)" = "Google Silent Updater class"

[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\0\win32]
"(Default)" = "%Program Files%\Google\Common\Google Updater\GoogleUpdaterService.exe"

[HKCR\AppID\GoogleUpdaterService.exe]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"

[HKCR\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"

[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\GUSchedulerCtl.UpdaterScheduler\CurVer]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler.1"

[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}]
"(Default)" = "ISilentUpdater"

[HKCR\GUSchedulerCtl.UpdaterScheduler\CLSID]
"(Default)" = "{B53B7061-6584-46AA-A033-D610EB10BD9B}"

[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"Version" = "1.0"

[HKCR\GUSchedulerCtl.UpdaterScheduler.1]
"(Default)" = "Google Updater Scheduler class"

[HKCR\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\VersionIndependentProgID]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler"

The Virus deletes the following value(s) in system registry:

[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"LocalService"

The process svchost.exe:1096 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesSuccessful" = "18"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed" = "20"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"LastTraceFailure" = "4"

The process wmiapsrv.exe:1320 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 48 83 EB 78 8F F2 4D 79 81 AA 38 41 34 B2 A1"

[HKLM\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance]
"Performance Refreshed" = "0"

The process mscorsvw.exe:1940 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 6B C1 C0 67 BA 0F DD 88 A0 9A 5F 2F 59 A0 28"

The process iexplore.exe:3452 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.orkut]
"order" = "15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.finance]
"option1" = ""

[HKCU\Software\Google\Google Toolbar\Prefetch\Domains]
"www.google.com" = "1"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Integers]
"SearchTypesCount.ext" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.images]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Counts]
"IENewTabOrWindowOpened.ext" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.orkut]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"DnsABSignature" = "30 24 0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.site]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_21"

[HKLM\SOFTWARE\Google\Google Toolbar\Component\Used]
"GoogleToolbarDynamic_mui_en.dll" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013101720131018]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012013101720131018\"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.froogle]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.documents]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.groups]
"ontoolbar" = "0"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.web_history]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.books]
"order" = "11"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_27"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.site]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Counts]
"DynamicInSafeComponentDir" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_04"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.web_history]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Type" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.groups]
"order" = "7"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.froogle]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Counts]
"LangDetectSuccess.ext" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.orkut]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_21"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.finance]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"LastPatchVersion" = "7.5.4601.54"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\iexplore]
"Time" = "DD 07 0A 00 04 00 11 00 0A 00 1D 00 26 00 59 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.groups]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.calendar]
"gadget_options" = ""

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Type" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.documents]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Booleans]
"ToastHomePageOptInOffered.ext" = "4294967295"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.froogle]
"order" = "8"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Timings]
"LangDetectLangCount.ext" = "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.orkut]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "iexplore.exe"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_02"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.scholar]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
"order" = "19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"order" = "5"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Count" = "11"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.site]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.patents]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.site]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.calendar]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.site]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"FastSearchCleaned" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"NodeSlots" = "02 02 02 02 02 02 02 02 02 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
"(Default)" = "Java Plug-in 1.3.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Time" = "DD 07 0A 00 04 00 11 00 0A 00 1D 00 26 00 DC 01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.scholar]
"title" = ""

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.finance]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.video]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013101720131018]
"CacheLimit" = "8192"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"ontoolbar" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\iexplore]
"Type" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.patents]
"ontoolbar" = "0"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.groups]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
"(Default)" = "{5852F5ED-8BF4-11D4-A245-0080C6F74284}"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_02"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.books]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Counts]
"UnhideToolbar.ext" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_26"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.country]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_02"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.books]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\iexplore]
"Time" = "DD 07 0A 00 04 00 11 00 0A 00 1E 00 00 00 C0 03"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Pinned" = "{pinned:[],unpinned:[]}"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.scholar]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_14"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]
"ontoolbar_start_time" = "1382005802"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore]
"Time" = "DD 07 0A 00 04 00 11 00 0A 00 1D 00 26 00 1A 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.patents]
"gadget_options" = ""

[HKLM\SOFTWARE\Google\Google Toolbar\Component\Used]
"GoogleCld.dll" = "1"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.video]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.photos]
"order" = "17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.froogle]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.web_history]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.video]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Count" = "11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Booleans]
"GeolocationFeatureEnabled.ext" = "4294967295"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.books]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.blog]
"title" = ""

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.country]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_08"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]
"ontoolbar" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.blog]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.calendar]
"order" = "12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.blog]
"in_search_list" = "1"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.books]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"PopupBlockerWhitelist" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Count" = "8"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Booleans]
"ToastDefaultSearchOptOutOffered.ext" = "4294967295"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_03"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Counts]
"NavigationSignedOut.ext" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013101720131018]
"CacheRepair" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore]
"Count" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.lucky]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.calendar]
"in_search_list" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore]
"Type" = "3"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.web_history]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.images]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_02"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Window_Placement" = "2C 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "B1 C2 18 23 65 49 D4 11 9B 18 00 90 27 A5 CD 4F"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.books]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_04"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.patents]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.web_history]
"order" = "9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"MRUListEx" = "01 00 00 00 00 00 00 00 03 00 00 00 02 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]
"option1" = ""

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.finance]
"order" = "14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "12"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\iexplore]
"Type" = "2"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.blog]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_09"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DD 07 0A 00 04 00 11 00 0A 00 1D 00 27 00 24 03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.photos]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_07"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.country]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
"in_search_list" = "1"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.maps]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.blog]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.site]
"order" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.calendar]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.lucky]
"order" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.scholar]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_30"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"{AE1E9B4C-7454-404e-85AC-6980562DAF11}_providers_data" = "[[GooglePlus,1,0,1]]"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_07"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.documents]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_25"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.calendar]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"Status" = "o:Options changed"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Time" = "DD 07 0A 00 04 00 11 00 0A 00 1D 00 27 00 F5 02"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.maps]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.lucky]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_25"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013101720131018]
"CacheOptions" = "11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Type" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_05"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.photos]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.images]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Integers]
"SearchBoxWidth.ext" = "469"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_26"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"RbbsBreak" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_30"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]
"order" = "20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.images]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]
"in_search_list" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1208111653"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.photos]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.orkut]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"HoverDictionary" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\Prefetch\Queue]
"0" = "www.google.com"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.documents]
"order" = "13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_16"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.maps]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.images]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.froogle]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.maps]
"order" = "6"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_03"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"DefaultsCopied" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0]
"instances" = "458952;"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.maps]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar]
"Locked" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_10"

[HKCU\Software\Google\Google Toolbar\Prefetch\Queue\counter]
"counter" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" = "21 BF 5C 0E 5F D1 D0 11 83 01 00 AA 00 5B 43 83"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.groups]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_17"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Time" = "DD 07 0A 00 04 00 11 00 0A 00 1D 00 26 00 D0 03"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" = "81 45 E0 01 EE 4E D0 11 BF E9 00 AA 00 5B 43 83"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_03"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.scholar]
"order" = "18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.video]
"order" = "4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_18"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.blog]
"order" = "10"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.finance]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Counts]
"LangDetect.ext" = "1"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.groups]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"UserPatchLevel" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_23"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"ontoolbar_start_time" = "1382005802"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.maps]
"gadget_options" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_04"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Booleans]
"LargeIcons.ext" = "4294967295"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBarLayout" = "11 00 00 00 4C 00 00 00 00 00 00 00 34 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.documents]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.finance]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DD 07 0A 00 04 00 11 00 0A 00 1D 00 27 00 34 03"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 98 ED 95 33 B4 00 0A 0C D8 B5 A8 57 36 4A AE"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.lucky]
"in_search_list" = "1"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.photos]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_20"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.country]
"order" = "2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.patents]
"order" = "16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.patents]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.photos]
"title" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"dr" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_13"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\iexplore]
"Count" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_17"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.lucky]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"DnsDatabaseReadTime" = "2"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.country]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.froogle]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.country]
"gadget_options" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.lucky]
"gadget_options" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013101720131018]
"CachePrefix" = ":2013101720131018:"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links]
"Order" = "08 00 00 00 02 00 00 00 00 02 00 00 01 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.video]
"ontoolbar" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.scholar]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\UsageStats\Weekly\Booleans]
"GeolocationNeverUsed.ext" = "4294967295"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]
"gadget_options" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.web_history]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_08"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.documents]
"in_search_list" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_28"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.images]
"order" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.video]
"option1" = ""

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\iexplore]
"Count" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_09"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Virus modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Virus deletes the following registry key(s):

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Options]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013041720130418]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\JavaPlugin.160_18]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]

The Virus deletes the following value(s) in system registry:

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.site]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.web_history]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.orkut]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.images]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"updated"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.calendar]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.blog]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.maps]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.video]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.country]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.photos]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.blog]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.froogle]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.froogle]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.patents]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.images]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"DictionaryToLang"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.web_history]
"gadget_width"

[HKLM\SOFTWARE\Google\Google Toolbar\4.0\Setup]
"BringIeToForeground"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.books]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.books]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.scholar]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.groups]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.documents]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Vendor"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.photos]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"count"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.calendar]
"gadget_width"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"description"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.orkut]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"icon"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.finance]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.lucky]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.lucky]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.finance]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.scholar]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.groups]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
"gadget_height"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.documents]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.country]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.site]
"gadget_height"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"hash"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.patents]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.maps]
"gadget_width"

[HKCU\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.video]
"gadget_height"

The process cidaemon.exe:1072 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 BA AA CB A7 53 B3 C5 6C A7 10 B8 6F D1 F0 38"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{E4B29F9D-D390-480B-92FD-7DDB47101D71} {0000010B-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 7C 6C 9C 7C F2 B0 45 D5 23 CB CE 01"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

The process msiexec.exe:1804 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Google\Installers]
"MsiStubRun" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"WindowsInstaller" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Language" = "1033"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Publisher" = "Google Inc."

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"PackageCode" = "91E63FF92CBF7A24EA783B8301C791BC"

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList]
"PackageName" = "GoogleToolbarHelper_signed.msi"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"WindowsInstaller" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"InstallDate" = "20131017"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"ModifyPath" = "MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"DisplayName" = "Google Update Helper"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"Version" = "16777216"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Contact" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"ModifyPath" = "MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}"

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList]
"LastUsedSource" = "n;1;%Program Files%\Google\Google Toolbar\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"URLInfoAbout" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Comments" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"VersionMajor" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"Readme" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"Readme" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"VersionMajor" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"Language" = "1033"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Readme" = ""

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"Assignment" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"DisplayName" = "Google Update Helper"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"HelpTelephone" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"AuthorizedCDFPrefix" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F]
"93BAD29AC2E44034A96BCB446EB8552E" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Readme" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"ModifyPath" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Contact" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"DisplayVersion" = "1.0.0"

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"AuthorizedLUAApp" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"AuthorizedCDFPrefix" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"Size" = ""

[HKCR\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E]
"Complete" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"InstallDate" = "20131017"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"HelpLink" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"InstallLocation" = "%Program Files%\Google\Installers\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"InstallLocation" = ""

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList\Net]
"1" = "%Program Files%\Google\Google Toolbar\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"Contact" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"Comments" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"Contact" = ""

[HKLM\SOFTWARE\Google\Update]
"MsiStubRun" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"InstallSource" = "%Program Files%\Google\Update\1.3.21.107\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"InstallLocation" = ""

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"AdvertiseFlags" = "388"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"UninstallString" = "MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"InstallLocation" = "%Program Files%\Google\Installers\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"SystemComponent" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"VersionMajor" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"InstallSource" = "%Program Files%\Google\Google Toolbar\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"WindowsInstaller" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"InstallDate" = "20131017"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"Size" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Size" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"ModifyPath" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"Version" = "16777216"

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"PackageCode" = "710A9162B922B4C409D3C2C34DCA65A2"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"ProductName" = "Google Update Helper"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"DisplayVersion" = "1.3.21.107"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"EstimatedSize" = "28"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"URLInfoAbout" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"HelpTelephone" = ""

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"Clients" = ":"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"LastUsedSource" = "n;1;%Program Files%\Google\Update\1.3.21.107\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"HelpTelephone" = ""

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B FE BB 35 A1 E7 D4 FE 90 A9 19 7E C7 3A 4C 8D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"URLUpdateInfo" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A9C08D73A738D4645A912F4E39ABB657]
"18555481990E8AB4CBB63FB4F26006C0" = ""

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Version" = "16973845"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Publisher" = "Google Inc."

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"URLInfoAbout" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"UninstallString" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"SystemComponent" = "1"

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList\Media]
"1" = ";"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\Patches]
"AllPatches" = ""

[HKCR\Installer\UpgradeCodes\A9C08D73A738D4645A912F4E39ABB657]
"18555481990E8AB4CBB63FB4F26006C0" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"URLUpdateInfo" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA]
"93BAD29AC2E44034A96BCB446EB8552E" = "02:\SOFTWARE\Google\Update\MsiStubRun"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Size" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"HelpLink" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"Language" = "1033"

[HKCR\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F]
"93BAD29AC2E44034A96BCB446EB8552E" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"LocalPackage" = "%WinDir%\Installer\c6f91.msi"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"UninstallString" = "MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}"

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"Language" = "1033"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"UninstallString" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"DisplayName" = "Google Toolbar for Internet Explorer"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"AuthorizedCDFPrefix" = ""

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Assignment" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"DisplayVersion" = "1.3.21.107"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Version" = "16973845"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"EstimatedSize" = "28"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"HelpTelephone" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"URLUpdateInfo" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"VersionMinor" = "3"

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"ProductName" = "Google Toolbar for Internet Explorer"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"VersionMinor" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"Comments" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"LocalPackage" = "%WinDir%\Installer\c6f8c.msi"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"InstallSource" = "%Program Files%\Google\Google Toolbar\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"URLInfoAbout" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"DisplayVersion" = "1.0.0"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Media]
"1" = ";"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"WindowsInstaller" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"HelpLink" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"Publisher" = "Google Inc."

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Version" = "16973845"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"EstimatedSize" = "28"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"HelpLink" = ""

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Language" = "1033"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"DisplayName" = "Google Toolbar for Internet Explorer"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"1" = "%Program Files%\Google\Update\1.3.21.107\"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"PackageName" = "GoogleUpdateHelper.msi"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress]
"(Default)" = "%WinDir%\Installer\c6f8b.ipi"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\Patches]
"AllPatches" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"InstallSource" = "%Program Files%\Google\Update\1.3.21.107\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"VersionMinor" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BFB0305F3F68B04BAB8C647D818B9C1]
"18555481990E8AB4CBB63FB4F26006C0" = "02:\SOFTWARE\Google\Installers\MsiStubRun"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"AuthorizedLUAApp" = "0"

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"Version" = "16777216"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"AdvertiseFlags" = "388"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\Features]
"Complete" = "taejA{g*m8@tXKMDTT4,"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Language" = "1033"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"InstanceType" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"URLUpdateInfo" = ""

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"InstanceType" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"VersionMinor" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"SystemComponent" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"VersionMajor" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"Publisher" = "Google Inc."

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"InstallDate" = "20131017"

[HKCR\Installer\Features\18555481990E8AB4CBB63FB4F26006C0]
"Complete" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\Features]
"Complete" = "0a5PL!)GT?sf9ax}}Y{_"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Comments" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"AuthorizedCDFPrefix" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"EstimatedSize" = "28"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"SystemComponent" = "1"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Clients" = ":"

The Virus deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress]

The process SearchWithGoogleUpdate_C993F490EED40C1B.exe:1684 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 17 A2 EB E7 98 CC 92 59 51 61 0D BA E5 2D F5"

[HKLM\SOFTWARE\Google\GoogleToolbarNotifier\Clients]
"ietb" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008,"

[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"ust" = "100"

[HKLM\SOFTWARE\Google\GoogleToolbarNotifier]
"id" = "da5bc2c5775b437ea20abaf86c5c6db8"

[HKLM\SOFTWARE\Google\GoogleToolbarNotifier]
"brand" = "GUEA"

[HKLM\SOFTWARE\Google\GoogleToolbarNotifier]
"Version" = "5.7.9012.1008"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"swg" = "%Program Files%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

The process DW20.EXE:1792 makes changes in a system registry.


The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 B7 9D DC B6 CB F5 36 ED 49 43 11 6B 15 E8 81"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
"OkToReportFromTheseQueues" = "2"

To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting" = "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Virus deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

Network activity (URLs)

URL IP
hxxp://173.194.43.105/edgedl/toolbar/components/GoogleToolbarDynamic_32_63C8ABC94752CFD5.dll.lz
hxxp://r12.sn-tt17rn7r.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_32_63C8ABC94752CFD5.dll.lz?cms_redirect=yes&expire=1382036618&ip=184.107.38.38&ipbits=0&ir=1&ms=nvh&mt=1382022201&mv=m&sparams=expire,ip,ipbits&signature=2A8354A8B6800EAB1D024FC72694AE144A0A9D13.6E0C1B38E37F29906AAB358609CF0BD49947A49B&key=cms1 (Malicious)
hxxp://173.194.43.105/edgedl/toolbar/components/GoogleToolbarDynamic_mui_en_9EEB5F5999E77426.dll.lz
hxxp://r1.sn-tt17rn76.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_mui_en_9EEB5F5999E77426.dll.lz?cms_redirect=yes&expire=1382036620&ip=184.107.38.38&ipbits=0&ir=1&ms=nvh&mt=1382022201&mv=m&sparams=expire,ip,ipbits&signature=52EB8935C7F6AFDFEFB6DEA3F2F70E9D93B7F023.3164BEA0E1FD025A450D37D8651B5A042F3BFFCA&key=cms1 (Malicious)
hxxp://yyz08s10-in-f9.1e100.net/edgedl/toolbar/components/GoogleToolbarManager_08875ABF44579E20.exe.lz
hxxp://r11.sn-tt17rn7k.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarManager_08875ABF44579E20.exe.lz?cms_redirect=yes&expire=1382036621&ip=184.107.38.38&ipbits=0&ir=1&ms=nvh&mt=1382022201&mv=m&sparams=expire,ip,ipbits&signature=21733EE331A587213C12BAC705A94E6574D7F61A.417E76BA0E6D1E232722831ADDFDF51CE9D9CBBC&key=cms1 (Malicious)
hxxp://yyz08s10-in-f9.1e100.net/edgedl/toolbar/components/GoogleToolbarUser_32_4814EB429669E41D.exe.lz
hxxp://r9.sn-tt17rn76.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarUser_32_4814EB429669E41D.exe.lz?cms_redirect=yes&expire=1382036622&ip=184.107.38.38&ipbits=0&ir=1&ms=nvh&mt=1382022201&mv=m&sparams=expire,ip,ipbits&signature=12FC66936E443E6DDFA8B737A9B381733AAF895F.2CE29132DDEB788B974B1AC58E4227A12FC02B69&key=cms1 (Malicious)
hxxp://yyz08s10-in-f9.1e100.net/edgedl/toolbar/components/GoogleUpdaterService_B33FC4DD36A473C6.exe.lz
hxxp://r7.sn-tt17rn76.c.pack.google.com/edgedl/toolbar/components/GoogleUpdaterService_B33FC4DD36A473C6.exe.lz?cms_redirect=yes&expire=1382036622&ip=184.107.38.38&ipbits=0&ir=1&ms=nvh&mt=1382022201&mv=m&sparams=expire,ip,ipbits&signature=067BF8D828CE71A14CA65E5444111C647D9EC87C.7FAECB734E640321282369AAADA590FA0BD80E6A&key=cms1 (Malicious)
hxxp://yyz08s10-in-f9.1e100.net/edgedl/toolbar/components/GoogleUpdateSetup_5CC4B0F53D73AD88.exe.lz
hxxp://r19.sn-tt17rn76.c.pack.google.com/edgedl/toolbar/components/GoogleUpdateSetup_5CC4B0F53D73AD88.exe.lz?cms_redirect=yes&expire=1382036622&ip=184.107.38.38&ipbits=0&ir=1&ms=nvh&mt=1382022201&mv=m&sparams=expire,ip,ipbits&signature=65F2FB0F0DBCD2F1D9771D097B2998B71DBCCDF2.77129F2D5BE0AD8F6A809E983D5D100A15CB77F9&key=cms1 (Malicious)
hxxp://yyz08s10-in-f9.1e100.net/edgedl/toolbar/components/SearchWithGoogleUpdate_C993F490EED40C1B.exe.lz
hxxp://r16.sn-tt17rn7d.c.pack.google.com/edgedl/toolbar/components/SearchWithGoogleUpdate_C993F490EED40C1B.exe.lz?cms_redirect=yes&expire=1382036623&ip=184.107.38.38&ipbits=0&ir=1&ms=nvh&mt=1382022201&mv=m&sparams=expire,ip,ipbits&signature=375E7E41C7F53FF48E17E9D7E805426A6C0754B3.4A85A8D6B781F29072A3811D30EF690E4BD9FBCE&key=cms1 (Malicious)
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl
hxxp://e6845.ce.akamaiedge.net/ThawteTimestampingCA.crl
hxxp://e6845.ce.akamaiedge.net/tss-ca-g2.crl
hxxp://e6845.ce.akamaiedge.net/ThawtePremiumServerCA.crl
hxxp://e6845.ce.akamaiedge.net/ThawteCSG2.crl
hxxp://e6845.ce.akamaiedge.net/tss-ca.crl
r11---sn-tt17rn7k.c.pack.google.com74.125.174.208
r16---sn-tt17rn7d.c.pack.google.com74.125.174.181
crl.verisign.com23.60.133.163
r19---sn-tt17rn76.c.pack.google.com74.125.174.152
r7---sn-tt17rn76.c.pack.google.com74.125.174.140
ts-crl.ws.symantec.com23.60.133.163
r1---sn-tt17rn76.c.pack.google.com74.125.174.134
csc3-2010-crl.verisign.com23.61.181.163
r12---sn-tt17rn7r.c.pack.google.com74.125.174.241
crl.thawte.com23.60.133.163
cs-g2-crl.thawte.com23.60.133.163
r9---sn-tt17rn76.c.pack.google.com74.125.174.142
wpadUnresolvable


Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    GoogleToolbarManager_08875ABF44579E20.exe:496
    GoogleToolbarManager_08875ABF44579E20.exe:1252
    GoogleToolbarManager_08875ABF44579E20.exe:3388
    GoogleUpdate.exe:392
    GoogleUpdate.exe:3608
    GoogleUpdate.exe:3740
    GoogleUpdate.exe:420
    verclsid.exe:3912
    eb41d0156cf86c257e85fd700cb0fb38.exe:1692
    infocard.exe:968
    GoogleUpdaterService_B33FC4DD36A473C6.exe:4084
    GoogleUpdateSetup_5CC4B0F53D73AD88.exe:1060
    GoogleToolbarNotifier.exe:2120
    GoogleToolbarNotifier.exe:2008
    GoogleToolbarNotifier.exe:4028
    GoogleUpdaterService.exe:2056
    GoogleUpdaterService.exe:1440
    mscorsvw.exe:1940
    cidaemon.exe:1072
    SearchWithGoogleUpdate_C993F490EED40C1B.exe:1684
    DW20.EXE:1792

  2. Delete the original Virus file.
  3. Delete or disinfect the following files created/modified by the Virus:

    %Documents and Settings%\%current user%\Local Settings\Temp\GoogleToolbarInstaller1.log (6203 bytes)
    %Documents and Settings%\All Users\Application Data\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML (12 bytes)
    %Program Files%\Google\Google Toolbar\GoogleToolbarUser_32.exe (1425 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 (341 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 (413 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821 (204 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 (26 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 (224 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821 (148 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 (172 bytes)
    %Program Files%\Google\Google Toolbar\GoogleToolbarHelper_signed.msi (28 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 (228 bytes)
    %Program Files%\Google\Google Toolbar\GoogleToolbar_32.dll (673 bytes)
    %Program Files%\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp (125 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_am.dll (24 bytes)
    %Program Files%\Google\Update\1.3.21.107\GoogleCrashHandler64.exe (1281 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ar.dll (26 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ca.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_cs.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_da.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_lv.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_es-419.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_is.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_uk.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_en.dll (27 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ms.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ta.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\GoogleCrashHandler.exe (673 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_nl.dll (30 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_de.dll (31 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_zh-CN.dll (21 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_bg.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_pt-PT.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_id.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\psmachine.dll (673 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ml.dll (31 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_sr.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ko.dll (23 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_te.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_en-GB.dll (27 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_mr.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_pt-BR.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_fr.dll (30 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_zh-TW.dll (21 bytes)
    %Program Files%\Google\Update\1.3.21.107\GoogleUpdateHelper.msi (25 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_et.dll (27 bytes)
    %Program Files%\Google\Update\1.3.21.107\psuser.dll (673 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_pl.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_el.dll (30 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_vi.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_hi.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_bn.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\GoogleUpdateSetup.exe (5441 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ja.dll (23 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_hu.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\GoogleUpdate.exe (601 bytes)
    %Program Files%\Google\Update\GoogleUpdate.exe (601 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ru.dll (28 bytes)
    %WinDir%\Tasks\GoogleUpdateTaskMachineUA.job (880 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_th.dll (27 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_fil.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_gu.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_sw.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\GoogleUpdateBroker.exe (59 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_es.dll (30 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_sv.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_tr.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_fi.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_hr.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ur.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\GoogleUpdateOnDemand.exe (59 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdate.dll (5873 bytes)
    %Program Files%\Google\Update\1.3.21.107\npGoogleUpdate3.dll (3361 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_sl.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_iw.dll (25 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_kn.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_sk.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_ro.dll (29 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_it.dll (30 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_no.dll (29 bytes)
    %WinDir%\Tasks\GoogleUpdateTaskMachineCore.job (876 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_lt.dll (28 bytes)
    %Program Files%\Google\Update\1.3.21.107\goopdateres_fa.dll (27 bytes)
    %Program Files%\Wireshark\plugins\0.99.6a (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\test.pml (30805 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtF.tmp (11518 bytes)
    C:\System Volume Information\catalog.wci\propstor.bk2 (160048 bytes)
    C:\System Volume Information\catalog.wci\propstor.bk1 (19488 bytes)
    C:\System Volume Information\catalog.wci\00000002.ps2 (65 bytes)
    %System%\imapi.exe (4545 bytes)
    C:\System Volume Information\catalog.wci\00000002.ps1 (65 bytes)
    C:\System Volume Information\catalog.wci\CiST0000.000 (8160 bytes)
    C:\System Volume Information\catalog.wci\CiST0000.001 (44 bytes)
    C:\System Volume Information\catalog.wci\CiST0000.002 (44 bytes)
    %WinDir%\Microsoft.NET\Framework (96 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5 (4 bytes)
    C:\System Volume Information\catalog.wci\cicat.hsh (12 bytes)
    C:\System Volume Information\catalog.wci\CiP10000.000 (5280 bytes)
    C:\System Volume Information\catalog.wci\CiP10000.001 (16 bytes)
    C:\System Volume Information\catalog.wci\CiP10000.002 (20 bytes)
    %WinDir%\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
    %System%\smlogsvc.vir (3715 bytes)
    %Program Files%\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe (5441 bytes)
    D:\fs_snap.exe (4185 bytes)
    C:\System Volume Information\catalog.wci\CiPT0000.002 (8 bytes)
    %System%\mnmsrvc.vir (1866 bytes)
    %WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.exe (7971 bytes)
    %System%\drivers (32 bytes)
    C:\System Volume Information\catalog.wci\CiPT0000.001 (8 bytes)
    C:\System Volume Information\catalog.wci\CiPT0000.000 (1680 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727 (768 bytes)
    %Program Files%\Wireshark\snmp\mibs\.index (4 bytes)
    %System%\dmadmin.vir (3850 bytes)
    C:\System Volume Information\catalog.wci\INDEX.002 (20 bytes)
    C:\System Volume Information\catalog.wci\INDEX.000 (3840 bytes)
    C:\System Volume Information\catalog.wci\INDEX.001 (20 bytes)
    %Program Files%\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe (7433 bytes)
    %System%\dmadmin.exe (5441 bytes)
    %Program Files%\WinPcap\rpcapd.vir (3720 bytes)
    %System%\config\AppEvent.Evt (1072 bytes)
    %System%\vssvc.vir (3915 bytes)
    C:\Perl (4 bytes)
    %Program Files%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_9EEB5F5999E77426.dll (7385 bytes)
    %System%\tlntsvr.vir (3699 bytes)
    %System%\imapi.vir (3776 bytes)
    C:\$Directory (2448 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\GoogleToolbarInstaller2.log (204 bytes)
    C:\System Volume Information\catalog.wci\CiCL0001.000 (480 bytes)
    C:\PROGRAM FILES (8 bytes)
    %System%\wbem (1828 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SearchWithGoogleUpdate_C993F490EED40C1B.exe[1].lz (3073 bytes)
    %Program Files%\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_63C8ABC94752CFD5.dll (5768 bytes)
    %System%\locator.exe (4185 bytes)
    %System%\tlntsvr.exe (4185 bytes)
    C:\System Volume Information\catalog.wci\CiVP0000.000 (240 bytes)
    C:\System Volume Information\catalog.wci\cicat.fid (100 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\wireshark.txt (15807 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (1040 bytes)
    %WinDir%\Temp\Perflib_Perfdata_7a8.dat (8 bytes)
    %System%\msiexec.exe (4185 bytes)
    %WinDir%\REGISTRATION (4 bytes)
    %Program Files%\Google\Google Toolbar\Component\GoogleToolbarUser_32_4814EB429669E41D.exe (1425 bytes)
    D:\fs_snap.vir (3693 bytes)
    %WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.vir (7386 bytes)
    %Program Files%\COMMON FILES (4 bytes)
    %WinDir%\Prefetch\PROCMON.EXE-375B9EC2.pf (106 bytes)
    %System%\locator.vir (3701 bytes)
    %Program Files%\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe (11518 bytes)
    %Program Files%\Common Files\VMware\Drivers (4 bytes)
    %Program Files%\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe (673 bytes)
    %Program Files%\WIRESHARK (16 bytes)
    C:\System Volume Information\catalog.wci\CiSP0000.000 (4560 bytes)
    C:\System Volume Information\catalog.wci\CiSP0000.001 (16 bytes)
    C:\System Volume Information\catalog.wci\CiSP0000.002 (16 bytes)
    %Program Files%\WinPcap\rpcapd.exe (4185 bytes)
    %System%\msiexec.vir (3704 bytes)
    C:\System Volume Information\catalog.wci\CiSL0001.000 (240 bytes)
    C:\System Volume Information\catalog.wci\CiP20000.002 (20 bytes)
    C:\System Volume Information\catalog.wci\CiP20000.001 (16 bytes)
    C:\System Volume Information\catalog.wci\CiP20000.000 (5280 bytes)
    C:\System Volume Information\catalog.wci\CiFLfffd.000 (480 bytes)
    C:\$ConvertToNonresident (4 bytes)
    %System%\mnmsrvc.exe (3361 bytes)
    %System%\vssvc.exe (5873 bytes)
    %WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation (4 bytes)
    %Documents and Settings%\%current user%\Cookies (96 bytes)
    D:\wincheck.exe (15278 bytes)
    %System%\osk.exe (5441 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt7.tmp (35473 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 (164 bytes)
    %Program Files%\Outlook Express\msimn.vir (3686 bytes)
    %Program Files%\Google\Google Toolbar\Component\cmpE.tmp (2291 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarManager_08875ABF44579E20.exe[1].lz (55846 bytes)
    %Program Files%\Outlook Express\wab.vir (3672 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
    %System%\narrator.exe (4185 bytes)
    %System%\magnify.exe (4185 bytes)
    %System%\osk.vir (3841 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarDynamic_32_63C8ABC94752CFD5.dll[1].lz (156759 bytes)
    D:\wincheck.vir (15021 bytes)
    %System%\scardsvr.vir (3721 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt3.tmp (97034 bytes)
    %Program Files%\Outlook Express\wab.exe (4185 bytes)
    %Program Files%\Windows Media Player\wmplayer.exe (4185 bytes)
    %System%\wbem\wmiapsrv.vir (3752 bytes)
    %System%\utilman.exe (4185 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.vir (1858 bytes)
    %Program Files%\Google\Google Toolbar\Component\cmpA.tmp (419 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\wsr30zt32.dll (80 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 (898 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (4185 bytes)
    %Program Files%\Google\Google Toolbar\Component\cmp10.tmp (8669 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtD.tmp (48673 bytes)
    %Program Files%\Windows Media Player\wmplayer.vir (3699 bytes)
    %Program Files%\Google\Google Toolbar\Component\cmp6.tmp (4163 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarDynamic_mui_en_9EEB5F5999E77426.dll[1].lz (33506 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gtB.tmp (7960 bytes)
    %Program Files%\Google\Google Toolbar\Component\cmp2.tmp (275 bytes)
    %System%\magnify.vir (3698 bytes)
    %Program Files%\Google\Google Toolbar\Component\cmp8.tmp (4211 bytes)
    %WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.vir (7972 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt1.tmp (7236 bytes)
    %System%\netdde.vir (3737 bytes)
    %System%\cisvc.vir (1839 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Program Files%\Outlook Express\msimn.exe (4185 bytes)
    %System%\clipsrv.exe (3361 bytes)
    %System%\wbem\wmiapsrv.exe (4545 bytes)
    %System%\clipsrv.vir (1867 bytes)
    %Program Files%\Google\Google Toolbar\Component\GoogleToolbar_32_3170DC3FD4082D05.dll (275 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt5.tmp (31315 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Google Toolbar\gt9.tmp (15721 bytes)
    %System%\sessmgr.exe (4545 bytes)
    %System%\scardsvr.exe (4185 bytes)
    %Program Files%\Google\Google Toolbar\Component\cmpC.tmp (275 bytes)
    %System%\utilman.vir (3676 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbar_32_3170DC3FD4082D05.dll[1].lz (7082 bytes)
    %Program Files%\Google\Google Toolbar\Component\cmp4.tmp (19145 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
    %System%\smlogsvc.exe (4185 bytes)
    %Program Files%\Google\Google Toolbar\Component\GoogleToolbar.7.5.4601.54.manifest.xml (36 bytes)
    %System%\config\software (42885 bytes)
    %System%\config\SOFTWARE.LOG (46617 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleUpdateSetup_5CC4B0F53D73AD88.exe[1].lz (128601 bytes)
    %System%\sessmgr.vir (3767 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
    %System%\narrator.vir (3679 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.vir (3686 bytes)
    %WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (8657 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleToolbarUser_32_4814EB429669E41D.exe[1].lz (12658 bytes)
    %System%\mobsync.exe (4545 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (111 bytes)
    %System%\cisvc.exe (3361 bytes)
    %System%\netdde.exe (4545 bytes)
    %System%\mobsync.vir (3769 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\GoogleUpdaterService_B33FC4DD36A473C6.exe[1].lz (6302 bytes)
    %Program Files%\Google\Common\Google Updater\GoogleUpdaterService.exe (194 bytes)
    %Program Files%\GUM11.tmp\goopdateres_gu.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_es-419.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_pt-PT.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ja.dll (23 bytes)
    %Program Files%\GUM11.tmp\goopdateres_lv.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_da.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ms.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ml.dll (31 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ro.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_fa.dll (27 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ur.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_en.dll (27 bytes)
    %Program Files%\GUM11.tmp\goopdateres_bg.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_hu.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_zh-CN.dll (21 bytes)
    %Program Files%\GUM11.tmp\goopdateres_cs.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_no.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_it.dll (30 bytes)
    %Program Files%\GUM11.tmp\GoogleUpdateHelper.msi (25 bytes)
    %Program Files%\GUM11.tmp\goopdateres_id.dll (28 bytes)
    %Program Files%\GUM11.tmp\npGoogleUpdate3.dll (1126 bytes)
    %Program Files%\GUM11.tmp\goopdateres_fr.dll (30 bytes)
    %Program Files%\GUM11.tmp\goopdateres_uk.dll (28 bytes)
    %Program Files%\GUM11.tmp\psmachine.dll (157 bytes)
    %Program Files%\GUM11.tmp\goopdateres_th.dll (27 bytes)
    %Program Files%\GUM11.tmp\goopdateres_en-GB.dll (27 bytes)
    %Program Files%\GUM11.tmp\goopdateres_vi.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_fil.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ta.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_es.dll (30 bytes)
    %Program Files%\GUM11.tmp\goopdateres_zh-TW.dll (21 bytes)
    %Program Files%\GUM11.tmp\goopdateres_sk.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_el.dll (30 bytes)
    %Program Files%\GUM11.tmp\goopdateres_pl.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ca.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_fi.dll (28 bytes)
    %Program Files%\GUM11.tmp\GoogleCrashHandler.exe (180 bytes)
    %Program Files%\GUM11.tmp\GoogleUpdateBroker.exe (59 bytes)
    %Program Files%\GUM11.tmp\goopdateres_lt.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_mr.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdate.dll (1990 bytes)
    %Program Files%\GUM11.tmp\goopdateres_tr.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_sr.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_is.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_te.dll (29 bytes)
    %Program Files%\GUM11.tmp\GoogleCrashHandler64.exe (233 bytes)
    %Program Files%\GUM11.tmp\goopdateres_kn.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_bn.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_am.dll (24 bytes)
    %Program Files%\GUM11.tmp\goopdateres_sl.dll (29 bytes)
    %Program Files%\GUM11.tmp\psuser.dll (157 bytes)
    %Program Files%\GUM11.tmp\goopdateres_nl.dll (30 bytes)
    %Program Files%\GUM11.tmp\goopdateres_iw.dll (25 bytes)
    %Program Files%\GUM11.tmp\goopdateres_hr.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_de.dll (31 bytes)
    %Program Files%\GUM11.tmp\goopdateres_pt-BR.dll (29 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ru.dll (28 bytes)
    %Program Files%\GUM11.tmp\GoogleUpdateSetup.exe (5441 bytes)
    %Program Files%\GUM11.tmp\goopdateres_et.dll (27 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ko.dll (23 bytes)
    %Program Files%\GUM11.tmp\goopdateres_hi.dll (28 bytes)
    %Program Files%\GUM11.tmp\GoogleUpdateOnDemand.exe (59 bytes)
    %Program Files%\GUT12.tmp (25429 bytes)
    %Program Files%\GUM11.tmp\goopdateres_ar.dll (26 bytes)
    %Program Files%\GUM11.tmp\GoogleUpdate.exe (116 bytes)
    %Program Files%\GUM11.tmp\goopdateres_sv.dll (28 bytes)
    %Program Files%\GUM11.tmp\goopdateres_sw.dll (29 bytes)
    %WinDir%\Microsoft.NET\Framework\v2.0.50727\ngen_service.log (2124 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\done[1].htm (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tour-instant[1].jpg (2312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\maia[2].css (1919 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\js-utils[1].js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\google_logo_41[1].png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\x[1].png (167 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAZMSV75.html&frm=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=1567062956&ipr=y (76 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAYN0ZL6.gif (42 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAABGTEN.htm (63 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tour-instant-th[1].jpg (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\conversion[2].js (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\gtabs[1].js (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CA5FSXUB.htm (63 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tour-plus[1].jpg (6004 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (5784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAZFTYJD.htm (63 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\core[1].js (1977 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\conversion[2].js (2783 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\autotrack[1].js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tour-plus-th[1].jpg (3 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@ie[2].txt (1980 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\conversion[1].js (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\js-utils[1].js (915 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@ie[1].txt (1778 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tour-translate-th[1].jpg (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tour-tools[1].jpg (5768 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\conversion[1].js (1455 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tour-tools-th[1].jpg (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ga[1].js (1687 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\doubletrack[1].js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\activityi;src=2542116;type=searc340;cat=tbx;ord=2769598177398[1].htm (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAI7S52B.gif (42 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tour-translate[1].jpg (4776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\css[1].css (527 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\activityi;src=2542116;type=searc340;cat=tbx;ord=2769598177398[1].0034 (592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ie9overlay-arrow[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\maia[1].css (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot (1994 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\maia[1].css (2 bytes)
    %WinDir%\Installer\c6f90.ipi (200 bytes)
    %WinDir%\Installer\c6f88.msi (12001 bytes)
    %WinDir%\Installer\c6f8b.ipi (200 bytes)
    %Documents and Settings%\%current user%\NTUSER.DAT.LOG (7120 bytes)
    %WinDir%\Installer\c6f8c.msi (200 bytes)
    %WinDir%\Installer\c6f8d.msi (16081 bytes)
    %WinDir%\Installer\c6f91.msi (200 bytes)
    %WinDir%\Installer\MSI14.tmp (49 bytes)
    %WinDir%\Installer\MSI13.tmp (49 bytes)
    %Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (150 bytes)
    %Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url (128 bytes)
    %Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll (49 bytes)
    %Program Files%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (39 bytes)
    %Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (5442 bytes)
    %WinDir%\Temp\BE317.tmp (318457 bytes)
    %WinDir%\pchealth\ERRORREP\QSIGNOFF\dwq.snt (0 bytes)
    %WinDir%\pchealth\ERRORREP\QSIGNOFF\D0F52.txt (2 bytes)
    %WinDir%\Temp\BDB28.dmp (210159 bytes)
    %WinDir%\Temp\dw.log (78 bytes)
    %WinDir%\pchealth\ERRORREP\QSIGNOFF\D0F52.cab (37274 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg" = "%Program Files%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting" = "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

Network Activity

Map

Strings from Dumps